You'll notice the title to this post is basically a retweet (RT) of an entry by BBC Click. If it helps, I actually contemplated this for a while before going ahead to use it to head my blog post. I mean, this is the age of new media right? So why can't a RT serve as a bonafide title? So there... I got this off my chest. Now, back to the original purpose of this post.
Gaining access to a hacker's world: The threat of Botnets!
I found Spencer Kelly's recent article on how he and his colleagues managed to purchase the services of botnet providers from Eastern Europe. Wait a minute. Let's back up a little and talk about what a botnet is.
A botnet derives its name from the term roBOT NETwork, and it is also known as a 'zombie army.' Basically, what it is, is a network of hacked computers (yours and mine are possible targets) that are used to insidiously generate and send spam or viruses, or even flood another network with messages as a denial of service (DoS) attack. According to Answers.com, there is a booming botnet business that sells lists of compromised computers to hackers and spammers, and in this case, it was how BBC Click managed to secure one such 'service provider' to conduct their remote testing.
The dangers of botnets, according to the BBC Click article, are essentially threefold. It starts off with the sending of a Trojan virus to an unprotected computer to do the following:
(1) Logging your keystrokes to 'fish' out anything that may look like security passwords;
(2) Redirecting users to fake shopping sites that no nothing more than record your credit card security details;
(3) Generate and send out SPAM to flood other networks, the worse of which results in the crippling of services (also known as a DoS).
Now I think back to all those times when I received strange emails from friends that lead to nothing, and when I checked back with them, they claimed they didn't send it at all. While we attributed it to a virus attack, now it seems more to me that their systems may have been infiltrated and subverted as botnets. Wow! Talk about it being close...
The Long Tail of Social Networking Media
What really struck me was how the BBC Click team managed to secure a botnet for themselves. Kelly said, "There are many [botnets] available to buy or rent from cyber criminals hiding behind fake usernames and the non-cooperation of authorities across international borders."
Botnets, he says, provide modern organised gangs with what he calls the 'firepower to make and launder vast amounts of money.' Recounting how he managed to buy a botnet from hackers in Russia and the Ukraine after many months of pursuits and a few thousand dollars (now isn't that cheap?), the negotiations started in chatrooms where the hackers advertise their services. The deal was finally sealed through instant messaging applications.
I have absolutely no doubt that radicalized organizations are quickly learning the ropes of the trade, and using this as a means of funneling money to fund their extremist plots and schemes (for more related issues, read Web 2.0 and the Transnational Challenge: A Singaporean Perspective).It is frightening to think how 'open' or freely available social networking platforms are being used in these illegal operations, demonstrating the long-tail of Web 2,0 and social networking.
This will be something governments and the IT industry must work to collectively address. Does this mean more layers of security? While I won't discount this possibility in the future, it seems an unlikely option for now given how it runs counter to the general freedom of use associated with most social networking platforms.
Perhaps the crux is not so much the accessibility as it is the anonymity that it offers users? Maybe this will be something to contenmplate as we cast one eye upon the future with Web 3.0, where accessibility, security and privacy needs are better tackled.
Windows users ought to run through the tips the author provides for securing the computer system towards the end of the article. But what about Mac users (like me)? Well, for now, we'll have to hang on to what NETWORKWORLD says, that because most bot headers target Windows, Macs and Linux systems are statistically safe... It's not much of a comfort, I know, but let's just hang on that for now.
Once again, the bottomline as I covered in an earlier post about the Koobface Malware: Our net security is ultimately our own responsibility, so be careful what we do online. Period.
Facebook users beware! CNN's Errol Barnett files this report on 2 March about the Koobface Worm that is targeting Facebook accounts.
A quick check on the McAfee site reports that the worm is a virus that spreads via Facebook and MySpace. The current variants only target these two networking media specifically.
The worm, once installed on computer through Facebook or MySpace, will start searching for cookie files, and those with logging credentials will be especially at risk!
The CNN news 'New Facebook worm threat' - says that all social networking media are at risk from a variety of Malware (malicious software), but this time Facebook appears to the the main victim.
What can you do to protect yourself?
First and foremost, do not assume you are immune to the worm even if you operate on a very tight net security regime. According to Daryl Johnson, a professor on internet security from New York that CNN interviewed, you are only as strong as the weakest link on your network. So long as that someone else is not as careful as you are, then there opens up a window for Malware to attack your system.
Secondly, run through this list of actions to see if it is helpful to you:
(1) Be cautious about accepting links and attachment downloads from the Web, even if they seem to be from people you know. Nowadays, many viruses are heavily disguised to appear legit!
(2) Run virus scans on your system regularly to make sure it's clean. You can tap on some free viral scanning software provided by Facebook on their Facebook Security page.
(3) If you think you may need more help, contact the Facebook User Operations team immediately.
Bottom line: Do something! Your net security is ultimately your own responsibility.
