You'll notice the title to this post is basically a retweet (RT) of an entry by BBC Click. If it helps, I actually contemplated this for a while before going ahead to use it to head my blog post. I mean, this is the age of new media right? So why can't a RT serve as a bonafide title? So there... I got this off my chest. Now, back to the original purpose of this post.
Gaining access to a hacker's world: The threat of Botnets!
I found Spencer Kelly's recent article on how he and his colleagues managed to purchase the services of botnet providers from Eastern Europe. Wait a minute. Let's back up a little and talk about what a botnet is.
A botnet derives its name from the term roBOT NETwork, and it is also known as a 'zombie army.' Basically, what it is, is a network of hacked computers (yours and mine are possible targets) that are used to insidiously generate and send spam or viruses, or even flood another network with messages as a denial of service (DoS) attack. According to Answers.com, there is a booming botnet business that sells lists of compromised computers to hackers and spammers, and in this case, it was how BBC Click managed to secure one such 'service provider' to conduct their remote testing.
The dangers of botnets, according to the BBC Click article, are essentially threefold. It starts off with the sending of a Trojan virus to an unprotected computer to do the following:
(1) Logging your keystrokes to 'fish' out anything that may look like security passwords;
(2) Redirecting users to fake shopping sites that no nothing more than record your credit card security details;
(3) Generate and send out SPAM to flood other networks, the worse of which results in the crippling of services (also known as a DoS).
Now I think back to all those times when I received strange emails from friends that lead to nothing, and when I checked back with them, they claimed they didn't send it at all. While we attributed it to a virus attack, now it seems more to me that their systems may have been infiltrated and subverted as botnets. Wow! Talk about it being close...
The Long Tail of Social Networking Media
What really struck me was how the BBC Click team managed to secure a botnet for themselves. Kelly said, "There are many [botnets] available to buy or rent from cyber criminals hiding behind fake usernames and the non-cooperation of authorities across international borders."
Botnets, he says, provide modern organised gangs with what he calls the 'firepower to make and launder vast amounts of money.' Recounting how he managed to buy a botnet from hackers in Russia and the Ukraine after many months of pursuits and a few thousand dollars (now isn't that cheap?), the negotiations started in chatrooms where the hackers advertise their services. The deal was finally sealed through instant messaging applications.
I have absolutely no doubt that radicalized organizations are quickly learning the ropes of the trade, and using this as a means of funneling money to fund their extremist plots and schemes (for more related issues, read Web 2.0 and the Transnational Challenge: A Singaporean Perspective).It is frightening to think how 'open' or freely available social networking platforms are being used in these illegal operations, demonstrating the long-tail of Web 2,0 and social networking.
This will be something governments and the IT industry must work to collectively address. Does this mean more layers of security? While I won't discount this possibility in the future, it seems an unlikely option for now given how it runs counter to the general freedom of use associated with most social networking platforms.
Perhaps the crux is not so much the accessibility as it is the anonymity that it offers users? Maybe this will be something to contenmplate as we cast one eye upon the future with Web 3.0, where accessibility, security and privacy needs are better tackled.
Windows users ought to run through the tips the author provides for securing the computer system towards the end of the article. But what about Mac users (like me)? Well, for now, we'll have to hang on to what NETWORKWORLD says, that because most bot headers target Windows, Macs and Linux systems are statistically safe... It's not much of a comfort, I know, but let's just hang on that for now.
Once again, the bottomline as I covered in an earlier post about the Koobface Malware: Our net security is ultimately our own responsibility, so be careful what we do online. Period.