How criminals make your phone part of botnet army
Computers are secretly hijacked to do the donkey work of worldwide crime syndicates
Published 05/06/2014 | 02:30
International law enforcement agencies are trumpeting their success in disrupting the command and control servers for the Gameover Zeus criminal botnet.
However, the botnet that's been brought down is just one among thousands of them, and there's a good chance you – or someone you know – are part of one.
Some security researchers think most PC users are part of a botnet without realising it. The kind of people who are typically affected are people like your mum and dad – they still have AOL email addresses and spell out "H-t-t-p-Colon" when they give you a web address over the phone.
It probably comes as a surprise that your mum is linked to Russian mafia cyber-crime, but there you go.
The typical criminal network – the "botnet" itself – is loads of desktop PCs, sitting in hundreds of offices and homes worldwide. Computers like your mum's have been linked together by criminals to create vast reserves of computing power.
The "link" is purely in software terms – at some point, the owner of the computer will have accidentally downloaded a file that adds the computer to the criminal network.
There are certain telltale signs your computer is affected – the fan whirring all the time (as the processor is running constantly) and the internet and the computer in general running very slowly are all typical.
However, the kind of person who is vulnerable usually doesn't realise that this is the symptom of anything other than owning an old computer.
Once the thousands of computers are linked together they generate vast amounts of computing power and they are then the core tool in cybercrime: effectively a budget supercomputer.
Gameover Zeus, the one tackled this week, targets online bank accounts and drains them out, but there are hundreds of uses for these powerful networks.
For example, companies can be blackmailed with distributed denial of service (DDoS) attacks, which rely on volume – you need thousands of computers accessing a website at once to bring it down under the weight of traffic.
Botnets are also the key tools that enable spam, as well as most other online scams.
Most criminal botnets are quite small, numbering tens of thousands of machines, but some – for example, the Mariposa botnet – have had millions of machines worldwide connected to them.
As the size of the botnet increases, so does the computing power available to the criminals.
The more computing power, the more cybercrime it can be used for. The 24-year-old high school dropout in charge of Mariposa boasted that he could steal $10-$20m (€7.3m-€14.6m) with every push of a button.
He used the money to live a flamboyant lifestyle and, like most criminals who live the high life, was eventually caught. However, most botnet owners are much more subtle. Indeed, it's common for botnet controllers to be completely divorced from the crimes their networks commit, instead renting out their networks – or parts of their networks – for others to use.
There are so many botnets that the prices are quite cheap – for example, $100 (€73) is the going rate for a day of 20,000 computers doing DDoS attacks. That's not going to trouble the website of a multinational, but can smash the site of most small businesses, and that's how the blackmail scam works.
If a small business goes to the police, they are likely to shrug and have no idea how to respond. Only the biggest, most threatening botnets attract the kind of inter-agency, cross-border response that things like Gameover Zeus and Mariposa have. Even arresting the perpetrators doesn't help much, as the network will take orders from anyone who can get control.
Equally, more modern botnets use peer-to-peer control, meaning there is no central command server to shut down. Most of the time, the security industry and law enforcement have just hoped botnets would die out naturally.
It was assumed that the disappearance of the always-on desktop PC and the rise of mobiles and tablets would kill the botnet. However, in the last few years, botnets based on smartphones have emerged. After all, a smartphone is essentially a computer you carry around in your pocket. Indeed, smartphones are brilliant at being part of a botnet as they are always on and always connected to the internet.
As recently as March this year, a million-phone botnet was uncovered at the centre of a Bitcoin mining scam, and no one really knows how big a phone-based botnet could get or how it could be stopped. Even when law enforcement does manage to get a success, it's not like they shut the whole thing down, or even arrested the controllers – the UK government predicts the criminals will have the Zeus botnet back up within two weeks. They've named (but not arrested) its controller as Evgeniy Bogachev, a Russian whom they helpfully tell us "enjoys boating" and is often seen on the Black Sea.
Well, next time I'm in Sebastopol I'll be sure to keep 'em peeled, but the truth is, the best way of fighting these is for everyone to be more concerned about keeping their computers secure and up to date. Fat chance that will happen. (© Daily Telegraph, London)