Monday, November 19, 2007

Be prepared

Stephen Fry's excellent blog is always worth a read, but his latest (long) article is particularly enlightening. Here are some excerpts:

I expect all of you have heard of the risks posed by the various forms of attack code that go under names like virus, Trojan horse, worm, malware and so on. These are little bits of clandestine code that your computer picks up, usually through email attachments, designed to infect the host (your PC), raid its address books, send out copies of themselves to all your friends and contacts and then either spitefully screw with your operating system, rendering it inoperative or, more likely these days, record your keyboard input and send back to the malicious code’s originator a log of such keystrokes which can be used to determine your passwords, credit card numbers and other sensitive data.

But, and here I come to my nightmare scenario, imagine malicious code written by cunning, ruthless criminals that could turn your computer into a kind of slave machine, a zombie PC which can connect with other zombie PCs to create a whole network of robot computers which would grow almost exponentially in power and bandwidth. Such a robot network, or ‘botnet’, would soon overtake all the supercomputers on earth in might and reach.

Let us further imagine that this botnet learned to defend itself against the security forces by moving the location of its command and control centres so fast and so randomly that the head could never be cut off. Let us even further imagine that the criminal masterminds in charge of this colossal entity divided it up into sections which could be sold, leased or rented to other criminals (along with instructions for use) who could use it for spamming, share scamming, phishing, identity theft, fraud, DDoS and any other kind of lucrative enterprise they chose.

The fiendish nature of the code would mean infected PCs wouldn’t freeze or slow down noticeably, so individual computer users like you and me would have no idea that we were enslaved players in this vast criminal conspiracy, the transmission routes would change literally daily from porn sites to cheerful links or witty birthday cards and friendly pointers to interesting blog pages – anything. Those profiting would be almost impossible to catch and the entity itself, the botnet, would grow and refine itself until it became the very stuff of science fiction: the neural nets of William Gibson, Skynet in The Terminator films, the Borg collective in Star Trek, you know the genre.

Well, my (not very surprising) kick in the teeth is this. Such botnets exist and one of them, the Storm botnet, has grown so fast, so terrifyingly and so cunningly, that in the last eight months it has overtaken all the others. Storm is an amalgam of millions (no one knows quite how many) of slave PCs.

It sends out billions of spam messages, stock market scam mails and appears to be behind many examples of what are known as Distributed Denial of Service attacks, which for reasons of malice, politics or criminal extortion close down or threaten to close down legitimate servers by flooding them with more data traffic than they can handle. Using sci-fi sounding techniques like Fast Flux, Storm evades capture and surveillance and recent evidence leads those who know about these things to conclude that parts of it have indeed been leased or sold as ‘botkits’ to less technically savvy criminals.

Storm began life early this year, but as of a couple of weeks ago it had grown into easily the biggest and most sophisticated botnet the world has seen.

But according to The Honeynet Project, Dark Reading and other reliable sites that monitor this subject, Storm is only the beginning. In a year’s time it will in all likelihood seem na├»ve, clumsy and harmless. Slashdot carried this headline only the other day: “There’s a new peer-to-peer based botnet emerging that could blow the notorious Storm away in size and sophistication.”

So... Don’t trust those you don’t know. Don’t click on that alluring headline, that tempting YouTube link, that interesting ad, that funny sounding birthday card or joke unless you are one hundred percent certain of its origin.


Teifion said...

I remember reading about this on /. a few weeks ago, it was quite worrying then and it's just as worrying now.

Imagine they used the network to shut down or even crash banking servers.

brett jordan said...

Have you been watching Die Hard 4 Teifion? :-)

Antony Billington said...

It’s okay... I’ve seen that film, and the good guy wins...