BBC's Click technology program decided to demonstrate the SPAM power of botnets by directing 22,000 zombies in their own personal botnet. Sure, a lot of people are questioning the legality of this stunt, but that's not what really caught my attention. Most live hacking demonstrations involving real targets are legally questionable anyways, and despite the laws many people feel entitled (and sometimes even obligated) to do XSS and SQLi testing against arbitrary web applications on the Internet.
What caught my eye was a few interesting choice remarks made in the article. First, they called their 22,000 node botnet "low-value." What, pray tell, makes this botnet particularly low value? Is it what hackers would charge to rent/sell it? Is it the number of nodes (a mere 22,000)? I think this is a great illustration of the inflated grandness that media has really driven to botnet stories...apparently botnets under a quarter-million nodes are worth less consideration. Yet by the article's own admission, it only took a scant 60 nodes to DDoS their target website off the Internet. Make no mistake, 22,000 nodes at an attacker's command can do a considerable amount of damage to just about any target. There are even supercomputers listed on the world's top 500 supercomputers list that leverage far fewer than 22,000 nodes. I would hardly trivialize a 22k node botnet with the label "low-value," as it desensitizes everyone to the overall threat that any sized botnet can represent.
Second, the article mentions they "acquired" their own botnet "after visiting some chatrooms" on the Internet. I wish they had provided a bit more details here...did they troll chat rooms until they found a botnet for sale, and purchase it? Or did they intercept an IRC-based command and control channel of the bots, thus hijacking the botnet to do their bidding? Either way, their candor regarding the ease of acquiring a botnet seems strange. I would think the story of how anyone can "visit some chatrooms" and walk away with a botnet would be more sensational than filling some demo inboxes with spam.
As an aside, the "how a botnet works" graphic they include in the article was a bit weird as well; the truncated version you see in the article leaves a lot to be desired ("Hacker -> virus"?). You have to click on the image to get the full chart, and then things become clear.
Until next time,
- Jeff
What caught my eye was a few interesting choice remarks made in the article. First, they called their 22,000 node botnet "low-value." What, pray tell, makes this botnet particularly low value? Is it what hackers would charge to rent/sell it? Is it the number of nodes (a mere 22,000)? I think this is a great illustration of the inflated grandness that media has really driven to botnet stories...apparently botnets under a quarter-million nodes are worth less consideration. Yet by the article's own admission, it only took a scant 60 nodes to DDoS their target website off the Internet. Make no mistake, 22,000 nodes at an attacker's command can do a considerable amount of damage to just about any target. There are even supercomputers listed on the world's top 500 supercomputers list that leverage far fewer than 22,000 nodes. I would hardly trivialize a 22k node botnet with the label "low-value," as it desensitizes everyone to the overall threat that any sized botnet can represent.
Second, the article mentions they "acquired" their own botnet "after visiting some chatrooms" on the Internet. I wish they had provided a bit more details here...did they troll chat rooms until they found a botnet for sale, and purchase it? Or did they intercept an IRC-based command and control channel of the bots, thus hijacking the botnet to do their bidding? Either way, their candor regarding the ease of acquiring a botnet seems strange. I would think the story of how anyone can "visit some chatrooms" and walk away with a botnet would be more sensational than filling some demo inboxes with spam.
As an aside, the "how a botnet works" graphic they include in the article was a bit weird as well; the truncated version you see in the article leaves a lot to be desired ("Hacker -> virus"?). You have to click on the image to get the full chart, and then things become clear.
Until next time,
- Jeff
