BOTNETS -THE CYBER-VEHICLES OF CRIME
As you are reading this newspaper, you may be partaking in a cyber-attack far away in another land another country totally oblivious to the role you are playing in it. This may seem like a plot to the latest Hollywood thriller, but it occurs every day in the world of cybercrime. At this minute, your computer could be assisting a distributed denial-of-service (DDoS) offensive against a major website, all thanks to a teensy malware called a bot that you may have scooped up from a spam e-mail or an infected website. What’s more, you wouldn’t have even realised it.
Bot-masters are turning ordinary netizens into cybercriminals and monetising their online lives without their knowledge. When the netizens are browsing the internet or typing an email on their computer, simultaneously, a botnet planted in their system could be insidiously committing a multitude of crimes. The netizens may be unwittingly taking part in an ongoing cyber-attack against others embroiling themselves in an international criminal conspiracy. Bot-masters could also suck their computers into a peer-to-peer child pornography network and store explicit child pornography pictures on their hard drives. After all, why would anyone risk storing it in their own networks? The insecure network of netizens and their inability to protect their devices is making them vulnerable to cyber-crimes.
But what is a botnet? A botnet is a combination of the words robot and network. A botnet breaches the security of a collection of internet connected devices such as computers or IoT devices or smartphones and cedes authority to a third party. The malicious software that penetrates such compromised devices is a bot. Botnets can perform distributed denial of service attacks, send spam, steal data by allowing the controller of the bot to access the device and its connection, by directing the activities of the compromised computers through communication channels such as Hypertext Transfer Protocol and IRC.
Bot-masters also rent out botnets as commodities for various purposes. Nowadays we can purchase online or rent botnet services having affrontive capabilities at dirt cheap rates. We can purchase powerful DDoS botnets for $700 or rent them online for just $2 for an hour, long enough to take down a website or a call center. We have a scenario today where Cybercriminals launch on an average over 3000 attacks daily. Today, state actors such as Iran and China are launching sophisticated attacks increasingly using the massive computing power of the cloud to carry out DDoS attacks.
A zombie network called Storm.bot 2.0 for sale in illegal internet markets for a mere $3000 has capacity to generate a massive three hundred gigabytes per second attack traffic sufficient to knock small countries offline. It has already usurped 15 cloud servers around the world. Botnet zombies have helped cybercriminals weaponise cyberspace. Victims affected by botnet cyber exploitation are growing, even companies such as Evernote and Meet-up.com have had to face attacks. Millions of botnet zombies and malware tool kits have become offensive and money generating weapons in the hands of cyber criminals. We have therefore entered a new age of crime where malicious computer codes specifically developed and scripted run on autopilot with capability to commit offences day and night and earn huge profits for their bot-masters even while they are asleep.
Today it is possible for bot-masters to steal from not just an individual but from millions as witnessed with Sony Playstation and Target stores. Exploit tool kits like Blackhole and SpyEye minimise the need for human labour and allow hackers to commit millions of thefts in small amounts so that victims don’t report them and law enforcement has no way to track them. As of 2011, fully automated crime tool kits committed about 61 percent of all cyber attacks, helping the bot-masters getaway with gigantic loots. Today, modern crime has become reduced to a software program that anyone can run at magnificent profits. There are malware today that can hold a computer hostage until victims pay a ransom to regain access into one’s own files. They call this ransomware.
Botnets have not spared even the police departments of botnet attacks. The Swansea Police Department in Massachusetts became infected when an employee opened a malicious email attachment. To safeguard police case files from being lost due to encryption, they forced the police to open a bitcoin account and pay a $750 ransom to Cryptolocker
Not just that, bot-masters have turned law-enforcement entities such as FBI on the cyberspace into criminals. When Reveton Trojan infects the computers, they cover up the screens of the users with a notice allegedly from the FBI bearing a full colour FBI logo which states they have locked up the computer screen because of “violation of the federal copyright law against illegally downloaded material” or “for viewing or distributing prohibited pornographic content.” To unlock their computers, they request users to pay a fine between $200 to $400 by buying prepaid Green Dot MoneyPak at a local Walmart or CVS. This scam has successfully targeted thousands of victims, with the attack localised by country, language, currency and police agency. For instance, the users from the UK see a notice from the Scotland Yard. Cryptolocker is a Trojan that encrypts files on a computer so they can no longer read or access it. The malware displays a countdown clock almost like a time-bomb gives 48 hours to pay $300 or else have their files permanently destroyed. The payments are acceptable in bitcoins. Cryptolocker is believed to have earned an estimated $30 million.
Some bot-masters have even inherited the aura of movie stars with films being made on their stories. For instance, the media dubbed Ms Kristina Vladimirovna Svechinskaya as “the world’s sexiest computer hacker”. In 2010, police accused her of a plot to defraud British and U.S. banks. Svechinskaya reportedly used a Zeus Trojan horse to attack thousands of bank accounts and opened at least five accounts in Bank of America and Wachovia, which received $35,000 of stolen money. Police estimate that with nine other people, Svechinskaya had swindled $3 million in total. The upcoming Russian film “Botnet”is partially based on Svechinskaya’s story.
Some of the most notorious botnets include Mariposa, Conficker, Koobface, ZeroAccess, Cryptolocker and Gameover ZeuS. According to the FBI, Gameover Zeus controlled over one million computers worldwide and resulted in financial losses of over $100 million. Evgeniy Mikhailovich Bogachev of Russia, the creator of the malware programmed its spread through the use of Cutwail botnet. Gameover ZeuS used an encrypted peer-to-peer communication system to communicate between its nodes and its control servers, reducing its vulnerability to police operations. Bot-masters have largely used Gameover ZeuS for banking fraud and distribution of the CryptoLocker ransomware. Using a sprawling network of virus-infected computers, he siphoned hundreds of millions of dollars from bank accounts around the world. In early June 2014, U.S. Department of Justice announced that an international inter-agency collaboration named Operation Tovar had succeeded in temporarily cutting communication between Gameover ZeuS and its command-and-control servers. On 24 February 2015, the FBI announced a reward of up to $3 million for information regarding alleged Russian cyber criminal Evgeniy Mikhailovich Bogachev, which is the highest reward ever for a cybercriminal.
The Mariposa botnet is also one of the largest known botnets which authorities discovered in December 2008. Mariposa botnet infected about 12.7 million computers or up to 1 million individual zombie computers in over 190 countries. Bot-masters devised Mariposa intending to steal online login credentials for banks, email services and denial-of-service attacks using a malware program called “Butterfly bot”. This malware program could install itself on an uninfected PC and monitor the system activity for passwords, bank credentials, and credit cards. It had the ability to self-propagate to other connectible systems using various supported methods, such as MSN, P2P and USB. The Mariposa gang members called themselves DDP (Días de Pesadilla or Nightmare Days) Team.The gang members to mask their real IP addresses from investigators almost always logged on to the Mariposa controlled servers from anonymous VPN (Virtual Private Network) services. However, Netkairo made a onetime ill-fated error of connecting directly from his home computer instead of using the VPN, leaving a trail of digital fingerprints that led to the busting of his gang. Authorities shut the botnet down on 23 December 2009 following months of collaboration between security firms Panda Security and Defence Intelligence in co-operation with the FBI and Spain’s Guardia Civil.
As of mid-2014, another large botnet known to come into existence was ZeroAccess, which on any day had nearly two million zombie computers under its complete control. Authorities discovered the ZeroAccess botnet at least around May 2011. ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It downloads other malware on an infected machine from a botnet while remaining hidden using rootkit techniques. Once a system gets infected with the ZeroAccess rootkit, it will either start: bitcoin mining or Click Fraud. Machines involved in bitcoin mining generate bitcoins for their controller, the estimated worth of which was 2.7 million US dollars per year in September 2012.The machines used for click fraud simulate clicks on website advertisements paid for on a pay per click basis. The estimated profit for this activity may be as high as 100,000 US dollars per day, costing advertisers $900,000 a day in fraudulent clicks. In December 2013 an attempt made by coalition led by Microsoft to destroy the command-and-control network for the botnet proved ineffective as they could not seize all of C&C. Botnets are therefore extremely pernicious. Today, business models are being automated wherever possible to maximize profits and botnets threaten legitimate global commerce environment.
Just like the Internet, which connects us to the cyber world, we are all connected by a soul-net. We cannot access the source of wisdom which is awaiting within each of us through the Internet. Just like the botnets which are enriching the bot masters, we can enrich our lives spiritually if instead of logging onto the computer we log into our own inner essence or soul through contemplation.
Source from: epaper/deccanchronicle/chennai/dt:15.07.2019
Dr.K. Jayanth Murali is an IPS Officer belonging to 1991 batch. He is borne on Tamil Nadu cadre. He lives with his family in Chennai, India. He is currently serving the Government of Tamil Nadu as Additional Director General of Police, Law and Order.
