In Star Wars Episode I: The Phantom Menace the Trade Federation used tall, thin, skeleton-like battle droids in many large-scale attacks. These battle droids blindly carried out commands sent to them from centralized control ships. The droids were unthinking and would follow any orders given to them.
It seems like something you would only see in a science-fiction movie, but just like battle droids, there are armies of zombie computers all around the world being centrally controlled to wage wars. These “botnets”, as they are called, are used for varying types of criminal activity like attacking other computers and sending spam. There are some botnet armies that number in the millions, but most are in the tens of thousands. When the Wikileaks website was recently attacked, it was by some of these botnets. And when Paypal stopped allowing donations to Wikileaks through their website, botnets attacked and took down credit card websites in retaliation.
To build a botnet army, a criminal designs some software that can be run on the computer of an unsuspecting victim. Once installed, that software reports to a central control system, which then allows the criminal to control the attack at will. The malicious software trojan is installed on victim’s computers by many different methods. The malware can be disguised as a game, downloaded from websites, distributed via spam, etc. It can also be spread as a virus. Once installed, the software may sit idle for a long time before being commanded into action.
There are many reasons why a person would build a botnet. Some people just do it because of the challenge. But most do it to make money. Once a criminal has built a sizable botnet, they can be paid by a company or government to attack a certain target. Or the criminal may use the botnet to wage his own person war against people, companies or governments that he doesn’t like. Blackmail is another popular motive.
We recently had a client’s website come under attack by a botnet. The attack lasted over a week and consisted of tens of thousands of computers attacking from all over the world. Our client is a small company with only a couple dozen employees and they could not come up with any reason why someone would be attacking them. We met with the FBI to discuss how the attack occurred and why it may have happened. The most logical reason for the attack was that someone was testing out their botnet by picking random targets. They may have done that to figure out better ways to attack future targets or to show a potential buyer the power of their botnet.
Within two weeks of that botnet attack, we had another client who had their entire production system taken down for half a day due to a different botnet attack. This time the attack wasn’t even aimed at our client. The attack was against a website in the datacenter where our client’s production systems reside. The attack was so large it actually consumed all of the bandwidth to the data center, which means that all of the systems in the datacenter were unreachable while the attack occurred. The fact that the entire datacenter was taken down illustrates poor security design, but it also illustrates how large these attacks can be.
To prevent your computer from being used in a botnet attack, follow these guidelines:
- Keep your computer up to date with security patches.
- Run a current antivirus and keep it up to date.
- Don’t install software from untrusted sources.
- Don’t let your kids have administrative rights on your computer.
- When you aren’t using your computer, turn it off or put it on standby.
To protect your company, follow these guidelines:
- Host your website on systems that can sustain an attack.
- Don’t host public facing websites on internal systems.
- Check with your insurance agent to make sure you are covered for cyber attacks, or electronic mischief, or whatever else it might be called by your insurance company.
Make sure you don’t rely on the government to protect you. Unless the attack causes at least $100,000 in damages or is a threat to national security, you are on your own.
I will be speaking about this topic and others at the Data Connectors Security Conference in Chicago, IL on January 27th. If you are interested in attending, we have some free VIP passes we can send you.
If you can’t make the security conference and want to learn more about how INTRUST can help protect your company from Cyber Attack, please contact us today!
If you just want to learn more about botnets, check out this link.