In mid June, the United States (U.S.) Federal Bureau of Investigation (FBI) began a crackdown on robot networks or "botnets," collections of compromised computers under the remote command and control of criminal "botherders," or "botmasters." These botherders can then instruct the compromised computers to conduct illegal activities, such as host malicious Web sites or engage in distributed denial of service (DDoS) attacks.
Dubbed Operation: Bot Roast, this crackdown is an ongoing, coordinated initiative to disrupt and dismantle these botherders, led by the FBI working in concert with the CERT Coordination Center, the Botnet Task Force, and others. To date, nearly 1-million computer IP addresses across the U.S. have been identified as compromised.
Currently, the FBI is notifying the owners of these compromised computers. Through this process, the FBI may uncover additional incidents in which botnets have been used to enable other cyber crimes. And notification cannot come too soon because on June 26, the National Cyber-Forensics and Training Alliance (NCFTA) reported detecting a "significant spam botnet" sending out large quantities of pharmaceutical-related spam. NCFTA is continuing to monitor and analyze the botnet.
Botherdens are nothing but hackers who install malicious software on computers. Once they have enough computers, they have a botnet, and bitnets are huge—tens of thousands of infected computers.
Most computer owners unknowing victims
Most owners of these compromised computers are unknowing, unwitting
victims. They have unintentionally allowed unauthorized access and use
of their computers as vehicles to facilitate other cyber crimes, such
as phishing and the mass distribution of spyware. Because of their
widely distributed capabilities, botnets are a growing threat to the
economy, the national information infrastructure, and national
security. It’s this last item that is most imperative—Operation: Bot
Roast was launched because the national security implications of the
growing botnet threat are broad. Botherders may use the computers themselves, or they may rent
out their botnets to the highest bidder. The more computers they
control, they more they can charge their clients, whose intentions are
even less clear.
Nothing but hackers
Botherders are nothing but hackers who install malicious software on
computers through the Internet without the owners’ knowledge. Once the
software is loaded, they can control the computers remotely. And once
they have compromised enough computers, they have a botnet, and some
botnets are huge—tens of thousands of infected computers, or more. And a botherder can do a lot with a botnet of compromised computers, like:
- Launch massive spam campaigns
- Engage in click-fraud (schemes that artificially inflate the number of visitors to a Web site)
- Launch DDoS attacks that can cripple Web servers and crash sites with an overwhelming number of simultaneous "hits"
Important tips to remember
As the investigation continues to unfold, the FBI says it is possible
it will uncover more victims. In the meantime, here are a couple of
important things to remember if you:
- Determine your company was victimized, file a complaint online through the FBI Internet Crime Complaint Center
- Have an idea of the origination domain or IP address of a botnet, report it to the Internet Security Operations Task Force, an anti-cyber crime group composed of security experts from industry, government, and academia dedicated to eliminating botnets, phishing sites, and other malicious technology on the Internet
Hard diagnosis, preventive measures available
One of the difficulties in fighting this type of cyber crime is that it
is hard for computer owners to diagnose if their machines have been
infected. Unfortunately, there is no easy way to tell. Their computers
may be running slowly, outboxes may be full of mail they didn’t send,
or they may get emails stating that they have sent spam.
"The majority of the victims are not even aware that their computers have been compromised or their personal information exploited," says James Finch, FBI assistant director and head of its Cyber Division. "An attacker gains control by infecting the computer with a virus or other malicious code, and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits."
Strong computer-security habits include:
- Updating antivirus software
- Installing a firewall
- Using strong passwords
These habits can help to prevent future botnet attacks, although they will not necessarily identify or remove a current botnet. That’s why the FBI urges implementation of other security precautions that are also available, such as VPN-1 solutions with Application Intelligence and IPS-1. To paraphrase an old saying, "A gram of prevention is better than a kilo of cure."
Additional Anti-Botnet Resources