Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

In Depth

Technology

Online crime

Botnets: The end of the web as we know it?

March 29, 2007

Imagine your home computer and a half-million others being secretly commandeered by criminals who use them remotely to send spam e-mails, spread viruses, steal personal information — even crack the codes at credit card companies and banks.

Sound far-fetched? It's already happening. In the past five years, these so-called "zombie" robot networks — or "botnets" — have become the key to most serious internet crimes.

"It's not uncommon for the bad guys to have 50,000 or 100,000 or even half a million computers under their control, and they have the ability to constantly update and wreak havoc with what these machines are doing," said Jose Nazario, a security engineer with Arbor Networks, a network security company based in Lexington, Mass.

"They're overwhelming a lot of systems, and they're also able to attack the internet at large with massive numbers of machines, beyond the scope of what we've seen before," Nazario told CBC News Online.

At the least, the botnets pose such a threat that they could lead to changes in the very nature of the internet.

And in worst-case scenarios? The botnets could be unleashed to cause chaos at airports and other transportation hubs, paralyze companies' financial systems so workers go unpaid, and permanently destroy vital records at hospitals, schools and other institutions.

Will virtual 'gated communities' arise?

Jonathan Zittrain, a professor of internet governance and regulation at Oxford University's Internet Institute, warns that these and other apocalyptic visions are possible.

"Combine one well-written worm [a type of self-replicating virus] of the sort that can evade firewalls and anti-virus software with one truly malicious worm-writer, and we have the prospect of a panic-generating event that could spill over to the real world," Zittrain writes in a section of a book he's completing on the future of the web, which he e-mailed to CBC News Online.

Zittrain believes that without concerted action to secure the web, an overwhelming and entirely plausible e-terrorist attack could spell the end of the open internet.

Under this scenario, users and businesses could decide to retreat to the relative safety of closed-off networks or virtual "gated communities," severely limiting the universal creative process that has characterized the web to date.

"If digital gated communities become the norm, highly skilled internet users … will still be able to enjoy generative computing on platforms that are not locked down, but the rest of the public will not be brought along for the ride," he writes.

It could also mean that things our online society is coming to take for granted, like the ready downloading of software, video and other media, would become much more difficult or disappear altogether.

'Bot-herder' sentenced to 57 months in jail

Some "bot-herders," as they've been called, have been brought to justice: May 2006 saw the first successful U.S. prosecution for criminal botnet outsourcing.

Jeanson Ancheta, 21, of California, was sentenced to 57 months in federal prison for controlling as many as 400,000 bots.

He would rent the bots to "clients" who would then use them to send spam, install spyware and launch distributed denial of service (DDOS) attacks — floods of useless traffic that block users from gaining access to the network — against business rivals.

The judge noted that Ancheta's crimes were "extensive, serious and sophisticated."

Wesley Hsu, the deputy chief of the U.S. Justice Department's cyber and intellectual property crimes section in Los Angeles, said cases like Ancheta's are important.

"We're getting the word out that you can go to jail for this, that this is not some prank that we take lightly," Hsu said in a telephone interview.

Not easy to fight cybercrime

Prosecutions remain relatively few, however, as the nature and scale of the botnet problem makes it difficult for law enforcement to effectively address.

"We're dealing with a kind of high-tech crime that [law enforcement] have never seen before," said Nazario of Arbor Networks.

"The people perpetrating this are not only experienced with programming these botnets, but also with how to hide themselves."

Joe Stewart, a senior researcher at the Atlanta-based security firm SecureWorks, agreed.

"It's not impossible to track these guys down, but it's technical," he told CBC News Online. "It takes people that really understand the guts of these things, and unfortunately there are not enough of these people in law enforcement."

Thorsten Holz of the German Honeynet Project, a group working to learn more about botnets, said lack of speed is one issue that has hampered the authorities.

"It takes too long. They always have to talk to the court to get permission, which takes at least a couple of weeks, and in this time the attackers can just move to another system."

A question of education and who to trust

More effective law enforcement is just one of the tools needed to defeat the cybercrooks, experts say. More education and caution is needed by home users, who have been called the weak link in the chain that allows the bots to flourish.

Symantec Internet Security says home users are the target of 86 per cent of internet attacks, largely because they are far less likely than corporate users to have effective security measures.

Home users can help keep their machines — and the web — free of trojans (malicious software disguised as a legitimate computer file or program) and bots through some basic, but often ignored, safety steps.

"I talk to law enforcement around the world and they tell me that when they knock on the door of someone whose machine has been compromised, there's a look of shock and horror — but invariably they find there are [security problems such as] no passwords, open wireless, no security software, etc.," said Vincent Weafer, the senior director of development at the information security firm Symantec Corp.

"The best-practice steps are very simple and they haven't changed over the last couple of years."

Any computer that attaches to the internet should always have up-to-date firewalls and anti-virus software in place, for example.

Of critical importance is the immediate installation of software updates as required, especially for Windows users, since bots often get access to machines through known holes in popular software.

Human weakness also continues to be a problem. Two serious worm outbreaks in 2006 — Storm and Meteor — spread to hundreds of thousands of computers because users ignored years of warnings and opened suspicious e-mail attachments from strangers.

Experts still hopeful

In spite of all these issues, security experts generally feel that the criminal botnets can be beaten without changing the way we use the internet.

Secureworks' Stewart said he was confident the open web would continue and Arbor's Nazario echoed the sentiment.

"I think we're going to win in the long run, and very few people will retreat to isolated networks," Nazario said. "When I think about this, I'm an optimist."

Still, Zittrain, who postulates a potentially darker future, may have the last word: "Internet technologists often dismiss the problems of viruses and worms … because technologists know how to protect themselves against them."

Go to the Top

Menu

Main page

Technology

Green machines
Disk drive: Companies struggle with surge in demand for storage
Open season: Will court decision spur Linux adoption?
Analogue TV
Video games: Holiday season
Video games: Going pro
Guitar Hero
Parents' guide to cheap software
Working online
Laptop computers for students
Technology offers charities new ways to attract donations
The invisible middleman of the game industry
Data mining
Two against one
The days of the single-core desktop chip are numbered
Home offices
Cyber crime: Identity crisis in cyberspace
Yellow Pages - paper or web?
Robotics features
iPhone FAQ
Business follows youth to new online world
A question of authority
Our increasing reliance on Wikipedia changes the pursuit of knowledge
Photo printers
Rare earths
Widgets and gadgets
Surround Sound
Microsoft's Shadowrun game
Dell's move to embrace retail
The Facebook generation: Changing the meaning of privacy
Digital cameras
Are cellphones and the internet rewiring our brains?
Intel's new chips
Apple faces security threat with iPhone
Industrial revolution
Web developers set to stake claim on computer desktop with new tools
Digital photography
Traditional film is still in the picture
HD Video
Affordable new cameras take high-definition mainstream
GPS: Where are we?
Quantum computing
What it is, how it works and the promise it holds
Playing the digital-video game
Microsoft's forthcoming Xbox 360 Elite console points to entertainment push
Online crime
Botnets: The end of the web as we know it?
Is Canada losing fight against online thieves?
Malware evolution
Money now the driving force behind internet threats: experts
Adopting Ubuntu
Linux switch can be painless, free
Sci-fi projections
Systems create images on glass, in thin air
Power play
Young people shaping cellphone landscape
Digital cameras
Cellphone number portability
Barriers to change
Desktop to internet
Future of online software unclear: experts
Complaining about complaints systems
Canadian schools
Multimedia meets multi-literacy age
Console showdown
Comparing Wii, PS3 and Xbox 360 networks
Social connections
Online networking: What's your niche?
Virtual family dinners
Crackdown
Xbox 360 console game
Vista and digital rights
Child safety
Perils and progress in fight against online child abuse
Biometric ID
Moving to a Mac
Supply & demand
Why Canada misses out on big gadget launches
Windows Vista
Computers designed for digital lifestyle
Windows Vista
What's in the new consumer versions
Cutting the cord
Powering up without wires
GPS and privacy
Digital deluge
RFID
Consumer Electronics Show
Working online
Web Boom 2.0 (Part II)
GPS surveillance
Hits and misses: Best and worst consumer technologies of 2006
Mars Rovers
Voice over IP
Web Boom 2.0
Technology gift pitfalls to avoid
Classroom Ethics
Rise of the cybercheat
Private Eyes
Are videophones turning us into Big Brother?
Windows Vista
Cyber Security
Video games: Canadian connections to the console war
Satellite radio
Portable media
Video games
Plasma and LCD
Video screens get bigger, better, cheaper
Video games:
New hardware heats up console battle
High-tech kitchens
Microsoft-Novell deal
Lumalive textiles
Music to go
Alternate reality
Women and gadgets
High-tech realtors
The itv promise
Student laptops
Family ties
End of Windows 98
Bumptop
Browser wars
Exploding laptop
The pirate bay
Stupid mac tricks
Keeping the net neutral
PS3 and WII at E3
Sex on the net
Calendars, online and on paper
Google, ipod and more
Viral video
Unlocking the USB key
Free your ipod
In search of
Xbox
Sony and the rootkit
Internet summit
Electronic surveillance
[an error occurred while processing this directive] [an error occurred while processing this directive]
Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »