For over a decade and as early as 2000, hackers have been breaking into computers over the internet and controlling them en masse from centralised systems. They use botnets and their combined computing power to launch distributed denial-of-service (ddos) attacks. These flood websites with traffic to take them down.
Now smart home gadgets, in the ’internet of things,’ are flooding the market. Multitudes of homes now have some sort of smart gadget installed. The problem is, these devices typically have little or no security which means if doesn’t take hackers a lot of effort to take them down. That makes it easier than ever to build huge botnets that can take down more than one site at a time.
Last year, a botnet made up of 100,000 compromised gadgets knocked an Internet infrastructure provider partially offline. Taking down that provider, Dyn, who operate domain-name servers that connect end users to websites, resulted in a cascade of effects that ultimately caused a long list of high-profile websites, including Twitter and Netflix, to temporarily disappear from the Internet. The botnet that attacked Dyn was created with publicly available malware called Mirai that largely automates the process of co-opting computers. It is certain more attacks will follow.
These ‘Internet of things’ devices are not designed with security in mind and often have no way of being patched. In other words, any devices that have become part of Mirai botnets, will be vulnerable until their owners throw them away. As more and more vulnerable devices are placed in our homes it is unavoidable that botnets will get larger and more powerful simply because of the number. The best defence would be for everything online to run only with secure software, so botnets couldn’t be created in the first place. This isn’t going to happen anytime soon.
So, what do hackers actually do with them and what do they use them for? Well many things, here are some.
They use breakthrough malware that takes control of video recorders, webcams and other consumer devices to cause widespread internet outages. This is of enormous concern because botnets based on this software are disrupting larger and larger swaths of the internet and they are getting harder to stop. The key players in this are those who created the Mirai botnet software and all of us who run a poorly secured device on line.
Another way botnets are used is to commit ‘click fraud. This is done to fool advertisers into thinking that people are clicking on and viewing their ads. Google ads pay site owners according to the number of people who click on them. An attacker will embed a google ad on a web page he owns and instruct all computers on his botnet to repeatedly visit the website and click on the ads. This is how they profit. If those botnet makers can find a way to siphon revenue from big online companies it is possible the whole internet advertising model may crumble.
Similarly, botnets can be used to evade spam filters, which work partly by knowing which computers are sending millions of e-mails. They can speed up password guessing to break into online accounts, mine bitcoins, and do anything else that requires a large network of computers. This is why botnets are big businesses. Criminal organisations rent time on them.
Denial-of-service attacks are the botnet activities that most often hit the headlines. For financially motivated groups they use them as a form of extortion whereas political groups will use them to silence websites they don’t like. These sorts of attacks will certainly be a tactic in any future cyberwar.
What should be done to address this rising threat?
Once you know a botnet exists, you can attack its command-and-control system. When botnets were rare, this tactic was effective. As they get more common, this piecemeal defence will become less so. You can also secure yourself against the effects of botnets. For example, several companies sell defences against denial-of-service attacks. Their effectiveness varies, depending on the severity of the attack and the type of service. But overall, it seems the trends favour the attacker and it seems we can expect more attacks like the one against Dyn in the coming year.