Humans replace machines in future botnets

By on
Humans replace machines in future botnets

Human nodes outsmart conventional defences.

Cheap human labour could be used to power botnets, according to Akamai’s security chief.

Andy Ellis, chief security officer of networking giant Akamai and former US Air Force officer and warfare engineer for the US Central Command, said criminals may seek to build botnets from armies of cheap labour, rather than hijacked computers.

Botnets contain large amounts of compute power pooled from compromised hosts. These infected computer networks are issued directions by command and control servers and can be used for online criminal activities including distributed denial of service (DDoS) attacks, malware and spam delivery and hacking.

A human-powered botnet, Ellis said, could bypass defensive checks used by organisations to determine if their website visitors are legitimate customers or compromised computers.

“How do you defend against a human botnet if your defensive mechanisms are based on scripts?” Ellis said.

“This type of botnet is an evolution, similar to the way [the online Anonymous collective] sources users to help launch DDoS attacks. Someone would just hire 10,000 people from [developing countries] to build their botnets.

“Someone will monetise this. The labour is pretty cheap.”

Such a botnet could be used for extortion, which Ellis said was the most common motive behind DDoS attacks.

In those attacks, a victim's network is typically crippled with junk traffic sent from a botnet over an hour.  The attacker would then contact the victim and threaten further attacks unless demands were met.

But it was difficult to gauge the effectiveness of online extortion attacks. Few victims were willing to admit to being attacked, and fewer still were prepared to say they had paid off perpetrators.

A human-powered botnet would make such attacks more effective, according to Ellis.

Similar efforts to Ellis' botnet concept were already under way. He pointed to massive electronic cash-farming operations in which cheap or free labour was used to generate cash online, often within video games.

In one operation, a Chinese prison camp was accused of forcing inmates to play the online video game World of Warcraft for hours online to find items of value which were later sold for cash.

Human-powered bots

Cheap human labour could be used to power botnets, according to Akamai’s security chief.

In his prediction, industry veteran and chief security officer of networking giant Akami, Andy Ellis, said criminals may seek to build botnets from armies of cheap labour, rather than hijacked computers.

Botnets offer large amounts of compute power pooled from compromised hosts under the control of bot command and control servers. They can be used for a variety of online criminal activities including distributed denial of service (DDoS) attacks, malware and spam delivery and to aide in hacking.

A human-powered botnet, Ellis said, could bypass defensive checks used by organisations to determine if website visitors are legitimate customers or compromised computers.

“How do you defend against that it if your defensive mechanisms are based on bot scripts?” Ellis said.

“This type of botnet is an evolution, similar to the way Anonymous sources crowds to launch distributed denial of service attacks. Someone would just hire 10,000 people from [developing countries] to build their botnets.

“Someone will monetise this. The labour is pretty cheap.”

Such a botnet could be used for extortion attacks, which Ellis said is the most common reason for DDoS attacks.

It would be similar to the massive electronic cash-farming operations that made headlines in recent months. In one operation, a Chinese government was accused of forcing prisoners to search for hours online for find items of value in the World of Warcraft online video game, which were later sold to sell for money.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?