Cheap human labour could be used to power botnets, according to Akamai’s security chief.
Andy Ellis, chief security officer of networking giant Akamai and former US Air Force officer and warfare engineer for the US Central Command, said criminals may seek to build botnets from armies of cheap labour, rather than hijacked computers.
Botnets contain large amounts of compute power pooled from compromised hosts. These infected computer networks are issued directions by command and control servers and can be used for online criminal activities including distributed denial of service (DDoS) attacks, malware and spam delivery and hacking.
A human-powered botnet, Ellis said, could bypass defensive checks used by organisations to determine if their website visitors are legitimate customers or compromised computers.
“How do you defend against a human botnet if your defensive mechanisms are based on scripts?” Ellis said.
“This type of botnet is an evolution, similar to the way [the online Anonymous collective] sources users to help launch DDoS attacks. Someone would just hire 10,000 people from [developing countries] to build their botnets.
“Someone will monetise this. The labour is pretty cheap.”
Such a botnet could be used for extortion, which Ellis said was the most common motive behind DDoS attacks.
In those attacks, a victim's network is typically crippled with junk traffic sent from a botnet over an hour. The attacker would then contact the victim and threaten further attacks unless demands were met.
But it was difficult to gauge the effectiveness of online extortion attacks. Few victims were willing to admit to being attacked, and fewer still were prepared to say they had paid off perpetrators.
A human-powered botnet would make such attacks more effective, according to Ellis.
Similar efforts to Ellis' botnet concept were already under way. He pointed to massive electronic cash-farming operations in which cheap or free labour was used to generate cash online, often within video games.
In one operation, a Chinese prison camp was accused of forcing inmates to play the online video game World of Warcraft for hours online to find items of value which were later sold for cash.