Posted on 10/27/2009 12:27:23 PM PDT by nickcarraway
Cisco boffins infiltrate a botnet to find out about online crime
By posing as a rogue programmer, Cisco researchers gained a unique insight into the world of botnets and their owners Poor education, a criminal record and a dislike of authority can all turn programmers bad. That's the finding of Cisco researchers who posed as botmasters to enter the world of online crime.
"I wanna do what I wanna do, whenever I want," one botmaster told the researchers. By posing online as a rogue programmer, the researchers got him to reveal how he spams thousands of instant messenger users with enticements to install infected utilities.
For every 10,000 messages sent, "at least one per cent" will respond and become part of his botnet. The team, from Cisco's Security Intelligence Operations unit, found that for botmasters, criminality is just a by-product of running a small business.
The botmaster said he sold a 10,000-machine botnet for $800, but also claimed that selling off infected machines is relatively rare. He said that a friend made between $5,000 and $10,000 per week solely through renting out his botnet to phishing gangs.
Dumbing down
Today, those without the necessary computer skills can easily gain access to advanced tools for creating profitable, robust and secure botnets.
Over the course of their online conversations, Cisco's researchers learned of online marketplaces where the budding cybercriminal can buy everything he needs to set up a botnet.
"The bot software is advertised much like any other software," claims Cisco. "Anyone with basic computer experience is able to run one. It's not necessary to understand the code, nor is there a need to understand networking."
Following the money
Alex Constantinides is a director of UK-based online security consultancy MetaSec. "It just goes to show how these things have evolved," he told us. "Originally, simply knocking servers off the net was the thing – for fun. Then botnets became a blackmailing tool. Now they're predominantly used for financial gain."
Janet Williams is a Deputy Assistant Commissioner with the Metropolitan Police Service, and she heads up the Police Central e-crime Unit (PCeU). Williams has just launched the ACPO e-crime Strategy, designed to help police forces pool their resources in response to e-crime.
"This strategy is designed to assist law enforcement in building a response to this challenge," says Williams. "We trust that by doing so we'll enhance both industry and public confidence."
Potential botmasters tend to fit a profile, so identifying them shouldn't be difficult, as F-Secure's Mikko Hypponen points out:
"It's often the people with the skills but without the opportunities," he says. "Many of these online criminals are coming from developing countries. If you know how to code and are living in London – great! You'll get a job easy," says Hypponen. "If you know how to code and are living in Siberia – not so great."
"The only real way to find the perpetrators, like traditional bank robberies, is to follow the money," Roger Thompson, Chief Research Officer at AVG Technologies, told us. "However, even this becomes difficult as it involves multiple countries and there are many different layers and players."
The strongest psychological factor for many botmasters may simply be the excitement of breaking the law, as Hypponen concludes: "Some people would have the opportunities but still choose the dark side…" he says.
Ping
Ah...a Liberal.
Considering how much aggravation and damage computer viruses cause for millions of people worldwide, I dont think its extreme to suggest their creators be hunted down, dragged into the street and summarily shot.
I wonder who most hackers and bot pirates and criminals vote for?
Do you have to guess?
Dims and “liberals” never want to pay for anything.
They all think that everything should be “free”.
IIRC, the #1 email spammer in Russia was found beaten to death a number of years ago. A good start.
It depends on when the US starts allowing online voting. Look for this to be Zero's next big push.
FRAUD INVESTIGATION UNIT,
FEDERAL BUREAU INVESTIGATION.
THE NATWEST BANK LONDON WROTE TO US TO INVESTIGATE ONE MR. DONALD WRIGHT
OF 1404 SW 13 PL TROUTDALE. OREGON 97060,USA,WITH THIS ACCOUNT INFORMATION:
WELLS FARGO BANK, OREGON BRANCH,USA, ACCOUNT NO:0177464518, ROUTING NO: 10108942.
HE CLAIM TO BE YOUR REPRESENTATIVE AND ASK THEM TO TRANSFER YOUR (USD10.5MIL LION) INHERITANCE FUND TO THEM,
SO PLEASE CONFIRM TO US IF THIS MAN IS TRULY YOUR REPRESENTATIVE?
AND CONTACT MR. CHARLES LLOYD OF REMITANCE DEPT. ON THIS EMAIL: natwestremitancedepatments@gmail.com
OR CALL HIM ON +447045752098 FOR CLARIFICATIONS.
REGARDS,
ROBERT MUELLER,
DIRECTOR FBI.
TEL-206-350-5096
FAX-206-339-7762
Note that none of these activities involve cracking into somebody else's computer. That's hard. Nothing listed above is hard.
Do you have to guess?
Dims and “liberals” never want to pay for anything.
They all think that everything should be “free”.
No... these guys strike me as having a very firm grasp on capitalism. No doubt they would strongly lean Dem if voting here in the states, but I don't think you can say they aren't capitalists.
You do have a point there.
Thanks for the ping.
I've often wondered what happened to "spoiled brats" when they grew up...
I’ll bet they’re all dems - most criminals are...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.