| Page 3 of 3 < |
Bringing Botnets Out of the Shadows
|
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
"The botnets we've already shut down have a real possibility of popping back up again tomorrow," Albright said.
Such constant attacks and setbacks can take an emotional toll on volunteers who spend countless hours not only hunting down bot herders but in many cases notifying the individuals or institutions whose networks and systems the hackers have commandeered. This is largely a thankless job, because in most cases the victims never even respond.
David Taylor, a senior information security specialist at the University of Pennsylvania, knows all too well what botnet-hunting burnout feels like. Taylor was invited to join Albright and the Shadowserver crew following a story at washingtonpost.com detailing his conversations with a botmaster named "Diabl0." The hacker bragged about making money with his botnet through adware installations. (Diabl0 -- an 18-year-old Moroccan national named Farid Essebar -- was eventually arrested on suspicion of authoring the "Zotob" worm that infected hundreds of companies in a high-profile attack last fall.)
A few months ago, Taylor became obsessed with tracking a rather unusual botnet consisting of computers running Mac OS X and Linux operating systems. Working a week straight, Taylor located nearly all of the infected machines and had some success notifying the owners of those systems, but the Taiwanese ISP the hackers used to host their control center repeatedly ignored his requests to shutter the site.
Since that incident, Taylor has distanced himself from bot hunting -- if only, he says, to make time for other interests. These days he spends most of his spare hours doing something far less stressful -- painting.
"Bot hunting can really take over your personal life, because to do this right you really have to stay on top of it -- it can't just be something you do on the weekends," he said. "I guess it takes a special type of person to be able to sustain botnet hunting. ... I don't know anyone who pays people to do this kind of work."
Recent media attention to the Shadowserver project has generated interest among a new crop of volunteers eager to deploy honeynet sensors and contribute to the effort. Albright says he'll take all the help he can get, but he worries that the next few years will bring even more numerous and stealthy botnets.
"Even with all the sensors we have in place now, we're still catching around 20 new unknown [bot programs] per week," he said. "Once we get more sensors that number will probably double."
Albright said that while federal law enforcement has recently made concerted efforts to reach out to groups like Shadowserver in hopes of building a more effective partnership, they don't have the bodies, the technology, or the legal leeway to act directly on the information the groups provide.
"Our data can't be used to gather a warrant," Albright said. "Law enforcement has to view the traffic first hand, and they are limited on what and when they can view."
"It's going to get a lot worse in the next two years. We need a taskforce or law enforcement agency to handle these types of intrusions ... and that needs to be all they do," Albright said. "Sadly, without more law enforcement support this will remain a chase-your-tail type game, because we won't ever really shut these networks down until the bot master goes to jail, and his drones are cleaned."
