Friday, 30 October 2009

Botnets and distributed cracking

I've read and seen quite a few articles on botnets, and botnet culture.

Most describe the various business models; i.e. the criminal economics of running a botnet, such as making cash from spamming, DDoS, Ad-clicking, Scareware, key-logging and account stealing, hosting warez, and selling or renting botnets.

So, plenty of ways to make a few quid - if you have no morals.

However, there must be other more challenging things that can be achieved with a botnet, especially the larger ones with 100,000+ PCs.

I remember a good few years ago the SETI@home project where anybody with an internet-connected PC could participate by running a free program that downloads and analyzes radio telescope data to look for "intelligent" signals from space.

Basically this was an early trial of distributed computing using an opt-in botnet (not all botnets are bad)

Anyway, it has harnessed a massive amount of computing power over the years. Since its launch on May 17, 1999, five million people have contributed and the project has logged over two million years of computing time.

There are many other projects that have followed a similar model for other computations and you can now volunteer the idle time on your computer (Windows, Mac, or Linux) to; cure diseases, study global warming, discover pulsars, and many other types of scientific research.

So, back to the illegal botnets:

I can think of lots of calculations that could be done millions of times faster with the distributed power of a botnet; brute-force login attempts, hash cracking, forging SSL certs and cryptanalysis to name but a few. Its quite a scary notion for e-commerce.

Food for thought.

No comments:

Post a Comment