Botnets: "The Democratization of Espionage"
Botnets give the common hacker espionage tools formerly reserved for nation states. Former Washington Post security reporter Brian Krebs talks to Arbor Networks' Roland Dobbins.
By Brian Krebs
January 22, 2010 — CSO —
The cyber attacks against Google, Adobe and a raft of other top U.S. corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states.
The weapons at issue are, of course, botnets -- agglomerations of remotely controlled, hacked computers that are used for a variety of criminal purposes, from spam, to high-powered, distributed online attacks against virtual targets. In these attacks, the botnets acted as a sort of "cloud" data collection and storage network.
I caught up recently with Roland Dobbins, a solutions architect with the Asia Pacific division of Arbor Networks, a company that specializes in helping customers defend against botnet attacks. Dobbins said the Google incident a perfect example of how the botnet has enabled what he calls the democratization of espionage.
Brian Krebs: What does that mean—"the democratization of espionage"?
Roland Dobbins, Arbor Networks: Well, ten to fifteen years ago, if you were going to be the target of state sponsored or corporate espionage, you yourself were going to be a government or a large corporation that had intellectual property or information that an adversary was going to have to invest a lot of time and effort to pry out of you. What we have seen over the last five to seven years is that the botnet has democratized that process, so that now an individual can commit his own intelligence reconnaissance and espionage, whether at arms legth on behalf of a state, on his own, or whether he's doing it for corporate espionage. This whole process has tons of implications for national and corporate security, and for individual privacy.
For the attacker, the risk associated with launching these types of attacks has gone down quite a bit, too, no?
Absolutely. Whether or not you're a nation state, botnets allow you to mount an operation of this type for almost no cost, and there is pretty much no physical risk. In the spy world they talk about "black bag ops," where the spy tries to break into the corporate campus or government building to steal information. But with these attacks, there is no risk, and they can just keep trying and trying until they succeed.