• United States



by Dennis Mbuvi

IGF: Small Botnets Pose Security Risk to Internet

Oct 03, 20113 mins
Data and Information SecuritySecurity

Small botnets available for hire for as little as US$ 10 per hour pose a security threat to the Internet, says ICANN’s (Internet Corporation for Assigned Names and Numbers) Security and Stability Advisory committee (SSAC). Ram Mohan , a member of SSAC made the comments on Friday at a session titled “Mitigating Domain Name System Cyberattacks” during the ongoing Internet Governance Forum (IGF) in Nairobi. The sixth IGF, which comes to a closed its doors on Friday last week had been ongoing since Monday.

Mohan says that there are three organisations which determine whether you will be hacked on the Internet. This are the web host, the domain name registrar and the domain name system (DNS) resolver. The web host is the most common form of hacking where the server hosting a website is compromised.

Domian name registrars are firms that control and maintain the URL (address) that a server can be reached through. A hackers can thus control access to a service by taking over control of the address. Mohan says that there have been reported cases in which credentials of domain name registrars have been compromised leaving several addresses at the control of hackers.

Attacks on the domain name resolver are quite complex and mostly involve DNS cache poisoning. DNS servers contain information on what route a certain address can be reached though. A DNS cache poisoning sees an attacker change the routes and destination of certain Internet addresses on one or a number of such servers. Traffic to intended destinations can be intercepted by the attacker or even intercepted before been forwarded to the intended destination. An attacker may therefore gain information without the intended recipients been aware of the attack.

Distributed denial of service (DDOS) attacks are another form of attack which have been gaining prominence of late. The attack sees an attacker flooding a certain service with unnecessary request such that it is no longer accessible. DDOS attacks are normally carried out with the use of several computers which are usually under unified control, mostly due to thousands of computers compromised through vulnerabilities. Such botnets have grown from a peak of 1 Gbps(Gigabits per second) in 2006 to a peak of 49 Gbps in 2010.

Mohan though comments that authorities have been quite successful in bringing down such large botnets. Mariposa was one such botnet which controlled over 12 million PCs. Small botnets for hire though have become pervasive appearing and disappearing as soon as they appeared. Pricing ranges from $ 2500 to cloud based botnets that cost $60 per day or $ 10 per hour. Mohan says that such botnets operate in a guerrilla mode and usually have accomplished their purpose and disappeared before authorities react.

SSAC advises other security threats to the Internet include attacks to the root zone and intention of some governments to block some of the proposed generic Top Level Domains (gTLDs). SSAC though advises that such blockage is difficult to implement. Also difficult is an attack on the root zones. The Internet has 12 root servers which are maintained by different organisations, thus requiring a co-ordinated attack to take them down. Root zones are where a browser makes its first request in the process of resolving the location of a site that a user has requested. There is also little financial motivation in attacking root zones, hence the few number of attacks.