How pro-WikiLeaks hackers wage cyberwar without hijacking your computer
Some 'hacktivists' use malicious software to capture and control unwitting computer 'zombies,' but WikiLeaks avenger 'Anonymous' is using social media to mobilize hordes of volunteers.
Botnets, networks of thousands of computers working in tandem, have become one of the most pervasive threats on the Internet – a tool used by criminals for extortion, spamming and identity theft – but also by hacktivist groups that want attention.Skip to next paragraph
Subscribe Today to the Monitor
And they are the weapons of choice for “Anonymous,” the loosely affiliated global cybermilitia that has been waging retaliatory attacks on major corporations in defense of WikiLeaks and its embattled founder, Julian Assange.
Typically, building botnets requires using malicious software to invade thousands of poorly guarded computers, take them over, and thus make them "zombies." Each zombie can fire thousands of requests per second at a target website. Thousands of zombies collected by a "bot-herder" then become a botnet.
But Anonymous has taken a different approach with Operation Payback, the name it has given its bid to avenge efforts to shut down WikiLeaks. It is building its own home-grown "voluntary" botnet, attracting people to put the botnet software on their own computers. About 2,200 or more people have done so by one count.
The cost of botnet technology is cheap. Anyone who wants to buy a "botnet kit" to build their own can do so for less than $1,000, says Derek Manky, a botnet expert at Fortinet, a Sunnyvale, Calif., Internet security firm.
To be sure, shutting down Visa or Mastercard would require a massive "high horsepower engine" with many botnets controlling hundreds of thousands of computers, he says. Or just maybe, with many far smaller botnets working together, it might still be possible to clog even a big website by making millions of virtual requests for information simultaneously. A sort of grass-roots cyberblockade.
The availability of botnet kits means even the technically unsophisticated can do it for fun and maybe a little illegal profit.
In 2009 Symantec, the big antivirus company, reported it had detected nearly 7 million botnets on the Internet. Others say the number is far higher than that. No matter how many there are, the main function of an involuntary botnet has been to make money through extortion from companies – like online casinos – by requiring them to pay or be shut down by a botnet-directed distributed denial of service (DDoS) attack.
Operation Payback's hybrid approach
By harnessing the power of social media – Twitter, Facebook, and Internet message boards like 4chan – Anonymous has apparently convinced a number of other botnet operators to join in the attacks, botnet experts say.