In a recent publicity stunt the BBC program Click used a botnet in coordination with the security firm Prevx to send out spam and perform a DDoS (distributed denial of service) attack. They first obtained two email accounts, one with gmail and one with hotmail. They then commanded each online PC controlled by the botnet to send out 500 spam emails to each of the gmail and hotmail accounts. This news segment is called “BBC team exposes cyber crime risk”. In the DDoS attack they ordered the botnet to attack a test site that was setup by Prevx. They stopped the attack once 60 online botnet machines had joined in. This news segment is called “How Cyber criminals attack websites”. After the completion of the botnet attacks they ordered the botnet to change the desktop wallpaper of the controlled PCs to a warning message from BBC stating that the PC had been infected.
Just a bit of background to put this into context. Basically a botnet is a collection of compromised computers that are all controlled by a single entity. Typically a hacker will create a virus that will infect hundreds/thousands of machines. The machines can be anything from home computers to government and military super computers. The virus will then notify the creator of an infection, or the creator will actively search for infections. The virus will provide some means for the creator to log onto the infected computers and issue commands. In the case of BBC, they logged onto hacker chat forums and then purchased access to a botnet that a hacker was controlling. We could certainly speak to the ethical arguments against paying a criminal for unauthorized access to 22,000 computers. keep reading…
