There's a very interesting article about a group of European researchers who found a method to disrupt and, eventually, disable the Storm Botnet.
For those not familiar with the Storm Botnet, it's one of, if not the, largest botnets in the world. That is to say, it's a network of trojan-infected computers that can be controlled to act in unison. This makes it very capable in network attacks, and this particular botnet has been traced back to a great deal of cybercrime.
That's the two-sentence definition. Wikipedia has a fairly good article on it: Here
and for more thorough, geekier coverage, Bruce Schneier has an essay on the subject as well at Schneier on Security.
So why is this interesting in relation to international security? Because the Botnet functions, essentially, in the same manner that a terrorist network does. The same problems face network-security professionals confronting botnets as confront national and international security groups confronting terrorist networks. Namely, both are 'headless' in nature- there is no central hub or command & control center (by which I mean an individual or an institution/state) which can be targeted to eliminate the threat.
By many estimates, the combined power of the Storm botnet exceeds that of many supercomputers, since so many small 'actors' (in this case zombie computers) contribute to a common effort. The analogy here is fairly clear: the same dynamic is what makes terrorism such a serious threat- the biggest carrier battle group, heaviest bomb, or most well-coordinated ground strike won't eliminate something that is spread out, relatively thinly, over the world.
In the case of the Storm botnet, many groups have been tracking and analyzing its size and actions for some time. This is the first time an effective means of shutting it down has been found.
So what's their method? The Botnet has to communicate and coordinate to be useful. Each individual computer has a key that's created, and sent out, to find the other computers in the network. The researchers created a system not only to identify these, which would be nothing new, but also to insert pieces of code into them that 'pollute' the keys. Thus, that piece of the botnet is unable to communicate with the rest of the network.
They disrupt the communication between the individual bots and the larger network. If they can't communicate, they can't coordinate, and if they can't coordinate then they're no longer a network.
So what are the downsides? Since these are part of the more 'overt' network, it can potentially mitigate the threat of the botnet, but, at least in its current form, it won't point to those controlling the Storm botnet. This is because of a 2-tier system, which isolates the controlling computers from the acting, controlled network. The other downside is that if another program happens to send something similar enough to the Storm's key appearance, those communications would also be disrupted.
Now, in the case of a botnet that, while terrifyingly huge (monitored at "5,000 and 40,000 machines online at a time....[and with] bots in 200 countries." - darkreading.com), hasn't done very much, this may not be a worthwhile risk.
In the analogous case of terrorist networks that kill and injure many, many people each day, and carry much more real-world force than a network of computers, analogous risks seem minor.
To conclude, what this makes clear for combatting malevolent networks, computer or human, is that the first prerequisite is to understand how to spot those contributing to the network. The second prerequisite is to understand how to identify their communications and thus reach a nominally accurate method of tracking their numbers, actions, and communications. Finally, the effective response to disempower the network is to disrupt these communications in a way that isolates the contributing individuals into the smallest numbers possible.
This doesn't even necessarily mean imprisoning them, just making them unable to communicate with as much of the rest of the network as is possible.
Sources:
DarkReading.com
Schneier on Security
Wikipedia.org - Storm Botnet article
and the post on Slashdot, with an interesting conversation on the implications of this tactic: Slashdot.org - Researchers Infiltrate and 'Pollute' Storm Botnet
Thursday, April 24, 2008
Tuesday, April 22, 2008
Aging the candidates
This was an interesting article I ran across today:
The Candidates: How Will They Look in Four Years?
I think they were a bit harsher on Hillary than the others, but overall it's a very interesting exercise.
The Candidates: How Will They Look in Four Years?
I think they were a bit harsher on Hillary than the others, but overall it's a very interesting exercise.
Subscribe to:
Posts (Atom)
Posts
