Slashdot Mirror

← Back to Stories (view on slashdot.org)

USAF Considers Creation of Military Botnet

Posted by CmdrTaco on from the all-to-steal-wow-gold dept.

sowjetarschbajazzo writes "Air Force Col. Charles W. Williamson III believes that the United States military should maintain its own botnet, both as a deterrent towards those who would attempt to DDoS government networks, and an offensive weapon to be used against the networks of unfriendly nations, criminal groups, or terrorist organizations. "Some people would fear the possibility of botnet attacks on innocent parties. If the botnet is used in a strictly offensive manner, civilian computers may be attacked, but only if the enemy compels us. The U.S. will perform the same target preparation as for traditional targets and respect the law of armed conflict as Defense Department policy requires by analyzing necessity, proportionality and distinction among military, dual-use or civilian targets. But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians. If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them." What does Slashdot think of this proposal?"

37 of 440 comments (clear)

  1. We must defend ourselves by slackoon · · Score: 4, Insightful

    I'm all for the theory that if you attack us we will defend ourselves. The "you" in that sentence does not matter, in other words, if an ant bites us we step on it, if a dog bites us, we kick it and if an enemy country uses pereonnal computers to attack us, we use botnet.

    1. Re:We must defend ourselves by gnick · · Score: 3, Insightful

      ...if an ant bites us we step on it, if a dog bites us, we kick it... I think you're over-simplifying. Your ant and dog are willing attackers. If civilians were volunteering their computers to participate in the attack, it's a no-brainer. In my opinion, civilians willingly participating in an attack are no longer civilians (military law and technical definition of "civilian" may differ - IANAL).

      However, most botnets are assembled from compromised computers belonging to people who lack the sophistication to properly secure them. That's a more complex issue - Maybe we go ahead and nuke their computers anyway, but it deserves more consideration than stomping on a hostile ant.
      --
      He's getting rather old, but he's a good mouse.
    2. Re:We must defend ourselves by Orange+Crush · · Score: 5, Insightful

      And most (real, not the jingoist xenophobic crap that passes for it now) threats to national security are surrounded by innocent civilians who lack the "sophistication" (or are just scared sh*tless) to overthrow an opressive regime themselves.

      Now, since we're not talking about injuring or killing people--just essentially jamming their net connection for a little while, and maybe messing up their computers--I'm much less concerned about "civilian casualties" of a botnet war. (That is, until the botnets send the robots to come kill us).

      A hostile ant isn't biting you because it's mean, it's instinct since you've been perceived as a threat to the colony. Hostile antbites also don't result in millions of dollars lost when mission critical infrastructure is brought down.

    3. Re:We must defend ourselves by Cabriel · · Score: 2, Insightful

      Civilian casualties can be pretty bad with computer attacks. Given how much laymen trust their computers so much that phishing and keyloggers are such a threat, it's pretty obvious that a lot of people are keeping a lot of important information on their computers. If a military attack somehow permanently damaged the wrong computer, whether by accident or deliberate action, a person might lose a lot of financial information, business information, money-earning projects and what-have-you. No person will suffer a direct, physical attack, but the repercussions could still ruin a life's work.

      Obviously, the counter-argument is "always back up your data" or "don't rely on computers so much" to which the follow-up is "if they didn't back it up, they got what they deserved." However, the same argument could be made of real-life incidents: "Never associate with [terrorists|the enemy]" and "if they didn't leave that town, they deserved to be bombed with the [terrorists|enemy]". Would that be an acceptable excuse? I don't think so.

  2. Hmm? by Kingrames · · Score: 5, Insightful

    No good can come of this.

    A botnet is like a disease. Not a bomb. Deliberately infecting your own computers is a horrible idea.

    --
    If you can read this, I forgot to post anonymously.
  3. The path... by FrankSchwab · · Score: 2, Insightful

    Let's see...
    It's a military necessity to have a botnet...so it will become my patriotic duty to allow their malware to reside on my machine. AV will be modified to not report it's existence. I will have no control or knowledge of what it's doing, or what it's reporting.

    Then, those in charge of the program will complain that the citizen's computers are "unreliable" - they get turned off, are filled with competing malware, etc. So they will let a contract to Grumman or Lockheed for 10 million computers, to be scattered across the country/world as dedicated US Militarty Botnet computers, at, say, 10,000 dollars apiece. Due to specification changes, additional missions, etc., cost ovveruns will push the cost to 100,000 dollars apiece. The Congress will get involved, and will reduce the number of computers to buy to 10,000, will add additional missions and capabilities, and the per-unit cost will climb to $1,000,000. Five years later, the program will be cancelled.

    And, still, the government malware will reside on my machine.

    --
    And the worms ate into his brain.
  4. Re:I'm Suprised by gunnk · · Score: 5, Insightful

    You hit the nail on the head!

    A botnet's great strength is that it is dispersed. House it only on military computers and you cripple it. Put it "out there" in some form, though, and you risk having the CNC reverse engineered and the botnet might suddenly "belong" to someone else.

    Bad idea.

    --
    Life is short: void the warranty.
  5. Re:Wait What? by chalkyj · · Score: 2, Insightful

    What makes them think that botnet will be made up of computers located in some other country in the first place? As I remember, a massive proportion of infected computers in existing botnets are in the US. Quick, lets attack our own computers!

  6. Re:I'm Suprised by Anonymous Coward · · Score: 1, Insightful

    [quote]I'm Surprised that they are not doing this already.[/quote]

    What makes you think they aren't?

    Everyone said 'wow' when they made the stealth bomber public in '88, but they sat on it for eight years before telling anyone.

  7. Which country would that be again? by Ice+Tiger · · Score: 5, Insightful

    "If the enemy is using civilian computers in his country so as to cause us harm, then we may attack them"

    It might be found that the enemy botnet just doesn't respect political borders and will be using machines within ones own country. What happens then?

    --
    "Because we are not employing at entry level, offshoring will kill our industry stone dead."
  8. And this is why the military never works with... by localroger · · Score: 4, Insightful

    ...disease pathogens. Oh wait...

    --
    Brackets contain world's first nanosig, highly magnified:[.]
  9. Re:I'm Suprised by apt142 · · Score: 5, Insightful

    Why would they need to install them on civilian PC's? The US Gov't, unlike a lot of botnet creators, has a hell of a lot of funding. They could just buy a bunch of computers specifically for the task.

    Or, they could just take every computer that is upgraded/rotated out of a federal government facility and set it aside for this job.

    Or the US Gov't could just add a program to all of their active computers that relinquishes their idle time to the botnet. Sort of a militant version of Folding@home. (Civilians could even opt into this one.)

    Or they could do all of the above. They wouldn't need to touch a civilian PC to get a formidable botnet.

    --
    Star Pirates
  10. Historical Perspective by nick_davison · · Score: 5, Insightful

    "But neither the law of armed conflict nor common sense would allow belligerents to hide behind the skirts of its civilians." Remember that much celebrated tea party in, where was it, Boston? The one where none of the protagonists war uniforms or abided by the laws of armed conflict and then slipped back in to the public masses? The one where, today, the U.S. would classify them as illegal combatants and deny them access to any legal protection?

    The one where the superior military, that could crush its opposition anywhere they stood and fought, couldn't defeat an army that kept slipping in to the countryside?

    The one where the "evil" greater power could be demonised every time they caused collateral damage or took reprisals on the people the weaker force hid behind?

    The one where the great general George Washington brilliantly used geurilla tactics to make up for never having more than 17,000 men in the field at any one time?

    The one where, soon after winning its largely guerilla war, they wrote the second ammendment to their constitution to enshrine the right to that kind of combat?

    The one where the larger but distant power regarded the attacks on its own holdings as terrorism - the term just wasn't widely used yet?

    It's ironic that a nation formed on, and celebrating in its constitution, the principles of armed insurrection, guerilla warfare and terrorism when it was the weaker power gets its panties in such a collective bunch when people do exactly the same thing that worked so well for it back again.

    Remember: If you win and you're powerful enough to write the history, it's noble. If you lose, it's evil terrorism. Until it's decided, which one it's viewed as simply depends on which side you're on.
    1. Re:Historical Perspective by King+Louie · · Score: 3, Insightful

      Historical perspective, indeed. Your comparison between the American Revolution and modern terrorists suffers from some fatal flaws, among them:

      - American revolutionaries may have blended in among the civilian population while not fighting, but they did not hide behind the civilians while in the act of attacking. Modern terrorists often deliberately launch attacks from locations that are surrounded by civilians in the hope of incurring embarassing collateral damange when the target counter-attacks

      - While many of the Colonial forces may have fought using irregular tactics, that is not the same as flaunting the customary laws of war. The vast majority of them obeyed the laws of armed conflict as they existed at that time (e.g., prisoners were treated humanely, not beheaded)

      - While there are civilian casualties in all wars, there is a world of difference between inadvertently killing or maiming noncombatants and deliberately targeting them. Instances of either side in the American Revolution deliberately targeting civilians were few and far between; for modern terrorists, targeting civilians is the norm

      Try not to let your political views get in the way of historical facts.

    2. Re:Historical Perspective by Red+Flayer · · Score: 1, Insightful

      The basis of the American Revolution was "no taxation without representation". The basis of the whatever-you-call-it the Muslims are doing is "Jews are dogs and America is the Great Satan".
      Poppycock. The American Revolution had it's own propaganda, and since "we" won, that propaganda was written as history. There were a lot of reasons for the American Revolution, but taxation without representation ranks far down the list -- it was more about power -- the new American elite had no political power, no access to the throne and resented it. The British colonies in the Americas faced a tax burden far lower than their erstwhile compatriots in Britain.

      Just as the radical Muslims demonize the West, particularly Americans, and Jews, American rebels demonized sympathizers with the crown. There were acts of terror (keep in mind that without terrorism in New Jersey and the Carolinas, the rebels would likely have lost the war, due to Tory support), there was propaganda (some of which was truth, some of which was not).

      As others have noted, history is written by the winners. If you read a lot about the American Revolution (what you learned in grade school/high school is mostly crap), you'll come to view it slightly differently... and realize that it has a lot in common with the radical Muslim position. They are angry of American cultural and economic hegemony... the American Revolution was very similar, though it added political hegemony to the mix. Since today, with Capitalism having conquered Democracy, economic hegemony == political hegemony, it's no surprise that the American Empire is resented.

      All that said, I am not an apoligist for Muslim extremism -- but understanding it makes it easier to battle.
      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  11. Re:where can i get some by Anonymous Coward · · Score: 1, Insightful

    Wake up from that jingoist rubbish. Botnets can't 'defeat' each other. The bandwidth used in the attack comes out of OUR infrastructure as well as theirs. The idea is nothing but fucking stupid and would do nothing but harm to everyone. Nobody wins.

  12. Hoisted by their own petard! by ^_^x · · Score: 2, Insightful

    Given their track record, once the botnet comes online I give them three months tops before someone else hijacks it and uses it to drop US gov't websites just to show them it can be done. Watch as they scramble to bring even more offensive capabilities online in response to the demonstration.

    Hahaha... welcome to the digital cold war.

  13. But can the US win? by AmiMoJo · · Score: 4, Insightful

    In a traditional war, the idea is that the US could win by having a larger, better equipped and high tech army. Of course, it doesn't always work in places like Iraq or Afghanistan, but that's the theory.

    On the internet, small groups of individuals can wield as much power as the US armed forces could hope to. Massive botnets are hardly new.

    Also, how exactly would targeting infected civilian PCs help? The first 'D' in DDOS stands for "distributed", i.e. blasting PCs off the internet one at a time isn't going to help much.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:But can the US win? by eagl · · Score: 2, Insightful

      Dismantling botnet clients is one possible use of a military botnet. Assume a hostile botnet has 1,000,000 computers, and 100,000 military computers are used. That means each military botnet client only has to disable 10 hostile clients. And the military clients are behind generally robust firewalls making counterattacks difficult without first compromising the entire .mil infrastructure.

  14. Re:I'm Suprised by iminplaya · · Score: 5, Insightful

    Patriotic Americans who allow the govt to install software on their machine to attack the enemy is all well and good...

    And it makes the civilian population a legitimate military target. A little like hiding the missiles in the churches.

    --
    What?
  15. Re:I'm Suprised by QuantumRiff · · Score: 4, Insightful

    Wouldn't it just be easier to "accidentally" anchor some navy ships in the wrong spot, and sever many of the connections to the area. We learned this last winter that you don't need to cut off areas, just make their working links so oversaturated that they are essentially worthless.

    --

    What are we going to do tonight Brain?
  16. Re:I'm Suprised by peragrin · · Score: 2, Insightful

    your quite correct but.

    If you linked up the FBI, CIA,and DHS windows computers you would have a pretty wide network. your not talking about a single point, your talking tens of thousands.

    --
    i thought once I was found, but it was only a dream.
  17. Don't be silly... by FrankSchwab · · Score: 4, Insightful

    A botnet succeeds in DDOS because it's able to leverage the bandwidth of 10's or 100's of ISPs to overwhelm the resources of the 1 ISP or server that a site is hosted on.

    For a US Military operation, you wouldn't bring the headache of maintaining 1,000,000 crappy old PCs stuffed in unused closets to bear on the problem. You'd build big machines, and you'd locate them on major backbone networks. When it came time to bring a little DDOS to bear on the enemy, you would have your big machine fire packets. It could spoof IP addresses as it wished; it could use yours, and you wouldn't even know it!

    No one other than the technicians on the backbone could tell the difference between this and a hacker's botnet. But it would at the same time be much larger scale, cost more, and be theoretically more efficient - all positives in the military contracting arena.

    --
    And the worms ate into his brain.
  18. Re:I'm Suprised by CastrTroy · · Score: 4, Insightful

    The US military has bases all over the country, and even all over the world. Put 10-100 computers in at each military base to participate in the botnet, and you could probably have a pretty strong botnet.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  19. What do I think of this? by Glock27 · · Score: 2, Insightful

    Army and Navy will want botnets too! Seriously, cyber warfare will be a big issue of two high-tech countries ever go to war against each other again... ;-)

    --
    Galileo: "The Earth revolves around the Sun!"
    Score: -1 100% Flamebait
  20. Re:I'm Suprised by gnick · · Score: 3, Insightful

    If you linked up the FBI, CIA,and DHS windows computers you would have a pretty wide network... ...with easily determined IP-blocks that can be easily black-listed. Hell, PeerGuardian would do a pretty decent job defending against that without even having to get fancy.
    --
    He's getting rather old, but he's a good mouse.
  21. Re:I'm Suprised by morgan_greywolf · · Score: 2, Insightful

    But it is certainly possible to create an uncompromiseable botnet.
    <sarcasm type="heavy"> Right. Because there is such a thing as uncompriseable security.^lt;/sarcasm^gt;
    --
    My blog
  22. Since Military Intelligence is an Oxymoron... by ctdownunder · · Score: 2, Insightful

    What sane person would even think of letting our military (but god bless the soldiers, wave the flag now, sing the anthem etc...) -or any other acronym based "service/agency" for that matter- do something so dangerous to the common U.S. citizen John Q. Public?

    Why don't we just let the government blatantly spy on us, arrest us without warrants? Or make a mockery of our constitution? Ohhh sh.. wait they already did and are! If the people have the government they deserve. It seems that "we the people" are not very smart!

    --
    The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
  23. Mod parent up. by khasim · · Score: 3, Insightful

    Yep, that's the logical way to do it.

    The problem is that this is an illogical response. What are they going to actually do with this patriotic attack system? DDoS a zombie? A few zombies? A hundred zombies?

    At some point, the battle becomes worse than the attack. The attacker has thousands (hundreds of thousands? a million?) zombies. What use is "attacking" them like this?

  24. Democracy and the volunteer Army by mlwmohawk · · Score: 2, Insightful

    Hey, while I think the current administration is repugnant and creates military enemies out of greed, and regards government and the military as nothing but a means to a financial end, I have to say I still think the military fights for the nation, and sometimes, must follow a corrupt president to prevent constitutional destruction. Honor our troups and all. I agree with it. These guys do their duty regardless of the ahole in the whitehouse sending them heaven knows where to fight for oil.

    That being said, China, Iran, etc. have nothing on patriotic americans. Americans will do what they think is right and good for the country when ever asked to do so. The current problems with the U.S.A. are about what "right and good" are, not about whether or not to do it.

    We don't need a botnet. Just tell america why it "right and good" to do something, put proper protections and limitations in it to ensure that the wrong people don't exploit your patriotism and it will happen.

    I know that is naive, but part of me still believes that America has a noble streak that lately has been obscured by corporate greed.

  25. Duck hunting with a grenade launcher by Anonymous Coward · · Score: 1, Insightful

    I'm really not sure how they think a botnet would help against DDoS type attacks. They know what the first "D" is for right? It's not like they could simultaneously take out all the nodes on an enemy botnet. The biggest problem that they have to realize is that botnets like storm are maintained by people who just like to mess with other people. And as a matter of intellectual exercise. The amount of drive these people put into building maintaining botnets and the like is not something the military can hope to mirror, especially with red tape in place. Assuming they did pull it off, it would make the central controllers a delicious target... what could possibly go wrong.

  26. Re:New laws by halivar · · Score: 4, Insightful

    Oh, please. Having your HDD screwed with is not a human rights violation. The purpose of the Geneva convention was not to outlaw everything that can hurt you. It was conceived so that the slaughter of human beings on a massive scale would be conducted with some sort of decorum... like not chemically flaying people alive and making their eyes explode.

    You got a virus on your computer? Cry me a river.

  27. Why would they need computers? by Tmack · · Score: 4, Insightful
    Really... if they wanted to launch a massive distributed attack, why not just deploy specially designed devices that can spew the specific packets needed to the major POPs around the country (or even covertly in international POPs). Why waste computer resources when you can design something for a specific military goal. Do we see the infantry driving around in a bunch of ford escorts to attack the terrrrrists? Generally no. They have the budget specifically for stuff like this, and it makes more sense to develop and deploy something like this at the edge, so it doesnt cause collateral damage to our own network, and truly only targets the intended. The NSA has already been snooping almost ALL traffic with their secret rooms, why not use similar to spoof traffic from ALL locations? And since a botnet is mostly just mindless crafted-packet spewage, a packet generator would be much more efficient than hijacking or deploying the thousands of computers that would be equivalent. Stick one one in each of the secret rooms, attached to the backbones, and let it flood the pipe with DDOS or whatever it is DARPA or whoever had this bad idea had in mind.

    It sounds like some jr highschool kid's idea. What is the military going to do, call up Kim Jong-il and say "ke ke ke PW0n3gE! How you liek the intrnetz n0w? bizatch."? If someone is "attacking" us via the internet, there is a much easier solution: block their traffic, null route their netblock, or even just "drop anchor" on their cable.

    tm

    --
    Support TBI Research: http://www.raisinhope.org
  28. Re:I'm Suprised by Deanalator · · Score: 4, Insightful

    Military botnets are a dumb idea. Botnets serve two main purposes.

    1. DDoS
    2. mail relays

    The value of a DDoS network is proportional to the total bandwidth of syn packets it can send. Why would the military need to take over smaller hosts when they have direct access to routers high up on the backbone of the internet?

    As for number 2, I doubt the military has much need for mail relays.

    What they really need is not a botnet. They need a list of foreign machines that they can bounce attacks through. It's been shown that titan rain was using compromised machines in Korea when they pulled the data from Germany (whether titan rain is considered a military unit is still up in the air).

  29. Re:I'm Suprised by RingDev · · Score: 3, Insightful

    But it is certainly possible to create an uncompromiseable botnet. Sure, but for how long? An hour? A day? A week? A Month? A Year?

    Disregarding all political and ethical concerns about such a project, looking just at the technical:

    1) You have just made a military target for every would be hacker, script kiddie, federally funded cyber opp, etc... in the world to try to crack. Do you think China would just sit there and say "Eh, it's made by the US, it must be uncrackable, so we won't even bother". Of course not, they would set some serious resources aside to crack this thing.

    2) WHEN it gets cracked, and it will get cracked, you have just handed off control of your military owned botnet to the attacker. Depending on the nature of the botnet, and its deployment, you may have just handed over access to hardware on your networks.

    3) All security is vulnerable given a sufficient amount of time and money, and in this case it's not like people are going to be jumping up and down warning you that your security has been cracked (except perhaps a few MIT guys who are promptly arrested and shipped to GITMO as enemy cyber combatants). The only way to fight against this is constant development and deployment, continuous improvement and rotation ensuring minimal windows for any given attack vector. In addition to the pure strain on your development team such a challenge would present you also have the logistical nightmare of trying to keep all of your infected machines up to date, and the constant risk that every code change represents the opportunity for an untested bug to be released.

    This is one huge stinking pile of BAD IDEA. If the military really wants access to such a thing, their best option would be to find an existing bot-net operator out of Russia, or a disgruntled Chinese hacker and purchase attack time off of their bot-nets.

    Same reward, lower cost, lower risk, better option.

    -Rick
    --
    "Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
  30. Re:Using bots in S.American countries by Luxemburg · · Score: 5, Insightful
    For chapter 4 (pertaining to the treatment of the civilian population) of the actual conventions, see: this link.

    Let's take some of your statements:

    Did you know that they really don't protect civilians under "contemporary" conditions ? It specifically states that if "the enemy" (anyone whom you're at war with) does not clearly identify itself (which is defined to mean military bases OUTSIDE of population centers and CLEARLY uniformed troops) that civilians, enemy troops AND casualties are fair game ?

    What the conventions actually say is that it's forbidden to perform certain acts. However, if one party commits such acts, it doesn't mean that any civilian population is then "fair game". Civilians are never "fair game".

    As in, if there is a faction using people as human shields, any army fighting them is completely within their rights to shoot all the human shields first. (think about what rights this theoretically gives Israel in fighting Gaza, they go above and beyond what Geneva requires of them, since a genocide in Gaza would be clearly within Israel's rights under the Geneva conventions)

    The fact that some of the acts of one party are forbidden, doesn't mean the other party may commit crimes in response. Specifically, the Geneva conventions talk of proportionality: "Art. 53. Any destruction by the Occupying Power of real or personal property belonging individually or collectively to private persons, or to the State, or to other public authorities, or to social or cooperative organizations, is prohibited, except where such destruction is rendered absolutely necessary by military operations." Given furthermore the fact that Israeli's occupation of Gaza is illegal by international law in general, any action taken by Israel to keep Gaza occupied is in fact a crime (though not necessarily by the Geneva conventions, which only deals with very specific humanitarian issues).

    Even in an open war a military is completely within their rights to let a civilian population starve. Everything except direct, unprovoked attacks is not the subject of the Geneva conventions.

    Actually the Geneva conventions cover several aspects about war that have humanitarian consequences: the treatment of prisoners of war, the treatment of a population by their occupier, and so on.

    The convention also CLEARLY states who gets to judge (obviously without possibility of appeal) whether the provisions of the Geneva conventions allow you to shoot a certain person : the field commander. His decision is final, and he gets to be judge, jury and executioner.

    It's the responsibility, not the discretion of the commander.

    Besides, there isn't a single warring faction in the world today, except the United States (and Israel, Turkey and "maybe" China (insofar you call Tibet a war, besides I doubt you will find China respecting Geneva in Africa)), that even pretend to respect the Geneva conventions. E.g. hezbollah has declared upon multiple occasions that it doesn't, nor does it ever intend to (and then they say something about some prophet not respecting them as justification).

    It's very true that no army ever respects the Geneva conventions. Israel, the United States and many other countries tend to profess how humane their acts of war are. Ofcourse, the harder they claim this, the more of a lie it usually is. (Collective punishment in Palestine, 10,000s of civilian prisoners of war without any outlook on a trial, but with rampant torture going on, the United States ofcourse has Guantanamo Bay, the en-masse destruction of civilian infrastructure in Iraq during both wars there, and so on). Regarding the statement you make about Hezbollah's declarations on multiple occasions, would you mind providing a reference to one such declaration?

    In other words, anyone attempting to abolish

  31. Re:I'm Suprised by nog_lorp · · Score: 2, Insightful

    For your botnet to be uncompromisable, you'd have to make it centralized, and that means you have a nexus point susceptible to DDOS attacks itself, which kind of defeats the purpose. If you want a formidable botnet, you are going to end up tracking hundreds of thousands of bots. AFAIK, the only botnets that have managed to grow to this size utilize P2P bots, which (I believe) will always be susceptible to malicious corruption.