Slashdot Mirror


The Coming Botnet Stock Exchange

Trailrunner7 writes "Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."

2 of 105 comments (clear)

  1. I can't believe we are still discussing this ... by GNUALMAFUERTE · · Score: -1, Flamebait

    When the solution (and who is responsible for the problem) are so obvious.

    The one that should be held responsible for this is microsoft. No, I am not trolling. We are making Toyota responsible for all the incidents, and possible future incidents with their acceleration issues, aren't we? Why not hold microsoft responible for their own products too?

    We've known for years that windows is directly responsible for all this security issues. It's an unreliable and insecure system, and the company refuses to patch vulnerabilities.

    The solution, is obvious too: use another operating system.

    Why do we have to spend so many resources, including government resources that we pay for with our taxes, for something that is a non-issue?

    Spending time and money sending the FBI behind spammers because microsoft's software is insecure is at best stupid, and most probably absolutely corrupt.

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?
  2. i shit on you fagggots by Anonymous Coward · · Score: -1, Flamebait

    eat my nuts. faggots.