Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Coming Botnet Stock Exchange

Posted by Soulskill on from the where-do-i-go-to-invest dept.

Trailrunner7 writes "Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."

6 of 105 comments (clear)

  1. How to Pay? by MrTripps · · Score: 5, Funny

    So you have just hired a bot master. How do you pay them? You know they are dirty hackers, so it isn't like you would just give them your credit card number or Pay Pal account. Maybe the guy just wakes up and finds a crate of Jolt and Hot Pockets on his doorstep.

    --
    "I'm not a quack, I'm a mad scientist! There's a difference." - Dr. Cockroach
    1. Re:How to Pay? by v1 · · Score: 4, Funny

      I can hook you up with an acquaintance in Nigeria that's very good with money transfers aquaintenance, let me know.

      --
      I work for the Department of Redundancy Department.
  2. Re:Bad title by K.+S.+Kyosuke · · Score: 3, Funny

    I guess they are going to set up their office at Firewall Street.

    --
    Ezekiel 23:20
  3. Re:Bad title by Anonymous Coward · · Score: 5, Funny

    Both involve trusting your money to less than scrupulous people to do all the work for you in hopes that you'll get back more than you put in with no rational reason to back up this hope.

    Actually I take that back. The hackers will at least worry about their reputation.

  4. Re:Bad title by eviloverlordx · · Score: 5, Funny

    Just wait. In a few years, they'll be applying for a bailout, too.

    --
    'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
  5. Re:Bad title by hatemonger · · Score: 2, Funny

    Agreed. My first thought after reading the title was a large network of machines making microsecond stock purchases and sales with other machines, hoping that its algorithms are good enough to turn a profit. Some senior British official proposed a small fee per stock transaction to prevent that from happening, claiming that it would hurt the "buy and hold" stock purchasers, but I hadn't heard anything for a while. Samsonite? I was way off!