Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Network Used To Command Skynet Botnet

Posted by samzenpus on from the bad-stuff dept.

angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."

20 of 105 comments (clear)

  1. This was expected... by mlw4428 · · Score: 5, Insightful

    That's the cost of sane privacy controls -- sometimes it can be used for bad purposes. Society should be looking inwards at the cause of this. Spying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree. Now we've got a solution and it will be abused. What needs to happen is companies that make software need to invest into security and response. We're never going to stop the threat, but we can minimize the damage and downtime.

    1. Re:This was expected... by flyneye · · Score: 2, Insightful

      Or, is it some bullshit plot and propaganda cooked up by our asshat federal government to justify screwing the crap out of the creaTORs.
      In this age of federal lies and manipulation by Repubmocrat swine , does not the wisdom " don't believe what you read in the media" take on that third dimension in bold print and multi colored neon?
      In a perfect world the paperboy would only bring the funnies.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    2. Re:This was expected... by dririan · · Score: 4, Insightful

      The person you replied to with your tin foil hat spiel actually made a pretty decent point. Even if this is somehow some "bullshit plot and propaganda" (why would they wait until now to do this, by the way?), people creating tools to give themselves privacy because they don't have it otherwise because of "[s]pying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree" (quoting OP, not you) has inadvertently given criminals the same amount of privacy to do nasty things (such as hosting C&C for a botnet), and also that this would have been avoided by giving people privacy and treating them like humans. If this actually is some "bullshit plot and propaganda", there is absolutely nothing stopping it from becoming real.

      Hell, I'm absolutely positive that this isn't the first time a criminal has ever used Tor to cover up crimes. So unless you actually think Silk Road was created by the government, pretty sure OP is right, and this is a problem that they brought upon themselves by removing people's privacy in the first place.

    3. Re:This was expected... by Arancaytar · · Score: 3, Insightful

      The asshat federal US government sponsored the creation of Tor. Governments who want to crack down on the use of Tor are already doing so openly without resorting to the cloak and dagger tactics you seek to imagine.

      But carry on. The disconnected phrasing of your post hints that observable reality does not significantly influence your thinking.

    4. Re:This was expected... by bruce_the_loon · · Score: 2

      Dude, go back to Grade 2 and actually pay attention in the reading comprehension classes. I know it is difficult to understand how the doing words join up with the naming words, but you'll get it after the first two or three years.

      The verb "to control" is being used to bind the noun botnet to the possesive noun its creators. This invokes a fairly fundamental rule of English and clearly states that the creators in question are those of the botnet.

      The second subsection of the sentance contains a preposition "over" linking the controlling of the botnet by the creators of the botnet to the proper noun the Tor anonymity network. This invokes another fundamental rule of English and clearly states that the creators of the botnet are controlling the botnet by means of the Tor anonymity network

      So we have The Botnet. Who is controlling the botnet? Its creators are controlling it. How is The Botnet being controlled? Over The Tor anonymity network. Are the creators of The Botnet the same as the creators of The Tor anonymity network? No information regarding any such link is given.

      --
      Trying to become famous by taking photos. Visit my homepage please.
  2. Governments will love this by Anonymous Coward · · Score: 2, Insightful

    A perfect opportunity to continue their campaign on the evils of anonymity and tools that enable it.

  3. FUD by cultiv8 · · Score: 5, Insightful

    Why is this such a surprise? If anyone wants to hide a server/service behind the cloak of anonymity, then yes, a tor hidden service is the way to do it. People do it for good reasons (eg. journalists under threat of death for publishing accounts of gov't actions) and nefarious reasons (silk road comes to mind). Hell, even Yelp blocks access from tor nodes b/c (they say) a large majority of bot traffic comes from the tor network. Is this really the first time a botnet has used tor, or is this the first time a botnet has been caught?

    Next thing you know, they'll say the bad guys and terrorists use VPN to access the internet.

    --
    sysadmins and parents of newborns get the same amount of sleep.
    1. Re:FUD by Metahominid · · Score: 2

      I think it was only brought up because of Tor's recent mentions in news...meh

      They probably will say they use VPN, how horrid!

  4. Well, there is still a way to shut down the CC net by mysidia · · Score: 2

    DoS attack against the ToR hidden service; from inside the ToR network.

  5. Yeah, and? by girlintraining · · Score: 4, Interesting

    This is just the bot net people being lazy and taking the easy approach. It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate. But it is beyond the abilities of these low-level social miscreants to create, so they're piggybacking on a network that they think can hide their malicious activity. Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

    Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network. You can expect more attempts at legislating it away to come soon. Fundamentally though it doesn't solve the problem, which is that the criminal underworld has figured out how to do what industrialists figured out 50 years ago: If you take just a little from a lot of people, you can get very rich, and those people won't fight back because the cost of retaliation is higher than the loss. As a result, people everywhere are being nickel and dimed to death.

    Botnets are simply the illegal mirror counterpart to the legal crime of draining pensions and unethical banking to turn a profit: Harm many only a little, and you too can be rich.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Yeah, and? by brit74 · · Score: 2

      Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network.

      If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.

    2. Re:Yeah, and? by girlintraining · · Score: 5, Insightful

      If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.

      I was also including a certain world superpower with a penchant taking away the rights of their citizens because the terrorists want to take away their rights. This superpower's main diplomat in the middle east is a predator drone that rains hellstone and fire randomly on people who are terrorists only slightly more often than they're innocent civilians. This superpower also has a global and far-reaching spy network to track almost all wireless communications in realtime, worldwide, and has stated it's slowly building in an "internet kill switch" that could disable the entire internet, worldwide, mostly for shits and giggles.

      But yeah, Iran, China, etc., they're kinda bad too...

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:Yeah, and? by PhrostyMcByte · · Score: 3, Informative

      Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

      One feature of Tor is "hidden services", where the traffic is encrypted end-to-end and even the service itself is anonymous, identified only through a .onion address. I'd guess this is what they're using.

      Some Tor nodes filter certain exits -- ie. to not allow porn through their node. if this works for hidden services I imagine this botnet could be blacklisted fairly easily if enough of the node operators got in on the act.

    4. Re:Yeah, and? by Stupendoussteve · · Score: 2

      Tor hidden services do not use exit nodes. There should be no traffic outside of the tor network.

    5. Re:Yeah, and? by BlueStrat · · Score: 3, Insightful

      I was also including a certain world superpower

      The one who developed TOR in the first place? Ya I figured you would, it wouldn't be a proper antidisestablishmentarism rant without them.

      So the US Navy helped create TOR.

      So what? DARPA helped develop the internet too, but that hasn't seemed to make a difference to many in the US government who have been working hard at crippling the free and open nature of the internet and the ability to communicate anonymously, and for many of the same reasons they would want TOR effectively de-fanged.

      Those who who would make government and themselves our overlords will always take action to neutralize anything that can be used to oppose them, no mater how, what, where, why, or by whom it was developed...even if it was themselves. Just look at the history and development of modern firearms in the US from just prior to WW1 until now, and the ever-growing encroachments, conditions, and restrictions that have been placed upon the Second Amendment.

      First you disarm them, then you take away the ability to communicate and organize anonymously.

      And for all the people I see and hear cheering on the expansions of government, and then hear them bitch and moan whenever the government gets all jack-booty, it makes me think that maybe the colonists should have just paid the damned tea taxes and the stamp taxes, swore fealty to King George, and kept their damned mouths shut.

      We've proven we don't give a shit about and don't deserve what they suffered and died and risked themselves and their families to give us.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  6. We need to push encryption to the masses. by Requiem18th · · Score: 5, Insightful

    Citizen encryption has so tremendous potential that we can't allow goverments and criminals to be the only ones using it. We really need to start pushing encryption into the masses.

    --
    But... the future refused to change.
    1. Re:We need to push encryption to the masses. by c0lo · · Score: 2

      We really need to start pushing encryption into the masses.

      Push? How? Like... a global vaccination program?

      --
      Questions raise, answers kill. Raise questions to stay alive.
  7. New law in 5...4...3...2...1 by Kwyj1b0 · · Score: 4, Insightful

    From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.

    My concern is that they will make TOR access illegal. Clearly, we can't count on Google/Microsoft/Amazon/Apple/Facebook/Big-Biz to raise a finger - they prey off identifying and targeting customers. Privacy and anonymity must hurt their bottom line. So unlike SOPA/PIPA, I doubt that any major group will oppose a new law against this. And most people won't care - hell, if Wikipedia didn't have a blackout, I doubt SOPA would have got any news time on a 'major' news network at all.

    Is there a way to detect TOR access uniquely? Or does the encryption make it look like any VPN/secure connection? I recollect reading about a method that could identify IP address accessing TOR (don't remember the details), I'm not sure if that hole was plugged (or if it can be plugged).

  8. Encryption follows the same debate as firearms by sco08y · · Score: 2

    The old tautology, "if you outlaws firearms, only outlaws will have firearms" applies to Tor. (In fact, I'd go as far as to argue that many cryptographic mechanisms are covered by the second amendment, especially if you consider cryptography's military purpose, and that some ciphers have been regulated by the DOD as munitions. They cover the same role in protecting your property, identity and reputation from aggression, and as the "well regulated militia" clause demands, pseudonymous discussions are necessary tools to help people discuss political matters.)

    The simple truth is you can shut down all the law-abiding people with Tor nodes, and the botnet creators will just run Tor nodes on their network. It would be absolutely trivial for botnet owners to get together and set up huge Tor networks and put access up for pay on the black market.

  9. Re:Well, there is still a way to shut down the CC by Arancaytar · · Score: 2

    Tor's bandwidth and latency are sufficiently abysmal that it acts as a throttle. Overwhelming a number of servers via the Tor network would probably be not much easier than overwhelming the entire Tor network.