Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor Network Used To Command Skynet Botnet

Posted by samzenpus on from the bad-stuff dept.

angry tapir writes "Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7. The botnet is called Skynet and can be used to launch DDoS (distributed denial-of-service) attacks, generate Bitcoins — a type of virtual currency — using the processing power of graphics cards installed in infected computers, download and execute arbitrary files or steal login credentials for websites, including online banking ones. However, what really makes this botnet stand out is that its command and control (C&C) servers are only accessible from within the Tor anonymity network using the Tor Hidden Service protocol."

7 of 105 comments (clear)

  1. This was expected... by mlw4428 · · Score: 5, Insightful

    That's the cost of sane privacy controls -- sometimes it can be used for bad purposes. Society should be looking inwards at the cause of this. Spying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree. Now we've got a solution and it will be abused. What needs to happen is companies that make software need to invest into security and response. We're never going to stop the threat, but we can minimize the damage and downtime.

    1. Re:This was expected... by dririan · · Score: 4, Insightful

      The person you replied to with your tin foil hat spiel actually made a pretty decent point. Even if this is somehow some "bullshit plot and propaganda" (why would they wait until now to do this, by the way?), people creating tools to give themselves privacy because they don't have it otherwise because of "[s]pying on people, tracking their every movement, and abusing the legal systems of countries created a need (and a demand) for a type of security system that would protect you to the n-th degree" (quoting OP, not you) has inadvertently given criminals the same amount of privacy to do nasty things (such as hosting C&C for a botnet), and also that this would have been avoided by giving people privacy and treating them like humans. If this actually is some "bullshit plot and propaganda", there is absolutely nothing stopping it from becoming real.

      Hell, I'm absolutely positive that this isn't the first time a criminal has ever used Tor to cover up crimes. So unless you actually think Silk Road was created by the government, pretty sure OP is right, and this is a problem that they brought upon themselves by removing people's privacy in the first place.

  2. FUD by cultiv8 · · Score: 5, Insightful

    Why is this such a surprise? If anyone wants to hide a server/service behind the cloak of anonymity, then yes, a tor hidden service is the way to do it. People do it for good reasons (eg. journalists under threat of death for publishing accounts of gov't actions) and nefarious reasons (silk road comes to mind). Hell, even Yelp blocks access from tor nodes b/c (they say) a large majority of bot traffic comes from the tor network. Is this really the first time a botnet has used tor, or is this the first time a botnet has been caught?

    Next thing you know, they'll say the bad guys and terrorists use VPN to access the internet.

    --
    sysadmins and parents of newborns get the same amount of sleep.
  3. Yeah, and? by girlintraining · · Score: 4, Interesting

    This is just the bot net people being lazy and taking the easy approach. It's already been shown you can design decentralized networks that require no "bootstrap" information like DNS in order to find other nodes and communicate. But it is beyond the abilities of these low-level social miscreants to create, so they're piggybacking on a network that they think can hide their malicious activity. Tor only anonymizes the source of the data; Anything between the exit node and destination is sent in the clear and likely they've made some mistake that'll allow it to be blockable.

    Of course, this is exactly what the oppressive governments of the world (and those who oppress by claiming they're "liberating" others), have been looking for to shut down the Tor network. You can expect more attempts at legislating it away to come soon. Fundamentally though it doesn't solve the problem, which is that the criminal underworld has figured out how to do what industrialists figured out 50 years ago: If you take just a little from a lot of people, you can get very rich, and those people won't fight back because the cost of retaliation is higher than the loss. As a result, people everywhere are being nickel and dimed to death.

    Botnets are simply the illegal mirror counterpart to the legal crime of draining pensions and unethical banking to turn a profit: Harm many only a little, and you too can be rich.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Yeah, and? by girlintraining · · Score: 5, Insightful

      If, by "oppressive governments", you mean places like Saudi Arabia, Iran, or China, I don't think they're looking for excuses to shutdown Tor. They've always seen it as the enemy, and just make it illegal by fiat. They have zero need for excuses to shutdown Tor.

      I was also including a certain world superpower with a penchant taking away the rights of their citizens because the terrorists want to take away their rights. This superpower's main diplomat in the middle east is a predator drone that rains hellstone and fire randomly on people who are terrorists only slightly more often than they're innocent civilians. This superpower also has a global and far-reaching spy network to track almost all wireless communications in realtime, worldwide, and has stated it's slowly building in an "internet kill switch" that could disable the entire internet, worldwide, mostly for shits and giggles.

      But yeah, Iran, China, etc., they're kinda bad too...

      --
      #fuckbeta #iamslashdot #dicemustdie
  4. We need to push encryption to the masses. by Requiem18th · · Score: 5, Insightful

    Citizen encryption has so tremendous potential that we can't allow goverments and criminals to be the only ones using it. We really need to start pushing encryption into the masses.

    --
    But... the future refused to change.
  5. New law in 5...4...3...2...1 by Kwyj1b0 · · Score: 4, Insightful

    From the little I've read, it seems that they use a distributed host of volunteer servers to run the TOR network, so it might not be that easy to 'shut-down' the entire network (lack of centralized host) - If I'm wrong, I'd love to know why.

    My concern is that they will make TOR access illegal. Clearly, we can't count on Google/Microsoft/Amazon/Apple/Facebook/Big-Biz to raise a finger - they prey off identifying and targeting customers. Privacy and anonymity must hurt their bottom line. So unlike SOPA/PIPA, I doubt that any major group will oppose a new law against this. And most people won't care - hell, if Wikipedia didn't have a blackout, I doubt SOPA would have got any news time on a 'major' news network at all.

    Is there a way to detect TOR access uniquely? Or does the encryption make it look like any VPN/secure connection? I recollect reading about a method that could identify IP address accessing TOR (don't remember the details), I'm not sure if that hole was plugged (or if it can be plugged).