In 2001 a network of infected PCs flooded the Web with unsolicited emails. Well, it appears that nowadays hackers don’t even need a computer for that.
It was a nightmare for Internet users worldwide. On December 23rd, 2013 hundreds of thousands of unwanted email messages flooded the Web, putting network experts on high alert. A small team of engineers at Proofpoint – a California-based security group were baffled by the unusual nature of the attack. It was carried out by hackers using a so-called “bot-net” – a network of infected computers. However, in addition to PCs gone mad, the “soldier devices” included internet-enabled TV’s, multimedia centers and at least one refrigerator. David Knight, the spokesman for Proofpoint says the numbers of such attacks may increase as more home appliances get Internet features:
"Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse. Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur."
The term “botnet”, a mix between “robot” and “network” was coined in 2001 during a lawsuit filed by the US Internet Service Provider Earthlink against notorious spammer Khan C. Smith, who allegedly sent Trojan Horse software to users to access their private information.
Like modern-day space satellites, botnets have sophisticated remote control panels which are accessible to their owners. They can be quickly reconfigured and sometimes effectively hidden from antivirus software. Most of the time, illegal botnet scripts are installed without the knowledge of the device operator – whether it’s a PC user who downloaded a suspicious program bundled with a botnet client file, or a smartphone owner, who was tricked into playing a game that later crashed, leaving malicious code inside the device.
Legions of zombie botnet devices are being sold or rented out wholesale in the dark corner of the Internet – the Tor network, where hackers and their clients can meet privately, without making their identities and IP addresses public. Most transactions are being paid for via Bitcoin – an anonymous, decentralized cryptocurrency.
But not all botnets are bad. In 2013 an American competitive intelligence consultant, Michael Schrenk, spoke at the DefCon hacking conference. Schrenk said that with a small botnet consisting of his own computers, he was able to help a car dealership get best prices on used cars. Instead of dealership clerks manually refreshing the wholesale car auction page, Michael Schrenk programmed his botnet to buy certain cars automatically the very second the purchase button was activated by the seller.
"The main problem with the old one was that people had to wait for that stupid “Refresh” button, or "Buy it now” button to happen. And there was so much problem, so much server lag… And usually whoever got the “Buy” button first, was the person who bought the car."
So could the evil botnets of the future be hijacked and reprogrammed to save lives, or maybe entertain people instead of annoying them with spam emails? Will you need an antivirus for your refrigerator so that nobody hacks your wine list or peeks at your favorite variety of cheeses? With the Internet of Things on the rise, it looks like in the years to come the word “botnet” will appear in the news more and more often.