Pages

Tuesday, October 1, 2013

Hacking Away at the Zombie Hordes: A Tale of Botnets and Bitcoins

The BBC reports that the cyber security company, Symantec, has disabled 500,000 computers in the ZeroAccess Botnet.

Botnets are networks of infected computers that act in tandem to carry out various illicit activities, often without the knowledge of the computers' owners.  The ZeroAccess Botnet was used to download and then generate hits on ads in order to get money from advertisers.  The Botnet was also used to generate online currency in the form of Bitcoins.  At CNet, Charlie Osborne notes that:

The security team estimates that mining the virtual currency -- which is based on mathematical equations -- is potentially the most intensive activity conducted by the botnet, and consumes an additional 1.82 kWh per day for every infected computer left on. Multiplied by 1.9 million computers, that is enough energy to power 111,000 homes each day.

That same article contains a graphic representation of the botnet's cost, which adds up to over half a million dollars each day in electricity costs, on top of the other (massive) gains from advertising fraud and bitcoin generation.

For a far more exhaustive treatment of the ZeroAccess botnet and its operations, the security company, Sophos, has a technical paper on the botnet here.

I am still unclear as to how the botnet manages to input bitcoins it generates into online exchanges without rousing suspicion.  US authorities have busted those who abuse bitcoins before, and the currency is apparently quite easy to trace.  My best guess is that ZeroAccess can also use its vast network to convert its bitcoins to cash in a dispersed manner.

On the other hand, even if authorities could tell that the bitcoins came from a botnet, this may only lead authorities to infected computers.  These computers' users would probably have no idea that their machine was part of a vast criminal scheme and prosecution of these users would probably fail (but see this article by Jennifer Chandler proposing a tort liability scheme for users whose computers are part of a botnet).

If my second theory is indeed the case, then bitcoin laundering may be easier than proponents of the currency think.  Effective enforcement techniques would need to focus on preventing the sale of the currency in order to mitigate further financial losses and removing botnet operators' incentive to engage in bitcoin generation.

ZeroAccess's scale reveals the need for more effective enforcement at the level of bitcoin exchanges.  While the number of computers Symantec has disabled are substantial, the full botnet consisted of almost two million computers, and what remains of the botnet may continue to grow -- and be more resilient to future attempts at disruption.

No comments:

Post a Comment