Thursday, June 14, 2007

Fed's 'Operation Bot Roast' Reveals 1 Million Victims

As the FBI and the DOJ investigated botnet operators, they began amassing a list of the alleged botnet victims -- with most of them here in the U.S.

Article by Sharon Gaudin, InformationWeek
In the Department of Justice and the FBI's attack on 'botherders', the government has identified more than one million botnet victims. The agencies announced Wednesday the results of an ongoing cybercrime initiative to disrupt and dismantle botherders, a term used for the people creating and operating an increasing number of botnets around the world. The FBI reported in an online advisory that its agents are working with the U.S.-CERT Coordination Center at Carnegie Mellon University to notify the owners of the compromised computers.

Government investigators tracked down the million victims while working on five different cybercrime cases, according to Richard Kolko, a special agent with the FBI. Charges already have been handed down in three of those cases. James C. Brewer of Arlington, Texas, is charged with operating a botnet that infected Chicago area hospitals. His botnet allegedly infected tens of thousands of computers worldwide. The government charged Jason Michael Downey of Covington, Kentucky, with using botnets to launch denial-of-service attacks. Robert Alan Soloway of Seattle was also charged this month with using a large botnet network to spam tens of millions of messages to advertise his Web site.

Kolko told InformationWeek that as agents delved into these three cases, along with two others that are under investigation, they uncovered the botnet victims. "There are hundreds of cybercrime cases at any given time but we put the botnet cases together for this initiative," he said. "We're trying to get people to take care of their computers. They're unaware participants in this criminal activity. We need them to take the proper precautions so we can put a dent in this crime." He also said most of the one million victims they found are in the United States. The government, he added, will continue to try to find more victims so they can notify them and get the compromised machines cleaned up.

Hackers and malware writers conspire to infect computers around the world with viruses and Trojans that allow them to remotely control the victim machines. Then, they amass thousands or hundreds of thousands of these zombie computers, creating great armies -- or botnets -- of them. In recent months, botnets have been increasing in number and in size, as they launch massive waves of spam, malware and even denial-of-service attacks. Most of the owners of the zombie machines don't even know they have been infected or that their machine is being controlled by someone else.

According to the FBI's advisory, because of their widely distributed capabilities, the government considers botnets a growing threat to national security, the national information infrastructure, and the economy. "They were a problem and they're emerging as a greater problem as people use them to get around security measures and cause greater damages," said Assistant U.S. Attorney Erez Liebermann, chief of the computer hacking and intellectual property unit in New Jersey. "The fact that they can do so much damage with the press of a button is a huge problem." A large number of the botnets are controlled by hackers and botherders outside of the U.S., with a growing number being set up in China. Dealing with cybercriminals outside the country's borders has been an issue -- but it's one the U.S. government is working on.

"Generally speaking, international aspects of these cases do have extra hurdles, but more and more countries are cooperating," said Liebermann. "There are efforts to get [cooperation] from China, and they're paying off." In recent months, rival online gangs have even begun a virtual turf war for bragging rights to the largest botnets. Two or three online criminal gangs have been waging an all-out battle for control of the largest botnets, sending out waves of malware aimed at stealing zombie computers from rival gangs to build up their own army. Each online gang is trying to build up the biggest botnet because the bigger the army of infected computers they control, the more money spammers and hackers will pay to use them, said Shane Coursen, a senior technical consultant forKaspersky Lab, in a previous interview.