Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

The Bot Wars heat up

I just came across an interesting, if not entirely surprising, article on eWeek, which describes how botnets are getting more sophisticated, with more distributed architectures that are harder to track down. So let's think a bit about where this is all going.

(Grounding for those who haven't been following this particular horror: in a nutshell, botnets are where many of the Internet's serious woes come from nowadays. The bad guys who are sending spam, attacking sites, and other such anti-social behaviour, mostly don't do so from their own computers any more, because it's easy for everyone else to track them down and cut them off. Instead, they find computers of ordinary Internet users who aren't keeping their anti-virus software up to date, and subvert them. They install "botnet" software on those computers, so that they can, at the flick of a switch, get all those innocent computers sending out their spam for them. In general, the ordinary users in question don't even realize they're part of a botnet, but they and tens of thousands of others are the ones doing the damage.)

The botnet controllers are getting smarter, with distributed P2P architectures that aren't as susceptible to simply shutting down a few key nodes. The article talks about the fact that the botnet software isn't too hard to find because it uses poor encryption, but I would say that's just a matter of time: just as their architectures have been getting better, the encryption is bound to do so as well. There are limits to how well you can do (when the keys are installed on the subverted machines, it's always possible to break the encryption eventually), but they can get a lot better than they are now.

So here's a question for speculation: what next? One can handwave that the botnet problem would go away if everyone simply kept their anti-virus software up to date, but that seems unrealistic unless it's actually enforced in some fashion. Are we looking at an environment where it eventually becomes illegal to be a *participant* in a botnet? (That is, those unknowing people wind up getting fined for their carelessness.) That seems hard to credit, but I can imagine it happening if a botnet were found to have caused some serious public harm -- you should never underestimate what kinds of laws can get passed in the name of "national security".

OTOH, that doesn't seem likely to actually solve the problem, precisely because it's so hard to figure out who the participating machines are. So perhaps the likelier outcome is the growth of "antigen nets" -- semi-formal networks designed specifically to figure out which machines are participating in the botnets and shut them down. Say you got hundreds of thousands of computers, working together in a distributed network (has to be distributed, or the black-hats will take it down), sharing information about which IP addresses are participating in the problem; this could serve as the basis for a distributed blacklist against those machines. If some major sites became consumers of such a blacklist, it could provide the necessary pressure for people to clean up their acts -- if you find that Amazon locks you out, giving you a message that you need to update your anti-virus before you'll be allowed back in, that provides a rather good incentive.

Of course, this glosses over a *host* of problems with building such a system. The blackhats would surely try to subvert it, planting false positives and trying to remove the true positives, so it would have to be large and powerful enough to statistically resist the bad data. It's not clear whether enough major sites could be made to play along, to provide the necessary incentive for people to fix their systems. Heck, it's probably susceptible to a pile of fascinating legal challenges. But all that said, I don't know what other alternatives there are.

So there's one possible future, maybe 5-8 years out, with the Internet in the middle of a very quiet but serious war between armies of cooperating computers trying to shut each other down. What other possibilities are there? Do you think that the botnet problem is overblown, or is going to gradually eat the entire Internet? Ideas and opinions are solicited...
Tags: technology
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 26 comments