Portal de Periódicos da CAPES

Microsoft the Botnet Hunter: The Role of Public-Private Partnerships in Mitigating Botnets

2014; The MIT Press; Volume: 28; Issue: 1 Linguagem: Inglês

0897-3393

Zach Lerner,

Network Security and Intrusion Detection

Table of Contents I. RECOGNIZING THE GROWING BOTNET THREAT AND INDUSTRY A. Defining Botnet B. The Growing Problem II. IDENTIFYING THE CURRENT METHODS OF BOTNET ENFORCEMENT A. Mitigating a Botnet B. The Citadel Botnet III. THE LEGITIMACY OF PUBLIC-PRIVATE PARTNERSHIPS IN MITIGATING BOTNETS A. Evaluating Legitimacy B. Baldwin and Cave Factors 1. Legislative Mandate 2. Accountability 3. Due Process 4. Expertise 5. Efficiency IV. CONCLUSION I. RECOGNIZING THE GROWING BOTNET THREAT AND INDUSTRY A. Defining Botnet A botnet is a network of computers coordinated by a single control mechanism, often programmed to complete a set of repetitive tasks. (1) This same distributed computing technique can be used voluntarily and cooperatively to effectively perform a function. When referred to as a botnet, though, this technique signifies a network of zombies--compromised computers, used without the owner's knowledge or permission. (2) Botnet operators--masters--often employ botnets to send unsolicited e-mail or spam, (3) create false web traffic for commercial gain through click fraud, (4) or install malware. (5) Masters have used botnets to replace ads with fake infection warnings and manipulate links to redirect users to malicious websites, (6) causing users to download malicious software (7) that can even observe a user's cards in online poker. (8) In fact, a single botnet has the ability to perform all of these functions at once. (9) The most common usage of botnets though is for Distributed Denial of Service (DDoS) attacks. (10) DDoS attacks seek to make a target website unavailable by overwhelming it with traffic. 11 There are three different types of DDoS attacks--application layer, protocol, and volume-based--but each has the same goal: interrupting or suspending a given website's services from use by legitimate users. (12) Masters have levied botnet-operated DDoS attacks against financial institutions, (13) WordPress, (14) the Church of Scientology, (15) and many others. (16) Implementing botnets gives the master two main advantages. First, he or she is hard to trace because the actual attacks are launched by the zombies, which are distributed both on the network and geographically. (17) This separation of attacker from attacking devices makes it especially hard to determine the master's location or shut down his or her command-and-control server. Second, the distributed network of zombies permits the master to instigate large scale attacks. (18) Botnets made up of thousands of computers allow the master to send a vast number of emails, collect massive amounts of information, or prevent access to a website quickly and efficiently. B. The Growing Problem What began as a niche mechanism used by sophisticated programmers has now developed into a blossoming economic marketplace. At a recent discussion hosted by the Berkman Center for Internet & Society, Dr. Nimrod Kozlovski described this emergence as a paradigm shift in security. (19) He argued that current cyberattacks are different than what experts anticipate and plan for; they are not random hacks by disenfranchised elite hackers, but strategic efforts by governments and an organized marketplace. (20) A recently published study estimates that cyber criminals are outspending the global information security market two-to-one. (21) In addition to the increased funding, botnet masters also benefit from being more agile than those trying to impede their work. Instead of jumping through corporate hoops or wading through convoluted bureaucracy, masters are free to operate without restrictions. A 2014 DDoS Threat Landscape Report indicates that over a ninety-day period, the occurrence of botnet-operated DDoS attacks increased by 240% compared to the same period the previous year. (22) This equals over twelve million unique botnet-led DDoS attacks per week. (23) Furthermore, these advantages have engendered more sophisticated botnets. …