Information Warfare: FBI Stalks the Big One


August 15, 2007: About the same time the American FBI revealed that it has gone out and tried to count the number of PCs that have been taken over by criminals for use in computer crime (as botnets for spamming, DDOS attacks to shut down web sites, etc) or Cyber War activities (like the current Chinese attacks against U.S. military networks), the biggest botnet ever seen was being built.

The Storm computer virus had been spreading since early in the year, grabbing control of PCs around the world. By August, Storm had infected nearly two million computers with a secret program that turned those PCs into unwilling slaves (or "zombies") of those controlling this network (or botnet) of computers. Many of you may have noticed a lot of recent spam directing you to look at an online greeting card, or accompanied by pdf files. That was Storm, the largest single spam campaign ever.

Meanwhile, the FBI announced that Operation Bot Roast had, so far, identified over a million compromised PCs, in scores of botnets. The FBI is trying to get in touch with as many of these computer users as possible, and direct them to organizations and companies that can help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do).

Most owners of zombiefied computers didn't even realize their PCs had been taken over. Some with heavily infected machines, do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don't know how to reformat a hard drive, or even get someone to do it for them.

Operation Bot Roast only collected the IP (Internet Protocol) addresses of the compromised PCs. The IP address is the "mailing address" every PC must have when it is connected to the Internet. These addresses are distributed to ISPs (Internet Service Providers), who assign them to PCs that they connect to the Internet. Anyone can go to a site like to find out which ISP controls which IP address. The FBI is contacting the ISPs, and asking them to contact their customers, preferably via the mail, who were using the infected IP addresses at the time the FBI discovered that IP address to be operating from a zombie PC.

The FBI also identified the operators of many botnet (networks of zombie PCs) operators, has arrested some, and is pursuing many others. To avoid the FBI, many botherders (those who operate botnets) are overseas, often in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area, and, in the case of China, so are government Cyber War operations.

The FBI did not comment on any Cyber War aspects of Operation Bot Roast, but they must have been substantial, and something the FBI and CIA are busy exploiting. The FBI has been equally silent about the Storm virus, and the enormous botnet its creators are putting together. It appears that the Storm botnet is strictly for commercial purposes. Notices appearing in computer criminal gathering places (password protected chat rooms and similar sites) have announced that the Storm botnet is available for use in spamming, or similar Internet criminal scams. The botherders know the FBI, and dozens of other police organizations, are looking for them, and hide behind multiple layers of electronic, and real world, deception. But given the amount of damage a two million strong botnet could do, there is apparently a bit of urgency in taking this crew down, and quickly.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close