Information Warfare: Close The Door And Clean Up The Mess

Archives

January 21, 2010:  There is a simple solution to the problem of zombie computers. It consists of blocking port 25 by default, and contacting those with zombie PCs and helping them fix the problem. These two solutions have been around for years, but ISPs (the companies that sell you Internet access) have been reluctant to implement them. But now that many ISPs have made the move, and not suffered as a result, there is a growing trend by governments to mandate these two simple solutions. And there is a lot of compelling evidence that the move works. For example, Turkey and the Netherlands forced their ISPs to adopt these two policies, and saw the number of zombie computers decline by over 95 percent.

Millions of computers worldwide are infected with secret programs that enable criminals, or intelligence agencies, to control these PCs, turning them into "zombies". These captive computers are organized into "botnets" of thousands, or even a million or more, PCs that do the bidding of their controllers. The most common use of botnets is transmitting spam, and secret programs that create more zombies, or steal information (government secrets, or your banking information.)

Currently, the most common reaction to the botnets, is to treat the creators and users of these botnets as criminals (which they are) and hunt them down. The U.S. FBI has been increasingly successful at this, by finding, arresting and prosecuting a growing number of botnet owners. For example, three years ago, the FBI announced that Operation Bot Roast had identified over a million compromised PCs, in scores of botnets. The FBI tried to get in touch with as many of these computer users as possible, and direct them to organizations and companies that can help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do).

Most owners of zombiefied computers didn't even realize their PCs had been taken over. Some with heavily infected machines, do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don't know how to reformat a hard drive, or even get someone to do it for them.

The FBI also identified the operators of many botnet (networks of zombie PCs) operators, arrested some, and is still pursuing many others. To avoid the FBI, many botherders (those who operate botnets) are overseas, often in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area, and, in the case of China, so are government Cyber War operations. But even China has been hit by the hackers, and recently enacted laws against computer crimes.

The FBI has not commented on any Cyber War aspects of Operation Bot Roast, but they must have been substantial, and something the FBI and CIA are busy exploiting. The botherders know the FBI, and dozens of other police organizations, are looking for them, and hide behind multiple layers of electronic, and real world, deception. But given the amount of damage all these botnets can do, there is apparently a bit of urgency in taking them down, and quickly.

Meanwhile, computer security companies equip their anti-virus software with the ability to remove the secret software that turns PCs into zombies. The most successful of these efforts is the one Microsoft operates, which automatically updates its operating system and its security software, and removes secret hacker software in the process. This effort has set over ten million zombie computers free from their control software. But the Port 25 block cripples the zombiefication effort to begin with. As the experience of the Dutch and Turks has shown, a widespread approach does enormous damage to the zombie nation. The hackers will eventually adapt, but a nationwide blocking, monitoring and eliminating zombie software effort makes it much more difficult for zombies to operate and survive.

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close