The most powerful Internet weapon on the
planet is being protected by the Russian government. The weapon in question is
the Storm botnet. This is the largest botnet ever seen, and while the United
States has traced its creators to Russia, the government there refuses to
cooperate in shutting Storm down.
The Storm network is believed capable
to shutting down any military or commercial site on the planet, or do some
major damage in ways that have not yet been experienced. There's never been
anything quite like Storm.
The Storm computer virus had been spreading
since early last year, grabbing control of PCs around the world. Storm infected
millions of computers with a secret
program that turned those PCs into unwilling slaves (or "zombies") of those
controlling this network (or botnet) of computers. Many of you may have noticed
spam directing you to look at an online greeting card, or accompanied by pdf
files, or directing you to a site with pictures of a huge storm that hit Europe
a year ago (thus the name). That was Storm, the largest single spam campaign
ever. When you try to look at the PDF file, Storm secretly takes over your
computer. But Storm tries very hard to hide itself. All it wants to do is use
your Internet connection to send spam, or other types of malicious data.
What makes Storm the perfect Internet
weapon is how it has been designed to survive. The Storm zombie does no damage
to the PCs it infects, and simply sits there, waiting for an order. Those
orders come via a peer-to-peer system (similar to things like Kazaa or Bittorrent). A small percentage of
the zombies spend short periods of time trying to spread themselves, then turn
off. This makes it more difficult to locate infected PCs. Commands from the
Storm operators are sent through several layers of zombie PCs, again making it
very difficult to identify where those commands come from. Moreover, Storm
operates as a horde of clusters, each of two or three dozen zombie PCs. No
existing methods can shut down Storm, although computer security organizations
have been able to limit the spread. In
fact, all that will work to kill Storm is to find the people running it, arrest
them, and seize their access data. The programmers who put Storm together know
their stuff, and police in dozens of country have cooperated to get their hands
on them. But now that the Storm owners have been traced to Russia, we have a
situation where a government is blocking efforts to shut down the hacker
To avoid the police (especially the U.S. FBI),
many botherders (those who operate botnets) are usually in countries without an
extradition treaty with the United States (where nearly half the zombie PCs
are). Criminal gangs are increasingly active in producing things like Storm, and,
in the case of China, so are government Cyber War operations. Russia is also
believed to rely on criminal hackers for help in carrying out Cyber War tasks,
usually espionage. Meanwhile, it's clear what Storm is up to. It has been
launching attacks at web sites involved in stopping or investigating Storm.
This involves transmitting huge quantities of bogus messages ,that shut down
targeted web sites (this is a DDOS, or distributed denial or service attack).
The Storm botherders are also advertising their botnet as available for the
usual illegal activities (various types of spam).
Early on, it was believed that Storm was owned by a Russian
criminal syndicate, but once more detailed proof was available, the Russian
government refused to cooperate, treating Storm like some kind of secret
military resources. And to the Russians, that's apparently what Storm is.
Meanwhile, the investigation indicates that the Storm crew have some American
members, and now the search is on for them, or any other non-Russians who
worked on Storm, and are not inside Russia.