Monday, April 26, 2010

Opt-in Botnets

As businesses and governments have moved their presence online, protesting and other public forms of disaffection against them have followed. Growing numbers of people have been motivated to take up the cyber-equivalents of protest placards, highway sit-downs and Molotov cocktails.

The last few years have shown a steady increase in the sophistication of the tools and tactics the disaffected use online. Social networking applications, Web 2.0 technologies and the general availability of what can best be described as “military grade” cyber attack tools make it a trivial task for protestors to launch crippling attacks from anywhere around the world.

The massive adoption of social networking portals and micro-blogging services in turn created a new generation of centralized Command-and-Control (CnC) capabilities that quickly and easily organize protests for international participants from all walks of life. The simplicity with which these technologies can be leveraged for attack coordination against governments and commercial organizations cannot be underestimated.

A second generation of cyber-protesting tools has emerged, encompassing a disturbing blend of criminal technology and activist enthusiasm. A growing number of movements are asking their members to deliberately install botnets on their hosts and within their networks in order to participate in more sophisticated and effecting cyber-protests.

Botnets have always been considered a severe threat that removes PCs and servers from IT control. However, botnet compromises have always come from the accidental and unknowing installation of bot malware. The purposeful and intentional acceptance of bot malware, however laudable the cause, presents a dangerous challenge to any organization concerned about maintaining control over network assets and demonstrating proper fiduciary responsibility.

In short, the introduction of social networking CnC and an increasingly diverse range of motivations and common-cause group memberships is opening the doors to new cyber-protesting possibilities – and to criminal misappropriation of hacktivist botnets. This whitepaper examines the evolutionary path of opt-in botnets, including how tactics have changed, why anyone would willingly choose to join a botnet, and what activist botnets mean to organizations that find themselves both victims and enablers of a botnet-driven attack.