On the night of June 5, 2013 a coalition led by the FBI and Microsoft broke up a botnet of two million connected PCs that was being used by cybercriminals for various malicious purposes. What’s most startling is that those two million PCs were sitting in homes and business, and their owners had no idea what their computers had been up to, and most likely still don’t know.
Botnets are essential tools for modern cybercrime. If a criminal uses a single computer to send spam or hack into a bank, the incident could be easily isolated and eventually traced back to the hacker. However, it becomes much more difficult for police to track attacks if literally millions of computers are engaged in the activity. At the same time, activities like spamming become much more profitable for a hacker. The worst part about this is any computer is of interest to a hacker. It might be old, buggy and totally free from valuable information, but it is still able to earn money for criminals and in some cases, bring police to your door.
Here are some of the things your devices might be doing that are going totally unnoticed by you:
- Spam: as you work, browse and play, your devices could be spamming thousands of people with emails for fake drugs or counterfeit goods.
- Fraud: even with no web browser open, you may be secretly ‘clicking’ online adverts, so the pay-per-click advertiser can fraudulently inflate their charges.
- Distributed Denial of Service (DDoS): your devices could be amongst thousands bombarding a website’s server with requests, causing it to crash and go offline.
- Making money, literally: bitcoins, the Internet’s crypto-currency, are produced using CPU-intensive calculations. It takes a lot of time to “mine” a bitcoin, so hackers use many computers to speed this process up. Bitcoins are accepted as legitimate payment for many legal and illegal goods, and could be easily exchanged to real currency.
- Distribute malware: as law enforcement agencies are getting better at taking botnets down, their creators try to make zombie networks less vulnerable. Recent botnets are P2P (peer-to-peer) – each infected computer might be used by a hacker to serve infected downloads to other computers and issue various commands to “slave” PCs.
- Selling ‘warez’: These are normal programs, cracked to work with no serial number. Criminals could be selling them from a secret, illegal store on your PC.
- Hacking: to hide their tracks, cybercriminals remotely take over someone else’s PC to attack their real target. If the activity is traced, it’s traced to you.
- Downloading or watching illegal content. As some countries developed laws prosecuting pirated downloads, it became sensible to download illegal content using other computers, transferring it to a final destination in an encrypted form. If that’s not chilling enough, just consider this piece of advice that was recently posted on a hacking forum: “Use an RDP to do your exploit. For example, if you watch illegal content using an RDP, if anything happens, the real person who owns the RDP gets caught instead of you.” RDP stands for Remote Desktop Protocol, a network protocol used to remotely control another computer, in this case, the cybercriminal’s victim.
- Breaking passwords. Hackers could use the processing power of your computer to try every single password while cracking someone’s valuable data.
And remember, it isn’t just PCs that are at risk, cybercrime is now a multi-platform enterprise. The first Android botnet was detected in January 2012. Disguised as a game, the Foncy Trojan gave itself root access to the Android OS. The malware, and the criminals controlling it, had a great amount of control over the infected phones.
In addition to being made to send SMS messages to premium numbers (at the user’s cost), stealing victim’s bank details and spreading malware to others in their address books, infected phones can also be remotely controlled and used in illegal activities, such as those described above.
The conclusion is simple – any connected device requires protection. Be it your old Windows PC, new smartphone, tablet or Mac laptop, it requires dedicated security software to make sure it’s serving only you and not doing anything illegal at your cost.