Information Warfare: Microsoft Does China

Archives

September 17, 2012: Microsoft Corporation recently announced that it had taken down a major botnet (network of PCs secretly controlled by criminals) based in China. The 3322.org domain was long suspected of being the source of much hacker activity. Microsoft went out and proved it and got governments to cooperate in shutting down 3322.org.

Microsoft has, over the last decade, become increasingly effective in blocking and shutting down illegal efforts by hackers to take over PCs using Microsoft operating systems (various versions of Windows). Microsoft Windows is still the dominant operating systems, running at least 90 percent of all desktop and laptop PCs. Thus Microsoft has always had an incentive to go after the hackers, especially those working for criminal gangs, seeking to hack Windows and steal from Windows users. This made Microsoft look bad and other operating systems more attractive to PC users. Microsoft has been fighting back at the hackers.

Two years ago Microsoft revealed that its software security system was removing hacker software from over two million computers a month. Microsoft believed that this was not good enough and tried to get ISPs (Internet Service Providers) and operating system manufacturers to work together to quickly identify infected PCs and block them from Internet access until they got cleaned up. It's easy for an ISP to identify an infected PC if that machine is being used to send spam or participating in a DDOS (Distributed Denial Of Service) attack on a web site. Both activities involve the PC transmitting a lot of easily identified data (that the average user would not send). But since the Internet based criminals can change their hidden software to transmit data in a less easily identifiable fashion, Microsoft is also proposing that Internet users have their PCs equipped with software that the ISP will use regularly to check if the PC is free of hidden hacker software. Machines that are not clean, and have owners who refuse to allow them to be cleaned, will lose their Internet access or have it throttled way back. This is called the "public health" model for computer security. It proved impossible to implement completely, although Microsoft did get more pooling and sharing of information on hacker efforts and successes.

For the "public health" model for computer security to work most effectively, all ISPs, and the nations that regulate them, must cooperate. This presented a host of legal, political, and diplomatic problems which could not be quickly (if ever) solved. The technical aspects, in contrast, are relatively easy to deal with. All this is yet another effort to control the use of hidden software by criminal hackers to infect and take control of PCs worldwide. The good guys are actually winning this battle, but slowly, too slowly.

The most powerful Internet weapons on the planet are botnets. And many of them are getting into uniform. Never heard of botnets? Your PC, at home or at work, may be part of one. In wartime, many of these botnets would be turned into weapons. A botnet can be used to shut down essential military networks, or infect military computers with destructive (to the computer) software. This isn't science fiction. It is real.

Botnets are large numbers of infected PCs, known as zombies, under the control of botherders (the people who run the networks, botnets, of zombies). Zombies are created by hackers, who write computer viruses that get into your computer from an infected website or booby trapped file attachment to spam email.

Currently, on any given day a few percent of all the computers on the planet are zombiefied. These captive computers are organized into botnets of thousands, or millions, of PCs that do the bidding of their controllers. The most common use of botnets is transmitting spam and secret programs that create more zombies, or steal information (government secrets or your banking information). Internet criminals spend most of their time seeking out poorly protected PCs connected to the Internet that can be turned into zombies. This can cost up to a dollar per zombie PC. The "owners" of these zombies then uses them to make money (sending spam, launching DDOS attacks, for the most part). Some botnet owners rent their zombies out. There is no honor among thieves, either, with some Internet crooks seeking out botnets and using their tools to try and take control. The good guys play this game as well, seeking out the botnets and purifying the infected machines by finding and deleting the hidden software that makes a PC a zombie.

The purification process is a growing business. Like other computer security companies, Microsoft equips their anti-virus software with the ability to remove the secret software that turns PCs into zombies. The most successful of these efforts is the one Microsoft operates, which automatically updates its operating system and its security software and removes secret hacker software in the process. This effort is now setting over 40 million zombie computers free from their control software each year.

Currently, the most common reaction to the botnets is to treat the creators and users of these botnets as criminals (which they are) and hunt them down. The U.S. FBI has been increasingly successful at this, by finding, arresting, and prosecuting a growing number of botnet owners. For example, five years ago the FBI announced that Operation Bot Roast had identified over a million compromised PCs, in scores of botnets. The FBI tried to get in touch with as many of these computer users as possible and direct them to organizations and companies that could help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do). Bot Roast was the first big FBI hacker bust. The FBI has since cooperated with Microsoft and other commercial and government organizations in equally large investigations and take-downs of botnets.

The FBI has identified the operators of many botnet (networks of zombie PCs) operators, arrested some, and is still pursuing many others. To avoid the FBI, many botherders seek sanctuary in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area and, in the case of China, so are government Cyber War operations. But even China has been hit by the hackers and has enacted laws against computer crimes.

The FBI never commented on any Cyber War aspects of Operation Bot Roast but they must have been substantial and something the FBI and CIA are busy exploiting. The botherders know the FBI, and dozens of other police organizations, are looking for them and hide behind multiple layers of electronic and real world deception. But given the amount of damage all these botnets can do, there is apparently a bit of urgency in taking them down and quickly.

 

 

X

ad

Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close