The Perl Journal March, 2005
People have got to stop connecting their computers to cable or DSL modems. According to a recent study by the Honeynet Project (http://www.honeynet.org/ papers/bots/), 10 million computers have been hijacked for use in a BotNet—those distributed networks of compromised computers that listen in on IRC channels for nefarious commands from a master.
These networks can consist of thousands of PCs, mostly running Windows 2000 or Windows XP SP1, that have been automatically hacked by other machines that have themselves been previously compromised. Taking advantage of the numerous security holes in these unpatched operating systems, these bots replicate with frightening speed. Some of the test computers that were used in the Honeynet Project's study were infected within seconds of being connected to the network.
BotNets can be used for all sorts of evil, but the most common uses are for distributed denial-of-service (DDOS) attacks and spamming. But machines compromised in this manner can be involved in much more disturbing illegal activities, including terrorism and child pornography. If mom and pop realized what their computer was doing behind their backs, they might take the whole security issue a bit more seriously. Sadly, the first sign they often get that something is wrong is the sound of the FBI knocking at the door. News of computer security problems rarely reaches the people who most need to hear it. These are folks who don't even look at the technology section of USA Today, much less read Slashdot.
But the stakes are rising. As the range and scope of crimes that can be committed on the Internet grows, so does the effort that hackers expend to get control of unsecured machines. Infected computers are valuable commodities—already, hackers in control of BotNets fight each other for control of the networks. Once compromised, a computer is open to any other hackers who can wrest control from the original master. Networks of thousands of computers can change hands in an instant in these wars.
The simple solution to these problems is for everyone to put their computers behind a good firewall. But many people already have enough difficulty just understanding the basic operation of their computer, and they don't want to make changes when it seems to be working fine. So even when they know they should be securing their network, they don't feel confident they can. Sadly, there isn't a knowledgeable geek in every family.
But they do need help. Even when, with the best of intentions, nontechnical people buy a router with a firewall, they often fail to secure the wireless portion of the network. Out of the frying pan, into the fire. Now they are off the BotNet, but they're serving up free, untraceable wireless goodness to any criminal with wardriving skills. A recent article in the New York Times detailed the frustration of investigators who traced the activities of criminals trading in stolen credit-card numbers to a residence, only to find an unsecured wireless router and a completely oblivious family.
Perhaps law enforcement should hire some reformed uber-geeks and hook them up with users who want to help fight crime, but don't have a clue about what a firewall is. But then would that be letting the proverbial fox into the high-tech henhouse?
Kevin Carlson
Executive Editor
The Perl Journal