Reporting the news is not the only activity at the BBC. Part of the news there is taking part in reigning in the bad guys, then doing the reporting. This story tells of how BBC acquired control software used in the wild to create a zombie net of computers.

Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime.

The technology programme Click has demonstrated just how at risk PCs are of being taken over by hackers.

Almost 22,000 computers made up Click’s network of hijacked machines, which has now been disabled.

The BBC has now warned users that their PCs are infected, and advised them on how to make their systems more secure.

Concerted attack

Click managed to acquire its own low-value botnet – the name given to a network of hijacked computers – after visiting chatrooms on the internet.

The programme did not access any personal information on the infected PCs.

If this exercise had been done with criminal intent it would be breaking the law.

But our purpose was to demonstrate botnets’ collective power when in the hands of criminals.

Click ordered its PCs to send out spam to two specific test e-mail addresses set up by the programme.
Cyber gangs use botnets to support crimes such as fraud and theft

Within hours, the inboxes started to fill up with thousands of junk messages.

But a botnet can also be used to launch a concerted attack on commercial websites to take them out of action.

Hefty ransom

By prior agreement, Click launched a Distributed Denial of Service (DDoS) attack on a backup site owned by security company Prevx.

Click then ordered its slave PCs to bombard its target site with requests for access to make it inaccessible.

Amazingly, it took only 60 machines to overload the site’s bandwidth.

DDoS attacks are used by extortionists who threaten to knock a site offline unless a hefty ransom is paid.

Jacques Erasmus from Prevx said that high-traffic websites with big revenues are a “massive target” for this kind of attack.

“Cyber criminals are getting into contact with websites and threatening them with DDoS attacks.

“The loss of trade is very substantial so a lot of these websites just pay-up to avoid it,” he explained.

Evolving threat

Click has now destroyed its botnet, and no longer controls any hijacked machines.

However, the owners of unprotected PCs have been made aware that they are vulnerable to future attacks.

In addition, Click advised them on what steps to take to make their systems more secure. Most computers have protection systems that need to be switched on and kept updated to protect them against the evolving threat from hackers.

Machines can be compromised simply by visiting an infected web page or opening an e-mail containing a virus as an attachment.

‘Very professional’

Hackers exploit unprotected computers for valuable data such as banking and credit card details.

Criminals use botnets to send out thousands of spam messages, store stolen data, and fraud.

For instance, “phishing” e-mails which attempt to trick people into revealing their bank details are often routed through a botnet.

Users are normally unaware that their PCs are being controlled remotely by cyber criminals because there are almost no symptoms.

Greg Day from security firm McAfee explained that the people who control botnets are “very skilled professionals.”

“We’ve seen this move from what used to be a hobbyist bit of fun into something now that is very professional,” he said.

Hackers are keen to recruit new PCs to a botnet to create a resource that they sell or hire out to other cyber criminals.

But some networks of hijacked computers are of “much more value” than others, according to Mr Erasmus.

“Computers from the US and the UK go for about $350 to $400 (£254-£290) for 1,000 because they’ve got much more financial details, like online banking passwords and credit cards details,”

For anyone who gets the BBC News Channel, the program will be available –

This report will be broadcast in this week’s edition of Click on Saturday 14 March at 1130 GMT on the BBC News Channel.

This points up the reason for using a good firewall, and one that works in both directions, as the speed of today’s computers can mask the outgoing data that a botnet can send. In earlier times, it was easy to note a slowing of computer responsiveness, and problems, though not easy to eliminate, were simple to identify. Now the speed blurs or removes the possible notice, so having a watchdog on outgoing packets is a must.

Comodo Internet Firewall is a fine example, and claims to be the best at catching leakage of any kind. It is also free. Others available are Online Armor, from Tallgrass Technologies. Both of these choices are good, and both have free, as well as paid versions. In each case, the free version will work well for almost anyone – those needing the paid versions would be the kind of users that need major amounts of hand holding – and includes HIPS+ (heuristic intrusion protection system) technology. This seems intrusive, but can really help with many other problems on the computer. Should you find the HIPS+ too confining, it can be turned off.


Digg This