University of Calgary

Zombies and botnets

February 17, 2010

Battling zombies, botnets and Torpig

Distinguished lecture looks at outwitting enemy hackers in the Internet ‘arms race’

aycock 250x286
John Aycock
One of the newest threats to individuals, corporations and governments online is the creation of robotic networks, or ‘botnets.’ When a criminal hacker takes over a single computer and operates it remotely, it’s called a zombie, or a ‘bot;’ controlled as a group they form a botnet.

“It’s an issue of scale,” says John Aycock, an associate professor in the University of Calgary’s Department of Computer Science. “If you control an entire network of tens, or hundreds of thousands of home computers, you can do an awful lot of damage.”

Last week, a group of computer hackers—calling itself Anonymous—attacked official websites in Australia to protest a proposed Internet filter aimed at targeting pornography and criminal sites. These groups can also steal passwords, bank account information, and harvest email addresses to expand their botnet.

Aycock and researchers from U of C’s new Institute for Security, Privacy and Information Assurance work on a range of technologies to prevent and detect such attacks.

About 10 per cent of computers world-wide could be infected by botnets, according to Vint Cerf, considered one of the founding fathers of the Internet. Most victims would have no idea their computer was involved. Aycock says it’s widely believed that the perpetrators have evolved from basement hackers to sophisticated online invaders, perhaps with links to organized crime.

“The motivation used to be to put another notch in your belt, today it’s very much money-driven,” says Richard A. Kemmerer, a professor of Computer Science at the University of California, Santa Barbara. Kemmerer will speak about this issue and his research at the University of Calgary next Thurs., Feb. 25.

In January of 2009, his team briefly posed as the criminals themselves, when it secretly took control of the infamous Torpig botnet.

“For 10 days we owned it,” says Kemmerer, who gave the resulting data to the FBI and other federal law enforcement agencies. “We saw more than 180,000 infections. Torpig obtained the credentials of 8,310 accounts at more than 400 different institutions including PayPal and Capital One. In just over an hour, 70,000 passwords were uncovered.”

A pre-emptive approach is the only one that will ultimately prove effective for Internet security, notes Kemmerer. “Remember this is an arm’s race,” says Kemmerer. “It’s the hackers against the good guys.”

SPIA Distinguished Lecture: How to Steal a Botnet and What Can Happen When You Do

Richard A Kemmerer, Computer Science Leadership Professor, Dept of Computer Science at the University of California, Santa Barbara

11:30 a.m. on Thursday, Feb. 25

Biological Sciences building, room 587

Bookmark and Share