In October of 2016 a botnet compromised over 100,000 computer gadgets, and used them to knock Dyn, an Internet infrastructure provider, offline. This botnet was made with publicly available malware called Mirai. Taking down Dyn created a ripple effect that eventually caused various high-profile websites, including Twitter and Netflix, to temporarily go down. This attack was simple, but extremely disruptive. It sent a clear message – no one is safe from botnet attacks; not even huge corporations.
A botnet is a collection of Internet-connected devices that perform one or more automated online tasks. Botnets are often used to perform DDoS attacks, or strikes where multiple systems flood the bandwidth or resources of targets like Dyn.
Botnets have been around for over 10 years. As early as 2001, hackers have been breaking into computers via the Internet, and controlling them from centralized systems.
The problem is getting worse, however.
That’s thanks to the overflow of low-cost digital video recorders, webcams, and other devices that can be easily compromised and co-opted into botnets. Hackers can infiltrate them with little effort because virtually all of these devices have no security.
The best way to defend yourself is to run secure software and to buy more expensive gadgets that are less susceptible to corruption. However, this might be easier said than done. Most internet devices are not designed with security as a priority.
What makes matters worse is that once a device is compromised it’s tainted forever. Malware can remain dormant for a long time before it’s activated. As a consequence malware can go undetected by traditional security solutions.
You can also hire professional help to protect yourself. Several security firms sell defenses against DDoS attacks. Their efficiency varies, depending on the severity of the attack and the type of service.
Click fraud is a scheme to fool advertisers into thinking that people are clicking on, or viewing, their advertisements. Botnets are used to commit click fraud.
There are many ways to perform click fraud, but the simplest is for attackers to embed a Google ad on a Web page they own. Google ads pay site owners according to the number of people who click on them. The hackers can just instruct all the computers on their botnet to repeatedly visit their Web page and click on their ad. The more clicks the more cash!
This could be damaging to Internet advertising. If botnet makers figure out more successful ways to siphon money from big companies online, we could see the whole Internet ad model fall apart.
Botnets can be disruptive in numerous other ways. They can be used to dodge spam filters, which work by knowing which computers are sending millions of e-mails. They can speed up the hacking process to break into online accounts, mine bitcoins, and do other things that require a large network of computers. For these reasons botnets are becoming big businesses.
A variety of shady figures are exploiting botnets. It appears that the strike on Dyn was done by angry hackers. Financially driven bands are using attacks as a type of extortion. And political factions employ botnets to silence websites they disagree with.
The reality is that botnet attacks will probably become more prominent. Sadly, we should expect numerous other hits like the one against Dyn.