viernes, 20 de abril de 2012


The creation of a bot network. 

A spin out approach to a real problem.

Part 1 - 5

Many websites and many articles out there describe potential security issues and holes inside US Home Resident networks, in particular those networks managed by Verizon, Cox and Comcast.  These are three giants in the cramped world of common-use connectivity in the United States.  As of 2011, powerhouse pair Cellco Partnership and Verizon Wireless, boasted nearly 109 million subscribers - the largest number of any other U.S. wireless provider [1].  If their security system does indeed have more holes than OJ's alibi (or for you babies: a pair of Lady Gaga's banana hammock undies), this is certainly cause for concern.

Most articles we have seen over my years of research have been written about bots, and how to create bot networks for identity theft, DDoS, and other fraudulent attacks.  For crackers these days, the thrill comes from this hugely profitable business.  And for them, profit = fun.  However, there's no imagination.  So how fun can it really be?  At the root, when all financial gain is taken away, the whole concept is actually pretty damn boring.

Quote : Verizon and The Hacktivism

"Hactivists — not cybercriminals — were responsible for the majority of personal data stolen from corporate and government networks during 2011, according to a new report from Verizon. The Verizon 2012 Data Breach Investigation Report found that 58% of data stolen in 2011 was the result of hactivism, which involves computer break-ins for political rather than commercial gain. In previous years, most hacking was carried out by criminals, Verizon said. Altogether, Verizon examined 855 cybersecurity incidents worldwide that involved 174 million compromised records. This is the largest data set that Verizon has ever examined, thanks to its cooperation with law enforcement groups including the U.S. Secret Service, the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London."


With the rise of Anonymous (examples of their shenanigans can be found here: Anonymous LoiC ), Loic Network, and Chuck Norris Bots ('nuff said: Chuck Norris ), the term is inevitable: "hacktivist".  Their domain?  Feel free to slap hand against forehead now.  Moving right along...
These people are fueling, and fueled by, political agenda.  High-traffic/low-security sites are of course their target for the battle cry.

With the outrageous rate of increasing discomfort on the web, the government is also drawing the weapons, as demonstrated by the recent SOPA controversy in the U.S.  However, this only seems to fan the flames.  Hackers and hacktivists around the world are only improving ways to cover their tracks, ensuring their continued mission to use large networks to "speak the word of freedom".


Based on this, and filled with and enormous intrigue, We decided to look deeper.  As a Security Consultant for corporate and government networks our selves , this new "voice of freedom" movement caught our attention.   One part of our job, of course, is to know the tools out there in order to counter-attack and defend ourselves and our clients.  So a couple of questions are raised on our minds:


How vulnerable is the internet, really?

How much effort does it take to create a bot network?  Could it be done at a novice level?

What can you do, besides DDoS Attacks and identity theft, with a bot network?

How we can protect against it?

Based on those questions, we began to research and develop possible solutions.  Good research involves two things (excluding the rock between our ears): time and money.  Given our personal goal to continuously bite off more than we can chew, both things sometimes tend to run tight.  Regardless, we are moving forward.

We have divided the project into several milestones:


  •  Targeting Networks.
  •  Identify common victims.
  •  Write several scripts to help me with that (mainly because we are talking  thousands of routers.  Impossible to do it by hand.)
  • Sort the data and keep it stable ( how much i can maintain connectivity).
  • next.. what can we do....



Our approach was to avoid any kind of upload, payload, binary, or anything else that would need to be implanted on the victim's end.  Such viral network requires time, as well as knowledge from on hacker's part.  Also, we needed to create something simple.  Something that uses only a few tools.  Most of all, we did not want to use any kind of javascript injection, impersonation, etc. We wanted not only to leave the end user alone, but especially wanted the method to be as quiet as possible.  So..the less traffic, the better.