Botnets blur the nice, clear boundaries between black and white

How botnets skew the relationship between attacker and victim

Good and evil. Black and white. They make everything so much easier. And they’re partly what makes the world of security so appealing. This isn’t to denigrate the toughness of solving security issues, of course. But at least there are bad guys trying to get in and good guys putting up an honest defence – and it’s all pretty clear who’s in the right and who’s in wrong.

But DDoS botnet attacks blur the boundaries of this nice, storybook tale. Because although they’re generated by the evil folks – intent on stealing your cash, compromising your brand or performing some kind of nameless mayhem – they appropriate innocent individuals (and businesses) to do their dirty work for them. This skews the line between attacker and victim – black and white, if you like – as it inadvertently turns poor breached victims into vile attackers.

This was felt to a certain extent with the massive Dyn attack – which seemed to cross a lot of boundaries – and maybe herald the type of future breaches we’re due to see more of. But still, in its raw form, doesn’t get too much airtime. Or even acknowledgement.

Bizarrely, in the wider parlance there is still only black and white. One victim and one aggressor. Yet the issue of inadvertent botnet attackers is not likely to go away anytime soon. In fact, many pundits believe that the rise of the Internet of Things means it is going to get a whole lot worse as more connected devices mean more everyday items can become unknowing foot soldiers in someone else’s dirty war. And those businesses which do unwittingly launch an attack won’t be seen as a victim and may accrue some serious brand damage and maybe even legal accountability of their own.

Of course, this does highlight the new shades of grey attached to cybercrime. There is one victim and one attacker. And that attacker is definitely black. But the victim is no longer as white as it used to be. At one point it was a glorious glowing shade of pure snow – like anyone who is burgled. Now even the ‘main victim’ is tainted with shades all kind of damning shades of negligence (while the botnet victim is just muddy and unrecognisable).

This gradual brand shaming is bound to have an impact on the cyber security landscape – and is probably a good thing in the long run – but sadly doesn’t help make a complicated picture simple. Smart devices included on an ad hoc basis are certainly more difficult to patch and update. While many individuals (and businesses) still don’t fully understand exactly how these devices are connected or how they share data.  

There is definitely a need for more education here because the problem of botnets is also increasing – not just in terms of the number of attacks but also in terms of the size of the botnets. This is because the computer power previously needed to maliciously control a handful of machines can now be used to control a far greater number. While smarter techniques can also facilitate true military grouping. So a hacked machine can act as squadron leader of a whole pack of appropriated devices. (And all this functionality can be purchased quickly and easily – along with tutorials – in numerous places on the dark web.)

Over the last 12 months the slew of high profile attacks have been ramping up at a ferocious pace. The increasing professionalisation of cybercrime is, like any standard business, adding layers and layers of admin between the individuals who do the work and the big beating heart of the money of the operation.

Now much of the low-level-strike data gathering and the small-petty-crime-grunt-work, which will add to up that great mega breach of the future, is being carried out by the ‘innocent victims’. The line between black and white – good or evil – was crossed a long time ago. And the strange thing is very few people seem to have particularly noticed.   


Also read:
Why does everyone forget the unwitting DDoS foot soldiers?