U.S. girds for battle with computer 'botnets'

Everything looks perfectly normal: Your computer sits at home, waiting for you to check sports scores or find a recipe for dinner. Little did you know that criminals, and maybe even terrorists, are using your machine for their own sinister purposes. It may sound like science fiction, but it actually happens.

In fact, hackers can create entire networks from computers they've taken over without the owners' knowledge. FBI Director Robert Mueller has warned against these networks, known as "botnets" (for robot networks), calling them the "Swiss Army knives of cybercrime."

"You name it, they can do it, from attacking networks, sending spam and collecting data to infecting computers and injecting spyware," he said in a cybersecurity speech Nov. 6 at Penn State University in College Park.

To create botnets, hackers use virus and worm attacks to put software on PCs that are connected to a server. The hacker can then use the server to send instructions to these compromised computers, called "zombies." In this way, a hacker might control thousands of zombie machines.

Millions of computers in the United States and around the world have already become zombies, says Shawn Henry, deputy assistant director of the FBI Cyber Division. (A 2006 article in eWeek reported that Symantec, the antivirus software giant, put the number at 4.6 million zombie machines.) "These things have exponentially increased the ability of criminals and others to do harm," he says in a telephone interview.

Concerns about terrorists using the Internet are very real, Mr. Henry notes. They, too, can use the tools that criminals use to steal Social Security numbers and other personal information or to launch an attack to try to bring down an organization's website.

In a "denial of service" attack, thousands of machines send requests all at once to a server, forcing an overload. A "keylogger" records keystrokes on a computer, including passwords, then sends this information back to the hacker. "Imagine a denial of service attack on our telecommunications system," he says, "or using a keylogger to gain access to sensitive data."

How much damage could this kind of an attack do? Director Mueller gave a vivid, real-world example during his talk: "Last April, Estonia suffered what has been called a 'cyberblockade.' Wave after wave of data requests from computers around the world shut down banks and emergency phone lines, gas stations and grocery stores, newspapers and television stations, even the prime minister's office. Although the source of this attack has not been confirmed, the effect was real, and left all of us aware of the potential risk we face. How long before others around the world begin to employ similar tactics?"

The hunt for the people behind these networks is a "cat-and-mouse game," Henry says. Cybercriminals can move quickly from zombie machine to zombie machine, making them hard to track. As soon as one botnet hub is shut down, hackers can open another one. To find their main servers and block them, the FBI relies on cooperation from the private sector, government officials, and universities. Working with these partners, Henry and his team have found more than a million infected computers and shut down several bot operations since June as part of Operation BotRoast.

The bureau also works to protect businesses and universities, which are targeted because they have large amounts of sensitive economic and research data. The FBI has set up a program called InfraGard (www.infragard.net), which allows private-sector participants to share information about threats to their computers and how they were stopped on a secure server. It also helps universities deploy more safeguards for sensitive data.

It wasn't always easy to convince these parties to cooperate, Mueller said. Businesses were reluctant to work together for fear that proprietary data would be stolen. Universities were reluctant to work with the FBI, recalling the way the bureau spied on campuses in the 1960s and '70s.

Now, businesses and universities have become very aware of the level of threat they face from cyberthieves and are more open to working with the FBI, Henry says.

As for what you can do to keep your computer from turning into a zombie machine, Henry's cyberteam says the key is to reduce your vulnerability: Don't "drive" in bad neighborhoods; you wouldn't leave your car unlocked there, so don't leave your computer vulnerable either; turn it off when you're not using it; keep your firewall turned on; and update your antivirus and antispyware software. (Or, as one friend said to me, "you can just buy a Mac.")

Microsoft offers a free online security scan to tell you if your computer has been turned into a zombie: www.microsoft.com/protect/products/computer/safetyscanner.mspx

But even with these alliances and increased security, Henry says, it's a constant struggle to keep businesses, universities, and the nation safe: "Offense always outpaces the defense in the cyberworld."