The Coming Botnet Stock Exchange

Trailrunner7 writes "Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."

Robert Hansen has access

[BadAnalogyGuy]

Is SecTheory a harbor for these malicious users? Why does Hansen have such deep contacts?

Re:Honeypot?

[dch24]

Business does require a certain amount of trust, but it's amazing how money talks. For example, the conversation might go like this:

"Uh, I don't trust you but I want to search your botnet. Strictly for research purposes."
"I'm trustworthy. I control such-and-such handle over at such-and-such forum. I'm going to post '(some message)' in 5 minutes -- that proves it. But my botnet is expensive. Can you pay?"
"Yeah, here's a paypal gift to prove I have funds."
"Ok, I'm listening. What do you want?"
(And the negotiation goes on from there.)

This is an Apple-like vertical integration of services (but for botnets). The same guy who has "owned" the hardware offers "other services" on his "platform." I couldn't keep a straight face as I typed that.

I don't really think this is a "stock exchange."

Why not use a botnet

[linzeal]

To trade stocks in the first place? Buy some penny stocks/junk bonds whatever and get/steal/buy enough logins to various brokerages than just pump the price at an opportune time, take the money and run.

Re:Bad title

[Anonymous Coward]

It's also just an idea someone put out. There's now evidence it's "Coming". We've all been bitching about fraudulent Slashdot titles for years. I don't think they'll ever stop with the hype.

Re:Why not use a botnet

[Danimoth]

This happens on a rather frequent basis. I work on a trading desk which sees some retail customer order flow. Every now and then fraudulent pump and dump stocks come to our attention. Its usually not too hard to figure out that some order for 5x the average daily volume in a penny stock is fraudulent. Not to hard to track down the customer to give them a call and find out that they had no idea their account was broken into. A much more effective way is to send the orders a few hundred or thousand shares at a time and have them auto executed by a machine. Usually they trace the attacks back to Eastern Bloc countries. I know Hungry was pretty popular last year.