The Coming Botnet Stock Exchange 105
Trailrunner7 writes "Robert Hansen, a security researcher and CEO of SecTheory, has been gleaning intelligence from professional attackers in recent months, having a series of off-the-record conversations with spammers and malicious hackers in an effort to gain insight into their tactics, mindset and motivation. 'He's not the type to hack randomly, he's only interested in targeted attacks with big payouts. Well, the more I thought about it the more I thought that this is a very solvable problem for bad guys. There are already other types of bad guys who do things like spam, steal credentials and DDoS. For that to work they need a botnet with thousands or millions of machines. The chances of a million machine botnet having compromised at least one machine within a target of interest is relatively high.' Hansen's solution to the hacker's problem provides a glimpse into a business model we might see in the not-too-distant future. It's an evolutionary version of the botnet-for-hire or malware-as-a-service model that's taken off in recent years. In Hansen's model, an attacker looking to infiltrate a specific network would not spend weeks throwing resources against machines in that network, looking for a weak spot and potentially raising the suspicion of the company's security team. Instead, he would contact a botmaster and give him a laundry list of the machines or IP addresses he's interested in compromising. If the botmaster already has his hooks into the network, the customer could then buy access directly into the network rather than spending his own time and resources trying to get in."
Robert Hansen has access (Score:2, Interesting)
Is SecTheory a harbor for these malicious users? Why does Hansen have such deep contacts?
Re:Honeypot? (Score:4, Interesting)
"Uh, I don't trust you but I want to search your botnet. Strictly for research purposes."
"I'm trustworthy. I control such-and-such handle over at such-and-such forum. I'm going to post '(some message)' in 5 minutes -- that proves it. But my botnet is expensive. Can you pay?"
"Yeah, here's a paypal gift to prove I have funds."
"Ok, I'm listening. What do you want?"
(And the negotiation goes on from there.)
This is an Apple-like vertical integration of services (but for botnets). The same guy who has "owned" the hardware offers "other services" on his "platform." I couldn't keep a straight face as I typed that.
I don't really think this is a "stock exchange."
Why not use a botnet (Score:1, Interesting)
Re:Bad title (Score:1, Interesting)
Re:Why not use a botnet (Score:2, Interesting)