Great piece from eWeek today. Here’s some additional color and insight on the topic.
The growing and maintaining work of a botnet has become just an additional profession in the hacker supply chain of the growing hacking industry. Similar to market competition of the real world, botnet growers are competing to provide their service. Which means that prices are falling.There are different aspects which are taken into price account of the botnet hiring:
- Size of a botnetType of attack (e.g. spam, DDoS, cred-fetching)
- Target (military, private organizations, targeted or wide-spread)
- Geo-location (targeted country, organization and even language considerations)
- Length of attack (1 hour of spam, 3-day DDoS attack or a monthly membership for phishing sites).
Given these parameters one cannot give a straight out number as to the price. Though to get an idea of price ranges then a 24-hour DDoS attack can be anything from a mere $50 to several thousand dollars for a larger network attack. Spamming a million emails, given a list, ranges between $150-$200. While a monthly membership for phishing sites is roughly $2000.
The move by the ICA is not surprising. Cyber-criminals, just like real-life criminals, seek for different sources of revenue. Botnet growers are continuously advertising their services. What is interesting in the case of ICA is that they were the ones performing the attack. From their point of view, most of their attacks were politically motivated. But now they have realized – why can’t they make the extra buck on the side if they already have the infrastructure. If they are even so-called ideologists, they could be re-investing this earned black-money to their organization to proceed with other attacks and develop their resources.
From a security standpoint, does this activity make botnet detection easier or harder? On the one hand, advertising underground services does carry risks of being uncovered. Take for example any fraudster in the real-world advertising fake Rolexes. That criminal does run the risk of selling to an undercover cop. Similarly a criminal selling illegally obtained online credentials to some Facebook account runs the risk of the forum being tapped into by feds. Yet, these criminal acts proliferate. The hackers are not stupid. They use different evasion techniques, secret forums and even a reputation-based system in order to avoid being detected. As for the uncovering of a botnet itself, many of the C&C servers use fast-flux technology – a technology where the server constantly changes so that it is harder to find the “brain” behind the zombies and take it down.