The Kill Chain is the cybercrime thriller from Scotland’s newest writer, GJ Scobie, which is due to be published by Darkstroke on the 16th July 2022. This blog post is one in a series called Facts behind the Fiction, in which I take an aspect of the plot and provide factual background material, giving an insight into the real world of cyber security and those who work tirelessly to defend our networks and data.
So, what is a Botnet?
It is the name given to a collection of computers, connected to the internet, typically under the control of a cyber criminal or hacker. In fact, devices in a botnet do not have to be desktops or laptop computers but can be any collection of internet-enabled devices. For example, the Mirai botnet of 2017 that was used to perform a DDOS attack (Distributed Denial of Service) was a collection of cameras and DVR players. Essentially, if it can be connected to the internet, then it could become part of a botnet.
Botnets are not necessarily used for criminal purposes. Harnessing the collective processing power of a multitude of computers for research purposes is not uncommon. However, we typically hear about botnets in a criminal capacity. These machines have been compromised and taken over by hackers who then use them to deploy software used to perform attacks against other systems on the internet. The compromise may have been through unpatched software on the device or stolen credentials. Each is then controlled using what we call command and control software which the hacker downloads to each computer in the botnet. This allows the hacker to use each device to send spam email, steal other systems data via hacking attempts, spread computer viruses and malware or use them for DDOS attacks against the systems of organisations.
The owners of these devices may not realise their device has been compromised and is being used to launch an attack. If those being attacked are able to trace back to the origin of the attack, they will find the compromised device used, but the hackers behind it, will have hidden their location, typically using an encrypted network.
The term botnet is what we call a portmanteau. The words robot and network have been used to create the term. Bots refer to the software that runs on each device to perform whatever action is required.
Next time, worms. What are they?