Botnet Structures and Attacks

Botnets are a powerful tool for hackers and cybersecurity professionals. Composed of many connected and “infected” devices, botnets are used to carry out user actions on a grand scale. This article explores popular examples of botnets, their structures, and the types of attacks that utilize botnets.Botnets are a popular, alluring option for hackers and cybersecurity professionals across the globe. Vast personal armies of digital “zombies”, or bots, can be directed towards mass action on a dizzying scale. It’s no surprise that this sort of digital necromancy is popular among hackers, businesses, and cybersecurity enthusiasts. A botnet can amplify a single user action to the scale of thousands. In order to understand botnets, we must outline their anatomy and history. This section will explore some popular examples of botnets, their varied structures, and the types of attacks that utilize botnets.Khan Smith was the first to achieve botnet notoriety for his spammer based on EarthLink, a web service for email and online hosting. In 2000, the EarthLink spammer sent millions of unsolicited phishing emails to unsuspecting addresses. The botnet managed to generate roughly $3 million in revenue before the hacker got hit with a $25 million dollar fine for fraud and racketeering. In 2007, the Storm botnet was created and rented out to hackers for a variety of malicious activities including identity theft and Distributed Denial of Service (DDoS) attacks. This was the first botnet to rely on peer-to-peer technology, and it had infected roughly one million computers at the height of its activity. More recently, the Mirai botnet was ousted as the cause of a major internet outage on the Eastern coast of the United States in 2016. Amusingly enough, the botnet was originally formed by university students trying to gain an advantage in online video gaming. In the public sphere, politicians and media figures have been exposed for hiring private botnet services to gain followers on social media and influence public discourse.

P2P or Client Server?

There are two main structures of botnets: peer-to-peer and client server. The first botnets were created on the client-server model meaning each infected machine answers directly to a central server for direction and commands. These botnets are easier to detect and destroy, as every bot points to the same address. Peer-to-peer botnets rely on existing peer-to-peer networks and are more difficult to detect. Without a single point of failure, each bot in a peer-to-peer botnet can simultaneously receive and distribute commands. Much like the mythological hydra, the destruction of one command server is immediately supplanted by another bot on the peer-to-peer network. Voluntary botnets involve users who are aware of their machine’s infection.The most frequently used botnet attack is the Distributed Denial of Service attack. Every time a user loads a web page, a download request is sent to the site’s web server. If there are too many requests at once, the page becomes completely inaccessible by internet users. Botnets can generate thousands of requests at once and temporarily disable a website. Additional uses for botnets include installing spyware, exploiting advertising revenue through clicks and views, identify theft through keyloggers, and sending out spam emails. Any single user action can be amplified by botnets, and the limits of botnets is often a matter of creativity.In summary, botnets are frequently the most powerful tool in a hacker’s arsenal. They can carry out malicious activities on a massive scale, but they are often doomed to detection, destruction, and the eventual arrest of their creators. However, botnets remain a legitimate tool for research and educational activities. In many of these cases, hubris and unchecked ambition lead to the creation and eventual downfall of powerful botnets. The most successful botnets are those that fulfill their purpose and remain undetected.