Bots and Botnets
Once one of your devices is infected, it can be turned into a bot. A bot will perform tasks under the control of another program, usually without the need for any human interaction. This is why they can oftentimes be referred to as zombies…and in fact, this is a great way to visualize the threat.
If you have an individual or a criminal organization that has infected millions of devices over the past few years, including computers, mobile phones, and IoT devices, and has turned all of those devices into bots, they now have what’s called a botnet (short for bot network).
They can then send commands to bots in their botnet to perform malicious tasks, including:
- Spread misinformation across social media or ecommerce platforms by creating a mass amount of accounts that they control
- Attack legitimate web services with an overwhelming amount of traffic
- Attack networks
Why do criminals create botnets?
Spreading misinformation and fake reviews
Botnets can be extremely lucrative and surprisingly not that difficult to find. For example, if your competitor wanted to promote their product, but yours had better reviews, they could hire criminal organizations with botnets to create a large number of accounts and leave overwhelmingly positive reviews, which would then trick the e-commerce platform’s algorithm into pushing their product over yours.
Distributed Denial of Service Attacks
Or, if your competitor knew that you were going to launch a very important sale at a specific date and time, they could hire criminals with botnets to attack your website right as the product launch is about to happen, rendering your website completely unusable to legitimate customers trying to purchase your product. If the attack were to be successful, your website could potentially remain offline for hours on end, resulting in frustrated customers that change their mind and never purchase your product.
Botnets can also be used for other purposes, such as to relay spam, distribute computing tasks, mine cryptocurrency, or proxy network traffic.
Botnets can be an effective way to deliver spam, such as email spam. As we’ve talked about, email, in broad terms, is not very secure. Anyone can pretend to be sending email on your behalf. Knowing this, spammers can use their botnets by:
- Contacting their botnet, preparing them to send spam
- Using bot devices as email servers
- Sending recipients spam email
Now multiply by the number of recipients that the spammer is trying to reach, and the number of devices they have in their botnet.
Distribute computing tasks
Because devices in a botnet are completely separate devices, the botnet operator can have them work either independently or together, in order to run computing tasks that could otherwise take a very long time to compute on one single device. This could be machine learning operations, for example, which could cost a significant amount of money if you were to run it at a similar scale in a cloud provider.
Instead, you’re able to use other people’s devices for free to run the same kinds of workloads.
Along similar lines, many botnet operators have started using their bots to mine cryptocurrency on their behalf.
Again, mining has become more and more expensive: you need a lot of powerful hardware to mine any significant amount, which also requires higher electricity usage.
Instead, you can mine from other people’s devices for no cost at all.
Proxy network traffic
One last example of when botnets can be useful is to proxy network traffic.
Proxying traffic can be used to anonymize your actions. While there are many legitimate and practical use cases for doing this, it can also be a tool that criminals use to perform illegal actions.
For example, they may try to attack web resources without proper permission. They may try to access bank accounts of compromised users, and so on.
Every action you take on the web leaves a footprint. If you perform illegal actions and you don’t take the necessary steps to mask your footprint, it makes it quite easy for the authorities to find you.
Instead, if you have access to a botnet, you could relay your actions through those devices instead, which would make it look like those actions were being taken by someone else, potentially on a completely different continent then where you live.
The more bots you can relay the traffic through, the harder it can be to trace back the original requests.
Conclusion for Bots and Botnets
While the list of uses for botnets could go on, these are some examples of why cybercriminals may want to create bots and build bot networks. In the next lesson, we’ll discuss how they use something called Command and Control servers in order to create and control their botnets.