Monday, May 05, 2008

I Got the Botts About Bots

My father, God rest his soul, had enough South Texas German in him to be subject to occasional fits of Teutonic depression. He had enough self-awareness to know what was going on when these moods hit him. When we asked him what was bothering him, he'd generally say, "Aw, I've got the botts." (I never saw him write the word down, but for some reason I think it's spelled with two t's.) He passed on many years before the Internet was more than a gleam in a few researchers' eyes, but if he were alive now, he might well have the botts about bots.

A bot is a piece of malevolent software (malware) that infects your computer with the purpose of controlling it to do things that the bot tells it to do. These things are generally not nice. In the case of one of the worst bots, Storm Worm, some observers say that over a million computers took orders from some people who apparently went on the black market to offer denial-of-service attacks to the highest bidder. If a criminal takes up the offer, the victim's website is likely to be inundated with many millions of emails or other automated requests for service, whereupon the target website immediately gets overwhelmed and becomes inaccessible to legitimate users. Creators of botnets have progressed in the last few years from random vandalism to coordinated criminal activity, which is why computer security firms and software providers from Microsoft on down have lately spent so much time and effort combating the problem.

Until recently, people such as myself who use Macintosh computers could ignore bots, since up to 2004 or so no one had bothered to write a bot for Macs. Since only a relatively small percentage of all computers online at a given time are Macs, a malware writer who wants access to the largest number of computers in the shortest time is probably not going to bother writing two different bot programs, one for Macs and one for PCs. (Most legitimate software companies don't either, but that's another story.) But this supposed invulnerability has evidently come to an end. The other day I received a message from the IT division of a university where I do research. It informed me that a Mac on a network node in the lab I was working in was being remotely controlled by a bot. I was alarmed until I called the people and checked the Ethernet ID address, or whatever it's called—an identifying number unique to my computer. The number didn't match mine, so my computer must not have been the one that was zombified. Still, it means there could be a problem in the future.

It turns out that bots tend to use something called IRC, which stands for Internet Relay Chat. This is the old original protocol that enabled the first internet-based chats, before companies started selling proprietary versions. I am not a computer scientist and I don't know why this particular protocol is so useful to botnet masterminds, but it is.

Wouldn't it be nice if we could rewind to the day when the first wide-eyed innocent programmer came up with the neat idea of the IRC in the first place? "Hey, kids, let's make it so we can chat over the Internet in real time." Sounds great. But apparently, there is something fundamentally flawed about that IRC protocol that makes it able to take over people's computers.

I'm sure that was the last thing in the programmer's mind, to put in a built-in flaw that would later be exploited by criminal elements to the harm of thousands of victims, and to the possible legal compromise of millions of people who unknowingly participate in these crimes simply because their computers are hosting bots and follow the orders of their evil digital masters. But hey—with opportunity comes responsibility.

There is an idea in the engineering ethics world called the precautionary principle. Wikipedia defines it this way: "If there is a risk that an action could cause harm, and there is a lack of scientific consensus on the matter, the burden of proof is on those who would support taking the action." You hear more about it in European ethics discussions than in the U. S. Taking it seriously would severely hamper development of new technologies of all kinds. I wonder, though, if the people who developed the early Internet protocols had taken a more cynical view of human nature, and tried to think of all the evil things ill-willed programmers could do with the neat tools they were putting out there, if we might not have some of the problems we struggle with today.

If, for example, the developers of the IRC had taken a prototype version to some creative young bucks who spent their days trying to devise malevolent uses for new software, they might have discovered the extreme usefulness of IRC in botnets. And who knows?—they might have fixed it in a way that stayed permanently embedded in the Internet as it grew faster than almost anyone expected.

It's obviously too late to close the barn door on that particular horse. Now that Macs can harbor bots, I'll just have to be careful and try to make sure I follow good computer hygiene, for whatever good that will do. But people are writing new software all the time, and some of it is destined to be as influential and ubiquitous as the infamous IRC protocol is now. Surely we have learned a lesson about the depths of depravity to which some programmers will stoop. I just hope that people who write software these days take some thought as to how what they develop could be misused in the future, and even twist their minds around to be creative about it—and then fix it so it can't be used that way.

Sources: Slate has a good introduction to the subject of bots at http://www.slate.com/id/2190275/. A recent overview of the subject from a technical perspective can be found at http://8e6labs.com/2007/11/02/overview-of-the-threats-posed-by-bots/.

No comments:

Post a Comment