The rise of the 'bot': how your PC could be hijacked by terrorists and criminals

Computers hacked into and used for extortion, money laundering and 'nation state attacks'? The danger is real, George Bush's IT expert tells Clayton Hirst
Click to follow
The Independent Online

The PC in your home could be part of a complex international terrorist network. Without you realising it, your computer could be helping to launder millions of pounds, attacking companies' websites or cracking confidential government codes.

The PC in your home could be part of a complex international terrorist network. Without you realising it, your computer could be helping to launder millions of pounds, attacking companies' websites or cracking confidential government codes.

This is not the stuff of science fiction or a conspiracy theory from a paranoid mind, but a warning from one of the world's most-respected experts on computer crime. Dr Peter Tippett is chief technology officer at Cybertrust, a US computer security company, and a senior adviser on the issue to President George Bush. His warning is stark: criminals and terrorists are hijacking home PCs over the internet, creating "bot" computers to carry out illegal activities.

"2005 will be the year of the bot," he says. "There is a 20 per cent chance of any one home computer being 'owned' by a hacker. The number of bot attacks this year is already twice as bad as it was last year."

Assuming you have a fixed broadband connection, then switch on your PC in the morning and by the time you go to bed there will have been between 200 and 300 attempts to hack into your system, according to Dr Tippett.

Most of these will be hackers' computers simply scanning the internet for vulnerable PCs. Most attempts will fail. But if a hacker gets into a machine and turns it into a bot then it will join hundreds, perhaps thousands, of others under the criminal's control.

The signs that a PC has been hijacked are difficult to spot. It will operate normally until it receives a command from the hacker's central computer to act. Even then, the only thing the home user may notice is that the machine is operating more sluggishly than normal. "We often turn the computer on and blame Microsoft if it is running a bit slower. Chances are that it is running like this because it is 'owned'," says Dr Tippett.

Once a criminal has gathered together what is known as a "herd" of bots, the combined computing power can be dangerous. "If you want to break the nuclear launch code then set a million computers to work on it. There is now a danger of nation state attacks," says Dr Tippett. "The vast majority of terrorist organisations will use bots."

The greatest proportion of hack attacks originate from Brazil - something that computer experts can't explain. Other hacking nations and regions include South Korea, China, the Middle East and Russia.

The rise of the bot started four years ago when they were primarily used for spewing out thousands of spam emails, usually advertising pornographic web- sites and fake pharmaceuticals. Junk from hijacked computers is still a problem. An anti-spam group blacklisted nearly a million Telewest email addresses last week after hackers had infiltrated the owners' computers to distribute spam.

But Dr Tippett says that the hackers are now "moving into profit mode" by using the hijacked computers for more serious crimes. One is money laundering. "If you are going to be a successful criminal then you need to hide your tracks. Moving stolen money around is difficult. One way to do it is to shift it from computer to computer. Bots will help criminals to do that."

Criminals are also using bot computers for extortion. By harnessing hundreds of hijacked home machines and aiming them at a single website, criminals can freeze companies' entire online operations in a few hours. In early 2004, bookmaker William Hill suffered an attack and then received a demand for $50,000 (£26,800). William Hill didn't pay up but it experienced a fall in online gambling during the attack. Coral has also received demands for money from cyber criminals.

Phishing - where criminals attempt to gain customers' personal banking details though deceptive emails - also relies on bots. According to Cybertrust, some $52.6bn was lost globally to identity fraud last year. In the UK, incidents of identity theft were up 22 per cent in 2004.

For the criminal, the attractions of hijacking home PCs are great. They can hide their identity behind hundreds of computers. Sometimes the only way in which law enforcement agencies are able to track the criminals down is when they are found bragging about their deeds on the internet.

Law enforcement agencies are beginning to wake up to this new threat. The UK's National Hi-Tech Crime Unit uncovered a plot in March to steal £220m from the London offices of Sumitomo, the Japanese bank. The unit is now trying to trace computer-based extortion rackets in Russia.

The CIA, MI5 and MI6 also track the cyber activities of terrorists, although Dr Tippett suspects that these agencies covertly use bots themselves as part of the intelligence-gathering process.

Dr Tippett is critical of governments, with the exception of their intelligence services, for failing to view the threat of cyber crime and terrorism seriously enough. "The US has ended research into cyber security. The spend has gone from small to zip. I spend [Through Cybertrust] more money on cyber security research, $8m, than Homeland Defense does. This is completely shocking. I sent a report on this to the President three weeks ago. Unfortunately, having a computer security guy saying the US needs to spend more on computer security is silly. But the cyber component of crime is real and it is growing."

So, while we wait for governments to act, what can home computer users do to ensure they are not aiding terrorist or criminal activity through their PC?

The most effective way, says Dr Tippett, is to connect to the internet using a wireless router - a device that provides users with wireless broadband around the home. "By default, all routers will drop 95, 96, 97 per cent of attacks. They are more effective in preventing hijacks than a firewall or anti-virus software."

Second, Dr Tippett says, Mac computers are less susceptible to attacks than PCs. "There is a lot of religious evangelism on this subject. For the record, I have a Mac and a PC. Because less than 5 per cent of home computers are Macs, they are much less of a target. There are a bunch of little things with the Mac's operating system that make it less likely to be attacked. A Mac with a wireless router is like a PC with a safety belt and airbags."


Those tech terms in full

Bot - a home computer under the control of a hacker.

Bot herd - hundreds, sometimes thousands, of home computers under a hacker's control.

Distributed Denial of Service - when a hacker brings down a corporate website by using a bot herd.

Phishing - an attempt by a fraudster to gain a person's bank details and ID by sending deceptive emails.

Spam - unsolicited email.

Wireless router - a device that allows users to connect their computer to the internet remotely.