Rise of the botnets | Science News for Students

Rise of the botnets

When harnessed together, a network of zombie computers can be a force for evil — or good
Feb 21, 2019 — 6:45 am EST
an illustration showing a network of tiny robots

Botnets are big armies of zombie computers.


Armies of zombie computers caused a lot of mayhem in 2018.

In January, one cluster of infected, connected machines attacked the three biggest banks in the Netherlands. The attack crippled computer systems and left customers uncertain about their money. In February, a website for computer programmers, called Github, was knocked offline by a network of tens of thousands of devices. In May, the public train system in Denmark was attacked. Its ticket-selling programs stopped working.

That was just in the first half of the year. The armies of infected devices that caused all this damage are known as robot networks, or simply “botnets.” These attacks happen online, via the internet. And the computer culprits weren’t all owned by criminals. Many were machines owned by regular people but taken over by hackers. Hackers have been using botnets in cyberattacks for more than a decade. Now the botnet armies are getting bigger, smarter and more destructive.

a photo of a person using their laptop (apparently unaware of a botnet threat)
Botnets can use a computer or smart device without the user being aware she’s been hacked.

2018 was definitely a bad year for botnets. So was 2017. And 2016. And the several years before that. For more than a decade, botnets have been helping hackers commit crimes. They have stolen identities and money. They have attacked trains and banks. They have caused millions of dollars in damage.

Some botnets can create problems for years without being detected, says Adrian Dabrowski. He studies computer security in Vienna, Austria. Experts estimate that the biggest botnets can take over tens of millions of machines. Dabrowski says the problem of these malicious armies won’t go away in 2019. Indeed, it will likely worsen.

“There’s a lot you can do with 100,000 infected computers,” notes Jody Westby. She’s a security expert in Washington, D.C. Perhaps the most surprising thing about these devices is that their owners don’t know they have zombies. The user, says Westby, has little way of knowing. The device might simply run a little slower. For the most part, botnets are “all owned by people who are not aware that their computers are infected,” Westby says.

And every smartphone, tablet, laptop and gadget that connects to the internet is at risk.

Meet the zombies

A botnet might include computers, cameras and routers. Or they could be other online devices, such as security cameras or toys. Any electronic device that connects to the internet is vulnerable. It just has to be able to run a type of computer program known as malware. This program turns computers into zombies. That means it forces those computers to do whatever hackers tell them to do.

a photo of a newspaper headline reading in part "cyber attack"
Hackers can cause mischief in cyberspace by getting users to (unknowingly) install malware on their own devices. That malware turns the device into a zombie. A network of zombie computers is a botnet, and the hacker that uses them is called a botmaster — or sometimes a botherder.

Botnet attacks can be expensive. A botnet that attacked a website in 2016 cost more than $300,000. That cost mostly came from the extra energy used by the owners of infected machines. In the attack on Github in 2018, the botnet demanded $15,000 in ransom to stop the attack. (Github didn’t pay. Their experts stopped the attack within a few minutes, even though it was one of the largest attacks in history.) In October 2016, a botnet crippled dozens of websites. They included Amazon, PayPal, Spotify and Twitter. Attacked businesses lost money when customers couldn’t buy things.

“Botnets are very effective” at causing problems, says Westby. She runs a company called Global Cyber Risk. It specializes in helping companies protect themselves against threats such as botnets.

Experts like Westby say that botnets are getting bigger, smarter and initiate more types of harm. They’re one of the biggest threats to online security and privacy. Computer security experts and government agencies know of tens of thousands of botnets. Most of those networks are dormant, which means they’re not doing any harm right now (but they are ready to do so).

But with one computer command, the botmaster (or botherder — sort of like a malicious shepherd) can tell all those devices to attack. Last April, for example, a botnet that included 50,000 surveillance cameras in Japan launched a series of attacks around the world.

How to amass an army of zombies

Botnet attacks will get worse, Westby says. That’s partly because botmasters are finding ways to send more data from individual devices. It’s also because of the Internet of Things. That term refers to the idea that any gadget can be online. Such devices are often said to be “smart.”

Yet smart devices are often dumb when it comes to security. As a result, they become easy prey for recruiters. To build a zombie army of smart devices, a hacker writes a computer program that searches the internet for connected devices. Then, the program tries to break into that device. It tries to guess the password. With the right password, the program can install malware.

“And as long as they get malware in the computer, they can use it to commit crimes or send messages,” says Westby.

a photo of a RING smart doorbell device on the outside of a house next to a door
Don’t be a ding dong. Smart devices like this doorbell can become part of a botnet. Smart users change their passwords to prevent that from happening.
RING/Wikimedia Commons (CC BY-SA 4.0)

Guessing a password is easier than you might think. New devices like smart TVs, wi-fi routers and security cameras are sold with a default password in place. (It’s often something easy, like “password.”) According to a survey conducted by a computer magazine in June and July 2018, more than one-third of people never change their passwords. And many people use the same password for all their devices, which is also risky. If a criminal trying to build a zombie army tries to hack a million devices, they might successfully infect more than 300,000.

Hacked devices can make the army even bigger. For example, the malware might direct the device to search the internet for other devices to infect.

Many botnets sit quietly for months or years. One of the biggest attacks took place in October 2016. The culprit was a botnet named Mirai. Its creators had written and launched Mirai in 2014. For two years it spread from machine to machine. An investigation revealed that Mirai had first been used to attack the computer system of Rutgers University, in New Jersey, in 2014 and 2016.

In September 2016, the culprits behind Mirai published the computer program online. Now anyone, including any hacker, could download and use it. As a result, many criminals have now used Mirai to build their own zombie networks. In December 2017, a government investigation identified the culprits behind Mirai. As it turns out, two of them had started a company to help other businesses deal with attacks. (Sort of like bank robbers moonlighting as security guards.) Even though they’ve been caught, their creation lives on. Mirai-based botnets still cause problems.

An attack occurs when the hacker who controls the zombies sends out a signal for all the devices to do something. In the case of the attack on Github, all of the zombies sent junk data to the website at the same time. This attack crashed the website. Westby says botnets also can be used to harvest personal information or credit card information. That information can be used to steal money. It also can be sold to other criminals, to use later.

But that’s not all that botnets can do. Dabrowski says the threat from botnets isn’t limited to stealing money or crippling websites. His research has shown that it’s possible for them to move beyond machines and cause real, physical danger.

“It’s not just stealing credit cards or invading your privacy,” he says. “Botnets can actually have an impact on the physical world.”

Lights out

Dabrowski works at SBA Research, a cybersecurity company in Vienna. He studies ways that virtual and physical worlds come together. He has studied privacy and security in wearable gadgets like fitness trackers, for example. But recently, he’s been studying power grids. He’s worried that they’re an easy target for botnets.

The power grid connects the places where electricity is generated to the people who use it. It includes power stations, wires and towers. And it runs on computer software. If the power grid goes offline, people lose access to electricity. The grid is vital to daily life, and as Dabrowski notes, it’s among the largest structures built by people. Power grids are a type of cyberphysical system, which means they bring together computer programs and real-world parts.

A few years ago, Dabrowski attended a talk where the speaker described how power grids work. Almost immediately afterward, he began to think about the ways that a power grid could break. Trying to find weaknesses in systems, he says, is an important part of working in security.

“Everything you see, you start wondering, where is the flaw? How can I misuse this thing?” he says.

an illustration of connections across a city overlaid on a photo of New York City
Smart devices and computers can communicate over long distances via the internet, but botnets can use the internet to sneak into machines and harness them for crime. Botnets may even cause real-world harm, such as sabotaging the electrical grid.

In 2017, he identified how a power grid might fall victim to botnets. Computers need energy to function. Different parts of a computer require different amounts of energy. Botnets can harness and control those energy-guzzling features. For an individual machine, that would only mean a higher energy bill for the unsuspecting user. But a botnet controlling millions of machines could gobble up so much energy that it overloads the grid, and the grid shuts down.

“An attack can basically render the grid unusable,” he worries. A loss of power would be more than inconvenient. It could be dangerous, too. Wastewater treatment plants are often connected to the grid, so they could shut down. If hospitals lose power and don’t have a backup source, patients could be in danger. Gas pumps that use electricity would stop working, so that people couldn’t add fuel to their vehicles. 

Recognizing that power grids have weaknesses is important for protection, Dabrowski says. However, he also predicts hackers will always find a way to break in. “I think it's impossible to build the grid that is by itself resilient to this attack,” he says.

Predicting how botnets might attack is important. If engineers know a system’s weak spots, they can build detectors that can sound an alarm when botnets attack.

Computer armies working for good

Botmasters use armies of zombies to complete a task. Usually, it’s one that’s against the law. But connected computers also can be used for good. Together, their computing power can be used to discover new things about the world.

Dave Anderson is a computer scientist at the University of California, Berkeley. He’s a pioneer in a type of research known as volunteer computing. Anderson has developed projects where users allow their devices to be used to solve big problems. Such volunteer computing is not malware.

One of Anderson’s first projects is still running. It’s called SETI@Home. SETI originally stood for “Search for Extra-Terrestrial Intelligence.” The SETI project uses data from radio telescopes to search for potential signals from aliens. But radio telescopes collect a lot of data — too much for one computer to search.

an aerial photo of the Arecibo Observatory in Puerto Rico
The Arecibo Observatory in Puerto Rico collects radio signals from space. Citizen scientists can volunteer their computers to help search its data for signs of extraterrestrial life using the SETI​@​Home program. Such volunteer computing to help solve problems is different from botnets, which hijack computers for illegal purposes.
National Science Foundation

Working together, a lot of linked computers can do the job. People who sign up for SETI@Home allow their computers to churn through data and look for signals. Then, those computers send their results over the internet to the central computer.

So far, SETI@Home hasn’t found aliens. But it’s not for lack of trying. SETI@Home uses the power of about 250,000 volunteer computers. Anderson wants more.

“I would like it to be 10 times or 100 times that much,” he says.

Anderson has developed software that helps other scientists conduct big data projects, beyond aliens. These include programs that simulate climate conditions. They also include studies into how DNA folds up inside a cell.

Anderson says volunteer computing helps in studies where one big task can be broken into a lot of smaller tasks. Sometimes those big tasks could be done by a supercomputer. Alas, most scientists don’t have a supercomputer. “A supercomputer is actually a bunch of processors connected by a high-speed network,” explains Anderson.  So volunteer computing creates a connection that acts like a supercomputer.

Even though volunteer computing brings computers together, it’s not a botnet. That’s because unlike botnets, volunteer computing depends on people choosing to work toward some common goal. But Anderson still worries about botnets. “Our worst nightmare is that a hacker might take over a server and distribute malware,” he says. “We have a bunch of features to prevent that.”

The best way for individual users to stop botnets is to prevent infections. Westby has some tips for how to do that. She recommends that people set difficult passwords and never keep the default password on a new device.

In addition, she advises users to be careful about internet use. Some links sent via email or online can lead a user to download malware by accident. She says not to click on links in strange emails or on websites you don’t trust. “The minute they click on something, or go to some site they shouldn’t, they could be infected,” she says. People who suspect their computer might host vicious programs can use anti-malware software to find and get rid of them.

Westby says students have to be smart about what they do online. She also thinks that today’s students will come up with smart solutions for problems like botnets.

“Kids look at things differently than adults,” she says. “They can look at a problem fresh and come up with a cleaner approach.” Botnets, she suspects, “are a problem that kids could effectively solve.”

Power Words

(more about Power Words)

alien     A non-native organism. (in astronomy) Life on or from a distant world.

botnet     Term for robot network, a cluster of computers that have become infected with the same malicious computer program. These infected computers can now act as a community to do harm at the master computer’s command.

botmaster     Term for a computer (or the person who runs it) that can control a network of computers that it has infected with some malicious computer program. That malicious program can turn the now-enslaved computers into zombies.

cell     The smallest structural and functional unit of an organism. Typically too small to see with the unaided eye, it consists of a watery fluid surrounded by a membrane or wall. Depending on their size, animals are made of anywhere from thousands to trillions of cells.

climate     The weather conditions that typically exist in one area, in general, or over a long period.

computer program     A set of instructions that a computer uses to perform some analysis or computation. The writing of these instructions is known as computer programming.

cyber     A prefix that refers to computers or to a type of system in which computerized or online communication occurs.

DNA     (short for deoxyribonucleic acid) A long, double-stranded and spiral-shaped molecule inside most living cells that carries genetic instructions. It is built on a backbone of phosphorus, oxygen, and carbon atoms. In all living things, from plants and animals to microbes, these instructions tell cells which molecules to make.

dormant     Inactive to the point where normal body functions are suspended or slowed down.

electricity     A flow of charge, usually from the movement of negatively charged particles, called electrons.

engineer     A person who uses science to solve problems. As a verb, to engineer means to design a device, material or process that will solve some problem or unmet need.

hack     (in computing) To get unapproved — often illegal — access to a computer, usually to steal or alter data or files. Someone who does this is known as a hacker.

host      (in biology and medicine) The organism (or environment) in which some other thing resides. Humans may be a temporary host for food-poisoning germs or other infective agents.

infect     To spread a disease from one organism to another. This usually involves introducing some sort of disease-causing germ to an individual.

intelligence     The ability to collect and apply knowledge and skills.

internet     An electronic communications network. It allows computers anywhere in the world to link into other networks to find information, download files and share data (including pictures).

Internet of Things     The network of physical objects that have been equipped with electronic devices to let them gather and share information. This allows these objects to observe and interact with their environment.

link     A connection between two people or things.

malware     Computer programs meant to disrupt the normal operation of a device. It is loaded onto computers without their owners’ permission. Examples include computer “viruses” and spyware. Some programs may cause a computer to crash. Others may allow spies to view — and possibly control — a computer user’s online activities. Some malware can even steal personal information.

network     A group of interconnected people or things. (v.) The act of connecting with other people who work in a given area or do similar thing (such as artists, business leaders or medical-support groups), often by going to gatherings where such people would be expected, and then chatting them up. (n. networking)

online     (n.) On the internet. (adj.) A term for what can be found or accessed on the internet.

physical     (adj.) A term for things that exist in the real world, as opposed to in memories or the imagination. It can also refer to properties of materials that are due to their size and non-chemical interactions (such as when one block slams with force into another).

power grid     (in electricity) The interconnected system of electricity lines that transport electrical power over long distances. In North America, this grid connects electrical generating stations and local communities throughout most of the continent.

prey     (n.) Animal species eaten by others. (v.) To attack and eat another species.

processor     (in computing) Also called a central processing unit, or CPU, it’s a part of the computer that performs numerical calculations or other types of data manipulation. It can also be a type of software, or programming, that translates some other program into a form that can be understood by the computer running it.

radio     To send and receive radio waves, or the device that receives these transmissions.

resilient     (n. resilience) To be able to recover fairly quickly from obstacles or difficult conditions. (in materials) The ability of something to spring back or recover to its original shape after bending or otherwise contorting the material.

risk     The chance or mathematical likelihood that some bad thing might happen. For instance, exposure to radiation poses a risk of cancer. Or the hazard — or peril — itself. (For instance: Among cancer risks that the people faced were radiation and drinking water tainted with arsenic.)

robot     A machine that can sense its environment, process information and respond with specific actions. Some robots can act without any human input, while others are guided by a human.

router     In computer science, a device that handles the exchange of digital information between different points in a network.

server     A term for a computer — and especially the software on it — that provides services (hence, the name server) to other computers. A server computer program, for instance, stands ready to fulfill requests by its clients (which are other computer programs). For instance, a web server pulls up website pages or other files upon request. The web browser that you use on your computer to find things on the internet is one type of client. It calls up files from a web server.

SETI     An abbreviation for search for extraterrestrial intelligence, meaning life on other worlds.

simulate     To deceive in some way by imitating the form or function of something. A simulated dietary fat, for instance, may deceive the mouth that it has tasted a real fat because it has the same feel on the tongue — without having any calories. A simulated sense of touch may fool the brain into thinking a finger has touched something even though a hand may no longer exists and has been replaced by a synthetic limb. (in computing) To try and imitate the conditions, functions or appearance of something. Computer programs that do this are referred to as simulations.

smart device     Some product or machine that can send information to and retrieve information from the internet, or that can be controlled via the internet, such as by using an app on a smartphone.

software     The mathematical instructions that direct a computer’s hardware, including its processor, to perform certain operations.

solution     A liquid in which one chemical has been dissolved into another.

surveillance     A term for watching or keeping track of the behavior of others, usually in a stealthy manner or from a distance.

survey     (v.) To ask questions that glean data on the opinions, practices (such as dining or sleeping habits), knowledge or skills of a broad range of people. Researchers select the number and types of people questioned in hopes that the answers these individuals give will be representative of others who are their age, belong to the same ethnic group or live in the same region. (n.) The list of questions that will be offered to glean those data.

telescope     Usually a light-collecting instrument that makes distant objects appear nearer through the use of lenses or a combination of curved mirrors and lenses. Some, however, collect radio emissions (energy from a different portion of the electromagnetic spectrum) through a network of antennas.

terrestrial     Having to do with planet Earth, especially its land. Terra is Latin for Earth.

Twitter     An online social network that allows users to post messages containing no more than 280 characters (until November 2017, the limit had been just 140 characters).

virtual computing    Calculations or analyses performed by a network of linked computers that can together simulate at least some of the activities of a supercomputer. To do this, individuals voluntarily turn over control of their computers during off hours to work on some designated task.

wastewater     Any water that has been used for some purpose (such as cleaning) and no longer is clean or safe enough for use without some type of treatment. Examples include the water that goes down the kitchen sink or bathtub or water that has been used in manufacturing some product, such as a dyed fabric.

wi-fi     A wireless technology that networks various electronic devices (such as cell phones and laptop computers); it allows them to share the same modem for Internet connections by using radio waves.


Meeting:​​ ​A. Dabrowski et al. Grid shock: Coordinated load-changing attacks on power grids: The non-smart power grid is vulnerable to cyber attacks as well. December 4, 2017. Orlando, Florida. Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). doi: 10.1145/3134600.3134639.

Further Reading