I was thinking recently about the surge in email spam I receive. My spam level is up to about 60 per day that get through my ISP, which blocks about twice that many more, and that doesn’t include the 50-60 spams I get on the blog here and manually delete. Being perversely interested in all kinds of things, I normally look at the return addresses on those spam emails (most of which have started using the “nofollow” command). What’s been interesting to me is the number of spam messages that come from accounts I can recognize. Now I think I understand why…my friends and colleagues have been hijacked into a botnet! Maybe I have, too!
According to Wikipedia, botnet is jargon “used to refer to any group of bots, such as IRC bots; the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet’s originator (aka “bot herder”) can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes.” An amazing 26% of the compromised computers used in botnets are in the US. Four out of five computers connected to the Web have some type of spyware or adware installed on them, with or without the owner’s knowledge.
Bot masters often use botnets for denial-of-service attacks and extortion against legitimate companies, Google and Yahoo advertising click fraud, and other malicious activities, such as hosting phishing sites, spying on people, and send millions of pieces of email spam. Not surprisingly, there’s a lot of money to be made from being a bot master. Typical monthly incomes of range from $7-10,000. Distributing online advertisements via spyware and adware is a $2 billion industry, according to security software maker Webroot Software Inc. With many people not updating their security programs frequently or promptly, it is surprisingly easy for someone with only slightly sophisticated programming knowledge to get started in this type of enterprise. Brian Krebs wrote a detailed article about computer hijacking in the Washington Post, and it includes eye-opening interviews with several bot masters.
Kelly Martin took a slightly different approach in a nice article in The Register about this insidious and thought-provoking development. It started me thinking about something my friend Rich often talks about–the Singularity. The Singularity is popularly held to be the point at which the subsequent behaviour of a mechanism or machine cannot be predicted, or the forces or other physical quantities involved become infinite or undeterministic. In other words, as portrayed so vividly in science fiction and movies such as The Matrix, Terminator 2 and I, Robot, this event is the point at which computer intelligence first exceeds human intelligence, and artificially created intelligence begins to function independently of its creators.
Credible scientists such as Vernor Vinge have pointed to symptoms of progress toward a probable Singularity that most of you reading this article will live to see — “…ideas themselves should spread ever faster, and even the most radical will quickly become commonplace. When I began writing science fiction in the middle ’60s, it seemed very easy to find ideas that took decades to percolate into the cultural consciousness; now the lead time seems more like eighteen months.” He argues that we are on the edge of change comparable to the rise of human life on Earth, and that once the Singularity point is reached (estimated now to be around 2023), we will enter the Post-Human era. Super human intelligences pose a threat to the human status quo. Vinge says, “we cannot prevent the Singularity…its coming is an inevitable consequence of the humans’ natural competitiveness and the possibilities inherent in technology.”
Botnets, as described by Kelly Martin may be one of those leapfrog occurrences that have unintended consequences in furthering the emergence of The Singularity. It won’t be long before bot masters exploit emerging peer-to-peer communication technologies like Kazaa and LimeWire, controversial music- and movie-sharing networks that eliminate the need for central control, making bot masters harder to find and identify. Enslaved computers on such networks could communicate instructions and share software updates among one another so that they would no longer depend on orders from the master servers operated by the bot masters. Are botnets leading us toward the Skynet of Terminator 2?