Botnet or Robot network what it is ? and how botnet works ? that's what we're gonna see in today's post. This post will be a beginner's friendly and shorter one, so you can read the article even if you don't know what or how networks work. As cyber crimes (Crimes involving computer's like stealing of credit card information, hacking networks, etc..) continues to rise, we are in need of protecting ourselves through every means ! that's because hackers are now targeting us through all the possible ways, especially if your home is a smart home then you might be in the do to list of theirs is a sad truth. So, inorder to make ourselves secure, we have to equip at least some basic knowledge about those things.
So, in this post let's see how hackers might make you as a victim through botnet concept and target other networks with the help of you.
What is Botnet and how it works ?
Botnet is nothing but a short form of Robot network. It's not a new concept its been in this world since early 2000 and continues to exists. Hackers in order to steal the information of yours they will first scan for any Iot devices (Internet connected devices) using different kind of tools. Once they found the vulnerability of your device then they will try to enter into your system and will steal the sensitive information of yours and might demand ransom, which is popularly known as ransomware concept. Botnet also follows similar kind of approach but here the target is not just you ! its everyone especially a corporate network.
There exists another concept called DDOS (Distributed Denial Of service]. DDOS basically means, service will be denied for you. Hmm, let's try to understand this way. Consider you are making a phone call to the customer care of your bank, if the bank has 100 customer care executives, and if you make one phone call, it won't affect much right? now, imagine you are asking 1000 of your friends to call the customer care all at the same time, Will they able to attend?, definitely no.! Computer's work on the same way. A computer will be able to process only till a particular point, after that it will crash making it unable to process new requests(requests are nothing but answering questions, its like if you are asking what's weather today ? on google or bing then computer will take it as request and will send the information to the server, which will reply back to you)
Corporate networks won't just depend on single PC, it will be made up of lot of PC's connecting with each other to form a network. In our case, it won't just have 100 customer care executive it might have around 1,000,000 Customer care executives. So, inorder to crash such a big network, we have to send lot of calls to them which is not possible for a normal hacker, so s/he will use your device. Remember, gitHub went Offline last year and DYN outage caused Amazon, Twitter and all major network outage on 2016? that's all because of DDOS, lot of requests were sent to take them down.
When a hacker decided to take down one site or group of sites they will first from Botnet, i.e; after they infected your PC/Smart device, he/she will scan for all the devices that are vulnerable around yours for example: if you have router that is vulnerable for attack, then s/he might look for android/iOS or any device connected to the same network, and once he found he/she will infect those devices too through any special malware like trojan Horse.
Once, they found so many devices, they will launch the attack against the big corporation, which they will carry out in two ways. One is through command center and another method is known as P2P (Peer to peer).
Command to Center or C2C means, all the infected devices will be controlled by the hacker through specific protocol. i;e once s/he got enough devices needed to take down the target network then s/he will send a request to the admin network PC to initalize the attack. That system will send the request to the rest of the systems connected to it to accomplish the given task. Those devices will send lot of traffic/requests to take down the target (Remember our customer care example).
So, if a botnet was controlled by a hacker then such type of Botnet is called C2C.
P2P is slightly modified one. Here, the hacker will not control the botnet,instead the network will send the requests itself. Which means, Hacker at first itself will design the malware like it can operate itself. For example h/she might program like this .. once you attack the target machine, then scan for the other ones -> Infect them and wait till you got required devices -> Ask the infected connected devices attached to you to send the process requests to target the site on this date,etc..
This is how you without knowing yourself gets involved in the picture, do you know when github was taken down/DDOSed, nearly 1terabytes of requests from nearly 1,00,000 memcache servers were sent? those 1,00,000+ devices belong to several businesss and home devices like yours.
So, how to prevent this or how to find out whether i'm already infected ? Well, i would say, the sad truth is it is difficult to contain the Botnet (even though P2P can be deactivated) because it never reveals itself unless required. The best way to prevent you from getting affected is by following simple security practices like keeping your system up-to-date (as it will have bug fixes for the bugs which hackers might try to use), not downloading from unknown sources, especially not opening the emails that you feel suspicous and makesure you monitor your network activity atleast once a week. If you feel something is consuming lot of bandwidth of your's then might be probably already under attack, so brace for impact :)
If you suspect you are already infected, then try to scan your PC through any reputed antivirus and remove those infected files/ else factory reset your PC/device and set new password, as most of the infections happen because of using the factory default passwords.
Are you safe?
What is Botnet ? and how it works ? [You might be a victim already too..]
4/ 5Oleh Logesh