By: Brandon Harvey
Original post: http://bit.ly/dpLmoQ
It turns out that by far the biggest cloud computing systems in operation are . . . botnets! Beyond Google, Amazon, Microsoft, and Yahoo, the biggest cloud on the planet is controlled by the Conficker computer worm. But instead of living in a data center, this cloud is made up of ordinary end-user machines – maybe yours! Maybe mine.
Conficker controls 6.4 million computer systems in 230 countries, more than 18 million CPUs and 28 terabits per second of bandwidth, said Rodney Joffe, senior vice president and senior technologist at the infrastructure services firm Neustar.
[It] is controlled by a vast criminal enterprise that uses that botnet to send spam, hack computers, spread malware and steal personal information and money. . .
Like legitimate cloud vendors, Conficker is available for rent and is just about anywhere in the world a user would want their cloud to be based. Users can choose the amount of bandwidth they want, the kind of operating system they want to use and more. Customers have a variety of options for what services to put in the Conficker cloud, be it a denial-of-service attack, spam distribution or data exfiltration.
Botnet software resembles a virus, in the way it silently infiltrates a user’s machine through some software flaw, or some innocent action on the user’s part. But unlike a virus, which is usually simply destructive, botnets have a useful goal in mind – useful to someone else, that is.
I find botnets scary, but also fascinating. How did we get here? How did we get to the point where the French Navy had to order staff not to even open their own computers?
Not very surprisingly, some of the biggest, juiciest targets for botnets are large organizations with fleets of machines. These fleets can present a soft target for a number of reasons, but one of these has to do with organizational attitudes toward computers. I’m talking about the tendency to treat computers like hardware assets – physical things in space – when computers are really organisms in an ecosystem.
Companies know how to take care of machines, with regular (but hopefully minimal) maintenance. Machines operate in the physical world, subject to regular forces like friction and load. The same kind of care and feeding will work for typewriters, sedans, and even printers.
But software is a different kind of investment. It lives in a parallel universe, subject to frictions and loads that are ill-understood. Its environment is always changing – it’s an unstable ecosystem. And it’s an ecosystem that has predators.
Organizations are used to taking care of printers — not prey.
New predators can emerge day to day; but many organizations with locked software images are on a 2-, 3-, perhaps 4-year “upgrade cycle”. In the gap between 2 days and 2 years, the botnet thrives.
In a funny way, a software investment doesn’t just depreciate over time, like most assets. If you leave it alone for long enough, it can gain the potential for active destruction of value. Look again at that occasionally-handy Windows 2000 machine under Fred’s desk (which he leaves running 24×7, of course). As each day goes by, the odds improve, just a little bit, that this machine has sent spam; has stored illegal information; has helped crack a password; has leaked your own company’s information far and wide.
At what point is a machine’s ability to do useful work outweighed by its potential for doing anti-work?
(Looked at this way, even donations of old computer systems could have a negative value (to the world) that is greater than the positive value of the gift. If a company gives all of its Windows 2000 machines to a school in Peru, then the school might gain a new computer lab, but the Conficker cloud might have just gained a new node which will last for many years.)
So what’s the solution?
Fundamentally, these kinds of botnets exist not because organizations (and users) can’t keep their systems up to date, but because end-user system software is simply designed wrong. Or rather, it was designed for a different environment. It was effective in its original environment — but now it’s prey.
Vendors can keep issuing patches; organizations and individuals can apply them; but the botnet authors can, and do, adapt to the patches. But there’s a reasons they’re called “patches” and not “fixes”.
What would a fundamentally redesigned end-user OS — designed for today’s (and tomorrow’s) software ecosystem — look like? It would most likely involve a top-to-bottom rewrite, from the kernel on up, with predators in mind. Every system design choice would have to be made with an eye to empowering the user but balancing the user’s privileges against threats from outside. System updates, for example, should be seamless, secure, immediate, and not optional. The system itself should be capable of certifying its own secure state.
There are lots of different ways that a botnet-proof system might look — here is one of them.
Kevin’s Urgent Jobs at Accenture – Kevin.email@example.com
Leave a Comment so far
Leave a comment