Cyberwarfare: Botnets

4 MINS READApr 30, 2008 | 21:52 GMT

Several of the characteristics of botnets are not only significant in and of themselves, but are emblematic of some of the unique challenges that cyberwarfare as a whole presents.

Editor’s note: This is part of an ongoing series of analysis on the emergence of cyberspace as battlespace.

Botnets — a conglomeration of thousands (or more) hijacked computers known as zombies — are an important aspect of cyberwarfare. These networks can amass the processing power of many computers and servers from all across the globe and direct them at targets anywhere in the world. Botnets are one of the reasons STRATFOR has begun its coverage of cyberwarfare not with the amassed capabilities of an entire nation, but the transnational and subnational nature of the Internet itself. Interactive Cyberwarfare Timeline Roughly 1 million computers and servers reportedly were involved in the 2007 attacks on Estonian networks — the systems were located in some 75 countries, many of them Tallinn's NATO allies. This happened autonomously as individual bots took control of computers and began to take direction from those controlling the botnets. More recent attacks on Radio Free Europe/Radio Liberty in Belarus and other countries were distributed denial-of-service (DDoS) attacks, characteristic of botnets.

In DDoS attacks, individual bots can direct their computers to repeatedly access a particular target network or Web site — with the entire network of zombies doing so at the same time. These kinds of attacks, depending on their scale and the target system's ability to cope, can begin to degrade accessibility or completely overwhelm and shut down access to that network, Web site or server. They can also autonomously exploit a user's address book and e-mail server to send out spam or infected e-mails or distribute other types of malicious software — including copies of itself to further expand the network. While some of this may seem like a computer security issue (which, of course, it is), Estonia's example shows that these botnets can be used in geopolitically significant ways, degrading both a target nation's economic functions and its continuity of government. And because the software to construct botnets often is written by individuals, the botnets are often controlled by subnational actors — be they hackers, terrorist organizations or cybercriminals. (Less effective botnets can be created by downloading existing software from the Internet, but because they are widely available, systems with up-to-date security software are generally already protected against them.)

Even if they are wielded by a national actor, botnets can offer an anonymous and deniable avenue of attack (as may have been the case in both Estonia and Belarus). Indeed, in addition to cybermercenaries' offering their own botnets for use, botnets might be emerging as offerings for sale on a sort of Internet arms market. This is the heart of not just botnets, but cyberwarfare. It is not that botnets have proven to be an effective means of attack; it is how that effective means of attack is constructed. Its inherent availability to the sufficiently skilled individual and the nation-state alike (blurring the distinction in terms of the degree of disruptive or destructive impact each is capable of inflicting) is compounded by the fact that the massing, use or exploitation of such a tool would be illegal for Western government agencies. But because a botnet attack could involve hijacked domestic computers, such agencies find themselves walking tricky constitutional, legal and jurisdictional lines as they fight off assaults — further hampering the essential speed and effectiveness of their defense and generally prohibiting much of a counterassault at all. In other words, from a geopolitical standpoint, the impressive wealth of computer technology in a developed country can — in chunks — be turned against it.

Ultimately, DDoS attacks can be a particularly crude method of challenging advanced systems. But while some technologies have been developed to help reduce their effectiveness, thus far this fairly simple technique has continued holding its ground against improvements in computer security, especially for short-duration disruptions and remains the most effective and unstoppable method of attack with large botnets. Even if the DDoS cease to be an effective tool, the capability to muster a massive pool of processing power will likely remain a key aspect of cyberwarfare for some time to come.

Connected Content

Regions & Countries

Article Search

Copyright © Stratfor Enterprises, LLC. All rights reserved.

Stratfor Worldview


To empower members to confidently understand and navigate a continuously changing and complex global environment.