Home / Blogs

Are Botnets Run by Spy Agencies?

Protect your privacy:  Get NordVPN  [ Deal: 73% off 2-year plans + 3 extra months ]
10 facts about NordVPN that aren't commonly known
  • Meshnet Feature for Personal Encrypted Networks: NordVPN offers a unique feature called Meshnet, which allows users to connect their devices directly and securely over the internet. This means you can create your own private, encrypted network for activities like gaming, file sharing, or remote access to your home devices from anywhere in the world.
  • RAM-Only Servers for Enhanced Security: Unlike many VPN providers, NordVPN uses RAM-only (diskless) servers. Since these servers run entirely on volatile memory, all data is wiped with every reboot. This ensures that no user data is stored long-term, significantly reducing the risk of data breaches and enhancing overall security.
  • Servers in a Former Military Bunker: Some of NordVPN's servers are housed in a former military bunker located deep underground. This unique location provides an extra layer of physical security against natural disasters and unauthorized access, ensuring that the servers are protected in all circumstances.
  • NordLynx Protocol with Double NAT Technology: NordVPN developed its own VPN protocol called NordLynx, built around the ultra-fast WireGuard protocol. What sets NordLynx apart is its implementation of a double Network Address Translation (NAT) system, which enhances user privacy without sacrificing speed. This innovative approach solves the potential privacy issues inherent in the standard WireGuard protocol.
  • Dark Web Monitor Feature: NordVPN includes a feature known as Dark Web Monitor. This tool actively scans dark web sites and forums for credentials associated with your email address. If it detects that your information has been compromised or appears in any data breaches, it promptly alerts you so you can take necessary actions to protect your accounts.

A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I’ve been asking for the last year. Are some of the world’s botnets secretly run by intelligence agencies, and if not, why not?

Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft.

But consider this—having remote control of millions of PCs, and a large percentage of the world’s PCs seems like a very tempting target for the world’s various intelligence agencies. Most zombies are used for external purposes, but it would be easy to have them searching their own disk drives for interesting documents, and sniffing their own LANs for interesting unencrypted LAN traffic, or using their internal state to get past firewalls.

Considering the billions that spy agencies like the NSA, MI6, CSEC and others spend on getting a chance to sniff signals as they go over the wires, being able to look at the data all the time, any time as it sits on machines must be incredibly tempting.

And if the botnet lore is to be accepted, all this was done using the resources of a small group of young intrusion experts. If a group of near kids can control hundreds of millions of machines, should not security experts with billions of dollars be tempted to do it?

Of course there are legal/treaty issues. Most “free nation” spy agencies are prohibited from breaking into computers in their own countries without a warrant. (However, as we’ve seen, the NSA has recently been lifted of this restriction, and we’re suing over that.) However, they are not restricted on what they do to foreign computers, other than by the burdens of keeping up good relations with our allies.

However, in some cases the ECHELON loophole may be used, where the NSA spies on British computers and MI-6 spies on American computers in exchange.

More simply, these spy agencies would not want to get caught at this, so they would want to use young hackers building spam-networks as a front. They would be very careful to assure that the botting could not be traced back to them. To keep it legal, they might even just not take information from computers whose IP addresses or other clues suggest they are domestic. The criminal botnet operators could infect everywhere, but the spies would be more careful about where they got information and what they paid for.

Of course, spy agencies of many countries would suffer no such restrictions on domestic spying.

Of all the spy agencies in the world, can it be that none of them have thought of this? That none of them are tempted by being able to comb through a large fraction of the world’s disk drives, looking for both bad guys and doing plain old espionage?

That’s hard to fathom. The question is, how would we detect it? And if it’s true, could it mean that spies funded (as a cover story) the world’s spamming infrastructure?

This has been a featured post from Brad Templeton’s blog Brad Ideas.

By Brad Templeton, Electronic Frontier Foundation (EFF) Boardmember, Entrepreneur and Technologist

Filed Under

Comments

Sven Meyer  –  May 14, 2008 10:00 AM

Actually, they do demand it openly: “Carpet bombing in cyberspace” http://www.armedforcesjournal.com/2008/05/3375884

Gary Osbourne  –  May 15, 2008 9:07 AM

It gets worse, what if it was organized crime, instead of or in addition to spy agencies, engaging in such activities, which of course they are. Spy agencies are normally engaged in criminal activity too, so that’s not what makes it worse.

What makes it worse is that ICANN has allowed itself on various levels including registrars and the DNS itself to be increasingly co-opted by organized crime. ICANN’s insatiable hunger for money is largely to blame, and criminals have long known how to exploit such a weakness. Read this current article on ICANNWatch.org and follow the link in Fergie’s subsequent comment, or my more accurate link to RBNBlog which follows. This is going to turn out badly. -g

Suresh Ramasubramanian  –  May 18, 2008 11:53 AM

Ah, the negative fallacy.  http://en.wikipedia.org/wiki/Negative_proof

The last major FUD campaign from the EFF was of course the Dearaol astroturfing, and that, I see, is dead in the water since 2006.

I am gratified to note that the EFF hasn’t lost its touch in the active propagation of FUD.

Alessandro Vesely  –  May 24, 2008 10:43 AM

The PC I’m currently using has a non-zero likelihood of being “owned”. That’s not FUD, it is a realistic possibility that all users should consider, and take measures to prevent. Attacks may credibly come from spammers rings, marketing raiders, mafia, or governmental agencies: It doesn’t really make a practical difference as far as countermeasures are concerned.

A user’s ability to thoroughly analyze the system makes a difference. With the possible exception of a few skilled users, we need software tools that we can trust. If attacks might come from the system vendors, that would make a difference.

A fundamental question, when it comes to intrusion detection, is where exactly lies the boundary. I’ve always regarded the territory inside the home walls as mine. For the wire, one can host it up to an “external” router or appliance that does some filtering. In this respect, it is peculiar that DVD players and similar objects, e.g. Vista, are not designed to obey to their owner. As a further example, most firewall software on Windows is designed to grant permissions on a per executable basis, assuming that it is customary to have untrusted software installed inside the system. If we can get by with that, why don’t we accept that we can be spied upon by either the government directly, or some agent that may stand with it? Living versus being battery-raised.

brilliant, and scary, and possibly already TRUE Stephen Douglas  –  Jun 15, 2008 10:21 AM

It’s funny that nobody else has brought this up. This is a brilliant and informative article that should be in the mainstream news media. Great job. Remember who is Pres of the US.  GW BUSH. And his cohort, the evil Dick Cheney. Using young hackers, under threat of prosecution, the intelligence agencies of the US and Britain and other allies could put together a team of young hackers who could literally suck up billions of megabytes of data, to be filtered and reviewed. Think of political enemies using these resources to eliminate opponents. Think of the dirt they could dig up on political enemies and use against them to remove them from office.  Think of the “Information Oppression” movement that could be utilized. This is a whole new area of fear…

but, hey, Nashville Stars is on so I don’t have time to think about it.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign