Want to see a live BotNET in action? [Video]
This was one of the coolest moments of BlackHat 2013 for me. I’ve seen folks release new cryptographic weaknesses in SSL/TLS, high profile speakers at just about every major talk, but a few minutes ago I walked into a room and there’s this guy in the corner quietly demonstrating software he wrote to a few people who have stopped by. The stuff he’s showing off is the basis of the most dangerous threat on the Net today – the stuff that keeps systems admins of major networks up at night: BotNets.
His name is Shota Shinogi and he’s a security researcher for Macnica Networks and he hails from Japan. He’s written the basic ingredients for a BotNet including a command and control (C&C) server and a remote client that runs on a compromised machine. If you don’t know what a BotNet is, it’s what happens to all those hacked Windows workstations out there: They are combined into one giant network of machines that are controlled from a central C&C server and told what to do. Sometimes they’re told to attack major corporations like Amazon.com by simply sending too many web requests. Occasionally they cause major Internet Interchanges to grind to a halt by sending Terrabytes of traffic per second. They can also be used to steal thousands of credit cards, social security numbers and more.
You’ll notice in this exclusive interview that I do with Shota that the C&C server has many options – the remote compromised machine is really a puppet that will do his bidding. If your home Windows or OS X workstation has been compromised, there’s someone who isn’t quite as friendly as Shota who is out there and can do the same with your machine and many thousands of others, either separately or simultaneously. In this demo, he simply does a screen capture of what is running on the remote machine.
You can find Shota on Twitter at @Sh1n0g1. Here he is demonstrating ShinoBOT. Enjoy!!