Drugged Three-Year-Olds Enslaved

Innocent three-year-olds are being drugged and enslaved. Under the influence, they respond hypnotically to the commands of their captors, more like zombies than the bright young creatures they should be. Even countries famous for protecting the rights of children, like the Netherlands and Norway, conceal these slaves. They hide their dirty deeds behind closed doors in the very best neighborhoods. UNICEF still fails to halt their suffering. “Just a little slow today,” say the people who are supposed to be responsible for them. “Sick, maybe?” They’re definitely infected, and they’re actually not slow. Underneath those unresponsive exteriors they’re busy, sending out copious quantities of spam or attacking Internet servers. They’re “bots,” programmed like robots to follow orders. UNICEF can’t help these three-year-old slaves. Even though they’re drugged and infected, the World Health Organization can’t, either, because these slaves are not children at all. They’re personal computers. I might have a three-year-old computer, a Pentium. And if it started running slowly I might think that I needed to either delete some old files or buy some new memory. I would have no reason to think my three-year-old was really a zombie slave. My beloved PC would never march in lockstep with a network of other PCs to harass Internet users, or even to threaten political and economic turmoil. My computer couldn’t have malware. I have security software to protect me from things like that. I might be very wrong. My Pentium might be infected with malware. I might not detect it, but my CPU could be drugged. It could be acting “under the influence” of software controlled by someone continents away from me. Not just my hypothetical computer. As many as 25% of all computers connected to the Internet may be infected with bot software that recruits and controls them into a vast network of computers. They slavishly follow the orders of their online masters. Sometimes they are called “zombies.” When they work together we call them a botnet. You can be sure that PC owners would be horrified to know that their favorite computers were drugged slaves, being used to aggravate, steal or threaten. Botnets often use computers like mine to send massive amounts of spam. How big is the spam problem? An average of 97 billion email messages are sent every day around the world. Less than 5% of these are legitimate. Sometimes spam is actually harmful, if its message deceives people out of their money. If a botnet passes along a lot of spam, the fraud can trap enough victims to be profitable. Hackers, (or crackers, as malicious hackers are known) use the power of the Internet against us. My computer and yours may be small. When they link together with other computers via the Internet, though, they become part of a network powerful enough to threaten organizations that depend on their Internet access through a Denial-of-Service attack. Denial-of-Service attacks are serious enough to topple large organizations, or even countries. The two largest Internet servers in Kyrgyzstan fell to their knees in January when Russian hackers launched a Denial-of-Service attack against them. Organizations know how much each interruption of service costs them. They will pay the crackers to keep their Internet access running. They pay a lot; a year ago they were paying $30,000 to $60,000. In the safety of their own Internet-wired homes, crackers can sit with cups of tea and compromise computers. When they have a few thousand drugged and zombified slave computers they can rent them out for $1000 a day. They never see their victims. Most of the victims never learn that they were unwitting accomplices. One day, I power up my computer and—what’s this?—I have a message on my wallpaper. What? The BBC wants me to know that my innocent little computer has been compromised? The BBC program Click used my private computer as part of a botnet? They paid a botnet to send an email message, which went through my computer. The BBC put a note on my wallpaper to let me know that I had an infection. How dare they? I’m never watching Match of the Day again! This really happened, not to me, but to nearly 22,000 computer users. They learned that their computers had been enslaved in a botnet and used to send email messages. Security experts were furious. The idea of Click paying thousands of dollars to a Russian and Ukrainian botnet—supporting the enemy—enraged them. I disagree. If the number of zombie computers is anywhere near 25%, we have a huge problem. Click’s stunt did not harm anyone. All the computers involved had already been compromised; the BBC only pointed it out to them. The other thing Click did was to launch a Denial-of-Service attack against a dummy website. If my computer could be used to launch a fake Denial-of-Service attack, I would want to know. It could be just as easily used for a real one. My sweet little computer could be enslaved in an evil botnet, menacing my own corporate website, or my health insurance company’s, or the Division of Motor Vehicles site—or the BBC’s. From my experience as the CEO of an Internet security company, I can attest that: 1. Most Internet users need better protection, if they have any at all; and 2. Few people have any idea of the scope of the problem. I hope that even people who criticize Click and BBC for subsidizing botnets will agree that making more people aware of this menace was a public service. If people do not wake up and take action, more of our darling three-year-olds, and any other computers on the Internet, risk becoming the drugged zombie slaves of the underworld.