Bots are another kind of threat to network security like viruses, worms, Trojan horses. It is a type of malware which allows an attacker to gain complete control over the affected computer. It is actually a program that can operate as an agent for a user or another program. A bot is a tool that hackers use to manipulate vulnerable computers. A bot, says Andrew Leonard in his book Bots: The Origin of New Species, is “a supposedly intelligent software program that is autonomous, is endowed with personality, and usually, but not always, performs a service. Bots are mostly to steal personal information for “identity theft”.
It is possible for bots to attack not only other computers but computers from where they are launched as well. The malware is packed with keystroke loggers to steal passwords and account numbers. Many bots are custom designed to hunt for financial information such as credit card numbers, online banking passwords, PayPal accounts, etc. (Schneier, 2006). Modern bot networks can be upgraded easily so that operators can add new functions to existing bots.
By definition, hacking refers to the act of penetrating computer systems to gain knowledge about the system and how it works. Hacking is a technical activity that makes use of arbitrary codes that test the strength of software, database or firewall. Such codes include viruses and scripts. The operation of these codes may be aimed at conducting attacks or for enhancing network security. Thus hacking by itself is not a totally good or evil thing. It acquires its criminality based on its applications.
Hacking codes are sometimes written to improve software quality or reliability in a way. A large number of computer hackers are self-taught intellectuals and hence some firms actually employ them to find flaws in the company’s security system. While it can be argued that computer hacking can lead to constructive technological developments, hacking can also be used to steal personal information, spy or change a company’s financial data, break security codes to gain unauthorized network access, or obtain classified information. Computer hacking as a cyber crime can lead to about 20 years of imprisonment.
Hackers find holes and weaknesses in software to create their own exploits. Security research teams exist to try and find these loopholes and notify vendors before they are exploited. There is a beneficial co-evolution between the hackers securing systems and those breaking into them. This competition provides us with better and stronger security as well as more complex and sophisticated attack techniques. Hacking in general leads to smarter people, improved security, more stable software, inventive problem solving techniques and a new economy. Hacking emphasizes the importance of network security. Hacking can be ethical in nature if it is done with good intent.
Ross (1991) explains hacking as follows: hacking performs a benign industrial service of uncovering security deficiencies and design flaws; hacking, is a research activity in the realm of software development; hacking is an educational practice when pursued with exploration of high technological interest; hacking enhances surveillance technology and data-gathering by the state and big corporations. According to Ross, “hacking, as guerrilla knowhow, is essential to the task of maintaining fronts of cultural resistance and stocks of oppositional knowledge as a hedge against a technofascist future”.
Hackers can use bots to manipulate computers. Hackers forward bots to victims through various methods and the software automatically infects vulnerable computers. The bots then wait for commands from a hacker, who can manipulate them and the infected systems without the user’s knowledge. A hacker can also install bots on multiple computers to set up botnets that they can use for massive distributed-denial of- service (DDoS) attacks that overwhelm victimized systems’ defenses. Network-security experts identify and shut down botnets with 10 to 100 compromised hosts several times a day. Johannes Ullrich, chief technology officer for the Internet Storm Center points out that botnets of over 10000 hosts are being cracked down weekly and there has been an instance when a bot of 100000 computers was cracked. Botnets are also used to send mass spam mailings, installing key-logging software that can steal victims’ passwords and data, and making the computers vulnerable to future virus infections.
Hackers find it challenging to determine how to initiate a bot into the computer of a victim. They either write or find the appropriate bot software, and then install it on victims’ machines. Bots can be sent through the computers of hackers or through other infected machines that later on act as proxy servers. In the latter case, it becomes very difficult to identify the hacker. Multiple bots may be sent by hackers to multiple computers at the same time. The bots then automatically infect the machines that are vulnerable to software bugs. These include vulnerabilities such as bufferoverflow attacks, hacker-installed backdoors, and various memory-management problems that allow malicious code to infect a system.
Bots can also be spread through e-mail attachments. Or through internet relay chat (IRC) file-transfer mechanisms or other means to victims’ potentially vulnerable TCP/IP ports. Alternatively, hackers can install these bots on hacked websites and infect the vulnerable browsers that come to the site. Hackers can attack buffer-overflow vulnerabilities in Web servers, changing HTML pages’ header and footer information to include scripts. When browsers visit these hacked websites, they activate the scripts and thereby download a bot.
The increasing numbers of broadband internet connections help hackers to spread bots widely according to David Perry, global director of education for antivirus-software vendor Trend Micro. Computers that are infected with a ‘bot’ are known as ‘zombies’. Attackers find out the list of these infected zombie computers and activate them. When activated, these bots cause DoS (denial-of-service) attacks against Web sites, host phishing attack on Web sites or send out thousands of spam email messages. Bots are secretly embedded within the computer and not easily found.
Computers should be scanned regularly with regularly updated anti-virus and anti-spyware software to detect any known malware. The authors of malware such as ‘bots’ continuously improvise on their codes in order to evade detection and removal by anti-virus and anti-spyware utilities.
Operating systems and applications must be kept patched against known vulnerabilities. A personal firewall program helps in protecting the computer from unauthorized access. The internet has facilitated network hacking and spread of bots. Some examples of hacking network-infrastructure are: connecting into a network through a rogue modem attached to a computer behind a firewall; exploiting weaknesses in network transport mechanisms, such as TCP/IP and NetBIOS; flooding a network with too many requests, creating a denial of service(DoS) for legitimate requests; installing a network analyzer on a network and capturing every packet that travels across it, revealing confidential information in clear text; piggybacking onto a network through an insecure wireless configuration.
Hacking operating systems is a favorite method of intrusion because operating systems like Windows and Linux are widely used and can be hacked by exploiting specific protocol implementations; attacking built-in authentication systems; breaking file-system security; and by cracking passwords and encryption mechanisms. In the case of applications, Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) are most susceptible to hacking because most firewalls and other security mechanisms are configured to allow full access to these programs from the Internet.
Both hacking and bots are terms associated with network security. Both are dangerous when directed towards exploiting the vulnerabilities in a system and useful when directed at identifying and removing flaws in the security of a system. Neither of them can be termed as more dangerous than the other.
