I consider little knowledge in computing to be mandatory. Usually the price of ignorance is bourne by the one who is uniformed.
Botnets are a different kettle of fish. In this case, the price of ignorance is bourne by the public. I think knowing about Botnets (their existance, their fundamental nature, their consequences) is a matter of public duty. Paying your taxes, staying home when you’re contagious, scooping up after your dog… all are fine analogies. Sure, they’re all inconvenient, but most public duty is.
Computer geeks are notorious for their fascination with nifty yet useless things.
“Why are you mucking with that? It doesn’t do anything.”
“It’s nifty.”
Computer viruses are possibly the greatest example of useless things which are incredibly nifty. The thrill of writing a computer virus is, “Look what I can do! It’s not very helpful, but it sure is neato!”
Whenever you receive a virus that flashes a red and black message, “Haxxor432 haz pwn3d j00.” you know right away you’ve been hit by a small child who has found something nifty but doesn’t know what to do with it. All in all, these viruses aren’t so dangerous, and they only inconvenience those who get hit by them.
What if there was a virus that was useful? What if it was purely pragmatic, unencumbered by the programmer’s ego? What if it was written by a cynical, sober, and smart adult and was designed to maximize criminal profit? Botnets are computer viruses, all grown up.
We’re now outside the annoying world of unwanted browser pop-ups, unrequested tool-bars, and curiously sluggish computer performance. Real criminals aren’t interested in slowing your computer down to a crawl; they want it nice and fast so they can use it for evil stuff.
So what are Botnets, exactly? Googling for “botnet” serves up a jargon jungle, littered with a few sensationalist news articles. Here’s the best breakdown of botnets I could find.
The basic premise is simple:
- Infect a machine (via standard virus/trojan horse/whatever method)
- Have that machine converse with a controlling machine that tells it what to do.
- Repeat until you have a network of many thousand machines under your control.
- If you can’t think of something really evil to do with several thousand computers at your disposal, you’re not trying.
Step four is a little misleading. You don’t have to have any evil ideas yourself. You can rent out your botnet to someone who does have evil ideas. Often it’s to a spammer, but take your pick. Do you want to steal credit card numbers? Passwords? Personal data? How about blackmailing businesses by threatening to take down their websites with a denial of service attack?
USA Today has a decent article on botnets; Bruce Schneier has a wonderful breakdown of a particular botnet.
It used to be a virus I caught inconvenienced me. Now a virus I catch may invisible to me, but results in me spamming all my friends (or worse). If I’m connected to the internet and I don’t take care of my own computer, I’m failing in my public duty.
Beyond the basic setting up of a firewall and anti-virus, I don’t know what the answer is. I don’t think anyone does; but it pays to know something about the pond we swim in.