Interview with the owner of the botnet

Podreddit / r / IAmA is a place where any person who is of at least some interest to a regular editor can conduct a question and answer session. As a rule, it is a mixture of actors, cultural figures and prominent persons, whose IAmA schedule (I am a) is known in advance, and unusual people who are distinguished by their professional skills or life experience. Two months ago, a man appeared on this resource who introduced himself as a malicious software developer and botnet operator.

He began to engage in illegal activities after Operation Payback , the stock of the movement Anonymous, which took place in September 2010. An ordinary engineering student used the ZeuS virus code that had become available to the public, corrected bugs, added several new functions, rootkit and mining of Bitcoin coins due to video accelerators, which is carried out only when the machine is idle at such a priority that even HD quality video is played without slowdowns, and fans Do not develop high revs. The owner of the botnet does not use it for DDoS - it is cheaper than using the power of the video accelerator for receiving bit-coins.
')

Redditor: [...] If it is so profitable to install miners of bitcoins on the victims' cars, why don't you do it more and more?
Botnet owner: In my estimation, about 30% of the total mining computing power comes from botnets, this is the amount of what is generated in unknown pools. I think that no one is starting to use mining more and more for the following reasons: 1) They do not want the economy to fall Bitcoin. If botnets have 90% of the mining processing power, coins will be worthless. (It is unlikely that cybercriminals are not smart enough to anticipate this.) 2) There are no ready-made programs to start mining, most botnet operators have never written a single line of code in their lives (most likely). [...] If someone had a power of 50 terahashas per second, inflation would be terrible. Exchange 800 thousand bitcoins per month for Mt Gox at a good price just will not succeed.

The lack of professionalism in the camp of cyber attackers is striking: the botnet operator also reported that most of them do not know how to use Bitcoin for financial transactions, have not yet finished school, and cannot exchange Ukash and Paysafecard funds for Liberty Reserve. Botnet operators are stupid and do not follow the traces left, which greatly helps in their capture.

500-1000 cars are infected per day, even more on weekends. The hacker is thinking about the usual purchase of installations: on Asian PCs are good graphics accelerators. In his version, control is performed through a decentralized TOR network, and infected machines work as relays. Each client regularly receives its own updates, all polymorphism goes on the operator’s side, and detection of program activity is difficult. The hacker sells the bank card data to third parties. In the end, due to bitcoins and sold data, a small additional income is obtained, which is not considered as a permanent job: the highest payout was about $ 1,000 Liberty Reserve, but some of the money goes to pay for expensive dedicated servers.

Most of the victims are young (20-30 years old) residents of the United States, they account for about 30% of all victims. Almost everyone has Facebook accounts that a hacker ignores because of their low value. Approximately one fifth has a good video card, but it doesn’t even bother to install drivers for them, and the miner cannot be started. 80% have an antivirus, 5% have a false one installed, which in reality is a program that cleans up third-party malware and installs its own — typical victims of pornography.

Varez - the main source of new bots. His infected machines included Finance Canada, the US Federal Aviation Agency, and 3 Windows servers.

It all started with the fact that he was only trying to bypass the protection of antiviruses, but quickly realized that they were poorly detecting the presence of malware, and even answered in the answers to the questions that it was possible that their creators specifically left security holes for the sake of making profit in the future. Kaspersky Lab products protection was managed by a two-year programmer.

Today, the level of knowledge of cybercriminals has fallen dramatically: enough basic Perl knowledge to create code that antiviruses do not detect, and with ASM there is already a bootkit in your pocket. He is not in a hurry to install on OS X: although its users are not as smart as it is with Linux machines, the market is too small for strong growth. The botnet operator itself does not buy anything on credit, and caustically remarks that these credit cards of Americans who live on credit cost $ 2, but the British “stand” from $ 60. He never stole in everyday life, never hurt anyone and never could hit a man first. Speaking about his attitude to Microsoft, the hacker responded in a good tone and praised the company for delivering updates, even for illegal installations. He talked about hackers known in narrow circles, some of whom at that time were sinking in the tropics surrounded by expensive cars and sexy girls.

In the future, a hacker wants to work in the computer industry and use the experience gained, but, unfortunately, “the operator of such and such a botnet” is not the best recommendation in a resume.