Spyware- Potential for Terrorism?

by Wayne Porter

Date: 2.13.2003

There is no doubt that adware/spyware has reached epidemic proportions. All one needs to do is to visit any popular anti-spyware bulletin board or popular technical forum and the problems abound. They range from system lock-ups, intrusive advertising, slowed internet connections, network congestion and even glaring security holes. There is perhaps a potentially darker side to spyware in that it, like any mass distributed software, could be used to execute a massive attack on the Internet.

We were unlucky enough to experience the destructive power of a spyware-based attack ourselves, when an unknown entity repurposed what appeared to be a mydoom variant to launch a DDoS (Distributed Denial of Service Attack- When a network is flooded with traffic, the systems cannot respond normally, so service is denied) against various anti-spyware sites, including ours. There were several thousands of computers attacking the servers at the same time overwhelming the machines with requests. For those curious we have logs of this attack, and information about the attack has been forwarded to the FBI for investigation and analysis.

If a bitter spyware developer can execute an attack like this it is reasonable to suspect any foreign power has the resources to pull off an even more devastating attack. Any website can be thrown of the Internet in a few clicks. If the attackers are skilled enough, they could even take down the root DNS servers of the Internet. In short this would mean the entire Net comes to a grinding halt and everything that depends on the Net grinds to halt at the same time.

Let us keep in mind that most spyware and adware programs exist for one purpose- to make a profit. Favorable economics and poor policing is the primary reason it has become so prolific. Distribution costs are extremely low in comparison to the potential returns. Imagine, as a business, acquiring a customer for $0.10 and being able to make $10.00 off that customer in the course of a year. This plush economic Petri dish could be used as the very foundation to execute and fund a sophisticated, blended terrorist attack.

Sample Scenario:

For example, imagine Company X makes patriotic screensavers that are primarily passed along file sharing networks or through give-away programs or CPA networks. The program is free, it appears patriotic so chances are good that propagation will be swift and easy. In reality the program harbors a hidden Trojan horse specifically set up to coordinate a cyber offensive coupled with the ability to usurp other site's revenue streams or generate the stream itself.

Company X derives revenue through popular "affiliate networks" or PPCSE (Pay-Per-Click-Search Engines). Affiliate networks aggregate relationships between merchants and websites. This is a very common and legitimate practice. Basically as the user shops through a popular store a small commission is set aside for the referring site who sent the customer. However in this case the insidious Company X is pocketing the cash by intercepting the transaction- often through cookie overwriting. This would not be hard to do because there is virtually no accountability to setup. A legitimate looking company site is all that is need to begin generating revenue through large networks. Most legal agreements are "click wrapped" meaning the company need only click a button to agree to be a good citizen and they can begin partnering with trusted brand name companies like Walmart, Target or Dell. It is really that simple.

With cheap distribution Company X is now capable of generating substantial revenue from trusted brand names at the expense of the very consumers they plan to attack! To make this very clear, trusted brand names would actually be funding these nefarious activities without ever knowing it was going on because due diligence is short in today's drive-by style of digital, e-commerce partnerships.

Now funding is in place, revenue is flowing to terrorists and the patriotic screen saver Trojan horse is set to execute a large DDoS type of attack on a predetermined date- a date that could be months or years in the future.

Foreign Power X, operating as Company X, then executes a 9/11 style attack on civilians in conjunction with a large scale DDoS attack via zombies that was set into motion and funded by the adware driven patriotic screensavers. The attack focuses on emergency medical services, critical government websites and media information outlets. For good measure they may throw in some socially engineered viral e-mail campaigns to deliver propaganda as well as propaganda campaigns that could be released by hundreds of thousands of the "patriotic" zombie machines and the use of UGC (user generated content- often video0. The result would be true pandemonium in the general population with very real and measurable damage.

The attack would most likely be very efficacious and this form of a coordinated "blended attack" that utilizes both offline and online components could be devastating to an economy and to civilian life.

Given the sophisticated nature of the current spyware battleground and proliferation of botnets it is not far-fetched at all. If we can imagine a scenario like this we are sure enterprising terrorists could imagine far more dangerous scenarios. Perhaps Homeland Security should be looking at how these advertising software programs operate, who they partner with, who is getting the revenue, and determine exactly what these programs are doing on people's machines? We aren't saying all adware is bad or designed for such evil intent, afterall technology is innocent. It is the people behind it who make the decisions and give technology its direction.

This article is copyright 2005 by XBlock.com.
It may not be reprinted or copied without the express written consent of the author.

Read other articles (back to full list)