The analysis and breakdown of the raw power of the Storm worm is here, at the Full Disclosure archives.
I challenged a friend of mine who is also in the "security research" field to think about what in the world we could use this type of supercomputing power, and more importantly, why the apparent owners of this botnet/supercomputer are partitioning out this massive herd, using encryption keys for small blocks of bots.
I have a theory on both these things, and I disagree with the mainstream media analysis so far. The mainstream analysis has been wrong so far, I think. Jim Carr over at SCMagazine online quotes SecureWorks' Joe Stewart saying
"This [partitioning and encrypting communications in smaller groups] effectively allows the storm author to segment the storm botnet into smaller networks [and] could be a precursor to selling storm to other spammers."I don't agree with this at all. If you apply logic to this from a different angle you have to realize that this botnet took lots of time and energy to build, ergo, you're going to go to extreme length to ensure that if someone manages to crack your communication scheme - they can't take over the whole lot. This is, I strongly believe, the point of encrypting communication to these botnet groups in small chunks, effectively partitioning herds of Storm-bots. To make my point even more clear, here is what I think the herder(s) are doing.
- Storm worm botnet will be used for obviously malicious intent
- Establishing ciphers for encryption of small chunks of the herd at a time gives it resiliency against infiltration and full compromise
- No one in their right mind would "sell" a piece of such a masterpiece and raw power grid
- It is more likely that the herder(s) will allow people to pay for time-slices on this massive supercomputer to do whatever it is they want to do, computationally...
Baldwin said the raw power of the Storm botnet might be taken more seriously if it were more often used to take out large swaths of the Internet, or in attempting to crack some uber-complex type of encryption key used to secure electronic commerce transactions.Fasinating. Cracking encryption keys is just one of the possibilities - here are some more:
- On-the-fly cracking of some of the world's strongest encryption - remember all security is based on the fact that we develop technologies that are computationally improbable to break... not anymore?
- DDoS at will - how will you stop a ~320Gb/sec onslaught?(assuming ~10million users at 256kb/sec DSL speeds, which is estimating low) What's worse is that it's not like you can block a certain netblock, or router... these Storm bots live all over the Internet.
- Rainbow tables anyone? - Sure, there are plenty of arguments made that rainbow tables are useless now because any developer with a brain uses a salt... this is a false statement, guaranteed. Even if people salt, salts can be predictable, and what's worse, computer even if there are quadrillions of combinations; remember you have 10 million CPUs at your disposal here. Why not hash (SHA-1, SHA-256?) all permutations of credit card numbers, passwords, DOBs, SSNs, and other important pieces of data so that when you steal a hashed table from a database, it's only a [short] matter of time before you can successfully pull out the real information!
- SPAM - yes, I acknowledge that this is a great vehicle for spam... but it's such a waste of power to spam from these botnets... maybe I'm nieve
God help us all.