When I joined Salad, I had no clue what cryptojackers, botnets, or black hat hacking were (outside of Deus Ex, that is). There be hijinx in this digital Wild West of ours, and it’s not all in good fun. Every day, internet users face myriad threats to their privacy, hardware, and even agency over their computers.
Today’s villain is the much reviled botnet — a sinister practice that has snuck into the Blockchain world but whose roots go back to the dawn of the internet. Let’s get into it.
How Do Botnets Happen?
A botnet is a network of infected computers used to perform some malicious task. By building a critical mass of computing power, the organizations and people behind them can ply the captured hardware to their nefarious ends.
To make one, baddies distribute malware that gives them access to your PC or Internet of Things devices. Botnets aren’t choosy; they’ll take over smart TVs, home security systems, or that Amazon Alexa you gifted to grandma.
What Are They Used For?
Of the many illicit uses for a botnet, the most common application is the dreaded distributed denial of service (DDoS) attack. This tactic involves pummeling a target website with a dizzying volume of requests sent by machines in the thrall of a botnet.
DDos attacks can overwhelm a site to the point of shutdown, or at least tie up its security resources. While their hopeless target fends off the torrent of messages from the attacking botnet, hackers can mount concurrent attacks undetected in the ensuing confusion.
Such distributed assaults are difficult to counter. Because botnets mask incoming requests as organic traffic, it’s nigh impossible to trace the attack to a single location.
Any Connection to Crypto?
Botnets predate blockchain technology and today’s cryptocurrencies by a few decades. Yet many people erroneously assume the two are related due to the rise of cryptojacking, a tactic where hackers draft your PC into a botnet to use its power to mine cryptocurrency.
The History of Botnets
The history of prominent botnets is a sordid list of malicious hacking. Some of the biggest botnet attacks of the past twenty years, and consequently some of the most well known, are:
Each of these botnets affected millions of users. Hackers stole personal information, launched DDoS attacks, and faked advertising traffic. If you want to read up, check out EC-Council’s breakdown of the biggest botnets since 2000.
How Do You Stop a Botnet?
In the middle of an attack, enterprise targets can only hope to mitigate the damage by recognizing botnet activity as fraudulent, seeking help from their ISP, or taking proactive measures at server level.
When the aforementioned 3ve attack nearly toppled the digital advertising industry, it took the combined efforts of WhiteOps (a white hat hacking organization), Google, and a bevy of other tech companies to curtail the bot.
How Would I Know if I Was on a Botnet?
The best defense is safeguarding your PC from joining the botnet in the first place. Once a botnet launches an attack, there’s little the average user can do to stop it.
The good news: people are smart! If you avoid risky browser ad clicks and stay away from downloads in your email spam folder, you’re well on you’re way to safety.
The bad news: botnet creators aren’t dumb either. Most sophisticated botnets try to conceal themselves, and the vast majority of users whose machines are infected will never know it.
Unlike distributed computing networks like Salad, botnets backdoor permissions to commandeer your PC without consent. Botnet creators rely on malware to steal computing power from unwilling targets, taking extra pains to go undetected for as long as possible.
Always do your homework on the digital entities you encounter! If they seem vague about things like their location, or you find out they’re incorporated in the lost empire of Atlantis, maybe you ought to reconsider downloading their software.
Fortunately, if you’re vigilant enough, there are measures you can take to minimize your chances of infection. A lot of this is just good digital hygiene:
- don’t download software or files from browser ads
- never download from emails without verifying the sender
- avoid sites with sketchy ad providers
- read verified user reviews before downloading software
For more info on the warning signs and mitigation methods for us everyday internet denizens, Jack Busch has compiled an excellent breakdown on botnet red flags and ways to stay safe.
Is Salad a Botnet?
Running a botnet is super-duper illegal under U.S. law. If Salad was a botnet, my cohorts would all be sitting in federal prison (instead of getting crushed by yours truly in Age of Empires II).
In fact, we tick quite a few boxes on the “definitely not a botnet” checklist. Most botnets aren’t incorporated in the USA, nor do they use their real identities. They rarely have well-heeled investors or warm and fuzzy reviews, and we’ll take the odds on whether they operate from sweet battle stations in Utah.
For the discerning user, the best proof would be to root around our open-source code on Github. There you’ll see directly how the magic happens — with nary a line of arbitrary code. Salad simply manages the relationship between your PC and the mining pools we use to make you mula.
At Salad, we believe that people should be rewarded for their work. We hate the idea of someone jacking your PC power for nefarious aims, and we hope this guide can help you avoid the real scammers out there. If you have questions (or if you just want to send me love letters), join us in the Salad Chefs Discord server. We’d love to have you in the Kitchen!
By Jared Carpenter.