Matt Gerry 14040633 Botnet Armies A botnet army is one of the most effective ways to steal sensitive information.

If a botnet army is constructed in a typical manner (not peer-to-peer) there are a few, central computers (Kleiner) that control potentially thousands of infected computers. The non-central or infected computers become infected by ways such as, viruses and worms that are commonly found in email attachments. These infected computers are used by criminal organizations to, troll for credit card and bank account information(Kleiner). Botnet armies can also be constructed in a peer-to-peer environment where, messages are passed from machine to machine instead of coming from a central command(Kleiner). This is a much more dangerous botnet setup because it becomes very difficult to decipher which computer is responsible for sending out the commands and thus takes more effort for authorities to shut down. There is also a hypothetical botnet army that has been simulated where the botnet army randomly configures its hierarchy daily which would make tracking down the computer in control of the army much more difficult to locate and take down. If I were to ever assemble a botnet I would make the attempt to spam millions of inboxes with infected attachments because this seems like the easiest, most inexpensive, and profitable way to construct a botnet army. I would also try to assemble a peer-to-peer botnet army with a constantly changing hierarchy because it seems as if it is harder for government agencies to gain access to or control. Peerto-peer botnet armies also, in my opinion, would make it much more difficult to catch the individual or group that was responsible for creating the botnet army to begin with. I would also take care to only gain control of computers located in a different region of the world than the one I was currently living in because I feel like it would be much harder to attach a criminal conviction to me if I wasnt a citizen of the country whos computers I was attacking and gaining control for illegal purposes. After I acquired a minimum of somewhere between five to ten thousand controllable computers I would begin using them to troll for credit card, bank information, and any other personal information I could use for profitable endeavors. I would take this information and sell it overseas to people who wanted things such as green cards for admittance into the US, money (from the stolen credit cards) to start a business, people who just wanted free money in general, etc. If I ever became extremely successful in what I was doing with my botnet armies and created an army of millions, to tens of millions, to potentially hundreds of millions (I know this is relatively unrealistic, but you said have fun with it) there are many more things I would have them do. I would use an army of that power to crash very popular websites just for the fun of it. I would instruct the army to continually perform DDoS attacks on a popular websites page just to see it crash and burn under the weight of my monstrous botnet. I would really love to send a fullscale attack against youtube using millions of bots all at once to attempt to bypass their security and take down its video content and exclusively broadcast my own videos, even if it were for only a couple hours. I would first stream a bunch of computers marching in a military formation, maybe with their arms up in the air the

Matt Gerry 14040633 same way Hitlers soldiers marched. I would then follow my botnet armies Hitler broadcast with a broadcast of the original Star Wars series in order and I would end my live youtube broadcast with me in a Darth Vader mask telling youtube that I was its father. When my youtube botnet controller ended I would then continue my attack of epic proportions to a very popular site called facebook. I would first crash facebook just so millions of facebookers world wide would cry and have sad faces and then I would attempt to gain control of it. I would then, if control was gained, make it so everyone could only view one fake profile. The profile would be of me in a Darth Vader costume and the about me section would say, married to Padme and, Relation to Facebook: Father. I would then write that my interests (on my faulty facebook page with facebook currently being controlled by my botnet army) were, Using the force, hanging out with the Palps, and holding it down in the death star. After the large scale facebook attack I would then move on to attempting to use my botnet army of millions to gain access to the section of Chinas government that controlled internet regulations and open up the entire internet to the Chinese rather than the very restricted portion that they are allowed to access. After this I would use my botnet army of millions (provided it hasnt been shut down and I havent been caught) to attempt to destroy Walmart once and for all. I would take down walmarts webpage for as long as possible and instead put a fake news broadcast of a news reporter dressed in a Jawa Costume stating that Walmart has declared bankruptcy and its closing its doors. I would then use my botnet army to send out millions if not billions of spam emails stating that Walmart is out of business in some way. By doing this I will have jump started the economy due to small business sales increases and I will have single handedly gotten us out of the slight recession were in now. After this insane stunt I would attempt to crash google. My only goal would be to crash it for a single day. I wouldnt want to hack it or destroy anything because Google is awesome. I would just want to take it down just so Google is aware Im the boss of this internet and I run this place now. It would kind of be the equivalent of a mobster beating up some guy walking down the same road as him just to prove hes the boss. When all of the above is done I would more than likely be close to if not the FBI, CIA, and NSAs most wanted person alive. So I would need to scale back my attacks on large businesss more than likely. I would use my botnet army for much simpler things. I would use it to crash all of my past schools web-pages and destroy my high schools firewalls. I would use it to spam emails about random things such as dancing turkeys or a great youtube video such as dog step. I would send spam looping the boy on youtube saying, I like turtles to as many people as possible as often as possible. I would try to crash Play Station Network as often as possible. I would still continue to steal peoples credit card numbers and other sensitive information so I could sell them to make as much profit as possible. It would be incredible. When I eventually made close to a billion dollars off of information theft I would eventually slow down to a halt all together. I would eventually sell my botnet. I would sell it for around ten million dollars (because were assuming I have a bot net army of over 100 million infected PCs) and then I would retire from the con game into a giant mansion in the middle of Africa because nobody in Africa is gonna

Matt Gerry 14040633 come track me down for using a mega huge botnet army in the past to crash corporate websites. Top sum this whole would be could be botnet army awesomeness up, if I had control of an awesome botnet army I would do a ton of illegal things and make tons of money doing those illegal thing. I would refuse to stop until I succeeded in destroying or humiliating every mega corporation listed above and it would be a grand old time (provided I didnt get caught and spend tons and tons of time in jail). Now that I have written this paper I know that I should never attempt to control a botnet army because I would go crazy with it and probably end up in jail, have a family that disowns me, and end up living in africa which would be horrible because Africa doesnt seem to be to much fun overall. I do wish there was a safe legal way to practice setting one up though because it seems like a lot of fun and it could probably be used for fun things as well even though most people, it seems, who use bot net armies use them for illegal purposes. Anyway Im runnin out of ideas now so to sum everything up, botnet armies are cool, but most stories out there are about illegal uses of botnets. I would love to see an example of fun and less illegal ways to use a botnet army.

Bibliography: Kleiner, Kurt. Botnet Armies That Wont Die. http://www.technologyreview.com. Technology review, April 21 2011. Web. 22 Sept. 2011