Abstract
For over 2000 years, military strategists have recognized the importance of capturing and holding the physical “high ground.” As cyber warfare strategy and tactics mature, it is important to explore the counterpart of “high ground” in the cyber domain. To this end, we develop the concept for botnet operations. Botnets have gained a great deal of attention in recent years due to their use in criminal activities. The criminal goal is typically focused on stealing information, hijacking resources, or denying service from legitimate users. In such situations, the scale of the botnet is of key importance. Bigger is better. However, several recent botnets have been designed for industrial or national espionage. These attacks highlight the importance of where the bots are located, not only how many there are. Just as in kinetic warfare, there is a distinct advantage to identifying, controlling, and exploiting an appropriately defined high ground. For targeted denial of confidentiality, integrity, and availability attacks thecyber high ground can be defined and realized in a physical network topology. An attacker who controls this cyber high ground gains a superior capability to achieve his mission objectives. Our results show that such an attacker may reduce their botnet’s footprint and increase its dwell time by up to 87 % and 155× respectively over a random or ill-informed attacker.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Ashford, W., Jan. 2013. Computerweekly - huge botnet infecting smartphones in china. URLhttp://www.computerweekly.com/news/2240176104/Huge-botnet-infecting-smartphones-in-China
BAE Systems, 2014. Snake Campaign & Cyber Espionage Toolkit. Tech. rep.
Bell, L., Jan. 2014. The Inquirer - 24,000 Android devices are hit by XXXX.apk mobile botnet. URLhttp://www.theinquirer.net/inquirer/news/2322028/24-000-android-devices-are-hit-by-xxxxapk-mobile-botnet
Brewster, M., May 2014. The Canadian Press - NATO Scrambles to take the Cyber High Ground. URLhttp://www.londoncommunitynews.com/news-story/4503489-nato-scrambles-to-take-the-cyber-high-ground/
Cooke, E., Jahanian, F., McPherson, D., 2005. The zombie roundup: Understanding, detecting, and disrupting botnets. Proceedings of the USENIX SRUTI Workshop.
Dagon, D., Gu, G., Lee, C. P., Lee, W., Dec. 2007. A Taxonomy of Botnet Structures. Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), 325–339.
Global Research & Analysis Team (GReAT), Kaspersky Lab, Jan. 2013. Securelist - the “red october” campaign - an advanced cyber espionage network targeting diplomatic and government agencies. URLhttp://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
Goodin, D., Dec. 2013. Arstechnica - credit card fraud comes of age with advances in point-of-sale botnets. URLhttp://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/
R.M. Karp. 1972. Reducibility among combinatorial problems. R.E. Miller, J.W. Thatcher (Eds.), Complexity of Computer Computations, Plenum Press, New York, pp. 85–104.
Kaspersky Labs, May 2012. Kaspersky - kaspersky lab and itu research reveals new advanced cyber threat. URLhttp://usa.kaspersky.com/about-us/press-center/press-releases/kaspersky-lab-and-itu-research-reveals-new-advanced-cyber-threa
Krekel, B., Adams, P., Bakos, G., 2012. Occupying the information high ground: Chinese capabilities for computer network operations and cyber espionage.
Lee, W., Wang, C., Dagon, D., 2010. Botnet Detection: Countering the Largest Security Threat.
Mcwhorter, D., 2013. APT1: Exposing One of China’s Cyber Espionage Units. Mandiant. com. URL
Proofpoint, Jan. 2014. Proofpoint - more than 750,000 phishing and spam emails launched from “thingbots” including televisions, fridge. URLhttp://www.proofpoint.com/about-us/press-releases/01162014.php
Rocketfuel, 2013. Rocketfuel: An ISP Topology Mapping Engine. URLhttp://www.cs.washington.edu/research/networking/rocketfuel/
Spring, N., Mahajan, R., Wetherall, D., Anderson, T., Feb. 2004. Measuring ISP Topologies With Rocketfuel. IEEE/ACM Transactions on Networking 12 (1), 2–16.
Sweeney, P. J., 2014. Designing effective and stealthy botnets for cyber espionage and interdiction: Finding the cyber high ground. Ph.D. Thesis, Thayer School of Engineering, Dartmouth College, Hanover NH.
Tzu, S., 2013. The art of war. Orange Publishing.
U.S. Department of Justice, June 2014. U.S. Leads Multi-National Action Against “Gameover Zeus” Botnet and “Cryptolocker” Ransomware, Charges Botnet Administrator. URLhttp://www.justice.gov/opa/pr/2014/June/14-crm-584.html
Wang, P., Aslam, B., Zou, C., 2010. Peer-to-Peer Botnets: The Next Generation of Botnet Attacks. Electrical Engineering, 1–25.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Sweeney, P., Cybenko, G. (2015). Identifying and Exploiting the Cyber High Ground for Botnets. In: Jajodia, S., Shakarian, P., Subrahmanian, V., Swarup, V., Wang, C. (eds) Cyber Warfare. Advances in Information Security, vol 56. Springer, Cham. https://doi.org/10.1007/978-3-319-14039-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-14039-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-14038-4
Online ISBN: 978-3-319-14039-1
eBook Packages: Computer ScienceComputer Science (R0)