X
Tech

Criminals' botnet more powerful than BlueGene?

Criminals behind the Storm worm have created a botnet containing millions of PCs, which have a combined computing power greater than the most powerful supercomputer in existence.
Written by Liam Tung, Contributing Writer

Criminals behind the Storm worm have created a botnet containing millions of PCs, which have a combined computing power greater than the most powerful supercomputer in existence.

The Storm worm botnet has been estimated to control between one million and five million computers, which one researcher says makes it more powerful than IBM's BlueGene/L supercomputer.

Peter Guttman, a computer sciences security researcher wrote in an e-mail posted on insecure.org's Web site: "This may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals. The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?"

At the lowest estimate of one million computers, Guttman roughly calculated that using an army of 2.8GHz P4s, the group behind the Storm worm would have at least 1 petabyte of RAM, compared with BlueGene/L's "paltry 32 terabytes".

Guttman listed 10 supercomputers, comparing the total number of PCs required to achieve equivalent RAM. He estimated 128,000 PCs would be required to match BlueGene/L, while at the lower end, 10,000 PCs would be needed to match MareNostrum.

Is it comparable?
However, debate rages as to whether a million-strong cluster of computers is the same as a supercomputer.

IBRS security analyst James Turner told ZDNet Australia that comparing a botnet and a supercomputer is like comparing an army of snipers with a nuclear weapon.

"It takes more than a pile of CPUs and RAM to make a supercomputer ... Any supercomputer like BlueGene has millions of dollars of R&D, tweaked I/O and an optimised operating system. In all, it's a system with substantial differences to a botnet," he said.

However, Turner said that should the Storm owners want to start breaking encryption codes, they could do it in a similar fashion to the Search for Extraterrestrial Intelligence project -- or SETI@home.

SETI@home uses a distributed network of computers to decipher signals from an array of radio telescopes, which listen for signals from outer space.

The SETI@home network, at the time of writing, consists of 158,000 active users, utilizing 1.5 million active hosts in over 200 countries.

Bradley Anstis, director of product management at security firm Marshal, believes the botnet at the Storm gang's disposal is likely to be closer to five million strong.

"The SETI@home network is quite different because the owner has full knowledge of any use of their computer. When you start using your computer, its network will back off. This worm however seems to be working in the background so it doesn't take all resources, so the average computer user does not notice," said Antsis.

"It has a very high number of distributed nodes, so it can scale faster and a lot larger than any super computer. It's certainly a lot of faster than for Cray to bring out its latest supercomputer," he said.

Paul Ducklin, head of technology at Sophos said a supercomputer differs drastically due to how CPU nodes are interconnected and the speed at which data can be pushed from one node to another.

"They [the Storm gang] don't need a 'supercomputer'," said Ducklin. "They just need a wide range of different computers to do their dirty work. It's not so much about CPU, and RAM, and disk space. It's about being able to operate from a widely-distributed and ever-moving target. Slim down the target and it becomes much easier to hit."

Besides CPU and RAM, Marshal's Anstis said, "The more worrying thing is bandwidth. Just calculate four million times a standard ADSL connection. That's a lot of bandwidth. It's quite worrying. Having resources like that at their disposal -- distributed around the world with a high presence and in a lot of countries -- means they can deliver very effective distributed attacks against hosts."

Editorial standards