Mason Researcher Develops New Tool to Locate Hackers Online
By Colleen Kearney Rich
If your computer is acting strangely or locks you out, don’t be surprised if it isn’t just a virus. It could be an Internet bot.
Bots, as they are most often called, are one type of stealthy malware that runs tasks inside a computer network and are controlled by someone, the botmaster, remotely. The use of these bots is widespread and a huge security problem for network administrators and users alike. In a six-month period in 2010, Microsoft reported that it cleaned more than 6.5 million bot-infected computers worldwide.
“These bots can be very complicated and very powerful,” says Mason computer scientist Xinyuan (Frank) Wang. “They have many built-in self-protections and can compromise other machines.”
Wang’s latest patented invention, Live BotmasterTraceback, is designed to hunt down these botmasters by embedding a watermark, much like you would place on a photo, into the Internet traffic.
“Eventually, it will trace back to the botmaster and help identify his location,” says Wang, who shares the patent with his former graduate student Daniel Ramsbrock, who graduated in 2008 with a master’s degree in computer security and assurance.
The problem with botmasters is that they are working hard to conceal their identity and location. Fortunately, they must communicate with their bots to get the information they want.
“He or she could tell the bot to record keystrokes for passwords or compromise other nodes around it,” says Wang. “They can open the back door and control your computer without your knowledge.”
When the botmaster comes online to send commands to the bots, he or she usually needs to get the results back. If the response traffic is watermarked, the watermark will go all the way back to the botmaster. This technology works on a network level and would be of interest to Internet service providers and law enforcement, as well as others maintaining large computer networks. In the past, Wang developed methods for tracing attacks across stepping stones—a type of computer security—and making networks anonymous. He was the first to demonstrate that it is feasible to track anonymous, peer-to-peer voice over Internet protocol calls.
This is the fifth patent Wang’s work has received since he joined Mason eight years ago. One of the university’s more prolific inventors, he has six more in the patent pipeline.
“People are concerned about their privacy, and computer security is a real problem,” he says. “We don’t claim we’ve solved the problem, but this is a very good first step.”
To read more stories about Mason, check out the university’s News site.