The Joker proved the Gotham, “Even the best among us could fall”. Sometimes the good have to be bad to prevent the worse. uhh that was all about Dark Knight. Lets talk about the corollary in computing world. Every good technology comes with the darkness inside.
Cloud computing offers tremendous promise for the future of computing. In the cloud you will be able to link together remote computing resources to achieve massive amounts of computing without any of the capital infrastructure costs.
Interfacing with the cloud, you will be able to orchestrate thousands, perhaps even millions of CPUs and terabytes of storage from any location with a simple management interface. Enormous scale, tremendous flexibility and all without any capital cost. Don’t dream – cloud computing is here today! There are between 5 million and 10 million CPUs that take part in the largest, most flexible cloud computing infrastructure ever seen. We call them botnets.
In the whole Conficker drama in April, many were curious about the ultimate purpose or payload of Conficker: “But, what is it going to do?”. That’s a narrow view of these trojan/worm/bot systems that assumes they are a form of evil application. What’s missed in these discussions is that Conficker, like other botnets before it is not an application but an infrastructure which can be “upgraded” to any payload, application or purpose that the owners imagine. Better yet, botnets can be leased for temporary use. Spam today, phishing tomorrow, who knows? Botnets do not have a purpose because they represent what we would call Infrastructure-as-a-Service (IaaS).
Unlike a traditional IaaS service such as Amazon’s EC2, the botnets are not flexible enough to load virtual machines (yet) and they are built on top of stolen resources. They have brittle command-and-control structures that emphasize stealth over redundancy. They have to keep fighting off hostile takeover attempts by other trojans and bots. But make no mistake about it. The dark cloud of botnets is the biggest, baddest cloud computing infrastructure running on the Internet today.
The most worrying aspect of the dark cloud is that there is no longer a direct correlation between the command-and-control application and the payload/purpose. It used to be clear that certain types of botnets were spam botnets, or phishing botnets. But many new botnet clouds are built with upgrade and software distribution capabilities so they can morph. Botnet controllers can upload new payloads on the existing botnet, or they can upgrade the core functions that provide the control channel or propagation mechanism to evade attempts to shut them down.
As always, the innovation on the “dark side” is surprisingly sophisticated and without any of the legal copyright restrictions, botnet architects are free to copy, share and steal code from each other. Features that are effective in one botnet often appear byte-for-byte in a different botnet later.
The black hats are implementing global cloud computing faster and more effectively than we are. While loosely coupled and fragile, these dark clouds make up for their weaknesses with scale. With five million computers in a cloud (as indicated by some studies) you can afford to lose a few thousand here and there. Now if only we had an open, flexible, interoperable global cloud for legitimate use.