Projections this week state that the Iranian Cyber Army has a botnet of over 400k machines. They apparently plan to offer rental of these “assets” to interested parties. The ICA maintains that this is not “retribution” for the Stuxnet attacks on Irani Nuclear facilities, but rather a money making opportunity.
One of the discussions/debates featured in the last meeting of the Cyber Conflict Studies Association (CCSA: www.cyberconflict.org ) was the use of Nuclear Weaponry as a suitable metaphor for studying and examining Cyber Conflict. For many cases, the metaphor seems to work; devastating effects possible, need for strategic thinking, need for deterrence, how important foreign policy can be, and important of open discourse. However, this metaphor (which is only a way to frame one’s thinking) drops off in one aspect – it is almost impossible for a lone wolf to create their own weapons grade nuclear device, in cyberspace, lone actors can have tremendous impact on this sphere of conflict.
So what does ICA’s open auctioning of their assets mean? It means WATCH OUT. Cyber resources are plentiful, and in the coming days the cost of cyber resources will only plummet. It is estimated that over 2B people are internet users, additionally with over 1B total machines, there are almost infinite resources to malicious actors.
As if we haven’t had enough “calls to actions” and “awakenings,” this should be the last that we need. Every citizen with a PC and broadband connections can be an unwitting participant in cyber-conflict. It is now the responsibility of every user to keep their machine from being a part of a botnet. Cyber security can no longer be relegated to the hands of the “Nerds” and “Geeks.” Today all users need to get with it and protect their computers, not just for their own sake, or their own privacy, but for everyone else out there.
We track these and many related issues in our CyberWar site.