Hacker News new | comments | show | ask | jobs | submit login
The business model for botnets (technologyreview.com)
43 points by raleighm 7 months ago | hide | past | web | favorite | 10 comments

>30,000 bots [generate] well over $20 million a month of profit

that's $666/month per user

>“Re-infection costs have been estimated at $0.0935 per device,” say Putman and co.

>For example, potential botnet masters can make use of pay-per-installation services to set up the network. These can be bought on the dark web, with a fixed fee of 2 to 10 cents per device for installing the malware.

So I can buy bots for 10 cents per device and make "well over" $3/day on them? Not sure the math adds up on this one.

I assume it works the same way as renting a server. you can get a vpn for $10 a month and it's not unimaginable to make 30 times that back with whatever service you run atop that.

The team say that distributed denial-of-service attacks using a network of 30,000 bots can generate around $26,000 a month. Spam advertising with 10,000 bots generates around $300,000 a month, and bank fraud with 30,000 bots can generate over $18 million per month. But the most profitable undertaking is click fraud, which generates well over $20 million a month of profit.

Does anyone know how those hacks can generate revenues? I mean how can a DDOS generate revenue? What kind of bank fraud can a botnet do? How can click fraud generate profit (I guess if you suddenly receive $20 million on your adsense account google will immediately ban you)?

> I mean how can a DDOS generate revenue?

You rent out the capacity. Few hours of N Gbps flooding, courtesy of 20-30 thousand compromised home systems and IoT shitware units: tens to maybe low hundreds of dollars.

Now assume that's only a couple of percent of the total capacity under the botnet's control. Also, there are 24 hours in a day - once the current blaster's rental time expires, you have another one lined up already.

I recall seeing numbers in some fairly old Krebs article, but can't find it right now.

Spot on - they’re often referred to as ‘stressers’ or ‘booters’, and can make a nice chunk of money. There’s always someone looking to knock someone off of Xbox Live or PSN, or even chance it and try to take down a popular website. Depending on the technique used and the size of the botnet, you can cause some sysadmins or SOCs a headache.

I’m sure anyone else in the ISP industry will tell you that anytime kids are off school (summer holidays or half term here in the UK) the DDoS alerts go up a notch or two.

A bit more than two notches I'd say. The correlation between those is pretty enormous.

It's funny how a small industry is built around this. I remember a few years ago you could pay a monthly fee and they would have tiers and live support.

It wasn't very pricy for small attacks, sometimes even free for anything under 300 seconds.

I suspect getting ~10k from ~2 thousand accounts spread across several advertising networks probably is much easier to hide.

Alternatively splitting an extra 200k/month with a few large websites under the table probably works very well as there is less to distinguish bots from the overall noise. Another apraoch is probably setting up the equivalent of advertising re-sellers where you spend X$ advertising and get slightly more than X$ in revenue and then boost those results with click fraud.

I've heard that online gambling companies often get hit with DDOS attacks and then the attacker asks for a ransom/blackmail to stop DDOS. Since the online gambling company is losing money for every minute they are offline, they usually pay (and do so quietly of course).

these numbers are utter shit

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact