The legend of the Trojan Horse started more than 3000 years ago. According to legend, the Greeks were at war with the city of Troy and had it under siege for several years. Eventually, the Greeks came up with an ingenious scheme. They built a large wooden horse and hid a few soldiers inside and pretended to sail away, leaving the wooden horse behind. The Trojans, believing the siege was over, pulled the wooden horse into their city as a symbol of victory. That night, while the Trojans were drunk from celebrations, the Greek soldiers in the horse crept out from the horse and opened the gates of the city. The Greek army entered and wiped out the Trojans, ending the war.
Nobody knows if the story is literally true, but the powerful metaphor of the Trojan horse thrives in today’s modern Internet.
Bahir Mustafa’s version of the Trojan horse started a few years ago.
Bahir was the product of a stormy relationship between an American oil executive father and an office manager in an Iranian oil ministry. When he was 6 years old during the 1979 Iranian revolution, Mustafa’s father left for the United States, never to return and leaving his mother to care for him. Somehow, Mustafa’s mother managed to raise young Bahir as a single mother in the midst of a radical Muslim uprising. Although no friend of the Iranian Ayatollahs, she also harbored a deep resentment against all westerners, especially the westerner who left her to raise her son alone. She vowed, somehow, some way, she would escape from this hideous land where women are property and exact her revenge against the great Satan who crushed her dreams. She would never get her wish, but perhaps her son would do better.
He grew up in poverty, enduring constant taunts from other Iranian boys, reinforcing the stories of Muslim oppression his mother constantly told him. He developed a tight bond with his mother and hatred for all things Muslim, balanced only by a hatred for all things western and the father he barely knew. He also showed a remarkable talent for electronics and computers, and caught the attention of several Iranian ministers who sponsored his education. And along the way, he learned other lessons, thanks mostly to his mother. “Accept your training any way you can get it and exploit it later,” she said nearly every day. And “With enough money, politics and religion will become irrelevant.” And, of course, “Watch for your opportunity. It will come unexpectedly and surprise you.”
As a system administrator at an academic university computer center in Tehran, that opportunity came when a member of the Basij, a loyal guardian of the Iranian revolution, visited one day.
“Brother, we need your help strengthening the program decreed by our supreme leader to protect our students of the revolution from corrupt western web sites,” said Atesh Zare. “Can we count on your support?”
“Of course,” said Bahir. “It is my honor to serve.” Bahir had no interest in becoming a dissident and visiting the infamous Evin prison. He would tell these pigs anything they wanted to hear. And if the Iranian Ministry of Science, Research, and Technology wanted a web filtering program, what did he care?
But perhaps an insurance policy would be helpful. Perhaps…
“Brother,” said Bahir, “Some friends and I wish to share the wonders of our country with the world. We enjoy climbing in the Zagros Mountains and taking pictures. Allow me to show you some breathtaking images from our cameras.”
Bahir launched his Windows Picture Viewer and showed a few images to Atesh. “Stunning!” said Atesh. “How do you plan to share these?”
“My friends and I would like to set up a website so people around the world can download these images, perhaps to use as screen savers,” said Bahir. “It would be our honor to present a small portion of the beauty of our country.”
“I will inform my superiors in the Republican Guard,” said Atesh. “But I see no issue with this. You may proceed with our blessing.”
“Thank you,” said Bahir. “I will email you the URL when we have the website ready. Would you do us the honor of the first download?”
“Yes. A wonderful idea,” said Atesh. “May Allah be with you.”
“And with you,” said Bahir.
“You are an idiot in a ministry of idiots,” Bahir said to himself after Atesh left. “None of them know how to patch their computers. I will give them more than just screen images. I will also give them a program that allows me to control their computers. They will never notice it. This may become useful someday.”
And in the mother of all irony, the very first computers in Bahir Mustafa’s botnet belonged to members of a repressive government determined to control everyone in the country. The idiots in control would never find out a system administrator working in the university down the street had the ability to control them.
A botnet is shorthand for a robot army of a network of computers. People who control botnets can create all kinds of havoc for profit across the Internet. For example, people with a political or other hostile agenda can harness the power of thousands of computers worldwide to flood a website with bogus traffic, rendering it useless for its intended purpose. This is called a distributed denial of service (DDOS) attack. Or they can capture keystrokes, mouse clicks, and passwords and send these back to a collection site for later analysis. The possibilities are limited only by the imaginations of botnet masters and their customers.
The trick for anyone building a botnet is how to introduce the software to control all these computers without the computer owners finding and removing the software. Bahir Mustafa figured out how to do it using pictures of mountain scenes.
The first westerner downloaded and installed Musfafa’s screensavers a few months later. This created a world of possibilities Bahir had not considered.
Over the next few years, while the mullahs and the Basij and all the other idiots watched during the day, he cultivated a reputation as a trusted system administrator, eager to help his university shape young minds to carry out the tasks supporting the great revolution. But at night and in private, Bahir used the university computer servers for his own research and development, constantly improving his botnet and the necessary command and control servers.
He vowed to silently accumulate more knowledge and money than those idiot mullahs and their mentally handicapped servants in the Republican Guard could possibly imagine. And he would do it by exploiting the fear and greed that drove all western pigs.
Just like a first love, his first exploit was the most satisfying. Bahir liked to chat with people around the world using ICQ, an instant message chat program with discussion groups focusing on hundreds, maybe thousands of topics. He used an assumed name and untraceable email address from one of the public providers and quickly found a thriving underground where people discussed various hacking exploits.
Later, when he had a few hundred western systems around the world under his control, he found himself in an ICQ chat with somebody named Abdul. English is the universal language of the Internet and Mustafa was happy he was fluent in English. Someday, perhaps Farsi will become globally popular.
Abdul: “Why does the government in Qatar block my access to pornography?”
Alma: “Maybe because it serves no useful purpose?”
Abdul: “Perhaps not. But if I choose to view it, what business is it of the government?”
Alma: “I care little about politics. View what you want.”
Abdul: “Perhaps you should care more about politics. Where are you from?”
Alma: “My father is American.”
Abdul: “Your profile says you are interested in technology.”
Alma: “Yes. ”
Abdul: “How would I send a message to the censors?”
Alma: “DDOS them. ”
Abdul: “What is DDOS?”
Alma: “Distributed denial of service. You flood them with traffic from all over the world and this blocks their access to the Internet.”
Abdul: “How would I do such a thing?”
Alma: “Possibly I can help. But it costs money to set up.”
Abdul: “How would you do this?”
Alma: “I have certain tools at my disposal. I can flood them from around the world. ”
Abdul: “And how much would this cost?”
Alma: “$100 US per day.”
Abdul: “I have little income.”
Alma: “Perhaps you can recruit friends with an opinion similar to yours to share the expense.”
Abdul: “I have many such friends.”
Alma: “I suggest running it for 10 days. Any more than that and they will find a defense. Any less and it will not be memorable to them.”
Abdul: “We would need to do more than just block their access to the Internet.”
Alma: “What else more?”
Abdul: “We would need to tell them to stop censoring us. Perhaps modify their website somehow.”
Alma: “Give me the URL and I will look into the possibility. If possible, this will cost an additional $500.”
Abdul: “Are you not concerned about government censorship? Why should we pay for our freedom?”
Alma: “As I said earlier, I care little about politics. I can provide you what you want if you can pay for it.”
Abdul: “I will talk to my friends and contact you tomorrow.”
Alma: “Very well.”
They worked out details the next day and Bahir launched his first DDOS attack a few days later. The website was easy to penetrate and after some discussion, it was decided to leave a simple, direct message. Bahir modified the site’s opening index.html file to read “Do not censor us” in 72 point bold, red font with a white background.
After Paypal fees, the $1375 was nearly one month of his university salary. It was exquisite and turned a hobby into a serious business. All out of sight of the mullahs and their dogs.
After that first exploit, Bahir refined his setup. First, he protected his command and control servers with passwords and encryption. Next, he built a growing database of public IP Addresses and other information for computers compromised by his Trojan horse program. An IP Address on the Internet is similar to a telephone number in the telephone network. Although a public IP Address does not always identify a unique computer, it generally identifies the organization owning that computer and the region of the world where it resides. By combining the IP Addresses of his growing army of compromised computers with the ICANN (Internet Corporation for Assigned Names and Numbers) global registry of IP Addresses and overlaying all this on a map of the world, Mustafa built a program to display a dynamic heat map with dots pinpointing when and where he took control of each computer.
The map looked impressive. Using this graphical representation, Mustafa showed potential customers details about the drone soldiers in his mercenary army. It was an effective sales tool as thousands of people around the world downloaded Mustafa’s screensavers and installed his hidden program onto their personal computers. And with every download, another dot lit up on Mustafa’s global heat map. As people enjoyed mountain scenes, Mustafa’s Trojan horse program laid dormant in their computers, checking with Mustafa’s website every hour looking for instructions.
Bahir found potential customers using ICQ and other chat services. As word spread in the underground community about “Alma” and his army, potential customers, including a mysterious Russian, grew more and more eager to unleash this newly found power for hire. DDOS attacks were the most common, but there were others. Sometimes attackers had a political objective, sometimes it was extortion, sometimes just for the attention. Bahir didn’t care. If they paid, he delivered.
Bahir did not give the mullahs and their minions enough credit. They monitored all communication in and out of the university and were fully aware of Bahir’s botnet. For now, they looked the other way, but the time would come when they would use Bahir Mustafa and his botnet for their own purposes.