University of Calgary
UofC Navigation

Distinguished Lecture Series, February 25, 2010

Date & Time:
February 25, 2010 | 11:30 am - 12:30 pm

Location: Biosciences 587

Title: How to Steal a Botnet and What Can Happen When You Do
Speaker: Dr. Richard A. Kemmerer

Botnets, which are networks of malware-infected machines that are
controlled by an adversary, are the root cause of a large number of
security threats on the Internet. A particularly sophisticated and
insidious type of bot is Torpig, which is a malware program that is
designed to harvest sensitive information (such as bank account and
credit card data) from its victims. In this talk, we report on our
efforts to take control of the Torpig botnet for ten days. Over this
period, we observed more than 180 thousand infections and recorded more
than 70 GB of data that the bots collected.

While botnets have been hijacked before, the Torpig botnet exhibits
certain properties that make the analysis of the data particularly
interesting. First, it is possible (with reasonable accuracy) to
identify unique bot infections and relate that number to the more than
1.2 million IP addresses that contacted our command and control server
during the ten day period. This shows that botnet estimates that are
based on IP addresses are likely to report inflated numbers. Second, the
Torpig botnet is large, targets a variety of applications, and gathers a
rich and diverse set of information from the infected victims. This
allowed us to perform interesting data analysis that goes well beyond
simply counting the number of stolen credit cards. In this talk we will
discuss the analysis that we performed on the data collected and the
lessons learned from the analysis, as well as from the process of
obtaining (and losing) the botnet.


Richard A. Kemmerer is the Computer Science Leadership Professor and a
past Department Chair of the Department of Computer Science at the
University of California, Santa Barbara.  Dr.  Kemmerer received the
B.S. degree in Mathematics from the Pennsylvania State University
in 1966, and the M.S. and Ph.D. degrees in Computer Science from the
University of California, Los Angeles, in 1976 and 1979, respectively.
His research interests include formal specification and verification of
systems, computer system security and reliability, programming and
specification language design, and software engineering.  He is author
of the book Formal Specification and Verification of an Operating System
Security Kernel and a co-author of  Computers at Risk: Safe Computing in
the Information Age,  For the Record: Protecting Electronic Health
Information, and Realizing the Potential of C4I: Fundamental Challenges.

Dr. Kemmerer is a Fellow of the IEEE Computer Society, a Fellow of the
Association for Computing Machinery, and he is the 2007 recipient of the
Applied Security Associates Distinguished Practitioner Award. He is a
member of the IFIP Working Group 11.3 on Database Security, and
a member of the International Association for Cryptologic Research. He
is a past Editor-in-Chief of  IEEE Transactions on Software Engineering,
and he has served on the editorial boards of the ACM Computing Surveys
and IEEE Security and Privacy and on the Board of Governors of the IEEE
Computer Society.  He currently serves on Microsoft's Trustworthy
Computing Academic Advisory Board.


Contact Us

Centre for Information Security and Cryptography
MS 476, 2500 University Drive NW
Calgary, Alberta
Canada T2N 1N4
1 (403) 220-3949