Akamai Diversity

The Akamai Blog

Edge 2014 Video: Million Browser Botnet Live Demonstration

Akamai CSIRT Director Michael Smith and WhiteHat Security Threat Research Center Senior Manager Matt Johansen gave a demonstration of how the Million Browser Botnet operates, during last month's Edge conference.

Below is the full presentation.

Talk description:

Online advertising networks can be a web hacker's best friend. For mere pennies per thousand browser impressions, service providers allow you to broadly distribute arbitrary JavaScript. Most advertisers use this feature to show ads, track users, and get clicks, but hackers don't play by the same rules as the rest of us.

Absolutely nothing prevents them from spending as little as $10 to create a massive JavaScript-driven browser botnet instantly.

WhiteHat Threat Research Center Manager Matt Johansen and Akamai CSIRT Director Michael Smith show you how easily a bad actor can commandeer browsers to perform DDoS attacks, participate in email spam campaigns, crack hashes, and even help brute-force passwords using just a few lines of HTML5 and JavaScript.