Listen to the Podcast here
You know, when we said that security training can change lives, this was NOT what we had in mind.
This week we want to talk about a different kind of security training program that we definitely don't recommend you take.
Researchers investigating forums on the dark net have discovered a number of advertisements for so-called 'botnet schools'—anonymous individuals teaching courses on how to operate botnets to steal sensitive data and deploy ransomware.
In case you didn't know, a botnet is a network of computers infected by a malware that can be controlled by a single attacking party, also known as a 'bot-herder'. Like a general commanding an army, the bot-herder can remotely launch large-scale attacks like phishing scams, DDoS attacks, and financial breaches.
These botnet trainers charge upwards of $1,400 to train someone, so it's not exactly an impulse buy, but according to their claims, even a novice cybercriminal could learn to operate and monetise their botnets.
Now, I know what you might be thinking: this has to be fake, right? I mean, it is the dark net, you can't exactly file a consumer complaint if you get scammed. But it appears to be a fairly structured affair, with user reviews among other things. And it's been going on for a while now, which itself is evidence that it's not totally a scam.
We'd much rather you take our courses on AppSecEngineer instead, but this does set a bad precedent, right? Just last year, we saw people training newbies on how to use bots to buy any and all incoming stock of graphics cards and game consoles on Best Buy, Walmart, and Micro Center. If you've been unable to buy a PS5, it's because of scalpers like this.
But botnets are undeniably far worse. Authorities are doing everything in their power to take these people down, but they seem to pop up faster than they're getting shut down. For the time being, though, we suggest you stick to the light side of the internet and go enjoy some cat videos and cringy TikToks.