A story floating around the Internet recently claims that the Storm email worm has created the world's largest supercomputer. I believe the genesis of this claim was this post on a security Web site. Are you amazed? Do we need James Bond to ferret out the evil villains? Hardly. Perhaps Austin Powers can handle this one.
A story floating around the Internet recently claims that the Storm email worm has created the world’s largest supercomputer. I believe the genesis of this claim was this post on a security Web site. Are you amazed? Do we need James Bond to ferret out the evil villains? Hardly. Perhaps Austin Powers can handle this one.
It certainly isn’t news that Internet criminals find using other peoples computers helps with their chosen vocation. Not to mention that the most dominant OS is the world has a “Hack Me” sign hanging on its back as it walks through the Internet hallways.
The Storm worm bad guys, who presumably already had some spambots, sent spam to even more people. Once a user opened the email, the work went about installing and hiding itself on the target computer. As reported, the main use for the botnet seems to be blasting spam.
The number of machines controlled is reported to have been as many as 50 million computers, but estimates have been revised downwards to be much more conservative. Current estimates place the infected machines at about 1.5 million infected in July and only 200,000 machines available full time.
Now comes the urban legend sound bite from the post on the Full Disclosure list:
Comprising between 1 and 10 million CPUs (depending on whose estimates you believe), the Storm botnet easily outperforms the currently top-ranked system, BlueGene/L, with a mere 128K CPU cores.
It constantly amazes me how many people make intellectual leaps that are the equivalent of Wile E. Coyote going over a cliff. Like our hapless protagonist the coyote, our poster has little to support their leap, and nowhere to go but down.
Let’s look at the key phrase here, easily outperforms BlueGene/L. To which I respond, “out performs BlueGene/L” doing exactly what? Sending spam, folding proteins, running the top500 benchmark? And therein lies the thud followed by a puff of dust as this argument hits the ground.
For those who don’t quite get it, here is another astounding story I just discovered. From our most-of-the-time-right friends at Wikipedia, a 2004 Department of Transportation study found 243,023,485 registered passenger vehicles in the United States. Out of more than 243 million, I’ll assume that about 17 million are traveling right now, at an average speed of 40mph.
Using this sort of relaxed math, I find that the combined speed of these cars can easily outperform a beam of light traveling from the New York to Los Angeles. Yes, it’s true — if you add enough of anything, eventually you get a really big number. That doesn’t mean it means anything.
Time for the bucket of cold water. When we (HPC nerds) talk about Supercomputers, we assume that the power of the computer can be brought to bear on a single problem. That’s what puts the “super” in supercomputer.
Now, having never run a network of spambots, I don’t know what the Top500 ranking is for the botnet system, but I do have some experience with another kind of pedestrian supercomputer. In April 2004, a group of people at University of San Francisco attempted what they called a “flash mob cluster” where 700 people brought their computers for the day to the gym.
These systems were then tested and connected to an existing network that was constructed over three days prior to the event. Out of the pile of computers, they were able to get 256 started on the Top500 benchmark, but it never finished. The only successful run was with 150 systems that resulted in 77 GFLOPS and was hardly enough to earn them a place on the Top500 list.
Let’s recap. With a prebuilt and donated network (i.e. plenty of cable and expensive switches) they were only able to utilize about 20% of the computers. As I recall, there were something like 64 new pristine systems on loan from a local white box shop as well.
Thus the number of “usable” machines contributed by Joe and Jill Sixpack was quite low. In addition, the pre-existing network seems to contradict the “flash mob” aspect quite a bit, although I suppose the case can be made for existing corporate/campus networks.
Now, let’s compare it to the random spambots connected over the Internet. The range of hardware and bandwidth is well quite large and unpredictable. As the flash mob found out, even with a pristine network things don’t quite go as you expected.
Enough said. For those who entertain the ideas that clumping a bunch of disparate systems together constitutes a cluster, I invite you to take a look at Cluster Urban Legends.
Sure, you can find successful distributed computing projects. Things like SETI at Home and Folding at Home where small portions of independent work are distributed to computers over the Internet (with the owners permission).
These efforts represent a type of easily decomposable parallel problems, much like image rendering, where individual computers do not (for the most part) need to communicate with the other computers working on the same problem. Such approaches also lend themselves to dynamic methods of parallel computing, because there is little or no communication required to between systems.
So, what can this botnet computer really do? Well, it seems to be good at broadcasting email which doesn’t require a whole lot of extended system resource time (i.e. memory, disk, CPU). The other possibility is key cracking, which is a highly distributable problem (it is a huge trial and error process) and could potentially be a concern.
I would, however, invite those who think such a problem could be solved on a botnet to consider the flash mob results, in terms of how many usable systems they might really have at their disposal.
You’ll find a big difference between broadcasting email from a botnet and spinning up a computer to run an intensive cracking program. Indeed, if the computer is being heavily used by the owner, the slowdown due to memory and CPU contention would probably result in the owner rebooting the machine.
In the best-case scenario the owner would now be convinced her computer was malfunctioning and hire one of those Geek Squad guys to come over and reinstall the software (with security patches this time). Of course, you could do fancy things with extra cores and background processing, but you know, buying a real cracking cluster with money you made from little blue pill spam might be a more effective way, but then there is the power and cooling issue, and the fact that spammers want to throw spam from a range of IPs rather than a single network.
It seems being an evil genius is not as easy as one would like, even when you get the good PR from the blogsphere.
Douglas Eadline is the Senior HPC Editor for Linux Magazine.