The Central Server and Web Portal

As with any botnet, the central server was the heart and soul of the auto sniper. It supported a web portal that replaced the frustrating interface on the original website. Instead of competing with everybody else to purchase vehicles at a precise moment, my client now leisurely selected vehicles he wanted to buy at the botnet's web portal. The central server then assigned these cars to individual harvester computers. Later in the day, my client used the web portal to discover which cars had been purchased by the botnet.

Harvesters

We deployed between one and 12 harvesters for each car we wanted to buy. The harvesters were distributed around the country. Some computers ran one harvester, and others had multiple instances of harvesters running simultaneously. In all cases, the harvesters ran on computers that we owned (unlike nefarious botnets like Conficker that prey on other people's computers). Once assigned to a vehicle on the sale (target) website, the harvester would verify that the car was still active in the sale and lock onto the web server's clock. As the sale grew near, it would more closely synchronize with the sale server's clock. During the synchronization process, each harvester also gauged the amount of server latency and estimated how many people were using the website.

Depending on how many people were estimated to be buying cars on the website, each harvester would send precisely timed requests to purchase its assigned vehicle. On particularly busy days, the request was made as early as five seconds before sale time. In most cases, however, the request to purchase a car was made closer to the actual sale. Once a sale was confirmed, the harvester would pay for the vehicle and arrange for shipping to my client at his dealership.

Most of the botnet's individual attempts to purchase cars failed, but collectively, the botnet had a purchase success rate of more than 95 percent. This rate is remarkable if you consider that, before using this botnet, the success rate was so dismal that it wasn't even worth trying to buy the cars. Using this sniper botnet, my client was almost assured of getting any vehicle he wanted from the sale website. In fact, I had to continually temper my client's enthusiasm and remind him "not to get greedy" by attempting to purchase too many cars in a single day.

The sniper botnet ran for more than a year and purchased millions of dollars of cars with very little need for maintenance. We did, however, at one point discover that we were competing with another automotive dealership that also used some automated methods for purchasing vehicles from the same website. This lead to an inevitable competition with the other programmers. It also lead to the clock synchronization techniques described earlier. Once clock synchronization was implemented and tuned, our botnet again dominated the competition, even the competition from the other botnet!

Under the Hood

Although the internal operation of the botnet might sound complicated, the process of developing any botnet is drastically simplified when tasks are viewed individually and the correct tools are used. Following are some code snippets that demonstrate how writing an effective commercial botnet isn't as hard as it looks. One thing that makes development easier is the set of open source tools I've developed for this purpose, which you can find online [4]. The libraries include functions for parsing and downloading web pages, as I'll explore next. They also include code that will aid many other tasks, like resizing images, writing spiders, and communicating with email servers.