Slashdot Mirror
CEO Indicted for DDOSing Competitors
ruland writes "It turns out there was a reason the hosting company CIT/Foonet was raided in February. SecurityFocus.com reports that the CEO of a web-based satellite T.V. retailer has been indicted for allegedly paying Foonet's administrator to arrange denial of service attacks against his competitors, causing outages as long as two weeks at a time, and $2 million in losses. Now he's skipped out on $750,000 bail, while the five packet monkeys who worked for him are left facing felony charges of their own."
I seem to recall quite an uproar surrounding the seizure before. People yelling about the government raping the constituion, etc.
Glad I was one of the people that decided to wait and see what it was all about instead of taking it as a sign that our government was overextending itself. Not that they don't, but I'm guessing this isn't one of those times if everyone on staff got felony charges.
Whee signature.
According to the article, they think the CEO's skipped town to Morocco. Don't we have an extradition treaty w/them? If so, it shouldn't be that hard to get him back, assuming Morocco's police play along.
My company was a direct target of these assholes. It is about time the FBI finally did something. They are the reason I am paying more for my servers than any other IRC shell provider.
AcmeShells.com The cheapest Eggdrop
RackSpace fought back, but the attackers proved determined and adaptive. In mid-October the simple SYN flood attacks were replaced with an HTTP flood, pulling large image files from WeaKnees.com in overwhelming numbers. At its peak the onslaught allegedly kept the company offline for a full two weeks.
Wouldn't it have made more sense to host these files from a tarpit? If you know you're under attack by zombie hordes that are going to repeatedly ask for a file, why not give it to them s--l--o--w--l--y? Although I suppose that since the attacks were being watched and changed frequently, the attackers probably would simply have switched tactics again.
Anyway, is it possible or practical to use the logs of the http flood to go back to the zombified PC owners and "fix" them? HTTP requires a real connection, which is traceable. Or should that list just be delivered to their ISPs and have the ISPs shut them down until they're virus free?
John
If a manager asks me to do something that is morally or legally questionable, I ask them to send me a signed memo with their request. That usually makes them go away and drop the subject.
Mea navis aericumbens anguillis abundat
The best thing to do is refuse, and if you lose your job... there could be worse things. But still, it sucks
I imagine that, for the five packet monkeys, there couldn't be much worse than losing their job. They probably didn't have shining resumes, were probably on their last legs of financial debt hell, and possibly didn't interview very well.
When faced with joblessness and possible homelessness a little DDoS doesn't look that bad. I don't advocate network disruption but we need a way to offset the overwhelming balance of power that comes with wealth so that people aren't caught in this kind of position.
I guess I'm only posting because I feel sorry for the five-packet monkeys who've probably been subsisting on Ramen noodles for the last three years only to end up charged with felonies.
+++ATHZ 99:5:80
Or, report him to the police
Uhhh... yeah. I'm sure they'll take a police report and get right on that. Watch out for the corporate retaliation.
+++ATHZ 99:5:80
Someone please tell me why I should feel sorry for the poor "monkeys" that were helping him commit felonies? This isn't a digital rights issue, this isn't a case of big guy trampling little guy. They partook in organized crime and gave computer people a bad name, why should we care that they are left hanging?
- Short company Y.
- Initiate DDOS campaign intended to temporarily cripple company Y and drive its stock price down.
- Cover at the depressed price.
- Profit.
Certainly the SEC would look askance at short-sales before a coordinated DDOS attack, but if a nebulous entity in Eastern Europe is doing the dirty work while a nebulous entity in East-Asia is doing the shorting, it could be extremely difficult to prove a connection.No this isn't a recommendation or some novel idea. In fact, I'm certain that organized crime is well ahead of us in the nefarious schemes department.
Right. This is pretty much the equivalent of nailing the competitor's doors shut and blocking his parking lot with dump trucks so the customers can't come in and buy. We already have laws to deal with such behavior, and they should be used.
Saying we need new laws just because a computer is involved is like saying we need separate laws against bank robbers who come in through the front door and bank robbers who come in through an open window.
They try to get the foot soldier to do their dirty work and hang them out to dry at the first opportunity. The moral of the story: If you do someone's dirty laundry for them, expect to get dirty. These "packet monkeys" deserve all they will get.
I actually got attacked by one of these guys' botnets (Krashed I believe) when a friend IRCing from my connection pissed him off. I traced him to Foonet thinking "great, I know the head admin from being an IRC junkie back in the day" and when I told him what was going on he acted like it was no problem. I thought he should have been a little more concerned about some punk kid attacking people from his net. Figures.
Not as retarded as those criminals at this company who bribed competitors janitors to steal documents. Oh. But is retarded the right word - that company's doing well. Sad that sometimes these techniques do pay.
So, what's that make them, 1 for 20?
There's a valid point of view that says one step forward does not make up for two steps back.
I watched "The Great Escape" the other night. On the second DVD there's a recreation of the investigation of what really happened.
There was a recreated interogation of a young german officer who had received orders to shoot the escapers in the back of the head during a pee break (orders which came from Hitler). He questioned his orders, and was basically told do it, or we shoot you.
After the war he was captured, tried for murder, and hanged.
Obviously that was a different time, and a different place, but to be a young guy in that sort of "damned if I do, damned if I don't" situation must really suck.
Note that I am not saying the cretins above had any other choice.. unless it turns out that the employer was holding their mothers as captives and threatening conduct executions if the DDOS didn't go ahead.
Norman Cook's Ode to Sl
My wife went through something like this. At the time, we were just dating, but the situation was the same. She had seen some "accounting irregularities", contacted the FBI and discovered her boss was into all sorts of illegal crap. So she brought in the papers to them over the course of several months.
She wound up getting another job not too long after, and we didn't have to go into something weird like witness protection or some such. But it was a little freaky, and it's probably the reason why I wound up marrying her: I knew that she'd do the right thing no matter what. If nothing else, she would keep me honest.
52 Weeks, 52 Religions with John Hummel
"I'm going to be a sympathetic realist."
"Look, we like you, but you're screwed and you're going to die someday. M'kay?"
"American society is all about relative ethics. People who are rich and powerful get away with it."
Spot the poor founding father. You just ended up with a committee of aristocrats rather than a single guy in a hat, but essentially the American dream is a carrot on a stick. Having said that, the American political model is the best one I've seen, it's just suffering from the effect of large corporations having the rights of individuals, the ethics of serial killers and the pockets of some small African nations.
Oddly Draconis
Too cynical to live, too stubborn to die.
As a general rule of thumb, the FBI and similar organizations don't go around raiding the `good guys'. It does happen sometimes ( one good example), but it's not the general rule. But the thing that tends to be forgotten is that even the `bad guys' have rights, and the FBI (and similar organizations) tends to violate these rights, and that's what people tend to get really upset about. And then there's things that aren't really `rights', but should happen anyways. For example, if they take all your hardware, and don't charge you with a crime, you should get your hardware back QUICKLY and UNDAMAGED. But I digress ...
As for Waco and Ruby Ridge, the people involved were definately `bad guys', but the government wasn't exactly being `good guys' either.
As for the FBI going after these DDoS monkeys, good for them. It's about time.
Just because the suspects turned out to be really criminals in this one case doesn't justify FBI's over-the-top actions. Just as easily, the suspects could've been innocent and would've been deprived of their belongings for no reason. That is BAD.
Repeat after me: the ends do not justify the means. Especially when it comes to law-enforcers. And no, it's NOT "the world we live in". We live in this world because people have become sheep. Suspects are innocent until proven guilty and must be respected like all other citizens. This one case turned out ok in the end, but what about the cases that turn out wrong? One case that turns out wrong is one case too many.
Here is a log of EMP just a few minutes ago. http://www.xbox-irc.net/log.txt
AcmeShells.com The cheapest Eggdrop
Or maybe you might remember Ruby Ridge or Waco. Or maybe you might remember some of the excesses since 9/11. Was this a good bust or bad one? It looks more like a good one. Don't automatically think that they are the evil jackbooted minions of the evil overlord. Nor should you automatically presume that they are the good guys.
Actually, you can only collect unemployment if you get unemployed through no direct fault of your own. Resigning doesn't count.
It does if you had to resign because you were asked to do something illegal or due to other pressures outside your control (such as being sexually harassed by your manager).
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
So what means are justified in this situation? What could the FBI have done that would have satisfied you?
Tell us how YOU would have approached this situation, knowing now that the suspects WERE doing something bad. How could the FBI have done anything or found evidence that could link them to the crime, without the bad guys erasing everything they had?
I always see people talking about the government overstepping their bounds, yet offer no real solution that can actually catch bad guys red-handed. I mean, I kinda agree with you...I don't want the FBI breaking down someones door and taking away everything for no reason or because they "think" illegal activity may be going on. But I look at it from their point of view also, how are they going to catch people that don't play by the rules?
"Music is everybody's possession. It's only publishers who think that people own it." - John Lennon.
I only think you are enforcing the dilemma, not eliminating it. I think the one with the power should be held more accountable because the power meant having different forms of coersion. I don't think the ones that followed it shouldn't be unaccountable, I don't think it is fair to punish the trigger more harshly than the one that ordered it to be pulled.
I really don't know what the military procedure is on illegal orders. In totalitarian regimes, disobeying an illegal / immoral order probably means death. For most Western militaries, it might be a reprimand, but for corrupt officers that think they are just outside of being held responsible, I don't think a threat of death is outside the realm of the possibility if said officer felt a threat to the power they have.
Then you have the defense of coersion.
In a business, disobeying an unlawful order means a firing. Obeying possibly means getting put in jail.
Of course, maybe not enough information is out on this.
Ideally bail is to give the accused time to prepare their defense. It's hard to talk with your alibi witnesses if they don't know you're in jail.
In reality bail is another method of enforcing an unofficial social caste system. Poor people can't get out to find decent legal counsel. They're stuck with the run-of-the-mill public defender who always advocates a "guilty" or "no contest" plea. The cycle repeats itself indefinitely.
In science it's called chromatography. If you have a jar of mixed large and small pellets you can separate the pellets simply by vibrating the jar for a long enough period of time. In society every accusation leveled against you is the equivalent of one vibration. If you're priveleged or wealthy you shake up. If you're poor or well-framed you shake down.
+++ATHZ 99:5:80
Al Quaeda endorses Bush
The statement said it supported U.S. President George W. Bush in his reelection campaign, and would prefer him to win in November rather than the Democratic candidate John Kerry, as it was not possible to find a leader "more foolish than you (Bush), who deals with matters by force rather than with wisdom."
In comments addressed to Bush, the group said:
"Kerry will kill our nation while it sleeps because he and the Democrats have the cunning to embellish blasphemy and present it to the Arab and Muslim nation as civilisation."
"Because of this we desire you (Bush) to be elected."
You just know it's a bad idea to DDoS the Department of Homeland Security servers :-). I suspect this investigation would never have gotten off the ground if they hadn't taken out an important government site in the collateral damage when they hit the name servers at one of the ISPs.
:-) and then hit the name servers. I hope they throw away the key on these scumbags.
This was a concerted and persistent attack on several sites, they didn't just SYN flood, they pulled masses of HTML data (slashdot attack
However, when has this kind of case *ever* been investigated in the past? We've had any number of similar attacks but the DOJ sat on their lazy ass and did nothing about it. Let's hope this opens their eyes to this type of crime and they start chasing the perpetrators.