Slashdot Mirror

← Back to Stories (view on slashdot.org)

Creators of Massive Botnet Arrested

Posted by CmdrTaco on from the well-maybe-don't-do-that dept.

DigitumDei writes "Dutch police has nabbed 3 men (aged 19,22, & 27) who alledgedly used the toxbot trojan to create a botnet of over 100000 machines. The trio conducted a DDOS attack against an unnamed US company in an extortion attempt, as well as using phishing tactics to hijack PayPal and eBay accounts. From the article: 'Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday. The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.'"

18 of 243 comments (clear)

  1. Good! by RedNovember · · Score: 5, Insightful
    I'm happy these guys were arrested. Things like this scare companies and people away from technology. Not to imply that modern companies will survive without computers, but will your boss think long and hard before approving tech budgets? You bet. I've never heard of a bunch of crackers extorting a company.

    This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"

    On the other hand, security folks may have a budget windfall thrown their way. Considering '"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."' Those security people better get to it.

    --
    "MY APOCALYPTIC TENOR HAS NOT BEEN DISPELLED!" - T-Rex, qwantz.com
    1. Re:Good! by LiquidCoooled · · Score: 2, Insightful

      the problem with most DOS attacks that hit the news is once it hits the news, thousands of individual web users from around the world all click the link just to see if the site is still down.

      Each person doing that is unwittingly taking part in the DOS attack.
      If you think slashdot effect is bad, think about the slashdot AND routers/yahoo/NYT/humble news sties all ganging up on one site.

      This is how googlewent down recently, not because of the worms activity, but because of peoples curiosity.
      Sure, the worm had an effect, but nowhere near as bad as the casual knock on effect of browsing.

      How many times have you done the following:

      Seen a story saying xyz.com is under attack.
      Your action -
      "is it still under attack?" .....CLICK.... .....no response..... .......CLICK CLICK.....
      "Yep, its still down".

      if thats similar to your actions, congrats, you are personally a bot :)

      --
      liqbase :: faster than paper
  2. Re:If only i had my own 100k computer matrix... by kalirion · · Score: 4, Insightful

    What's the point when you can just put in your maximum bid and eBay raises your active bid as the bidding warrants?

  3. Sure, this will solve the problem... by dachshund · · Score: 4, Insightful
    The lesson for these guys is: next time you try to profit off of your computer crime, make sure that you have strong connections with organized crime, or live in a country with lax computer crime laws and have a tight financial relationship with the police. I'm glad to hear about this sort of thing, but I don't think it's going to do anything to actually reduce the number of bots out there. Rather, it'll just ensure that future botnets are run by nastier, better-protected individuals and organizations.

    I wonder what it would take to convince the world that these unsecured machines are an actual security threat, rather than an annoyance?

  4. What a great idea... by MarkusQ · · Score: 4, Insightful

    The botnet was dismantled, prosecutors said, with help from...

    Why didn't I think of that! That's 100,000 lusers that won't be getting infected again soon, unless they learn enough to reassemble their boxen, by which point...*sigh* What am I thinking? They'll probably just buy new systems and throw the piles of parts out. They'll be back on bot nets by this weekend.

    What they need to do is dismantal the owners!

    --MarkusQ

    1. Re:What a great idea... by Anonymous Coward · · Score: 1, Insightful

      Your an idiot.

      Everybody's an idiot, if you pick the right criteria. MarkusQ appears to think people who don't know to install security patches are idiots. You think that people who joke about "lusers" are idiots.

      What about me? I'm often an idiot myself, but I think the most amusing idiots are people who lack a sense of humor and make ironic writing mistakes. You're free to disagree, of course.

  5. Re:Good, but... by Anonymous Coward · · Score: 5, Insightful
    Well, just like the marijuana laws on the books (forced by other countries), it's public policy not to enforce things that are considered a waste of law enforcements time.

    The government said themselves that making file sharing a criminal offence just turns a large portion of the population into criminals for no real benefit. This is similar to the drugs policy. From Wikipedia:

    However, a policy of non-enforcement has led to a situation where reliance upon non-enforcement has become common, and because of this the courts have ruled against the government when individual cases were prosecuted.

    This is because the Dutch Ministry of Justice applies a gedoogbeleid (policy of tolerance) with regard to soft drugs: an official set of guidelines telling public prosecutors under which circumstances offenders should not be prosecuted. This is a more official version of the common practice in other countries, in which law enforcement sets priorities as to which offenses are important enough to spend limited resources on.

    Proponents of gedoogbeleid argue that such a policy offers more consistency in legal protection in practice, than without it. Opponents of the Dutch drug policy either call for full legalization, or argue that laws should penalize morally wrong or decadent behavior, whether this is enforceable or not.

    So no, the government tends to go after real criminals, rather than waste time on teenagers with too much free time.
  6. Re:25 miles south of Rotterdam? by badfish99 · · Score: 4, Insightful

    I always thought that Americans were just plain ignorant about European geography. Now I know it's because you've been going round telling them that Madrid is close to London.

  7. Re:Let the punishment fit the crime by pe1rxq · · Score: 2, Insightful

    Because real studies have shown that stiff sentences do wonders besides making the pitchfork carying mob happy?

    --
    Secure messaging: http://quickmsg.vreeken.net/
  8. Re:Environmental problem by onepoint · · Score: 2, Insightful

    What I would like to see is all those machines patched up, I would guess that it could be possible to slide a patching program via the bot-net.

    Onepoint

    p.s. In thinking about this, I find that most likely it would be illegal

    --
    if you see me, smile and say hello.
  9. Re:glaring gramatical error by SatanicPuppy · · Score: 1, Insightful

    Heh. From what I know of the Dutch, I'd be more likely to believe the submitter was Dutch if there wasn't a grammatical error. I hear they make fun of school kids over there who only speak three languages.

    That being said, you're probably right. The most common mistake people make in foreign languages is subject/verb agreement.

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
  10. Re:Let the punishment fit the crime by pe1rxq · · Score: 2, Insightful

    I know the ideas and reasoning behind stiff sentences, that doesn't mean it works.
    Like amputating a hand after stealing, very scary but does it actually make crime rates go down?
    If one isn't afraid of getting caught the sentence doesn't matter.

    --
    Secure messaging: http://quickmsg.vreeken.net/
  11. Re:25 miles south of Rotterdam? by RickySan · · Score: 1, Insightful

    If you look at it on the scale of things then for them thats probably true.. Holland fits 144 thousand times into a country the size like Canada (which is a bit bigger then the states), with distances like that their mindset towards them is different. so that distance would probably be close for their standards.. It's one thing to bitch about their lack of geographical knowledge (which we all know is pretty bad when it comes to overseas knowdledge), but you have to see the other side of the coin as well. How much do you know about the states?, your knowledge about that is probably just as bad as theirs is of europe;)

    --
    "If it's true that our species is alone in the universe, then I'd have to say that the universe aimed rather low
  12. Re:Good, but... by CmdrGravy · · Score: 2, Insightful

    Listen, here's a hot tip if you ever want to get on a cops good side ( such as when they are giving you a traffic ticket or whatever ). All you have to do is ask them loudly "Why aren't you out catching the real criminals eh ?" and they will instantly feel warm and friendly towards you and treat you with the deference, courtesy and respect you deserve.

  13. Re:Extortion? by pnice · · Score: 2, Insightful

    I thought the point of these attacks was to bring the page down so they could no longer conduct business and make money. Gambling, sports betting, high traffic ecommerce sites...places like that lose money per a second when their equipment is down. If the amount it costs to keep the DDOS from happening (the payoff) is much less than the amount of money they would lose if their site went down there is a good chance the people will pay to keep it from happening. At least I thought that was why they would do it.

    --
    My Xbox Live Gamer Card
  14. Re:Extortion? by sleeper0 · · Score: 4, Insightful

    The motivation behind this kind of extortion is (obviously) money. It definitely happens and companies definitely do pay. It doesn't usually happen to the largest and best connected firms, and not that much to US based firms as compared to the rest of the world, but it's going on all the time. It doesn't get a lot of press because victims that pay are very unlikely to publicize the event. It is mostly focused on business that do most or all of their revenue over the net.

    You greatly underestimate the trouble an extremely large DDOS network can cause via sheer packet volume. It might make you reboot your server or pay more in bandwidth for the month? First off the targets of these things are using pretty substantial server farms, not your debian server you have your cat's pictures on. The servers may or may not crash but they certainly wont handle the load. And neither will your load balancers, database servers, routers, firewalls, IDS's, the list goes on and on. Not only that but your ISP won;t handle the load either, all of their stuff starts to break. And depending on how far down the food chain you are maybe your ISP's ISP. All the way up to the tier 1 who can handle it but certainly doesnt want to.

    The short answer is is even if all of your technology works flawlessly and isn't crashing left and right (which it most certainly will be), you've never bought a pipe nearly big enough to handle the traffic you're getting so your real customer's traffic is taking forever or just getting dropped on the floor. After 6-24 hours of your DDOS problems impacting all their other customers, your ISP gets their providers to null route your IP space, putting you in the dead calm of the eye of the storm. Everything works again now, except your customers can't reach you. If you measure your earnings based on people connecting to your shop or services that is obviously a very big deal.

    If you fight, the fight is going to be very tough. First you need a sympathetic ISP that will let you fight and help you fight - that probably isn't your existing ISP and ones that will are in short supply. Basically a tier 1 or major colos that are very undersold so they have the bandwidth to burn without taking out the rest of their customers. Next you need someone who understands what needs to be done and fast and will work around the clock to do it - realistically you're probably looking at maybe hundreds of people total in the US that have a very strong background in such things and would be available - and maybe dozens of people that have actual direct experience (on that scale). They will obviously cost money. So will building a completely brand new intelligent filtering network over night - in addition to the hardware costs of the new boxes and the connection costs for the new ISP - this isnt off the shelf software either, at least probably not.

    Maybe you can start seeing why it's a bit more of a big deal than maybe rebooting your software - why people choose to pay - and that's why it's profitable.

  15. Who is this XS4ALL? by horza · · Score: 4, Insightful

    What is the real identity of this Dutch ISP XS4ALL? Fighting spammers (though losing appeal), defending the rights of clients to hyperlink and refusing to be bullied by court orders, and now taking down BotNets. Apparently the founders sold out for millions, but they seem to go well beyond the Google "do no evil" philosophy to pro-actively defending the rights of their customers at considerable risk to themselves. It's the kind of company the deserves to win an awful lot of business.

    Phillip.

    --
    Property for sale in Nice, France
    1. Re:Who is this XS4ALL? by AlXtreme · · Score: 4, Insightful
      XS4ALL was founded in '93 as the Dutch version of Demon, the UK ISP. In spite of the KPN (ex government-controlled/monopoly telco) buy-out, they have maintained their philosophy of protecting the interests of their customers and doing the Right Thing(tm).

      Strong ties with Bits for Freedom (our version of the EFF), best Dutch ISP year after year, support for *nix systems, frequent new experimental services. Only pain is that they're also one of the more expensive ISP's. You get what you pay for, and with XS4ALL they give you the works.

      (for the record, I'm a long-time customer so I am rather biased. But these guys aren't your average ISP)

      --
      This sig is intentionally left blank