Creators of Massive Botnet Arrested

DigitumDei writes "Dutch police has nabbed 3 men (aged 19,22, & 27) who alledgedly used the toxbot trojan to create a botnet of over 100000 machines. The trio conducted a DDOS attack against an unnamed US company in an extortion attempt, as well as using phishing tactics to hijack PayPal and eBay accounts. From the article: 'Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday. The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.'"

Extortion?

Dat's a nice website ya got dere. SHAME if sumtin happened to it.

/Godfather music in background

Re:Extortion?

[SatanicPuppy]

Sad but true...DDoS extortion is actually pretty common. Not really much other use for a botnet that big...'cept maybe to crunch an unholy large number of SETI packets.

Maybe if they put all those computers together to type up story submissions, occasionally I wouldn't have to see one with a glaring gramatical error in the first three words.

Re:Extortion?

[tonsofpcs]

They could use them to help find Mersenne Primes. Just a thought.

Re:Extortion?

[billcopc]

What could possibly be the motivation behind such extortion (and their victims) ? I mean, when The Don shows up at your place of business with two thugs and a ferret, they're threatening your physical well-being. When a bunch of overseas l33t-hax0rz show up at my server's IP, I don't soil my Depends. It's just data.

Sure, they could run up a hefty bandwidth bill, but that's about the only thing bot-DDOS can really do, maybe forcing me to reboot the box. Boo-hoo. It's not like they own the cops, tne judge, the jury, the witnesses etc.. they're no mob, they're a bunch of blonde little shits from Sweden. They are a minor nuisance at best, and stand to lose far more than they could possibly gain.

Now if someone were doing this in partnership with the ISP, taking their cut of the bandwidth overage... Oooh road trip!

Re:Extortion?

[pant]

If you mention extortion again, I'll have your legs broken.

Re:Extortion?

[pnice]

I thought the point of these attacks was to bring the page down so they could no longer conduct business and make money. Gambling, sports betting, high traffic ecommerce sites...places like that lose money per a second when their equipment is down. If the amount it costs to keep the DDOS from happening (the payoff) is much less than the amount of money they would lose if their site went down there is a good chance the people will pay to keep it from happening. At least I thought that was why they would do it.

Re:Extortion?

[HarpyG]

Dat's a nice website ya got dere. SHAME if sumtin happened to it. /Godfather music in background

Dat's a nice website ya got dere. SHAME if it got posted on /. . Who needs a botnet ...

Re:Extortion?

[sleeper0]

The motivation behind this kind of extortion is (obviously) money. It definitely happens and companies definitely do pay. It doesn't usually happen to the largest and best connected firms, and not that much to US based firms as compared to the rest of the world, but it's going on all the time. It doesn't get a lot of press because victims that pay are very unlikely to publicize the event. It is mostly focused on business that do most or all of their revenue over the net.

You greatly underestimate the trouble an extremely large DDOS network can cause via sheer packet volume. It might make you reboot your server or pay more in bandwidth for the month? First off the targets of these things are using pretty substantial server farms, not your debian server you have your cat's pictures on. The servers may or may not crash but they certainly wont handle the load. And neither will your load balancers, database servers, routers, firewalls, IDS's, the list goes on and on. Not only that but your ISP won;t handle the load either, all of their stuff starts to break. And depending on how far down the food chain you are maybe your ISP's ISP. All the way up to the tier 1 who can handle it but certainly doesnt want to.

The short answer is is even if all of your technology works flawlessly and isn't crashing left and right (which it most certainly will be), you've never bought a pipe nearly big enough to handle the traffic you're getting so your real customer's traffic is taking forever or just getting dropped on the floor. After 6-24 hours of your DDOS problems impacting all their other customers, your ISP gets their providers to null route your IP space, putting you in the dead calm of the eye of the storm. Everything works again now, except your customers can't reach you. If you measure your earnings based on people connecting to your shop or services that is obviously a very big deal.

If you fight, the fight is going to be very tough. First you need a sympathetic ISP that will let you fight and help you fight - that probably isn't your existing ISP and ones that will are in short supply. Basically a tier 1 or major colos that are very undersold so they have the bandwidth to burn without taking out the rest of their customers. Next you need someone who understands what needs to be done and fast and will work around the clock to do it - realistically you're probably looking at maybe hundreds of people total in the US that have a very strong background in such things and would be available - and maybe dozens of people that have actual direct experience (on that scale). They will obviously cost money. So will building a completely brand new intelligent filtering network over night - in addition to the hardware costs of the new boxes and the connection costs for the new ISP - this isnt off the shelf software either, at least probably not.

Maybe you can start seeing why it's a bit more of a big deal than maybe rebooting your software - why people choose to pay - and that's why it's profitable.

Re:Extortion?

[Fishstick]

yah, wasn't there a story on /. a while back about an online casino site being targeted and extorted and how he fought back instead of paying. Really pissed off the attacker, he was used to just getting paid and not having to expend that much effort beyond a demonstration.

Re:Extortion?

[turbofisk]

Yes there was, and it was a fabulous read... Here's a link: http://it.slashdot.org/article.pl?sid=05/05/04/133 7237&tid=172

Re:Extortion?

[Fishstick]

Thanks!

Re:Extortion?

Ha! Nice.

Re:Extortion?

[jonaskoelker]

You greatly underestimate the trouble an extremely large DDOS network can cause via sheer packet volume.

Unless your site has been mentioned in a story here on /. ^_^

Re:Extortion?

[billcopc]

Posts like this are what brought me to Slashdot in the first place!

Thank you! Thank you!

a botnet of over 100000 machines

[wiredog]

I hereby declare a new metric for measuring the size of botnets: The MegaBot. 1 MegaBot==10E6 Bots.

Re:a botnet of over 100000 machines

[catch23]

My math is a bit rusty, but isn't 100000 == 10e5? It should be a 100 kilobot instead....

Re:a botnet of over 100000 machines

[mustafap]

>1 MegaBot==10E6 Bots.

No no no no no. How many times to we have to tell you?

1MegaBot == 1024*1024 bots.

Dammed marketing bots.

Re:a botnet of over 100000 machines

actually, it's 1e5. XeY means X*(10^Y)

Re:a botnet of over 100000 machines

[Epistax]

I suggest the computing power be listed in units of moonlander equivalents.

Re:a botnet of over 100000 machines

[Smidge204]

Simple: 0.1 Megabots.

=Smidge=

Re:a botnet of over 100000 machines

actually, it's 1e5. XeY means X*(10^Y)

For the non-beginners at this game: eee equals about 1421

Re:a botnet of over 100000 machines

[Jugalator]

No no no no no. How many times to we have to tell you?
1MegaBot == 1024*1024 bots.

No!! You're talking about a MebiBot!

// Random Mebi Enforcement Zealot

Re:a botnet of over 100000 machines

actually 100,000 = 1e5 = 1x10^5 (not 10e5)

Re:a botnet of over 100000 machines

Last update was they'd found > 1,000,000, so it's official it's a MegaBot. 8)

Re:a botnet of over 100000 machines

At least try to be correct yourself when you correct someone else; in engineering notation XeY = X * 10^Y, so 100000 = 1e5

Re:a botnet of over 100000 machines

So, I run into these 3 Dutch guys one night.
They show me this cool computer program they wrote and...
Yotta Yotta Yotta, I've got 3*10^24 bots under my control.

Re:a botnet of over 100000 machines

[Jeremy+Erwin]

Now, if slashdot had sourced this story from an Indian publication, the word "lakhbot" might be tripping over our tongues right now. Or, even petibot.

Re:a botnet of over 100000 machines

I don't care. I'd love to have a Beowulf cluster of them.

Re:a botnet of over 100000 machines

[xappax]

I dunno if it'll catch on - it just makes me think of Voltron...who come to think of it could probably launch some really badass DDoS attacks.

Pwned!

[mattcurrie]

Pwned!

If only i had my own 100k computer matrix...

[Monolith2]

Id never lose another ebay auction. 100k snipes every nanosec!

Re:If only i had my own 100k computer matrix...

[kalirion]

What's the point when you can just put in your maximum bid and eBay raises your active bid as the bidding warrants?

Re:If only i had my own 100k computer matrix...

[ackthpt]

Id never lose another ebay auction. 100k snipes every nanosec!

Try bidding like you mean it, cheapskate!

Re:If only i had my own 100k computer matrix...

[ProfFalcon]

Sure, go ahead and put your Ebay username and password onto that many machines. I'm sure nothing bad could come of that.

Re:If only i had my own 100k computer matrix...

[pclminion]

What's the point when you can just put in your maximum bid and eBay raises your active bid as the bidding warrants?

Because bidding on an item calls attention to it. If bidding activity on an item is fierce and heavy, sniping has no benefit. But imagine a situation where you are vying for an item with only one other person. You do not want to set your maximum bid right away, because the other guy's valuation of the item is probably similar to yours -- he'll bid up right away. The other person, of course, follows the same logic and also starts with a lowball bid. Now, since neither party is using automatic bidding, they have to keep checking on the item to see if they've been outbid. What sniping does is allows the other person to become complacent, and not set their actual maximum bid. You can then come in at the last second and bid slightly over them and get the item before they can react.

The reason bidders behave this way is because they are hoping the other guy doesn't know the "true value" of the item. Placing a realistic maximum bid would only drive the price up. But if you are knowledgable of an item's true value and conceal that from the other participants by bidding low at the beginning, you have a better chance of getting the item at a lower price.

Re:If only i had my own 100k computer matrix...

This is imformative? The purpose of sniping is to leave an auction alone showing no interest and thereby keeping the price low. Then, at the last possible second, place your maximum bid and try to stop others trying to overbid you.

Re:If only i had my own 100k computer matrix...

[karmatic]

The system works this way because people don't use it the way it's designed - everyone puts in their maximum bid, and the system sorts the mess out.

Here's the thing: if you are willing to pay even one cent more, it wasn't your maximum. People like to bid back and forth, watch the auction, and make it more of a game than a business transaction. It has nothing to do with "true value" - people just bid less than they are really willing to pay (and they do so even if they are the only ones bidding on an item). Proxy bidding ups your bid automatically, so it's unnecessary. Snipers just take advantage of the fact that people don't put in their maximum bid in the beginning. A sniper can't beat someone with a higher bid, and in fact the sniper doesn't have time to respond either, giving the proxy bidder an advantage.

Re:If only i had my own 100k computer matrix...

[pclminion]

The system works this way because people don't use it the way it's designed - everyone puts in their maximum bid, and the system sorts the mess out.

I think any strategy which achieves results is a legitimate one. Unfortunately it's hard to do a controlled test to see whether closing prices on the average are higher or lower in a system which allows sniping. It depends on the makeup of the bidding crowd, for sure.

Wow.

[Black+Parrot]

A city-wide Thieves Guild is understandable, but a National Crime Center is just going too far.

Re:Wow.

[ackthpt]

A city-wide Thieves Guild is understandable, but a National Crime Center is just going too far.

I bet you crack up every time you hear "You can't fight in here! This is the War Room!"

In the USA we have a National Crime Center, too. It's Washington DC. Amazing how fast they can make billions disappear, no bots, no phishing.

Re:Wow.

[blake3737]

we prefer to be called the "Legitimate Businessman's association"

Watchout for your cornholes!

[blankoboy]

On second thought......"let 'er rip!!".

/bums deserve a daily rapin' for many years.

I for one

[Spy+Handler]

welcome our new botnet overlords......

Good, but...

[sofakingon]

I wonder how much enforcement the Dutch police do for the MPAA/RIAA? Maybe, just maybe, if other criminal justice systems went after CRIMINALS, they could (once again) vailidate their existance. I remember when I was a kid you could actually approach a cop for help without them making it feel like a burden, or worse, being scared of even approaching them.

Re:Good, but...

[seti]

When I was in uni, we had a guy from the Belgian Computer Crime Unit (CCU) come and talk to us about computer criminality. We asked a load of questions, including whether they actually actively went after casual downloaders. Basically they said they were so swamped going after child pornography sites, they did not have any resources at all for those kind of activities.

Most police "cybercrime" units are still very underfunded.

Re:Good, but...

[Cooper_007]

Since the last A in both those abbreviations stands for 'America', it's probably not a heck of a lot... We've got Stichting Brein here who claims to represent copyright holders, but aside from the occasional high-profile bust that is intended to show they're still at it, they aren't doing that much. If they are, they're managing to keep their activities well hidden.

Re:Good, but...

[DingerX]

That's 'cos cops like helping kids. Very few cops are shot by 8-year-olds who can't find their mommy.

Re:Good, but...

Well, just like the marijuana laws on the books (forced by other countries), it's public policy not to enforce things that are considered a waste of law enforcements time.

The government said themselves that making file sharing a criminal offence just turns a large portion of the population into criminals for no real benefit. This is similar to the drugs policy. From Wikipedia:

However, a policy of non-enforcement has led to a situation where reliance upon non-enforcement has become common, and because of this the courts have ruled against the government when individual cases were prosecuted.

This is because the Dutch Ministry of Justice applies a gedoogbeleid (policy of tolerance) with regard to soft drugs: an official set of guidelines telling public prosecutors under which circumstances offenders should not be prosecuted. This is a more official version of the common practice in other countries, in which law enforcement sets priorities as to which offenses are important enough to spend limited resources on.

Proponents of gedoogbeleid argue that such a policy offers more consistency in legal protection in practice, than without it. Opponents of the Dutch drug policy either call for full legalization, or argue that laws should penalize morally wrong or decadent behavior, whether this is enforceable or not.

So no, the government tends to go after real criminals, rather than waste time on teenagers with too much free time.

Re:Good, but...

[crawling_chaos]

Very few cops are shot by 8-year-olds who can't find their mommy.

Ah, I see you have never visited Detroit.

Re:Good, but...

Real crimes like giving speed tickets and enforcement of parking violations.

Re:Good, but...

[Ogive17]

I don't think any government actively goes after drug users, they go after the distributors. The only people who get charged with using drugs are the ones who are dumb enough to do it publically or get high and get in an accident.

Re:Good, but...

[Jedi+Alec]

heh, and those disgusting B.I.G. commercials? The dutch geeks among us will know what I mean.

Re:Good, but...

[CmdrGravy]

Listen, here's a hot tip if you ever want to get on a cops good side ( such as when they are giving you a traffic ticket or whatever ). All you have to do is ask them loudly "Why aren't you out catching the real criminals eh ?" and they will instantly feel warm and friendly towards you and treat you with the deference, courtesy and respect you deserve.

Re:Good, but...

[WormholeFiend]

Most police "cybercrime" units are still very underfunded.

I think this is due to the fact that cybercrime is still pretty new, compared to other criminal means.

Most people in charge of police departments and people (often politicians) in charge of budget allocations are older and aren't used to dealing with cybercrime.

Once cybercrime goes past the critical boiling point, I predict a huge swing of the enforcement pendulum.

It wont be necessarily pleasant for everyone, especially people who enjoy their current relative anonymity online.

Re:Good, but...

[lawpoop]

Do the Dutch really have a Justice system based on gobbledegook?

mmm

the creators of the slashdot network are still at large tho :)

Re:mmm

[hardaker]

Pay me money or I'll submit a story to slashdot about your company every day.

Of course, this shouldn't scare you because of all the stories I've submitted to slashdot in the past (11-15) none were ever approved ;-) But as long as I don't tell you that I'm ok, right?

25 miles south of Rotterdam?

Does this info really help? How many Americans know Rotterdam? For that matter, how many Americans know the Netherlands? I've learned to alsways say "close to Paris" or "Close to London" when describing locations in Europe. Even if I'm talking about Madrid.

Re:25 miles south of Rotterdam?

[mtjs]

It is close to Jabbeke -- the city where I live. HA! Sais it all.

Re:25 miles south of Rotterdam?

For that matter, how many Americans know the Netherlands?

lol, what? si taht past teh stonebrunt mountains??/ what server u play on

Re:25 miles south of Rotterdam?

[poopdeville]

Yeah, de_rotterdam is a fun one.

Re:25 miles south of Rotterdam?

[badfish99]

I always thought that Americans were just plain ignorant about European geography. Now I know it's because you've been going round telling them that Madrid is close to London.

Re:25 miles south of Rotterdam?

[Koredor]

Does this info really help? How many Americans know Rotterdam?

Rotterdamn....that sounds vaguely familar.. Oh yeah now I remember it was one of my options for music in Ridge Racer for Play Station.

As to not be marked off-topic, the question really becomes not what to do with those behind the botnet, but what to do with the botnet itself. One could patch the entire network via the use of the very trojan that created it (which we know is illegal), but I think this might be a good change to get some extra cycles for SETI. I can just see Team Dutch National High Tech Crime Center moving up the rankings now.

Re:25 miles south of Rotterdam?

[RickySan]

If you look at it on the scale of things then for them thats probably true.. Holland fits 144 thousand times into a country the size like Canada (which is a bit bigger then the states), with distances like that their mindset towards them is different. so that distance would probably be close for their standards.. It's one thing to bitch about their lack of geographical knowledge (which we all know is pretty bad when it comes to overseas knowdledge), but you have to see the other side of the coin as well. How much do you know about the states?, your knowledge about that is probably just as bad as theirs is of europe;)

Re:25 miles south of Rotterdam?

[laejoh]

LOL!

Re:25 miles south of Rotterdam?

Ha! I'd wager the average European knows more US geography than the average American. The constant barrage of US TV/Movies and US biased Internet sites means I know more areas of New York than I do London (I'm British)

Re:25 miles south of Rotterdam?

[in-tech]

interesting stats there. [ 144 thousand times * holland = canada ]. hello dont believe this.

Re:25 miles south of Rotterdam?

[nomadic]

It is, Madrid is only 786 miles from London. That's less than the distance between New York and Chicago.

Re:25 miles south of Rotterdam?

[Jardine]

interesting stats there. [ 144 thousand times * holland = canada ]. hello dont believe this.

It's more like 240 * Holland = Canada.

Re:25 miles south of Rotterdam?

Well, for us it IS close...

http://portcanal.co.uk/cgi-bin/diser.pl?a=Madrid&b =London

That's like the distance from NYC to Chicago, not to far.

Re:25 miles south of Rotterdam?

[RickySan]

do the maths.. Canada is 9,984,670 Square KM Holland is 41,526 Square KM 9984670 / 41256 = (roughly)24044381883 (etc.) So your right i was wrong.. its more then 144..

Re:25 miles south of Rotterdam?

Madrid is close to London; anything under 1000 miles is close by North American standards.

Re:25 miles south of Rotterdam?

[badfish99]

That means nothing to me. Who knows how big Canada is?

The correct unit to use when explaining the size of countries is the size of wales

Re:25 miles south of Rotterdam?

[kwoff]

but you have to see the other side of the coin as well. How much do you know about the states?, your knowledge about that is probably just as bad as theirs is of europe;)

I know, right? Although I'm surprised sometimes how much some of my French friends here know about the US, if you think about it, Americans probably know about the same amount about Europe geographically. A French person probably knows roughly where New York, Miami, Chicago, Los Angeles, and San Francisco are, and it seems like a lot because it's all in one country. But even before I was living in Europe I knew roughly where Paris, London, Madrid, Berlin, and Rome were. Okay, maybe I didn't have a clear picture of where Switzerland was situated, but then again how many Europeans know where Ohio is? There will be some, just like there will be some Americans who know Switzerland. Now, they probably think people there speak "Swiss", but that's another story. :) (I consider myself a fairly knowledgeable person, so it's somewhat embarrassing that I didn't realize people spoke French in Geneva, Switzerland. Or maybe I did somewhere subconsciously, but I'd never really thought about it.)

Re:25 miles south of Rotterdam?

Madrid... that's the capital of Paris, where they wear Lederhosen, right?

I'm pretty sure that's near London, but I doubt I'll ever go there since I don't speak Italian.

Dutch tulips.

Hopefully, some Dutch tulips will be meeting Bubba soon.

Good!

[RedNovember]

I'm happy these guys were arrested. Things like this scare companies and people away from technology. Not to imply that modern companies will survive without computers, but will your boss think long and hard before approving tech budgets? You bet. I've never heard of a bunch of crackers extorting a company.

This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"

On the other hand, security folks may have a budget windfall thrown their way. Considering '"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."' Those security people better get to it.

Re:Good!

[ackthpt]

I'm happy these guys were arrested. Things like this scare companies and people away from technology. Not to imply that modern companies will survive without computers, but will your boss think long and hard before approving tech budgets? You bet. I've never heard of a bunch of crackers extorting a company.

In my experience a 'boss' who is scared of technology because of the risks is a doofus and should be replaced by someone with some spine and intelligence. Most problems of internal security stem from poor planning and failing to keep up. Any boss who thinks they can just approve one P.O. for security is thinking in ancient terms.

This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"

Hiring former hackers isn't necessarily a good thing. Many of these 'hackers' are the bad hackers, little formal understanding of technology, no depth of skills, poor interactive habits in a professional environment, etc.

On the other hand, security folks may have a budget windfall thrown their way. Considering '"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."' Those security people better get to it.

Shouldn't be. Only a Reactionist IT manager is going to suddenly jump on spending every time something new comes around. That's your classic hand-wringer who won't spend the money to close the door until after the horses have left the barn.

Re:Good!

[5.11Climber]

This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"

I think the days of companies hiring former hackers to bolster internal security is gone. Organized crime has taken over the field and any company that thinks a former hacker will be good for security is in for a big surprise.

Re:Good!

[LiquidCoooled]

the problem with most DOS attacks that hit the news is once it hits the news, thousands of individual web users from around the world all click the link just to see if the site is still down.

Each person doing that is unwittingly taking part in the DOS attack.
If you think slashdot effect is bad, think about the slashdot AND routers/yahoo/NYT/humble news sties all ganging up on one site.

This is how googlewent down recently, not because of the worms activity, but because of peoples curiosity.
Sure, the worm had an effect, but nowhere near as bad as the casual knock on effect of browsing.

How many times have you done the following:

Seen a story saying xyz.com is under attack.
Your action -
"is it still under attack?" .....CLICK.... .....no response..... .......CLICK CLICK.....
"Yep, its still down".

if thats similar to your actions, congrats, you are personally a bot :)

Re:Good!

Most news sites don't supply links for that exact reason. You have to search for the company/group website yourself, and most people don't care that much.

Re:Good!

[Ansonmont]

See other article about Kevin Mitnick on /. front page.

Some people are hiring him. Well, according to him, an admitted defrauder.

-A

Re:Good!

[theVP]

I'm happy these guys were arrested. Things like this scare companies and people away from technology.

Agree 100%!! Things like this are black eyes in technology, and especially in areas where they're still transitioning. And considering how many people/companies/schools hold back from the cost of technology alone, we really didn't need problems like this lingering any longer. Very glad to see these guys apprehended.

Re:Good!

Yeah, I'm glad these people have gone too. The less 19 year olds we have breaking the security of multi-billion dollar software companies, the better. Hopefully Microsoft will soon develop some anti-teenage software and we can get back to "trusted computing".

Re:Good!

[djdavetrouble]

What news stories? I have never seen a news story of a site being under attack, only post incident announcements.

And when did google go down recently? Are you talking about the RSS reader Beta from last week? That did not affect any other google service at all. In the least.

Your post is short on supporting details.

Re:Good!

[LiquidCoooled]

http://slashdot.org/article.pl?sid=04/07/26/164924 5

The article head reads thus:

  Devil's BSD writes "It seems like the latest MyDoom worm variant has caused a bit of an Internet storm. Google, at this time (12:28 EDT), is returning 503 errors on all queries submitted from certain locations. The MyDoom variant searches the user's address book for email domains (i.e. @yahoo.com) and searches various engines (such as Google) for email addresses in that domain."

Go and read the article and see what peoples reaction is, there are literally hundreds of people posting saying "its working over here" and "omg i just tried it and its dead over here".

Everyone I know was saying "have you heard about google being down?", I mustv had around 50 IMs and emails asking about it, it was a big deal, and only settled down after a couple of days and people stopped worrying about it.

I was only light on details because (wrongly) I assumed most tech ppl would remember such an event.

About time

[dow]

I get so many of these zombie machines trying things everyday and never hear about anyone getting caught. Hope they get sentenced to ten years of Windows XP.

Re:About time

Worse, let's sentence them to Windows Me.

Re:About time

[mindaktiviti]

Because we all know that 10 years of WinME would result in cruel and unusual punishment, even for them.

Re:About time

[Mysticalfruit]

Actually, that might constitue a war crime.

Why?

[AAeyers]

...who alledgedly used the toxbot trojan to create a botnet of over 100000 machines.

It seems a little harsh to get arrested for only infecting 32 machines.....

Re:Why?

shame that didn't get moded as funny

i got it at least ;-)

Re:Why?

[Alwin+Henseler]

Assuming you are referring to number of infected machines as reported to/by anti-malware companies: this has little to do with the botnet size.

Those AV companies don't have real-time botnet-size counters, they only have some 'listening ears' and reports of infected machines coming in. These botnet operators were using often-updated variants of this worm to infect machines, do you think this low reported number includes all variations? Most zombie machine owners don't even know they're infected, and very few of those infections are reported to AV companies. A low number of reports may even help to keep a botnet 'under the radar' long enough to grow to a significant size.

I submitted this story days ago, but anyway: 100,000 = big? I suppose we haven't seen nothing yet. Stay tuned, more to come.

Re:Why?

You didn't get it did you?

Re:Why?

What the hell are you talking about?

Slashdot ain't what it used to be. :-(

Re:Why?

[dascandy]

replace it at will with "who allegedly used the toxbot trojan to create a botnet of over 11001000000000000 computers". Although I think most normal people will choke on such numbers (11001 trillion computers!?) , calling them impossible :)

Re:Why?

I was talking about alwins obvious lack of understanding of the 10 kinds of people in the world. those that get binary and those that don't.

he obviously missed the reference to the binary version of decimal 32 by making this statement
Assuming you are referring to number of infected machines as reported to/by anti-malware companies: this has little to do with the botnet size.

Re:Why?

[chris+macura]

There are 10 kinds of people in the world: those that understand binary, and those that don't.

Guess which one you are.

Re:Why?

[MrRogers2]

I think that you may have missed the joke? 100000(binary) == 32(decimal)

Re:Why?

[Filip22012005]

You're thinking of a bitnet.

Related concepts: the batnet and the butnet.

And then, there's also the botnut (three of which got arrested), the bitnut (such as yourself), the butnut (erm...), the botknit (a network of 100000 computers strung together by my grandma), the botNAT, and the bitenight (Buffy the movie).

Re:Why?

by 100,000 they mean one hundred thousand. you're reading the 100000 as binary, which it's not.

Re:Why?

[flosofl]

...who alledgedly used the toxbot trojan to create a botnet of over 100000 machines.

It seems a little harsh to get arrested for only infecting 32 machines.....

Ha!

Judging from the replies, there's only 10 types of people who understood the post.

Those who got the joke and those who didn't.*

*-Shamelessly ripped off a ThinkGeek T-Shirt...

Re:Why?

byte me

Re:Why?

[InsideTheAsylum]

I think you missed the joke.

Re:Why?

[MrRogers2]

That may be, but I'm pretty sure my reply will make more sense if you read at threshold 0.

Awesome, Totally Awesome!

[jeffs72]

With the stereotypical tech-ignorant law enforcement of today, it's refreshing to see some crime fighters not only understand that this is a serious enough crime to warrant the manpower to investigate, but then to actually pull off catching them. Hats off to the Dutch law enforcement agencies involved. Good work.

Re:Awesome, Totally Awesome!

[idokus]

They're arrested. They're not convicted, though.

CmdrTaco Breda is about 50 km to the south east of Rotterdam, and about 100 km south of Amsterdam, which most people do know. First I wanted to correct you on the 25, but then I realized your counting in miles. Why are there still people counting in miles? If you want to let people know where it is, use a map:
Relative lokations:http://www.lokatienet.nl/maps/map_172_22 _2_9_1508_5666147_379635.gif (The flag gives away Breda)
the Netherlands (and Belguim): http://www.lokatienet.nl/maps/map_172_22_2_6_1508_ 5690298_7762567.gif

Re:Awesome, Totally Awesome!

[pe1chl]

Catching them is not worth much over here.
It has happened before that gangs of computer criminals were arrested and then later let go because of "lack of evidence".
(e.g. it was proven that the offense was made via an internet connection in a certain house, the inhabitants were arrested, but there was no way to prove that those inhabitants, and which of them, made the offense)

Let the punishment fit the crime

[EwokMolester]

I didn't bother to read TFA, but I hope the normally laid-back Dutch courts impose a stiff sentence as a precedent.

However, seeing what I saw on a recent trip to Amsterdam, I wouldn't be surprised if they get away with a non-custodial sentence and a free blow-job.

Re:Let the punishment fit the crime

[pe1rxq]

Because real studies have shown that stiff sentences do wonders besides making the pitchfork carying mob happy?

Re:Let the punishment fit the crime

[EwokMolester]

Precedent
3 [C] LEGAL a decision about a particular law case which makes it likely that other similar cases will be decided in the same way:
The judgment on pension rights has established/set a precedent.

Therefore; in this case setting a precendence of a heavy sentence may discourage others from similar activities.

Re:Let the punishment fit the crime

[pe1rxq]

I know the ideas and reasoning behind stiff sentences, that doesn't mean it works.
Like amputating a hand after stealing, very scary but does it actually make crime rates go down?
If one isn't afraid of getting caught the sentence doesn't matter.

Re:Let the punishment fit the crime

[EwokMolester]

If you are going to punish, punish properly. A lot of effort went into catching these criminals without proper punishment all that effort will be wasted.

PS. Whilst I don't agree with cutting people's hands off. It IS a very effect way of reducing crime, that has been proven to work.

Re:Let the punishment fit the crime

and china doesn't have crime because they get shot easily on the market square in mass.

hmm. if there's a masses of those criminals and continue to be.. hmm.. hmmm.. what's wrong with the picture?

Re:Let the punishment fit the crime

[Tune]

>PS. Whilst I don't agree with cutting people's hands off. It IS a very effect way of reducing crime, that has been proven to work.

No it is not. Do you mean "proven", as in a mathematical proof? Cutting off a hand (or both hands) may be effective in preventing a specific criminal from stealing but it has no significant effect on "crime" whatsoever. There's more than enough statistical proof about that. (Although statistics - crime statistics in particular - of course lie)

Re:Let the punishment fit the crime

[DahGhostfacedFiddlah]

Now I don't have any proof, but my impression has always been that there are two factors to consider:

• The level of punishment
• The chances of being caught

Both of these must be high to see a significant reduction in crime. The problem is that a lot of people ignore the second factor. If one criminal is caught for every thousand, then there is next to no reason to stop committing the crime. This is why speeding tickets will never work - the laws are simply not enforced.

So hopefully this is the start of some real policework in tracking down these extortionists and brining them to justice. If a high enough percentage are caught, then you'll start seeing the difference between 6 months probation and 20 years in a FPMITA prison.

Re:Let the punishment fit the crime

[EwokMolester]

There's more than enough statistical proof about that. (Although statistics - crime statistics in particular - of course lie)

I.e. what you have just said has no basis.

Back in the real world, there are two types of criminals; those who believe they won't get caught, and the rest. Obviously, stiffer sentencing will deter those who don't believe 100% that they will get away with it.

We seem to have drifted away from the topic at hand. I merely suggested that those found guilty of the crime in question should receive a fairly stiff sentence as to deter other people out there with 'too much time, and busy fingers'.

Re:Let the punishment fit the crime

[pointbeing]

Well, if we're establishing precendence [sic] maybe we should just execute the bastards. Wouldn't that be more of a deterrent?

Re:Let the punishment fit the crime

[pe1rxq]

Wouldn't the high chance of getting caught be enough of a deterent?

Re:Let the punishment fit the crime

[kent_eh]

I agree that the threat of stiff penalties (like the oft mentioned cutting off a thief's hand) doesn't reduce the crime rate, when so many criminals don't believe that they can be caught (If I am too smart to be caught, why should I worry about the penalty).

However, harsh penalties probably do reduce the recidivism rate, which would have some effect on the overall crime rate. A one-handed thief will probably not be as effective as a two handed thief. An excecuted murderer is not likely to kill anyone else again. (not that I'm advocating capital punishment)

Re:Let the punishment fit the crime

[EwokMolester]

HOW is that comment a Troll?????

Re:Let the punishment fit the crime

[Tune]

I.e. what you have just said has no basis.

That's a bit easy, isn't it? The support for my view is statistics, but you haven't (yet) presented a single point that relies on relevant empirical evidence. I just tried to point out that crime statistics should be taken with a grain of salt; that not to say there is no basis.

OK, back on topic. The problem is that in the division between "those who believe they won't get caught, and the rest", the majority of people beleive they don't get caught. This is not typical for criminals but for all people (consider that most criminals - especially internet related - don't even consider themselves a criminal until they get caught).

This is essentially the reason why higher punishments have limited effect. Even if a speeding ticket could bankrupt you for life, many people would break speeding laws. Primarily, because they think they won't get caught or cause an accident and second because most people don't get caught. A negative side effect of stiffer punishment would be that people will do *anything* not to get caught. It works the same for "real" criminals, hence the high number of deadly highspeed car chases in countries that still have a death penalty. That explains why your line is controversial:

Obviously, stiffer sentencing will deter those who don't believe 100% that they will get away with it

Conversely, if what you were saying is just a fact, all crime would have been solved eons ago. (I mean, our current societies are not the ones with highest punishments, historically.) As - apparently - crime still exists that would mean either that the only criminals left are the ones that think they don't get caught or that your phrase is just not true. In both cases stiffer punishment will not significantly influence crime.

As for you last paragraph: Yes, these people should be punished. Not to prevent others from doing it, but just because they did something immoral and incidentally broke a few laws (not really incidentally, its what the laws are designed for). So I hope that once convicted, they get a fair punishment. Fair does not mean it's just a joke and it does not mean chopping of heads or hands. By fair I just mean reasonable considering what has actually happened.

Re:Let the punishment fit the crime

[DahGhostfacedFiddlah]

Nope. If I were offered $5 million to hack a rival company, and the chances of being caught were 50/50 (a very high chance for cybercrime), 6 months in jail wouldn't give me any pause (morals aside).

If I would be in jail for 20 years or life, I'd be a lot more likely to turn it down.

The chances of being caught will affect the amount of crime, but it works best in tandem with punishment that makes the crime not worthwhile.

Re:Let the punishment fit the crime

[EwokMolester]

Errrr, wasn't that my whole point?

Yes, these people should be punished

Basically, as far as I can see you agree with me.

I don't understand why you are qualifying why they should be punished. That was never an issue.

Remember - think twice, type once.

Crime is organized

[rob_squared]

So should it's resistance be.

My hat's off to them that they nabbed 3 guys, but there must be other botnets out there. And I think an effective way to stop it would be at the user level. It would be like taking away all the soil and water from coca farmers. Sure, have your plants, but can you grow them?

Disclaimer: I am not equating botnets to drugs.

Re:Crime is organized

"It would be like taking away all the soil and water from coca farmers. Sure, have your plants, but can you grow them?"

By your logic, would'nt it be better to just kill all the addicts ?

If you take the cocaine away from them , they will just go make some meth in their garage, therefore bringing the crime right to your neighborhood. (Plus they might blow up themselves and next door family too!)

And while you are at it... would'nt it be nice to pay those same peasants a decent price for coffee , so that they have an alternative to growing coca ?

Re:Crime is organized

[xappax]

I think your analogy made a far better case against your argument than for it.
You take away the soil and water from colombian peasants (as is often done by US-funded paramilities) and you can be pretty certain that they won't be contributing to the cocaine "epidemic" in the US. Of course, they also won't be able to grow anything useful or legitimate, like, say, food for their family. Ironically enough, the resulting poverty is sometimes what drives peasants to become low-level flunkies for the cartels, since there are few other opportunities for a farmer without viable land.

Bringing it back to the botnets, if you forcefully lock down user environments to the point where you can be certain that they won't be botted, you're very likely to make the machine unusable for useful, legitimate purposes, like, say, surfing pr0n. Ironically enough, the unsophisticated user is likely to deliberately disable the security functions of such an environment, and disregard security warnings, since the risk of getting botted is preferable at that point to dealing with the myriad hassles and limited functionality of a locked-down environment.

In Soviet Russia,

Botnet dismantles you!

How do you dismantle a botnet?

Surely those computers are still vulnerable to the toxbot trojan at best, or just waiting for somebody to give the right commands at worst.
Unless you use the trojan to patch the system of course, but that would be illegal.

Re:How do you dismantle a botnet?

I suppose to dismantle a botnet you would have to send a command to wipe all the hard drives.

Re:How do you dismantle a botnet?

[GogglesPisano]

Douse it with holy water, drive a stake into its black heart, and shoot a silver bullet through its positronic brain.

Re:How do you dismantle a botnet?

I suppose to dismantle a botnet you would have to send a command to wipe all the hard drives.

Congress could even make it legal to do this. Just make disabling machines an implicit part of the Worldwide MS ULA if you let your net connected machine become unpatched enough to become infected, and limit maximum liability for any damages to $0.000001 per machine. US based grey hats could legally blast owned machines off the net. Would make the net safer; and give anyone who cares a lot more incentive to secure their machines.

Sure, this will solve the problem...

[dachshund]

The lesson for these guys is: next time you try to profit off of your computer crime, make sure that you have strong connections with organized crime, or live in a country with lax computer crime laws and have a tight financial relationship with the police. I'm glad to hear about this sort of thing, but I don't think it's going to do anything to actually reduce the number of bots out there. Rather, it'll just ensure that future botnets are run by nastier, better-protected individuals and organizations.

I wonder what it would take to convince the world that these unsecured machines are an actual security threat, rather than an annoyance?

Re:Sure, this will solve the problem...

[imsabbel]

Wow.

You got it.
Now we should stop arresting burglers and muggers, because that would only teach them to never attempt crime without being backed by the mob, right?

Re:Sure, this will solve the problem...

[dachshund]

Now we should stop arresting burglers and muggers, because that would only teach them to never attempt crime without being backed by the mob, right?

No, but we should encouraging people not to leave their wallets lying around where anyone can take them. Dollar for dollar that's going to be a lot more effective than a doomed enforcement policy that ultimately has no effect on crime rates. In fact, this is one of those problems where if we deal with the root causes now, we could actually reduce the number of "burglars and muggers" who need to be arrested in the future.

Of course, the burglar/mugger analogy doesn't explain the true cost of computer crime: that the people being victimized aren't really the ones who suffer-- their stolen resources are used to launch concentrated attacks against other victims, including corporations and governments and (potentially) critical infrastructure.

What a great idea...

[MarkusQ]

The botnet was dismantled, prosecutors said, with help from...

Why didn't I think of that! That's 100,000 lusers that won't be getting infected again soon, unless they learn enough to reassemble their boxen, by which point...*sigh* What am I thinking? They'll probably just buy new systems and throw the piles of parts out. They'll be back on bot nets by this weekend.

What they need to do is dismantal the owners!

--MarkusQ

Re:What a great idea...

[DingerX]

Just the net was dismantled. The actual bots are now bot-Ronin, who will prove their loyalty by DDoSing the appropriate law enforcement websites into oblivion, before wiping their BIOS en masse.

Re:What a great idea...

[Animaether]

What they need to do is dismantal the owners!

Did you mean dismantle ?
Or dismental ?

Both seem rather apt :)

Re:What a great idea...

[StillNeedMoreCoffee]

Your an idiot. That being said upfront. What are you going to say about yourself when your machine is zombied by someone that finds a hack that you and your antivirus company doesn't know about yet. Will you call yourself a loser, will you call for your own dismantling. Its not a question if but when.

And one of the major reasons this happens is that people like you feel that the person mugged is at fault for being mugged. Get real! Someone who finds a way to steal someones CPU for any reason is a bad person. They should be caught and punished, its theft and often time distruction of personal property. That is not acceptable behaviour, nor is calling the people who are the victims Lusers acceptable behaviour.

Now go to the corner and stay there for a 5 minute timeout.

Re:What a great idea...

[birder]

What are the other 99953 going to do?

Re:What a great idea...

Your an idiot.

Everybody's an idiot, if you pick the right criteria. MarkusQ appears to think people who don't know to install security patches are idiots. You think that people who joke about "lusers" are idiots.

What about me? I'm often an idiot myself, but I think the most amusing idiots are people who lack a sense of humor and make ironic writing mistakes. You're free to disagree, of course.

Re:What a great idea...

Someone broke into my next door neighbors house while he was home and gunned him and his family down. My neighbor was sure an idiot for letting that happen to him. He should have bought a slightly better lock.

users ...

[siropel]

who don't update, don't use antivirus software ...or don't use linux encourage these kind of activities

Bank accounts!

[Kagura]

and bank accounts at the three men's residences

Ahaha, who keeps bank accounts at their residence, of all places?!

Re:Bank accounts!

[hcob$]

Why Corporate banks of course! Since a corporation is a legal entity, it must reside somewhere right? Or, it could be that they are bankers who just happen to live at the bank on cots locked in a back room of the vault..... or... bah, I'm bored.... let's move on.

oblig

[RedNovember]

Dino: Good morning, Colonel. Colonel: Good morning gentlemen. Now what can I do for you. Luigi: (looking round office casually) You've ... you've got a nice DDoS army here, Colonel. Colonel: Yes. Luigi: We wouldn't want anything to happen to it. Colonel: What? Dino: No, what my brother means is it would be a shame if... (he knocks something off mantel) Colonel: Oh. Dino: Oh sorry, Colonel. Colonel: Well don't worry about that. But please do sit down. Luigi: No, we prefer to stand, thank you, Colonel. Colonel: All right. All right. But what do you want? Dino: What do we want, ha ha ha. Luigi: Ha ha ha, very good, Colonel. Dino: The Colonel's a joker, Luigi. Luigi: Explain it to the Colonel, Dino. Dino: How many bots you got, Colonel? Colonel: About 10000 altogether. Luigi: Five hundred! Hey! Dino: You ought to be careful, colonel. Colonel: We arc careful, extremely careful. Dino: 'Cos things break, don't they? Colonel: Break? Luigi: Well everything breaks, don't it colonel. (he breaks something on desk) Oh dear.

And, eventually, they got caught...

[digitaldc]

Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday.

What kind of computers? How much cash? What kind of car? What were the residences like?
Come on, we need better details for the upcoming movie & tv special.

These guys had to know they were going to get busted, someone probably was bragging about how many PCs they zombified.

Re:And, eventually, they got caught...

[ray-auch]

you don't need the real details for the movie - what kind of cash / computer / car / house is determined by the product placement contracts.

Re:And, eventually, they got caught...

[thuh+Freak]

Hi! I work for XYZ Products, and I want to sponser this movie. Can we make sure that the criminals are using XYZ branded items. I wouldn't want to go around associating my products with the good guys or nufin.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Line breaks FTW

Dino: Good morning, Colonel.
Colonel: Good morning gentlemen. Now what can I do for you.
Luigi: (looking round office casually) You've ... you've got a nice DDoS army here, Colonel.
Colonel: Yes.
Luigi: We wouldn't want anything to happen to it.
Colonel: What?
Dino: No, what my brother means is it would be a shame if... (he knocks something off mantel)
Colonel: Oh.
Dino: Oh sorry, Colonel.
Colonel: Well don't worry about that. But please do sit down.
Luigi: No, we prefer to stand, thank you, Colonel.
Colonel: All right. All right. But what do you want?
Dino: What do we want, ha ha ha.
Luigi: Ha ha ha, very good, Colonel.
Dino: The Colonel's a joker, Luigi.
Luigi: Explain it to the Colonel, Dino.
Dino: How many bots you got, Colonel?
Colonel: About 100000 altogether.
Luigi: A hundred thousand! Hey!
Dino: You ought to be careful, colonel.
Colonel: We are careful, extremely careful.
Dino: 'Cos things break, don't they?
Colonel: Break?
Luigi: Well everything breaks, don't it Colonel. (he breaks something on desk) Oh dear.

Damn.

[wiredog]

I saw that as 1000,000 machines, but it's only 100,000 machines. So it's a 0.1 megabot botnet, not a full megabot botnet.

Re:Damn.

[$RANDOMLUSER]

It won't compile with the comma in there.

Re:Damn.

[paulpas]

I think it's actually 186A0 bots. kthx.

Re:Damn.

[Quixote]

100 kilobots is still a lot of power....

Re:Damn.

[rmstar]

Call that a hectokilobot (= 100,000 bots). A heck of a lot of bots.

So stupid...

[ChrisF79]

How do criminals think they'll get away with something like this? I just don't get it really. Even if you successfully set up the botnet and the company decides they do want to pay you off, how do they think they're going to remain anonymous, collect the money, and fade into oblivion (or fade into bolivian if you're Mike Tyson). Perhaps I just don't have the cunning mind of a criminal but the logic really escapes me.

Re:So stupid...

[jcr]

How do criminals think they'll get away with something like this?

I'm going to go way out on a limb here, and say.. Maybe because so many of them have gotten away with it?

There are ways to collect money anonymously, like having the victims give it to a courier who knows nothing, who will take it to a dead drop, etc.

I'm glad these perps were caught, but there are many, many more left to catch.

-jcr

Re:So stupid...

[Quill_28]

I believe some studies have shown that criminals have self-esteem problems.

Instead of thinking they are not good enough they think they are simply smarter and more important than anyone else.

I would guess they never dreamed they would be caught.

Re:So stupid...

fade into bolivian

What is this Bolivian oblivion you speak of?

Environmental problem

[rbanffy]

It seems to me that unpatched Windows boxes are becoming an environmental problem ;-)

Re:Environmental problem

[onepoint]

What I would like to see is all those machines patched up, I would guess that it could be possible to slide a patching program via the bot-net.

Onepoint

p.s. In thinking about this, I find that most likely it would be illegal

Limited time

[squoozer]

I forsee the day when bot nets are a thing of the past. While I admit that currently most police forces couldn't catch a virus by opening infected email things seem to be changing.

The scale of setting up a useful botnet is such that there are thousands of tiny ways that you could screw up and leave a drity great big flag pointing out your location / identity. Even the most carefully created botnet will contain some useful information to track down it's owner. In fact the very nature of the beast means that at some point you will have to contact it which potentially gives away your location. Ok you can run through proxies and use other methods to hide you identity but it only takes one slip up which someone technical is watching. Of course you also have the problem of collecting you payments. While you might be able to hide in the online world hiding from the banking world is much harder. At some point you have to collect you money.

All in all I think it would be easier to just go into kidnapping or drug dealing. The profit margin has got to be higher.

Re:Limited time

[Have+Blue]

The problem with this is the same as the problem we always point out in anti-piracy schemes- as soon as *one* botnetter figures out a better automated method, it's distributed over the net and they all have access to it. It's like evolution, only the selection criteria are whose creator gets arrested and whose keeps "innovating".

Re:Limited time

[Scott7477]

Isn't the truly fundamental flaw in the system here the design of the Internet as it now stands? What has now become a global network was originally designed for use in a closed network where every machine attached was trusted. IE a fault tolerant communication system for the US military in case of massive attack.

When Internet standards change to the point where every machine attached has an un-spoofable address then DDOS attacks will disappear. Try setting up a radio jammer to block 802.11x transmissions in NYC; the source of the jamming would be identified and shut down in a real hurry because triangulation lets the authorities find the attacker quickly.

Re:Limited time

[squoozer]

The analogy of evolution certainly works but evolution can't find a solution to every problem. Take for example the deserts. Yes, there is life in even the most arid desert but there isn't much of it. If we end up with a network that is the equivalent of a desert for crackers there will be very few of them. I doubt that there are many animals adapting to live in the desert because it's already supporting as many animals as it can.

To use an example a bit closer to the situation we are talking about think about car thefts. It was getting to the point where you had to put your car on an elastic band they were getting stolen so much. The immobilizer has all but stopped that. Cars do still get stolen but it isn't even a fraction of the problem it once was. In fact the problem has moved and now people steal the contents of the glove box but that is somewhere beside the point. Same goes for car radios. Once car radios became keyed to the car theft rates dropped dramatically.

There is a barrier beyond which it simply becomes impractical to bother trying to exploit the resources. I suppose it's just a cost benifit analysis at the end of hte day. Interestingly the barrier almost never seems to be punishment related always prevention related but that's getting off topic.

Re:Limited time

[patio11]

Kidnapping for money (in the US, at least) is completely dead, for a couple of reasons. First, the FBI has long considered every incident of kidnapping to be a personal vendetta against them and they play for keeps -- unless you're the pedophile who kidnaps a kid and kills them within 24 hours, they WILL catch you. And they will, likely as not, kill you in the attempt and when the guy who does gets back to the office his hand will be sore from all the high-fives. We're not nearly so effective at taking care of drug dealers, but drug dealers are -- they've got a mortality rate of about 10-25% a year in some cities, and most of them only clear minimum wage (see Freakonomics -- excellent book, by the way). Computer crimes, by contrast, are punished relatively leniently, investigated seldomly, have zero physical risk, and pay better. Whats not to like for the unscrupulous type, aside from having a higher barrier to entry than kidnapping/drug dealing?

Re:Limited time

[squoozer]

Some good points. I disagree with the zero physical risk part - your forgetting that skinny white boys in prison don't do so well ;o).

Anyway, it's a little different on this side of the pond - people don't get killed quite so often by the police (unless they are Brazilian of course) and the punishment for kidnapping is fairly low as long as you don't harm the captive. I would guess you would only get 10 years tops for a first offence. If you can get enough money from it it might be worth it.

Of course the really big money is in fraud but that requires you to put yourself in the position of having money to aquire fraudulently. Not an easy task if you are as thick as two short planks.

The problem with the drugs market is that it seems to be saturated already and there isn't much scope for independent work due to the high "accident" rate, as you pointed out.

Looks like I'll never be rich.

glaring gramatical error

[wiredog]

I suspect that the submitter is Dutch, which indicates that English isn't his first language.

Re:glaring gramatical error

[DigitumDei]

Unfortunately I am not.

Blushing profusly right now; amazing how previewing twice just meant I read "has" as "have" in my mind twice.

Re:glaring gramatical error

[SatanicPuppy]

Heh. From what I know of the Dutch, I'd be more likely to believe the submitter was Dutch if there wasn't a grammatical error. I hear they make fun of school kids over there who only speak three languages.

That being said, you're probably right. The most common mistake people make in foreign languages is subject/verb agreement.

Re:glaring gramatical error

LOL

And then I typo profusely.

Re:glaring gramatical error

[sosume]

I suspect the poster made the errors on purpose to highlight a certain dutch accent in TFA...

Re:glaring gramatical error

[Winkhorst]

GRAMMATICAL, damn it!

ahh.. shut the f*** up...

I'm happy these guys were arrested.

What are you trying, hypocrite? Pulling an Insightful here?

No problem. The folks here are simple minded when it comes to anything than computers.

Think of a Beowulf cluster of those...

I can't believe nobody's said that yet!

Oh crap. Here they come...

[joey_knisch]

Zombie Master

(SCARY PIC HERE)

Creature - Lord
All Zombies gain "(1b): Regenerate this creature" and swampwalk. (They're unblockable if defending player controls a swamp.

He controlled the zombies even before his own death; now nothing can make them betray him.

2/3

MegaBotNet...

[GungaDan]

REJUVENATE!

Utter Bulloney!

How do you dismantle a botnet?

That's exactly why this article is bulloney. We are supposed to believe that the Dutch police went around to 100,000 machines in bedrooms around the world and dutifully used Norton to clean off this nasty little trojan and turn on firewwalls. The reality of it is that they have shut down one server that may have been being used to control the botnet. They don't really have a clue if there are other servers or not. Regardless, there are still 100,000 bots sitting out there eagerly waiting for instructions.

I suspect that, if the botnet was actually shutdown, the botnet will be operational again within a week.

Re:Utter Bulloney!

yes they are awaiting commands...from the owners...who are arrested.

the bots probably have more security than the original system ever did.

not to mention you can send commands to remove itself i am willing to wager

Re:Utter Bulloney!

Botnet masters, particularly the kind prone to extortion and so on, have been known to steal other botnet masters' botnets if they can get away with it. One of this size would be quite a catch, and even though the C&C server (quite an IRC server it must be, to handle 100,000 bots; there's probably a whole linked network of them) is gone, someone with the right skills could swipe the lot.

Particularly as this is Patch Tuesday, the bots will probably have had Automatic Updates turned off and were obviously not the kind of users to update manually (even before Windows Genuine Advantage turned people off using Windows Update), and there are 8 critical updates, at least one of which is guaranteed worm food, just harvesting the IPs will give a lovely list of known vulnerable machines.

One master team down, but it doesn't really do anything about the botnet itself. That's still out there, and so are all the vulnerable machines. And I don't think Toxbot and the like have anything like any kind of "clean uninstall".

Kudos to XS4ALL.NL for helping out getting this team.

Linux not being used enough?

[Tominva1045]

...or use Linux.

Are Linux boxes invulnerable? Is the gauntlet being thrown at our feet? (lol)

I'm happy they did get nabbed though. There are plenty of fun things to do in life instead of extortion.

Re:Linux not being used enough?

Hell no. Do you know how many unpatched Linux boxes are out there? Not as many as unpatched Windows boxes, but still quite a large number. Do they have, say, PHP installed?

There's your window of opportunity, Fish Bulb.

Linux is precisely as secure as Windows. Keep it patched, or you're a festering zombie. It doesn't matter that 'Foo software only has Bar remote root exploits and Windows has Internet Explorer!' - malcontents will use Foo's vulnerabilities, rendering your shiny, secure as pie Linux boxxen into a ravening creature of the undead who craves spam molded into the shape of a human brain.

The smell of cash

I guess the government will go after these network abusers when they smell cash and unpaid taxes.

get your facts right

[RickySan]

Rotterdam - > Breda Total Est. Distance: 30.09 miles (roughly 51.15 Km)

stop it at the user level

[defMan]

I agree. Let's take away the users. That'll teach those mean botnet people. Did you have any specific method in mind?

Re:stop it at the user level

[rob_squared]

Software detection of bots on users computers, possibly handed out and required to be installed on susceptable* computers by the ISP that's connecting you.

*Namely windows computers.

Why Europe?

[1zenerdiode]

Why is it that these arrests always seem to be made in Europe? Is it because the legal climate is different, or is the incidence of criminal extortion over the internet higher there? Is Europe the locus of the crime? I always thought Eastern Europe (e.g. Russia, baltic states) and the east were worse. Is it that they don't enforce in those places so you never hear about it?

---
tjc

Re:Why Europe?

It's those asylum seekers.
Some of those 419ers are also based in Holland.

Re:Why Europe?

[jenkin+sear]

Probably has something to do with the US's lax gun control laws- if I were in that situation and could catch the bastards doing that to me, I'd at least consider blowing their heads off- and I'm a nice guy who doesn't even own a gun.

Try to DDOS one of those mafia-owned gambling sites from an IP address in Jersey and see what happens to ya... much safer to have a big ocean in the way.

Re:Why Europe?

[The+Grassy+Knoll]

Look at it the other way round... perhaps it's because law enforcement is better?

.

I wonder...

[abegetchell]

...how many extortion attempts such as this are successful? We (obviously) wouldn't hear about them as a company wouldn't want to air their dirty laundry. I would imagine that any small Internet company without the resources to fight something like this would either have to pay up or close shop. Scary.

MOD PARENT UP!

Not complying to standards is futile. Prepare to be assimilated.

Creators of Massive Botnet Arrested

[NotFamous]

Whew, I thought they were taking Nick at Nite off the air!

Notify the users

[brucmack]

It is possible that they notified the users, since they had the cooperation of the ISPs. Even normal users can understand a letter telling them that criminals have been using their computers to perform illegal activities, and here are some guidelines for preventing it from happening in the future. Sure, it doesn't get everyone, but it can be enough to weaken the network for sure.

re: wow

[ed.han]

never mind a world crime league, like buckaroo banzai was supposed to go up against... :>

ed

And next on news...

[TarrySingh]

Three enterprizing Security Guru's setup a Security Firm to help assist EU against virus attacks! :-)

Better the Devil you know

[Durzel]

If past history is anything to go by, they'll probably all end up getting highly paid security jobs.

obligatory quote..

I 4 1 w3lcom3 our N3W B0tn3t ov3rlordZ

Re:Oh crap. Here they come...

[kurokaze]

slap on a howl from beyond (when you've confirmed that he is going to get through) and then he can get truly ugly...

Ah so.

[fliptout]

You're fighting an uphill battle, as megabyte still means 2^20 bytes.

Re:Ah so.

[6*7]

Not in the metric system.

Re:Ah so.

[zootm]

It means 2^20 bytes or 10^6 bytes. Neither definition is wrong, although 2^20 is inconsistent with SI. Mebi- is not ambiguous, mega- is, is the point.

Re:Ah so.

Okay, but is that 2^28 bits, or 2^29, 2^27 or 2^26?

In international telecommunications, a megaoctet is 1e06 * 8 bits; a megabit is 1e06 bits. Bytes are avoided, simply because two computers communicating with one another might have different byte sizes.

RE: Offtopic = Tard Mod

[joey_knisch]

Here let me explain this joke to all the tard moderators that can't get it.

1) zombie = bot
2) The bolded quote refers to the master controlling from the grave (ie undead)
3) From TFA, the bot (zombie) controllers (masters) just got arrested (killed)

It may not be funny but it is on topic. Mod it as such dumbasses.

RE: How to dismantle a botnet!!

[A.K.A_Magnet]

OK I'm a bit late on this story, but maybe some mods will be late too ;)

As an IRC admin for few years, I saw many botnet channels. The botnet masters enjoy putting their bots on IRC (on a secret channel) because it's a third party who provides the communication support, IRC is a good message demultiplexer, and they think it's safe since they only log on IRC with a proxy.

They can identify themselves with a given bot by going private (PRIVMSG .ident ) or just on the channel, the PRIVMSG will be sent to every bot. Now 100k bots in a channel is a lot but I have seen 30k already.

The bots had random nicks so we just put a bot of ours with a random nick in the channel, logged everything and then get the login/pass (I guess in this case Dutch police had the login/pass pair from the PCs they seized). Then we looked out for the bot version, looked on the web for commands (usually, the bot masters are script kiddies and just build the bot from an "automatic" builder they download on the web... they wouldn't even build from the sources).

All of the bots I encountered disposed of attacks commands et al, but also a clean removal command. That's what we used.

Now I don't know about the bot in this story, but most likely the botnet masters HAD a mean to contact them all (now is it IRC-like with a big channel, or distributed among the bots à la DNS, I don't know... But even if the removal command isn't here, there's still a way to tell the bot to execute a given binary they download from a given URL).

And I don't think that would really be illegal, remember, the PC owners rarely know they are infected or don't care. They won't know or won't care either if someone removes the bot for them. And if they say something, just sue them since it means they were part of the attack knowingly ;). Who would want to be part of the botnet ? :)

Anyway I hope we could shut down more of these networks (and MS should pay for their dismantle since nearly all zombies networks are running Windows).

Comment removed

[account_deleted]

Comment removed based on user account deletion

Good advice

Have you ever considered to work as career counselor in your nearest jail?

Who is this XS4ALL?

[horza]

What is the real identity of this Dutch ISP XS4ALL? Fighting spammers (though losing appeal), defending the rights of clients to hyperlink and refusing to be bullied by court orders, and now taking down BotNets. Apparently the founders sold out for millions, but they seem to go well beyond the Google "do no evil" philosophy to pro-actively defending the rights of their customers at considerable risk to themselves. It's the kind of company the deserves to win an awful lot of business.

Phillip.

Re:Who is this XS4ALL?

[AlXtreme]

XS4ALL was founded in '93 as the Dutch version of Demon, the UK ISP. In spite of the KPN (ex government-controlled/monopoly telco) buy-out, they have maintained their philosophy of protecting the interests of their customers and doing the Right Thing(tm).

Strong ties with Bits for Freedom (our version of the EFF), best Dutch ISP year after year, support for *nix systems, frequent new experimental services. Only pain is that they're also one of the more expensive ISP's. You get what you pay for, and with XS4ALL they give you the works.

(for the record, I'm a long-time customer so I am rather biased. But these guys aren't your average ISP)

Re:Who is this XS4ALL?

[euske]

And they host www.python.org.

Re:Who is this XS4ALL?

[SillyNickName4me]

Hmm, not entirely accurate I believe..

This (ad at the bottom of the page) is where XS4ALL started. They were basicly the first public ISP in the Netherlands (tho I am not entirely sure, 'stichting Simplex' was there at around the same time from what I recall)

Demon and XS4ALL definitely have things in common, but I think that has more to do with both having started in the very early days of public internet access, and still believing that they connect computers to a big network (as opposed to the content focus that many an ISP seems to have). Both give you a fixed IP and your own hostname, allow you to run servers including smtp and http etc.

At any rate, XS4ALL grew out of a desire to provide cheap access to the 'live internet' as opposed to the then common uucp mail/news access. The people behind it had been involved in the Datanet 1 (X25 network similar to Tymnet and the like) and the BBS scene, and had been running a somewhat substantial (100+ nodes) uucp network for some time. They went for nothing less making it possible for every person with the proper equipment to become a full host on the Internet, an attitude which is still pretty much there in modern XS4ALL.

AH well.. thanks for reminding me of that time.. had fun looking up some info on it today, and reading back about the early days of Internet access overhere. Heh, to think that I have a nice 8mbit up/1 mbit down connection here that costs about 1/5th per month when compared to the initial internet connection (at a whopping 19k2) that XS4ALL used themselves to get on the net :)

I did not use XS4ALL much during those early days, mostly because I got a free account from IGN with which I had internet access with local dialin from about any major city worldwide, and I had a rather good access deal with Simplex for my home network. I can confirm your comments about the quality of XS4ALL and their generally nice attitude towards issues that concern their private customers.

Ok, lets quiz you

What are the capitals of California, New York and Illinois?

(no cheating)

How?

[A+nonymous+Coward]

You could send 100,000 pieces of snail mail, but that woudl be pretty expensive, and you'd have the problem of getting the right snail mail addresses to start with.

You could send email, but that would be dropped by white lists, spam filters, and human rejection of email from strangers.

You could pop up an alert, but most people would just close it as more spamming.

Re:How?

[AvitarX]

Their ISPs could redirect every page they went to to an explanation in bold print. It would get noticed.

Re:How?

[A+nonymous+Coward]

So now you don't have the problem of finding 100,000 snail mail addresses. Instead you have to find their ISPs and get them to set up filters for just a few specific customers.

Yes, that sounds like a workable solution :-)

Mistake in headline

[elgatozorbas]

Should have read :'potnet dismantled'. After all, it's Holland, right?

Honestly curious...

...is this a unit commonly used in Britain or Europe? Off hand, I have no idea how big Wales is... is there a US state approximately the same size of Wales?

OTOH, I've found comparing things with the size of France much more useful. For example, Texas is the size of France, and Bolivia is about twice the size of France. I guess we Americans like our measurements big? :-)

Re:Honestly curious...

[badfish99]

It's a common unit in Britain. Hence the spoof website.

From what I've heard, most American units are the same size as ours, except that their pints are smaller. That's because we drink beer by the pint, and we're thirstier than they are.

esnipe!

[pointbeing]

OT, but been there, did that. For me, http://www.esnipe.com/ has paid for itself many times over.

If everybody would learn to bid properly there'd be no need for a sniping service.

hehe

[Danzigism]

** poopbot1 has joined #usa

** poopbot2 has joined #usa

** poopbot3 has joined #usa

** poopbot4 has joined #usa

** poopbot5 has joined #usa

[poopbot1] U SUX0RZ

[poopbot2] U SUX0RZ

[poopbot3] U SUX0RZ

[poopbot4] U SUX0RZ

[poopbot5] U SUX0RZ

** poopbot1 has left #usa

** poopbot2 has left #usa

** poopbot3 has left #usa

** poopbot4 has left #usa

** poopbot5 has left #usa

Darn

[Nom+du+Keyboard]

Just as I was getting ready to use it to mailbomb Congress in opposition to the Broadcast Flag.

You Win32 some... you lose some...

/ducks

Instead

[alan.briolat]

Why don't they arrest M$ directors for promoting the development of an insecure, vulnerable OS through unrealistic release deadlines and abusive market practices?

Because lets face it, its not the Windows developers' fault, because most developers would rather spend more time on a project and make it better, and the creaters of trojans would have a much harder time of it if there weren't such huge flaws in the market-dominating OS.

Re:Instead

If they can sue gun makers when someone is killed by use of a gun, why can't they sue M$? Not that I agree that they *should* be able to sue gun makers, but currently the US court system is allowing these types of suits to go through. I guess the gun makers just don't *support* the correct politicians enough?

Suddenly, the botnet ads are gone

[Animats]

SpecialHam, the spammer forum, usually is full of ads for botnets. But not today. There are far fewer ads for "proxies" today. And there are notes like "hey, watch yourself" and worries about "spamhaus honeypots".

So there's been some effect. The spammers are becoming afraid. Not very afraid. Yet. But afraid. It's becoming hard to spam without committing multiple felonies. Those felonies are leading to a few arrests and jail sentences. Not many, but enough to scare off many spammers. The remaining spammers look more and more like traditional crooks.

There's plenty of stuff on SpecialHam for law enforcement to go after. "Special Hurricane Katrina Promotions". "Offshore bank accounts for sale". Anyone active against spam should be looking there.

they were legitimate bankers!

[deblau]

Police seized computers, cash, a sports car, and bank accounts at the three men's residences.

I want to know whose bank accounts they seized.

eh

I make about 10 an hour opening boxes and taping them back up. Still, I could show everyone reading this how to create a botnet and gain at least 100 zombie machines apiece by the end of the day. We could then target and demand money from random companies and knock everyone we want offline. I can't even get a job at a printing store. Still, if I got bored I could hold any company offline indefinitely. I'm certainly not smarter then the people at Microsoft or Symantec, but I could tweak the code indefinitely to escape their detection. I'm not sure there is a moral to this story but like I said I open boxes and put tape on them... yet I can take down fortune 500 company servers and flaunt the fact that Nortons or nobody else could detect it.

Re:eh

[kurokaze]

umm.. how is this related to Magic: The gathering? :)

Re:eh

anyone lame enough to play magic is probably infected

A Word From the Dude

[HooliganIntellectual]

Were these guys Germans who drive scooters and brandish weasels?

I just want my rug back.

The botnet was dismantled, prosecutors said...

[Scratch-O-Matic]

Of course it was!

Er, wouldn't that involve uninstalling the bots from the computers of 100,000 clueless people?

Reminds me of the sequal-ready ending to a cheesy horror flick.

I caught one, once

[mcrbids]

The T1 line at a place I admin got saturated once with upstream traffic. Took a bit of poking.

Turns out:

1) It was a script that infected a vulnerability in a well-known image manipulation system written in perl CGI.

2) User never got root, and didn't seem to care.

3) System was participating in a botnet of about 200 systems, (if I remember this correctly) all managed via an IRC chat.

4) All the exploits were downloaded from a web server located somewhere in Brazil. Telnets that happened were also from another IP address in Brazil. Home address? dunno. abuse@thebrazillianisp.com was notified of everything, but no reply was ever received.

Here's how it all happened:

1) The exploit used a vuln that allows the attacker to run wget, download a hacked telnetd, and then open a telnetd on a high port. Telnet to the port and get a shell account on the system as user "nobody".

2) This telnet shell was used to load in an IRC client, also written in perl. This was fairly easy to detect because the IRC client was very inefficient, and used almost 50% of the CPU resources, even when it wasn't doing much. "top" showed this thing like a flashing red light.

3) I logged into the IRC chatroom with a username similar to the machine-generated hostnames, and watched for a while. He'd issue a command (I think it was "lookat [ip address]" and then all the machines would ping flood whatever the address was.

I cleared everything out of the system, got rid of the scripts (after squirreling away a copy, just in case) and upgraded the CGI image manager with a newer version that wasn't vulnerable. I haven't seen/heard from "senior brasillia" ever since.

But, take 1.5 Mb*200=300 Mb, and that'd take out most small-mid sized servers handily. My best connection is about 70 Mb upstream!

A start to fixing the problem.

[twitter]

I wonder what it would take to convince the world that these unsecured machines are an actual security threat, rather than an annoyance?

About a billion dollars? That's what was spent promoting XP in the first place.

That or a little more time. People are figuring out that the insecure part of a PC is MS. They don't and won't hear similar stories from other OS. The "Linux will get owned if more people run it" line is falling flat.

Re:A start to fixing the problem.

The "Linux will get owned if more people run it" line is falling flat

Please stop trolling. Exactly how can it 'fall flat' if it hasn't been tested? Or do you think the vulnerabilities found in Firefox after it started gaining market share without anyone having to look at the source code are just an aberration?

If anything I'm starting to think that Apache is in itself unique. The sheer size of the community and installed base make it the most deployed and secure web server out there, but most FOSS projects don't have that sort of coverage - not even Mozilla. There's a finite number of skilled developers that can immerse themselves in this type of complex software.

Of course if your 'calculations' (if one can call them that) are correct then IIS6 would be hacked every other day... and that's simply not true.

Do you expect anyone around here to take your innovative opinions of Microsoft seriously with posts like these? Leave the advocacy to people who at least make sense.

The New Yorker: Zombie Hunters

[blueZhift]

The October 10 New Yorker magazine has a nice companion piece to this story, "The Zombie Hunters: On the trail of cyberextortionists" by Evan Ratliff. The article describes the tactics of the extortionists and those who track them down or thwart their attacks. Probably nothing new to the /. crowd, but a good read nonetheless. Here's a link.

http://www.newyorker.com/fact/content/articles/051 010fa_fact

Amplified!

[eXocomp]

10E6 bots? How puny. My botnet is amplified by one to the tenth power!

Perfect example of how stupid that term is.

Another bad one is mandriva, mandriver with a New York accent. The guys who pitched that one were either making fools out of the geeks of that distro or gay proponents.

Responsible net use

[MarkusQ]

What are you going to say about yourself when your machine is zombied by someone that finds a hack that you and your antivirus company doesn't know about yet.

• I monitor trafic patterns in and out of my home network just like any other net connected boxes. If a box starts acting oddly, it is disconnected until I figure out why.
• Same thing with processes, on the *nix boxes. With ps, nstat, and some ruby glue code I have a pretty good idea what's running where, and who it's talking to.
• We don't browse external sites with MS IE (though we do have it for testing), and we don't use MS Outlook on directly net-connected machines (the one running MS Outlook instance is on a machine that connects via a tunnel to a network managed by people who know what they are doing.
• Both our MS Windows machines and all but two others are behind a firewall that only lets through known (and approved) traffic. Two linux boxes have special net access (but only what they need) managed by their own firewalls.
• Given all this if I get zombied and don't realize it, then yes, I'm an idiot.

The sad thing is, this used to be just simple responsible net use. At the level of "make sure your breaks work before taking your car on the road, and always drive on the proper side of the road." Same deal as with firearms. Or airplanes. Or cranes, jack hammers, and x-ray machines. But somehow with computers (and thank god, only computers) we've drifted into the notion that it's permissible to operate much more complicated equipment with much less basic knowledge.

--MarkusQ

Re:Responsible net use

[StillNeedMoreCoffee]

Your right things have changed. I don't think the problem is that people are permitted to operate more complicated equipment without knowledge but that there are people that now feel it is OK to invade and infest other peoples machines. That I don't think has anything to do with the complications of the device but the moral bankrupsy of a segment of the computer world. Hell they will break in to simple things if they can.

You might say that the manufactures of the systems have fallen down on the job in providing proper locks on the doors. But then if you go out into rural areas or small towns, people still leave keys in cars, and doors open because the cultures there still operate with some level of mutual respect and trust.

In the cities its another matter. Lock you door. So you might say the Internet started out in the country and has moved to the city. But my point is that the victim is not the looser, its the person invading and infesting for whatever reason. That practice should be condemned and those people should be punished. To call the victimes loosers I think is getting it fundementally wrong.

Your description of what you have to do to be safe would suggest that every private citizen now should have to hire a full time security administrator to keep from being penetrated. That sadly is close to being true and will be the downfall of a free and open internet. If you want a free and open internet, hunt down those asshole, stake them to the ground and let their victims file pass and spit on them. Or am I being too harsh here.

I think we disagree about who is the victim

[MarkusQ]

I think we disagree about who is the victim. It isn't the person who's computer is taken over (I would call them an accomplice by virtue of negligence), it's the people against who the bot net was used.

Look at it this way; if there was a sudden fad for leaving loaded guns on the roof of your car when you parked, and street gangs were using them to commit crimes, would you just consider the people who left the guns on their cars victims? Their guns were stolen, after all. Or would you say that they shared some of the responsibility for the crimes?

--MarkusQ

Re:I think we disagree about who is the victim

[StillNeedMoreCoffee]

Bad analogy and you are right there are two victims. You can not be an accomplice by virtue of neglegence, accomplice implies.

If we look at the Wikipedia entry

"At law, an accomplice is a person who actively participates in the commission of a crime, even though they take no part in the actual criminal offence. "

The key here is actively participates which implies their participation, and knowledge. Here the knowledge of the crime is critically essential to being an accomplice. Not that is different than being culpablbe which is more in tune with your point. The owner of the PC can not be an accomplice without knowledge but may be culpable as a person with a swimming pool can be considered as having an attractive nusance. My feeling here is that even those people, if they have a high locked fence should not be held accountable for someone trespassing and using their swimming pool.

Would you think that a person who owns a house, if it was found that another person was able to break into their house and make calls from their phone should be accountable for those phone calls made. If that person has no idea that the house has been broken into and there is no way to track on there bill that the phone has been missued? Which is more the case here. The leaving the loaded gun example does not match up because no normal user of a PC knows that their PC can be hijacked, it is a foreign concept, when they were sold the PC they were not told, when they were sold the internet connection they were not told. The stories they might here on the new say evening new does not tell them that they are at risk. They have no way to know that it is possible or that it has happened. So they have been taken advantage without their knowledge and they are not culpable. PC's are not guns, not sold as guns, not advertised as having that capability (even though they can be missued that way). Kitchens knives are another example of dual use common household items. If someone comes in to your house (picking a lock etc) and takes your knife out and kills someone and then returns it and leaves not evidence. Are you culpable? I don't think so.

And yes I think in your example that the people that left their guns (inside the locked car inside the locked glove compartment out of sight) that had their property taken and used for a crime as victims. Especially after they find out that their property has been subverted to such terrible use. Wouldn't you feel some guilt, shame and regret having found that out, say it was one of your family or friends that was killed. Yes they are victims too.