The New Face of Script Kiddiez

An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"

New Face

[RedHatLinux]

Would seem to imply a new genre of script kiddie, such as old people doing it, rather than a mere change in behavior. And if they can track and shutdown is bot network, why hasn't someone arrested this idiot?

Re:New Face

[kefkahax]

Being that he goes by 'Witlog' either he's too young to disclose or they still don't know who he is. Either way, I'd like to point out that, though he may or may not cover his tracks well, "they break into thousands of PCs" is kind of inaccurate being that most of these DDoS bots automate the process of taking control of a machine. Most people that run these botnets don't know anything beyond compiling the bot and filling out a configuration file.

And they certainly don't deserve recognition...neither would a defacer[political or not]. I swear, "hackers" or "crackers" whatever you may prefer to call them, used to have more taste, pre-2000. Even the defacements used to carry more meaning...now it just seems like IRC channel wars, just at a new level...IRC server wars. Pretty dumb when it gets down to it.

Re:New Face

[plover]

why hasn't someone arrested this idiot?

Probably because the idiot is in Estonia, or some other place where the laws of the U.S. are not particularly respected. If all he's doing is installing adware on American PCs, you don't honestly think the local police are going to give a sh!t, do you?

Actually, they probably would. They'd probably want a 25% cut.

Re:New Face

[blast3r]

When you chase these botnet conrollers down you may find the operator in a channel on the server but normally they hide their real IP address. There is only so much you can do if you don't have access to the actual system the IRC server is located on. And even then it could be difficult to actually find them because they could be proxying through another hacked machine.

Re:New Face

[madhitz]

Yeah, right. Tracking these clowns down is easy....I believe you're giving them much more credit then they are due. Sure, proxy this, proxy that, IRC chats, etc, etc...however, somewhere along the line, they are screwing up, leaving a trail, or some link back to themselves..and you can get them there. Hell, worst case scenario, find them at the money source...that's what makes this go round.

Unfortunately, no one wants to invest the token amount of time it takes to investigate this, so it doesn't happen. You can't possibly believe that a 15-year-old botnet-asswipe, sitting at home on mom and dad's computer, could possibly outwit a highly paid and experienced network or systems analyst. They, as was mentioned in an earlier post, simply use the tool without any comprehension of how it operates....keep digging, and you'll find them...shit always ends up at the bottom.

Re:New Face

[slashdotwannabe]

...or some other place where the laws of the U.S. are not particularly respected....

This implies that there is someplace where the laws of the U.S. are particularly respected... including the U.S.

If George W doesn't have to follow the law, why should I???

Re:New Face

[aclarke]

If you break an American law in the USA and then flee to another country with which the United States has an extradition treaty, then yes your comment is valid.

However, if someone is breaking into American computers from his mom's basement in Estonia, and computer cracking is not a crime in Estonia (I'm sure it is), then the point of Estonia's extradition treaty with the United States is moot as the script kiddie has not broken the law.

For instance, the legal drinking age here in Ontario, Canada is 19. Obviously a law-abiding 19 year old is not going to be hauled out of a restaurant here and thrown in jail in the USA for underage drinking.

'New Face'?

[MECC]

Hasn't this been going to for awhile?

Better Toys

[Doc+Ruby]

These kids should be the new face of P2P research and production. Kids care more about group recognition, new toys and testing/breaking limits than they do about money. If more effort were put into giving them constructive P2P toys to play with, they would spend much less of their own effort breaking stuff.

Just stopping kids is a losing battle. The only way to win is to substitute something else into their idle hands. This has been proven over and again, most obviously with "Little League" which replaced gangs of window breakers with happy campers.

Re:Better Toys

[NitsujTPU]

You seem to be under the impression that these kids know how to do something. They're not good hackers who went bad, they're bored kids who downloaded some source code somewhere.

Meet one or two of them. Most of them do not write this software, and do not know how to either.

Re:Better Toys

[Doc+Ruby]

So if someone gave him some other simple "P2P kit" to "hack" like that, which was constructive rather than destructive, he'd be doing something useful instead of harmful. I didn't even mention the idea of "blame", or how "bad" this guy is - I didn't even refer to this guy individually. Just because windows are breakable doesn't mean people have to break them. But with nothing else to do, I'm not surprised when kids break them.

Re:Better Toys

Doc Ruby will never stop replying to you, ever. He wins by wearing down his opponents until they must stop for food, water, or rest. He is incapable of reevaluating his position, and rarely bothers to consider anyone else's points. He is the typical grumpy old man. If they ever start giving out awards for internet trollery, they should make the statues in his likeness: Little Ruby Red grapefruits wearing stethoscopes. Obviously they should be given in pairs, so the awards can be nicknamed "The Boobies."

Lucky Bastards

[Eightyford]

The worst part of this is that when these people are caught they are often given lucrative jobs at security and antivirus companies. Making the front page of slashdot will probably even look good on the lucky bastard's resume.

And what kind of name is witlog? It's like cunningpoop, or something.

Cut off the head

[Billosaur]

Witlog: why i did it? i've read an article on yahoo or smth like this
Witlog: so when i've read that article, i thought "why not to make my own"?
SecurityFix: so did you just download the source from some site and set it loose?
Witlog: yes
Witlog: changed settings, and started it
Witlog: thats all
Witlog: anyone could do that
Witlog: you don't have to know many things to do a botnet like this

This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler. He finds a script or two somewhere, configures it, and lets it go. He has no moral compass, he doesn't care about other people's property, and he seems to think this is a hoot. He sounds too much like those college boys who are accused of setting those Alabama church fires.

But as he says, anyone can do this. While it's nice that goups like Shadowserver.org are tracking down and shutting down these botnets, why isn't someone doing something about the supply source for these scripts? It's like leaving a loaded gun lying around -- some idiot may decide to use it, even though they don't know how. I say find the morons behind the botnet scripts and take them out. Stop wasting time on the small fry.

Re:Cut off the head

[Denyer]

It's like leaving a loaded gun lying around -- some idiot may decide to use it

It's really easy to make explosives. We can't ban the sale of ingredients. That's a slightly facile example -- there are legitimate uses for many things that could be used for malice, whilst fewer for exploit source code. However, prohibiting the availability of information about holes wouldn't improve the situation -- it'd mean more blackhats would have the information rather than people using that information to arrange protective measures.

How low can we set the bar?

[khasim]

All this guy did was use some source code and change some settings. Nothing major. He's not the kind of guy who's going to make another Napster. He probably doesn't even know how he's doing what he's doing.

I have to agree.

The only reason this guy is having any success at this is because of the default security settings on Windows.

No, this isn't an anti-Microsoft rant. But the fact is that without those open ports, his worm wouldn't be spreading. You cannot depend upon the end-users to correctly patch or firewall their systems.

All it would take to stop this guy is for the next version of Windows to ship without any open ports by default. Ubuntu already does this, Apple already does this.

Having a software firewall on the machine is a distant 2nd place option. If there is a flaw in the firewall software, he'll have the same opportunity he has now.

Fucking editors

[caffeination]

I know they do'n't spelcheck articlez, but this is rediculus!

Disclaimer:

[WhiteWolf666]

What he does is wrong. Don't get me wrong.

At the same time, I couldn't give a rat's ass. Leave your car unlocked, get your radio stolen, see me cry 0 tears.

Leave your house unlocked, and the fine china will walk out the front door.

Leave your computer unprotected, and your data/bandwidth will be taken.

We run OS X/Linux. Automatic security updates, 0 ports exposed, everything behind a NAT, no automatic execution of downloaded files, and nobody types in administrator password without calling me first, either because they don't know them, or they know to verify EVERYTHING with me. Did I mention that user desktops run few (no) services? CUPS, SMB, SSH. No remote or local root logins.

Everyone here understands that ANY thing they download could potentially result in all their data being messed up. Period.

The last piece of the puzzle for me would be to prevent people from "spoofing" OS X users using incorrect icons for executable mime-types. Then I'll be happy.

Why should I care?

Re:Disclaimer:

[Bob+Cat+-+NYMPHS]

see me cry 0 tears.
Leave your house unlocked, and the fine china will walk out the front door.

Speaking of which, that lock you have on your front door can be picked in a few seconds. Don't believe me? Tell me your address, and I'll report here what your Royal Doulton brought on eBay.

Stealing is ALWAYS WRONG, even if the valuables are unsecured.

Re:If only crapware were easy to remove

[plover]

and the ignorant user warned.

You really are an incurable optimist, aren't you?

Re:I'm confused..

[blast3r]

Ever tried to track these guys down? Have at it and let us know what you find out. =) First of all the term 'our authorities' sticks out. There isn't a single jurisdiction for this type of crime. A lot of these botnet operators live overseas and are hard to track down. Then if they do actually find them there are a lot of hurdles to jump through. The number of botnets is growing every day and I would guess that the number of law enforcment that deal with cybercrimes isn't growing at the same pace. This is already a huge problem and I would imagine it will only get worse.

Re:the only feature

[99BottlesOfBeerInMyF]

What would you propose we do with him then? Allowing him to continue is a very bad option, possibly the worst of all available, and currently the accepted practice in the U.S. is incarceration.

While jail time is a valid option it should be jail time minus sexual assault. This may not be the reality in all cases, but rape and physical abuse should not be an accepted part of prison and anyone who accepts it as normal, or lauds it sickens me and just makes the problem worse. For a wholly non-violent offense like this, perhaps a long probation, confiscation of funds, and a few years of regular community service would be more appropriate.

I get the feeling from reading the posts here that almost everyone is interested in revenge against people who spam or run botnets or perform DoS attacks, and no one is interested in either rehabilitation or justice. Those advocating corporeal punishment, rape, death, and eternal damnation have no sense of a punishment fitting the scale of a crime and likely have no idea what it is like to truly suffer physical and mental pain. Gee a bunch of relatively wealthy computer geeks from the first world, what a surprise.

Re:the only feature

[Pantero+Blanco]

I'm not the GP, but:

"Do you think corporal punishment and rape is an appropriate punishment for a non-violent crime or not?"

I don't see anything wrong with corporal punishment that doesn't have a long-term effect. For a teenager, a mild beating that leaves him bruised is almost certainly LESS damaging than jail-time. Note that this stops a good bit short of maiming, flogging, et cetera. It used to be that parents would do this, but it's becoming rare now, especially in Europe and more Leftist US states.

I don't like the fact that rape is used as a deterrent. That's basically the prison system finding a way around the "cruel and unusual punishment" provision by turning a blind eye. It's also a good way to drive someone absolutely insane so that they turn to more brutal crimes themselves.

The Media, and Script Kiddie Egos

[peterfa]

We all here know what a hacker is. We all know what a cracker is. We all know what a script kiddie is. That's what we know.

The audience of the media don't know what a hacker is, or what a cracker is. They don't know that these botnets are not hackers or even crackers. They don't know what script kiddies are. The BBC calls these dudes hackers.

We know why script kiddies do their worthless crap. They do it for the attention. They do it for their own ego. The money makes them extortionists and thus, criminals. The media is making script kiddies out of ordinary losers by making them famous and calling them hackers.