Return of the Web Mob

Parore writes "eWeek is running a story about the return of the web mob, highlighting all the similiarities between the online attacks and the real-world mafia. From the article: "Black hat hackers have set up e-commerce sites offering private exploits capable of evading anti-virus scanners. An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs. Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software."

People that matter don't care

[liliafan]

There is obviously a problem with botnets, virii, and trojans, part of the problem comes from a 'not my problem' attitude from law enforcement and ISP's.

Dozens of times when networks I maintain have been attacked I have contacted ISP's with all the information they would need to trace the user performing the attack and notify them that their machine is infected, however, the response I usually recieve is, 'it is our policy not to blah blah blah', when I have had verified hack attempts on my systems and have notified the authorities about it, I have been transfered all over the place, put on hold, transfered a little more until I completely loose interest, when I do get to report something it never gets investigated.

Until the people that can actually do something about these zombie machines and malicious users, get off their asses the problem will just keep getting bigger.

Re:People that matter don't care

[liliafan]

We know the people responsible are mean vicious hacker types, my point is that an ISP has a responsbility to not just protect its users from the internet but to also protect the internet from the user, if an ISP recieves a report that one of their users is doing something wrong they should take the time to check this, the same goes for law enforcement.

Users should take responsbility but you are right this will never happen, and a long as it is profitable the malicious users will continue to write their infections, the impact can be minimalised if ISPs take some responsibility for the users they allow to connect.

Re:People that matter don't care

[gowen]

The day will come when the owners of the infected computers will be responsible

Presumably, this will be the same day that women in short skirts will be responsible for their own rapes?

No matter how tempting a target I make myself, the responsibility for the crime will always remain with the criminal.

Re:People that matter don't care

[giorgiofr]

I don't think it's as insane as you think. It's quite akin to hold passengers responsible for whatever some ill-intentioned guy put in their luggage without their knowledge. After all, it's your duty to know the dangers of the machine you're operating: people are responsible for the damage if they drive at 150 km/h into a building and lose control of the car, even if they "did not know" that it was dangerous to do so.
Besides... responsible people are always the ones who have to pay for everyone else. If I keep my machine clean and safe, why do I have to suffer because you can't keep yours as mine? Is it my fault if you're stupid/misinformed/uninterested? Clearly it is not. On the contrary, I will think you are responsible for any damage (probably just some wasted bandwidth, but still) your machine is causing.

Re:People that matter don't care

[giorgiofr]

the responsibility for the crime will always remain with the criminal

and if, after being the victim, you start being the criminal, you will be held responsible for your crimes. for example: if you get HIV while being raped (btw... that's sad in so many ways I cannot count them) and you later go around merrily spreading it, you are certainly not responsible for being raped but you are for spreading the disease.

Is anyone really surprised?

[khasim]

What did anyone expect?

The problem with anti-virus software is that it is 100% reactionary. The anti-virus companies don't release updates for viruses that they haven't seen yet.

That's why I view viruses/worms as a failure of the security model of the system.

Trojans are a different matter. But even with those there are ways to mitigate the effects. If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails. There will always be a few idiots.

Some don't care, some don't understand...

[trazom28]

Most law enforcement I've worked with are great at their job.. if they can see it. Example - someone commits a crime, they can investigate and arrest. However I'd say about 1/2 of general law enforcement people do not grasp the concepts of the "virtual" world, through no fault of their own.

While Opping on irc, I noted a person claiming to sell laptops at 1/2 retail cost.. new ones. I pretended interest, and got some contact info.. forwarded this on to law enforcement for his area... within a week, the detective emailed me to say they'd busted a fraud ring. It was tangible, they could deal with it :)

Internet crimes still deal a lot in the virtual world, and if you haven't been trained on how to.. visualize and understand it, it's a tough concept. Not everyone gets it.

As with a lot of things, the key would be training. You're probably not going to get a small town sheriff trained, however some of the larger sheriff's departments would be excellent centers for this.. keep it to county level, forward to state or federal if needed.

And people wonder...

[John+Hansen]

... why other people can take advantage of their computers?

I run a network in a medium-sized business. When I came in, there was no IT staff to speak of. All the workstations were Dell computers, mostly running the default installations of Windows XP. There was a Windows 2000 domain controller set up, but most of the computers were not set up for the domain, meaning that there were no default security policies. The E-mail server had an antivirus scanner installed but it wasn't updating its definitions.

Since I came in, I've had to reformat & reinstall at least half of the workstations because they've been infected with spyware and viruses. This is because, despite having virus scanners, spybot scanners (Microsoft Anti-Spyware, Spybot, and Ad-Aware), and Firefox installed, the absence of IT staff meant that the company staff were ignoring spybot warnings, the antivirus was not up to date, and they were browsing the web with Internet Explorer.

I'm still fighting the use of Internet Explorer, since we have no real reason to be using it -- most all of the websites we access are Firefox friendly. However, the momentum means that I can't just block out access to it in the domain policy. People need to migrate their bookmarks and preferences over, and that isn't done overnight. It's maddening.

So who do I blame when I see headlines like this, or when I look at the company I work at and see a mess? My first point of blame lies with Microsoft for creating such a vulnerable infrastructure to begin with. And that's not because I'm an anti-MS or Linux zealot. It's true, I run Linux at home on every computer. It's also true that since coming in, I've set up a number of Linux servers and a Linux firewall. I know how to work with Microsoft products and lock them down to a reasonable state. It's just that it frustrates the hell out of me when a product built-in to the operating system has so many vulnerabilities, and it's a freaking product used to browse the web! Not something essential to the system like the kernel (which has problems too)... a web browser! Something that should have no system access!

So yes, I lay most of the blame for this kind of travesty at Microsoft's feet. Had they actually thought their design through before they started coding, I can almost assure you that we would not be having this kind of problem to begin with. There would be viruses for Windows, yes. There would be worms for Windows, yes. But I find it unlikely that a properly-designed Windows would have made it possible for there to be millions of zombie PCs across the world, able to be bought by the highest bidder.

The rest of the blame I lay on user education. Most people with computers are totally oblivious about what's on the Internet. They just click on the big 'e' and surf their favorite porn sites, check email for funny comments, et cetera. And then they wonder why they get hundreds of popups and their computer runs slow as frozen molasses. Some of this could be stopped if network admins took some effort to educate their users in a business environment (herculean but possible, and I know some organizations actually do so). Which leaves the home PC users. What do you do about them? Well, I think that's more Microsoft's responsibility, since they're the ones who created the product.

In the meantime, I'm setting up Ubuntu for people who want it, or giving out CDs with it on them and directions. And most people I've switched have been quite happy with it, since their main needs are web browsing and Email and it covers those. So until Microsoft produces a product that I can actually recommend to my mother, I cannot recommend Windows.