Slashdot Mirror
FBI's Bot Roast II Sees Great Success
coondoggie passed us another Network World link, this one discussing the FBI's newest offensive against botnets. They're calling it Operation Bot Roast II. Apparently it's already been quite successful, leading to indictments, search warrants, and the uncovering of some '$20 million in economic loss. writes "Today, botnets are the weapon of choice of cyber criminals. They seek to conceal their criminal activities by using third party computers as vehicles for their crimes. In Bot Roast II, we see the diverse and complex nature of crimes that are being committed through the use of botnets," said FBI Director Robert S. Mueller. "Despite this enormous challenge, we will continue to be aggressive in finding those responsible for attempting to exploit unknowing Internet users." I can't help but think, though: how many more of these things are out there that this 'sting' didn't touch?
I can't help but think, though: how many more of these things are out there that this 'sting' didn't touch?
How much bigger is the Sun than Earth?
And what was the cost of this project to begin with?
So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
There are plenty. If the government knows how to find botnets, they know how to run their own. I am willing to bet that pretty much any government worth anything will be using them, or has been using them to spy on other countries. If you believe that the NSA is NOT using one, you need to go get a tin foil hat this afternoon, and I mean it.
.txt file on the computer, or the oldest .xls file on the computer... or any .ppt files on mounted network shares that are older than 6 months (after copying them to some unknown IP address across the globe somewhere). This virus looks like a computer program owned by and run by a user. It goes undetected for several years... data loss is attributed to poor system performance/upgrades/hardware failures.
Industrial espionage doesn't seem likely, but it is happening already. Those without visible malicious activities or results will go undetected. They are out there in the wild now. No, that is not just tin foil hattery, it is true. There have been a couple of cases of espionage already uncovered and prosecuted. It would have stayed undetected had it not been for human error in the loop.
Imagine a virus that has one goal... to find a computer with your name as a user. Then, with galactic sized patience, waits... deleting one file per week, the oldest
It has stored itself on network drives so that it can re-infect later if needed.
Malicious software is more dangerous than you think, and already this type of software is out there in the wild.
Support NYCountryLawyer RIAA vs People
Sorry, just trying to figure out a botherder joke.
Engineering is the art of compromise.
I'm sure there's plenty more out there, but at least they're trying...
It's like the so-called 'war' on drugs, it is unfortunately very hard to align the same financial - and therefore physical - resources as the bad guys.
Also as per the war on drugs, the bad guys also include people in governments - but think Russia and China rather than Colombia & Afghanistan...
These fools are pretty much all in their twenties.
Working for the FBI you'd get to put all of the knowledge that you have to use, your peers would look up to you for leveraging knowledge that you consider to be trivial, you'd get to go after spammers and botnet operators, AND you get to carry a firearm. Sure the pay kind of sucks, and the hours are probably pretty brutal at times, but all in all it would probably be a pretty good job.
If the cost of a burglary investigation is likely to exceed the cost of the burglary, do the police not investigate?
Best Slashdot Co
This past week or two, the SPAM level on my servers has been running about half of what iut had been last month. I chalked it up to the holidays, but now I wonder if the arrests had anything to do with the reduced level?
While they did work to take down some botnets, they could only take out the criminals where they had jurisdiction - which is in the USA. Yes they work with Interpol and have made some symbolic arrests overseas. By and large, the botherders and real criminals continue to operate from countries with internet access combined with a dysfunctional or non-existent legal system (think Russia, Nigeria, Brazil), or simply where the computer crime laws have yet to catch up with the technology (think Spain, Portugal). Countries such as Russia, Brazil are high up on that list of professional criminals that are able to afford the bribes necessary to stay in business.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
If I had to guess, I would say it is roughly the same number of computers in use by the US government...
When the level of spam drops back below 95% of it being spam, I'll believe these guys are doing their jobs.
Until then, they're just a bunch of ineffectual wankers, and are increasingly more ineffectual as time goes on.
The FTC, FBI, CIA, and NSA are wasting their resources chasing some overinflated bogeyman risk ("terrorists") and meanwhile our communications, financial and transaction systems are under heavy assult. The long term effect of this is lack of confidence in transactions in general, and that is the primary thing that holds economies together.
In other words, we're seriously boned unless these jokers get their act together.
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
One thing that was overlooked here or at least not explained is what happened to all the Bots??? I would be willing to bet that control of these Bots was handed over to another cohort or co-conspirator before being removed from access.
So it begs the question who now has all those Bots??? Are they or how do they plan to notify these people that their machines are infected and that they need to be cleaned...???
All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
What kind of tools would the FBI, or any TLA, need to go after botnets?
Assuming that the 'nets were employed to do something blatant (and this is surely not universally the case) you would watch the DDOS or spam attack and see what IP addresses were doing that, then you'd want to go back and see what machines communicated with those machines in the past, and the machines that communicated with those machines. Mining that information should, at some point, lead you to the systems that originated and controlled the attack.
Of course, nobody has that information, right? Nobody can possibly save all the connections between all machines on the internet, certainly not for any length of time...[now is the time to get out your envelopes to do calculations -- I don't think it's by any means impossible to do this.]
If you can't save the whole net, then perhaps you can set probes -- watch internet nexi for IP addresses to go by, once you've identified a few hundred thousand bot-infested machines. Assuming that a bot herder uses machines more than once [another perhaps unsupportable assumption] you could do the same analysis, more slowly, by tracking with these probed addresses as they come across the wire.
I hate botnets, they will destroy the 'net, but I'm not sure that the solution is any better than the problem.
I love Mondays. On a Monday, anything is possible.
They need to follow the money behind some of these spammers and start RICO prosecutions against anyone who even had a tangental relationship with these people.
If the legitimate world was worried about $100k fines and 20 years in a Federal-run-by-the-Aryan-Brotherhood-pound-me-in-the-ass prison for dealing with spammers and their ilk, it'd get a lot colder out there for spammers.
or as a sales copy editor at an antivirus vendor
that was the most craptastic display of doom and gloom paranoid hysteric FUD i've seen in a long time
"If you believe that the NSA is NOT using one, you need to go get a tin foil hat this afternoon, and I mean it"
yeah, okay then
!?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
In the comic, a guy has a 40+inches computer display showing a network of viruses in virtualized Windows installs, as an alternative to an aquarium. What is most interesting is the alternate text. It says:
Bot nets no longer hosting of sexy time with childrens. Operation is Great Success! High Five!
legal subpoenaes being issued? Or was it done without them?
If so, when and where were they issued and by whom? If not - WHY not?
Inquiring minds want to know.
So does the ACLU, I bet.
The FBI is not as effective as the Russian Mafia.
...but not the disease. So a bunch of botnet-herder script kiddies and other ne'er-do-wells who exploit a situation are in jail. Did they patch even a single one of the compromised Windows systems that were a part of the botnet? No, they "disrupted" the botnets, which supposedly is going to reduce their ability to be compromised for criminal purposes in the future. I'm sorry, but unless they somehow repaired the exploits, or confiscated the compromised machines and thus removed them from the internet, they're still a bunch of junkers spewing malicious packets and waiting for some new bot-herder to take the helm, hazardous to the infrastructure as well as all the other computers they share the "tubes" with.
The fundamental problem is a single-user operating system that had networking capabilities cobbled-on, but that still is set up like a single-user environment where trust and security weren't perceived as issues. I'd like to see Microsoft step-up to the plate and put effort into developing exciting extras to be bundled with security updates that would at least make their users get more motivated about patching. Of course there's more to security than that, but we're all going to have to live with the mess Microsoft has made with pretty much every OS up to (and quite possibly still including) Vista, for years to come. Barring any proactive effort on Microsoft's part, it seems to me like the FBI has some responsibility to track down computers used in crimes and do something just a bit more permanent than just "reducing" their ability to facilitate criminal activity in the future.
Just wondering: what does SPAM stand for? Sudden Plethora of Awesome Mail?
"Believe me!" -- Donald Trump
It would be dangerous. If you want a computer to process something, that computer is going to be looking at whatever it is processing in an unencrypted form at some point. You can be all tricky about it, but there's no avoiding that. That's why AACS was bypassed so easily, they key in on the computer, there's no avoiding it.
So for the NSA to put classified data on public machines would imply that people could get at it.
Whenever I hear about law enforcement successes in the "cyber" sphere, I can't help but feel a bit uneasy. I've no love for botnets or the people who run them, but I also don't much like the idea of an increased police influence on the Internet. Whatever techniques they learn in apprehending criminals, they will also apply when acting as censors, and I also fear that these wins over criminals will act as good propaganda for having a policed net in general.
Bloodthirsty racist assassins for U.S. imperialism, burn in hell.
We will never forget. Sweep away racist police terror with proletarian revolution!
...of extraordinary magnitude. We forge our tradition in the spirit of our ancestors. You have our gratitude.
I saw it on Slashdot, it must be true!
Welcome to the internet. Are you from the past?
well, apparently we differ in one big respect. If I 'knew' people that ran botnets I'd beat the shit out of them and I would not claim to 'know' them any longer. /. about the size of your acquaintances bot net is a new low.
Assholes like that will sooner or later give governments an excuse large enough to regulate the internet. To actually brag on
MP3 Search Engine
> I'm for a little deregulation of things like pot that aren't that addictive or dangerous, ...
> but a completely uncontrolled drug system would be at least as bad or worse
Currently commerce in "illegal drugs" is completely uncontrolled. There is regulated commerce in drugs and you can get those with a prescription (or without) at any licensed pharmacy. But there are drugs you cannot get at licensed pharmacies and those you get in the "free market". So what completely banning those drugs achieved is actually deregulation and complete lack of control.
Advertisers hire spammers that hire botnet herders. If advertisers can indirectly fund botnet operations and go free we would always have botnets. They would just have to hide it down an extra level or two of accountability so law enforcement doesn't gain access to someone that can be prosecuted. So the law has to adapt and make whoever purchases services based on stolen computer or network resources accountable. This would have the effect of establishing trade practices where advertisers would not buy services that don't have established reputation of not using stolen resources either directly or indirectly.
It is quite easy to find most advertisers using spam, as they have to make money somehow, and they are usually operating in the same market as the receivers of their spam. So what's needed is a way to have received spam data collected and tied to botnet activity. An advertiser whose many spam advertisements can be tied to many sources that are identified as a botnet can then be persecuted, and either be punished or cooperate and reveal the next level of accountability (i.e., whoever sold the botnet-based services).
How do you get people whose computers are infected and become part of a botnet to tell law enforcement about their computers being broken into, and inviting law enforcement to collect evidence (as they would have done if their house was broken into? This is the real challenge. These people usually don't know their computer has been broken into, and if they find out they just have their Anti-Virus/Anti-malware software remove the malware and any evidence about the computer having been broken into. The sources that can tell which computers are broken into are headers and content in received spam, but these are also just disposed off. What we need is to collect all this info, analyze it, map the botnets and tie them to their end users (advertisers who paid for spam to be sent). This might be done through anti-spam and anti-malware software, whose behavior must be changed so instead of just getting rid of the annoyances they would also contribute available evidence that can be used against those who cause the annoyances.
Spam sent using a zombie PC leads to that machine. The problem is then getting to that specific machine.
What we lack is some standard way to use information about origin of spam to have the police actually contact a person and say: "we found out your machine was hijacked and we have some info tying it to whoever paid to abuse your machine. We hope we can get enough evidence by checking you PC so we can prosecute". Not all spam but some of it can be tied to whoever paid for it, and if people who own the hijacked machines can be reached, some of them would gladly help the police nail the bastard who broke into their PC, or at leastthe bastard who paid to use the PC that was broken into!
A couple of days ago, it went away. Zip, zilch, zero, nada. To a first Occamatic approximation, they must have nailed the generator of this stuff.
I refuse to believe corporations are people until Texas executes one. -- desert rain on http://www.dailykos.com/user/
I must vote for a mod-down here. Like it or not, the feds are here to PROTECT us. If we did NOT have a federal government at ALL, anarchy would settle in, and pretty soon we'd all be answering to some bullshit DICTATOR like, say, Saddam was, just because he was quickest with the shotgun and got to the "throne" before anyone else. That's why it's called a "power vaccuum". Vaccuums IRL are hard pressed to remain unfilled because, quite literally, a TON of air is just itching to cause an implosive collapse. I may not like the feds, but I'd rather be with them than without them.