Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI's Bot Roast II Sees Great Success

Posted by Zonk on from the electric-bugaloo dept.

coondoggie passed us another Network World link, this one discussing the FBI's newest offensive against botnets. They're calling it Operation Bot Roast II. Apparently it's already been quite successful, leading to indictments, search warrants, and the uncovering of some '$20 million in economic loss. writes "Today, botnets are the weapon of choice of cyber criminals. They seek to conceal their criminal activities by using third party computers as vehicles for their crimes. In Bot Roast II, we see the diverse and complex nature of crimes that are being committed through the use of botnets," said FBI Director Robert S. Mueller. "Despite this enormous challenge, we will continue to be aggressive in finding those responsible for attempting to exploit unknowing Internet users." I can't help but think, though: how many more of these things are out there that this 'sting' didn't touch?

24 of 129 comments (clear)

  1. just a drop in the bucket by Anonymous Coward · · Score: 3, Insightful

    $20 million in economic loss So they stopped about a days worth of profit?
  2. well by moogied · · Score: 5, Insightful

    20 million in economic loss

    And what was the cost of this project to begin with?

    --
    So basically, -1 troll/offtopic is really slashdots way of saying "I hate that you thought of something before me."
  3. don't worry about how many... by zappepcs · · Score: 2, Informative

    There are plenty. If the government knows how to find botnets, they know how to run their own. I am willing to bet that pretty much any government worth anything will be using them, or has been using them to spy on other countries. If you believe that the NSA is NOT using one, you need to go get a tin foil hat this afternoon, and I mean it.

    Industrial espionage doesn't seem likely, but it is happening already. Those without visible malicious activities or results will go undetected. They are out there in the wild now. No, that is not just tin foil hattery, it is true. There have been a couple of cases of espionage already uncovered and prosecuted. It would have stayed undetected had it not been for human error in the loop.

    Imagine a virus that has one goal... to find a computer with your name as a user. Then, with galactic sized patience, waits... deleting one file per week, the oldest .txt file on the computer, or the oldest .xls file on the computer... or any .ppt files on mounted network shares that are older than 6 months (after copying them to some unknown IP address across the globe somewhere). This virus looks like a computer program owned by and run by a user. It goes undetected for several years... data loss is attributed to poor system performance/upgrades/hardware failures.

    It has stored itself on network drives so that it can re-infect later if needed.

    Malicious software is more dangerous than you think, and already this type of software is out there in the wild.

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:don't worry about how many... by 77Punker · · Score: 4, Insightful

      Nobody on Slashdot trusts governments, but you make vague claims about widespread government and business use of botnets. Care to show us some examples?

      I don't understand why the NSA needs a botnet; they have all the computing power they need and know how to spoof anything else. They don't need your computer to do their dirtywork; they can do it all on their own.

    2. Re:don't worry about how many... by blast3r · · Score: 2, Insightful

      I just now realized I don't know what "Score:5, Informative" means on /. anymore. Shouldn't this be rated 'funny'?

    3. Re:don't worry about how many... by Danathar · · Score: 2, Insightful

      I only believe what I have evidence to see, unless we are talking about religion then it's a self evident truth that I'm only privy to.

      Now not saying that your THEORY that the NSA has their own botnets does not have merit (I can think of reasons why) but do you actually have evidence? Or are you just saying "The NSA is Evil and Evil hackers like Botnets so the NSA has botnets"

    4. Re:don't worry about how many... by Rinikusu · · Score: 4, Interesting

      Isn't this what many of us romanticized about back in the late 80s/early 90s? The Cyberpunks, with their l33t hacking skills, breaking into corporate dataspace, stealing intel, selling it to the highest bidder? Yeah, some innocent "civvies" get caught in the crossfire, but here it is. Except not.

      Where are the grizzled, thick russian accented, boots wearing, crusty hackers in their survival-style grey-market Russian SUVs decked out with a hodgepodge of the sweetest, cutting edge tech and an old C-64 for shits and giggles online in the back? Where are the dark, smoke-filled bars where suits and data cowboys secretly meet up to exchange USB keys and microdrives for cold, hard cash?

      The future is here, but it's certainly not sexy. Geeks are still geeks. :/

      --
      If you were me, you'd be good lookin'. - six string samurai
  4. Seems like a cool job by dave562 · · Score: 3, Interesting

    Working for the FBI you'd get to put all of the knowledge that you have to use, your peers would look up to you for leveraging knowledge that you consider to be trivial, you'd get to go after spammers and botnet operators, AND you get to carry a firearm. Sure the pay kind of sucks, and the hours are probably pretty brutal at times, but all in all it would probably be a pretty good job.

    1. Re:Seems like a cool job by _.-+thimk!+-._ · · Score: 5, Informative

      There are up sides and down sides.

      Get to use all your skills? Full stop. Let's review.

      This is the government, with everything that comes with it. Those of you with government experience know what this means. Bureaucracy. Red Tape. Paperwork. For those of you who haven't had the experience, think of the most amazingly, monumentally, mind-bogglingly inane busywork paperwork you've ever had to deal with, and then multiply that by the biggest number you can imagine. Keep imagining.

      How well does bureaucracy adapt to change and embrace new technology, and all of it's associated skills? Here's a hint. The Bureau is still using Hoover's secretary's original filing system. Yes, it's still manual. Still paper. No changes. The same system. CSI is entertaining fiction.

      Other than small numbers of your fellow squad-mates who are also on cyber detail, your fellow agents are likely neo-luddites, mildly intimidated by word-processing. They're very, very bright people, with a lot of skills. Those skills, however, largely don't involve computers. And for the most part, they don't have to. Most areas of the office are air gapped, anyway. (Really, for the most part, they probably don't trust computers -- which, if you think about it, suggests they are pretty bright after all -- but they're probably not entirely sure they trust someone who spends too much time with them either. Put in enough time on the range, working out, knocking on doors, pounding pavement, and using your head to show you have a clue and you won't get them killed, and then you'll be okay. But not before.)

      As for your primary prey, it will not be spammers. It will not be botnet operators. It will not be industrial spies. You will not for the most part, young padawan, be matching your jedi skills against the very best the dark side has to offer.

      You will be chasing kiddie porn peddlars, and child molesters. You will be pretending to be 12-year-old girls in chat rooms. When you're doing well, you will be knocking on doors at 5 am, having to spend countless hours reviewing video tape collections to see what has been taped somewhere in the middle of those 400 episodes of 'the golden girls', or all of those Richard Simmons videos. When you find it, you will have to catalog it. (You will learn to be grateful for the fast-forward button on your remote. And you will see things you wish you could unsee.)

      If you're a badge-carrying Special Agent, yes, you're armed. "How cool, is that!", you say. You're armed whenever you're on duty, wherever you go. It's a Federal License. Those pesky little state limitations on firearms don't apply.

      Add one little detail. You're on call 24x7x365. Which means you have to be able to report for duty at any time, with no advance warning. Which means you're armed -- all the time. No breaks. No holidays. No days off without a sidearm. (Ponder this: where do you put your piece if you want to go to the beach?)

      Pay? For a rough rule of thumb calculation, take your current salary in your technical field. Divide by 2 to 2.5. The greater your technical skills the larger the number you'll divide by. You don't get paid based upon your skill set. You get paid based upon your grade. Which is dependent upon time in chair, once you're actually in. Unless you're former law enforcement, former military, or worked for a different governmental agency, in which case you'll start at a higher grade than someone without that background. (Though not necessarily at your previous grade, either.)

      Hours? Standard base is a 50 hour week. Unless you're needed for anything else, in which case it may be more. For a lot of tech folks, 50 hours is no big deal, you think. But, here's the kicker. Your morning will usually start at 5 am, in order to get to the office by 7 am. Unless you're knocking on someone's door, in which case you're probably up by 3 am. Or you're on stake out, in which case you're working whatever you're working. (If you're early, you're o

  5. Who cares? by wiredog · · Score: 4, Insightful

    If the cost of a burglary investigation is likely to exceed the cost of the burglary, do the police not investigate?

    --

    Best Slashdot Co
    1. Re:Who cares? by Smidge204 · · Score: 3, Insightful

      The fallacy there is thinking financial loss is the ONLY aspect of botnet operation. Botnets cause a lot more damage than what fraud and spam cost.

      A better analogy would be investigating a serial arsonist and discovering a link to a recent rash of burglary incidents in the process.
      =Smidge=

  6. About half by QuietLagoon · · Score: 4, Interesting

    This past week or two, the SPAM level on my servers has been running about half of what iut had been last month. I chalked it up to the holidays, but now I wonder if the arrests had anything to do with the reduced level?

  7. Crime is relatively unchanged by JRHelgeson · · Score: 5, Insightful

    While they did work to take down some botnets, they could only take out the criminals where they had jurisdiction - which is in the USA. Yes they work with Interpol and have made some symbolic arrests overseas. By and large, the botherders and real criminals continue to operate from countries with internet access combined with a dysfunctional or non-existent legal system (think Russia, Nigeria, Brazil), or simply where the computer crime laws have yet to catch up with the technology (think Spain, Portugal). Countries such as Russia, Brazil are high up on that list of professional criminals that are able to afford the bribes necessary to stay in business.

    --
    Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
  8. 95% of all email is spam by mcelrath · · Score: 2, Insightful

    When the level of spam drops back below 95% of it being spam, I'll believe these guys are doing their jobs.

    Until then, they're just a bunch of ineffectual wankers, and are increasingly more ineffectual as time goes on.

    The FTC, FBI, CIA, and NSA are wasting their resources chasing some overinflated bogeyman risk ("terrorists") and meanwhile our communications, financial and transaction systems are under heavy assult. The long term effect of this is lack of confidence in transactions in general, and that is the primary thing that holds economies together.

    In other words, we're seriously boned unless these jokers get their act together.

    --
    1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
  9. One thing that was overlooked here by jskline · · Score: 3, Interesting

    One thing that was overlooked here or at least not explained is what happened to all the Bots??? I would be willing to bet that control of these Bots was handed over to another cohort or co-conspirator before being removed from access.

    So it begs the question who now has all those Bots??? Are they or how do they plan to notify these people that their machines are infected and that they need to be cleaned...???

    --
    All content in this message is copyright (c) 2008. All rights reserved. RIAA is prohibited here.
  10. Tools needed to do this by Thagg · · Score: 4, Informative

    What kind of tools would the FBI, or any TLA, need to go after botnets?

    Assuming that the 'nets were employed to do something blatant (and this is surely not universally the case) you would watch the DDOS or spam attack and see what IP addresses were doing that, then you'd want to go back and see what machines communicated with those machines in the past, and the machines that communicated with those machines. Mining that information should, at some point, lead you to the systems that originated and controlled the attack.

    Of course, nobody has that information, right? Nobody can possibly save all the connections between all machines on the internet, certainly not for any length of time...[now is the time to get out your envelopes to do calculations -- I don't think it's by any means impossible to do this.]

    If you can't save the whole net, then perhaps you can set probes -- watch internet nexi for IP addresses to go by, once you've identified a few hundred thousand bot-infested machines. Assuming that a bot herder uses machines more than once [another perhaps unsupportable assumption] you could do the same analysis, more slowly, by tracking with these probed addresses as they come across the wire.

    I hate botnets, they will destroy the 'net, but I'm not sure that the solution is any better than the problem.

    --
    I love Mondays. On a Monday, anything is possible.
  11. We need RICO prosecutions. by swb · · Score: 2, Insightful

    They need to follow the money behind some of these spammers and start RICO prosecutions against anyone who even had a tangental relationship with these people.

    If the legitimate world was worried about $100k fines and 20 years in a Federal-run-by-the-Aryan-Brotherhood-pound-me-in-the-ass prison for dealing with spammers and their ilk, it'd get a lot colder out there for spammers.

  12. Re:The glass is half empty? by plague3106 · · Score: 2, Insightful

    Unlike botnets though, problems associated with drugs would dry up if they simply removed laws banning said drugs.

  13. Re:The glass is half empty? by PitaBred · · Score: 2, Insightful

    Yeah, I mean, what's wrong with a little 'roid rage? Someone wacked out on PCP feeling no pain deciding to go on a rampage, people OD'ing because of ready access to heroin, cocaine, whatever.

    I'm for a little deregulation of things like pot that aren't that addictive or dangerous, but a completely uncontrolled drug system would be at least as bad or worse for our country than the drug war is now.

    --
    My blog. Good stuff (when I remember to update it). Read it.
  14. Re:The glass is half empty? by MrMonroe · · Score: 4, Insightful

    Who wants totally uncontrolled system? Weed at 18, harder drugs at 21, no PCP or Oxy without prescription. Fair? Tax the lot of it and let transparent companies take control of the market and you eliminate virtually all of the violence associated with the drug trade. As it is, we simply enrich the kingpins and encourage more people to get into the business.

  15. FBI vs. Russian Mafia by tristian_was_here · · Score: 2, Informative

    The FBI is not as effective as the Russian Mafia.

  16. It's too bad they're treating the symptom... by pyrr · · Score: 4, Informative

    ...but not the disease. So a bunch of botnet-herder script kiddies and other ne'er-do-wells who exploit a situation are in jail. Did they patch even a single one of the compromised Windows systems that were a part of the botnet? No, they "disrupted" the botnets, which supposedly is going to reduce their ability to be compromised for criminal purposes in the future. I'm sorry, but unless they somehow repaired the exploits, or confiscated the compromised machines and thus removed them from the internet, they're still a bunch of junkers spewing malicious packets and waiting for some new bot-herder to take the helm, hazardous to the infrastructure as well as all the other computers they share the "tubes" with.

    The fundamental problem is a single-user operating system that had networking capabilities cobbled-on, but that still is set up like a single-user environment where trust and security weren't perceived as issues. I'd like to see Microsoft step-up to the plate and put effort into developing exciting extras to be bundled with security updates that would at least make their users get more motivated about patching. Of course there's more to security than that, but we're all going to have to live with the mess Microsoft has made with pretty much every OS up to (and quite possibly still including) Vista, for years to come. Barring any proactive effort on Microsoft's part, it seems to me like the FBI has some responsibility to track down computers used in crimes and do something just a bit more permanent than just "reducing" their ability to facilitate criminal activity in the future.

  17. Re:The glass is half empty? by Gospodin · · Score: 4, Funny

    And then you sue all those companies for umpteen billions. Indeed, why should Big Cocaine be different from Big Tobacco?

    Hey now, relax. Currently we're only sending the US Marines against the drug cartels. Now you want to unleash an army of lawyers on them?! Talk about your cruel and unusual punishment.

    Heck, forget waterboarding. Let's just put the terrorists at the Gitmo through a prolonged child custody battle. They'll crack in no time.

    --
    ...following the principles of Heisenburger's Uncertain Cat...
  18. Is this a good thing? by fastest+fascist · · Score: 2, Insightful

    Whenever I hear about law enforcement successes in the "cyber" sphere, I can't help but feel a bit uneasy. I've no love for botnets or the people who run them, but I also don't much like the idea of an increased police influence on the Internet. Whatever techniques they learn in apprehending criminals, they will also apply when acting as censors, and I also fear that these wins over criminals will act as good propaganda for having a policed net in general.