Slashdot Mirror
McColo Briefly Returns, Hands Off Botnet Control
A week ago we discussed the takedown of McColo (and the morality of that action). McColo was reportedly the source of anywhere from 50% to 75% of the world's spam. On Saturday the malware network briefly returned to life in order to hand over command and control channels to a Russian network. "The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to ... Trend Micro. The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last."
This is an example of the old saying "The Internet treats censorship as damage and routes around it".
Unfortunately, this is happening for the bad guys as well as us.
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
If you have "malware" on your computer, your private data is already being exposed. It could just as well be a bot net operator whose combing through your data. Who'd you rather have digging through your infected computer?
Besides, the guys used possibly ill-gotten information that was true to convince the upstream provider to shut down the ISP. The experts didn't run into the data center, pulling plugs in a rage...though that might make a neat comic book. In truth, you should blame the upstream providers. Seriously, this isn't Governments running around meting out justice. This is companies listening to private organizations.
import system.cool.Sig;
What are you smoking? Or rather, are you someone arguing a point without a clue.
Whether they had any legit customers is suspect. If they did, I'm sure they would have come to light very quickly.
No, your ISP will be notified about spam originating from its networks and they'll either deal with the user who is undoubtedly violating their TOS or the ISP's IP range will be entered into mail blackhole lists. Nothing new there.
Unlikely, and sadly you probably won't get punted off the net like you should. Instead, your computer will continue to be abused for the purposes of these criminals.
Your efforts to compare this to the drug war are completely irrational, as their causes and symptoms are wildly different. On top of that, there was no government involvement here.
wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers. Must have been pretty righteous. Of course, now it looks like they're going to have to play a game of whack-a-mole. What ISP shall die next at the hands of vigilante justice? Will my internet connection go down because someone uses my ISP for spam?
Well, frankly, yes. An ISP that turns a blind eye to such activities as accused, is just as good as helping the bad guys. And guess what... this is a war where almost anyone is willing to take casualties to end it. Now the innocent bystanders know they were dealing with shit for an ISP and have a big sign in front of their face to move to someone more reputable. It is a win for everyone, except the nefarious spammers/botnet operators that were put out by it. There is no sympathy for these folks.
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
And if the police do nothing?
"Believe me!" -- Donald Trump
Er, you can't communicate with a botnet with a harddrive, you know.
That's why your comparison doesn't make any sense. Drugs are a demand driven problem; attacking supply centers simply leads to more supply popping up. Spam is a supply driven problem; attacking supply centers leads to less spam.
If you really think that ISPs will continue to operate with gray customers, I guess you might think this is wack-a-mole, but ISPs have plenty of legitimate business and will have no problem ceasing doing business with spammers. This ISP didn't do that and learned a hard lesson. They were not a good-actor here.
Nerd rage is the funniest rage.
1. I don't have a solution, I'm just considering the ethical aspect.
What is unethical about pointing out MASSIVE violation of terms of service by an ISP to their provider? The ISP has a duty to obey the terms they agreed to, and if it can't or won't it gets cut off. Just like you or I would get cut off by our upstream for violating whatever agreement we may have in place.
2. I'd rather deal with spam, malware, and con artists clogging the internet than vigilantes blowing holes in it.
Considering the sheer cost of cleaning up this bullshit, I doubt many share the same opinion. And the intenet was designed to route around holes in it. Theoretically at least.
3. As to who's protecting them -- it's not a question of who but what. In this case, economics.
No. There are definately quite a few "who"s in this mix. Like the greedy bastards who look the other way while their customers commit felonies. They are accessories to the crimes of their clients if they don't cut them off for their criminal bullshit.
4. It has taken this long because until now people were restrained by ethical considerations prevalent within the community. However, a certain moral flexibility seems to be developing now out of frustration. This can only end badly.
Are you kidding? People have been black-holed for decades on the internet for stuff like this.
WHERE IS THE ETHICAL ISSUE WITH TELLING A PROVIDER THAT THEIR CLIENTS ARE IN GROSS VIOLATION OF THEIR ACCEPTABLE USE POLICY????
Or worse.
Either they need to act on it when its pointed out or they will find themselves having to screen their traffic for content because of some cockamamy law passed because they were KNOWINGLY looking the other way while the sold space to kiddy-porn traders after numerous people pointed it out.
What's to prevent them from doing this every few months and leaving a trail of dead service providers in the wake of our new definition of "justice" as the botnet owners simply hop from one provider to the next?
That's simple - ISPs that value their continued existence will enforce their anti-spam/botnet policies rather than look the other way and take money from anyone who can pay. This isn't vigilantism, it's the upstream ISP dropping connectivity for contract violations when informed of the situation at one of their downstreams.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Sigh
Way to ignore the obvious facts here.
The ISP had the option of blocking off the spammers.
They did not. Eventually, ISP who do not stop spam will be disconnected. The ISP that supported this botnet SHOULD be a shambles, they became that when they decided not to stop their clients spamming.
What will prevent them from going to new ISP is that ISP probably dont like being put out of business completely.
This should be a salutory lesson for the next ISP that is told they are sending spam.
I see no ethical issues, unless you are a spammer.
But I suspect troll is closer to the mark.
if spam wasn't profitable nobody would be doing it
Not necessarily. Spam may not be profitable, spamming may be. If you convince someone to pay you to spam for them, whether or not the spam itself generates any profit, you hustled them out of the money.
The use of a server located in Russia for C&C of the botnet is probably not as desirable as a US based host because of the large numbers of companies and ISPs which either black hole China and Russia entirely or subject traffic coming from and going to those parts of the Internet to much greater firewall scrutiny. I can see why they wanted the US server hosting in the first place while keeping the Russian datacenter as the backup plan.
Speaking of wild fantasies about idealist notions... Ever wanted to be paid for work that wasn't asked for or justified at the time?
The problem is, once you give the government jurisdiction to decide who can and cannot use the Internet, they will use that power to further their own interests rather than yours.
No politician will ever vote to decrease his own power.
Canter and Siegel were kicked off their ISPs in decently short order 14 years ago (1994) after starting to spam. See:
https://secure.wikimedia.org/wikipedia/en/wiki/Canter_and_siegel
Anyone familiar with the history of spamfighting will be able to point to numerous examples every year since then, of escalating size and complexity.
Vigilantism is acting extrajudicially AND illegally as a community group to right a wrong or combat a criminal. It's an inappropriate model here - the response was entirely legal. It was done by people who, contrary to your assertion, were openly identified and stood and stand by their information.
If people were assassinating botnet operators or burning McColo datacenters down, THAT would be vigilantism. This is just community response.