Slashdot Mirror
Mariposa Botnet Beheaded
northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"
Another one bites the dust...
Good for them, but I still don't see a noticeable reduction in my spam mail. Gotta keep working at it, guys.
(((dB)))
I know it's just one botnet of many, but stories like this make me smile anyway.
From TFA:
how quaint: apparently in Spain, the accused have some right to privacy
That's because in Spain you're not guilty until proven guilty by a court of law. The days of the Spanish inquisition are over.
What country doesn't protect its accused in the 21st century?
Great that another one went down, but the line about catching a lucky break was disturbing. ISP's dont normally cooperate when told they are harboring botnets? Isnt not cooperating pretty much the same as supporting it? Why not just publicly list them and black hole them? I would imagine it wouldnt take much of that to get them to want to cooperate.
All these stories remind me of the war on drugs. Every so often, the government nabs a big drug gang, and they have some impressive sounding stats and a PR photo with as much loot spread out as possible "this cache had a street value of 8 billion dollars", with of course all the guns and other stuff lined up, and, yet, the price of drugs on the street continues to fall, people are still running out of emergency rooms with iv's inserted so they can mainline... this whole sorry truth is that you can't expect the gov't to really defend your computer any more than it can defend your house.
This is my sig.
...they lost all their IRC channels.
Source: http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-093006-0442-99
I feel like some criminals are just stupid . . I mean really? You do all this stuff from your home computer? If I ever had to 'go rouge' I feel that I could last for years just off of common sense alone by using different public computers in a place with no cameras. Hell, I may even use repeatedly use someone elses computer just to further shed the blame.
Since when does being a Socialist mean 'someone who has a different opinion than me'?
Some justice systems emphasise correction instead of simple eye for an eye. Even if you make grave missteps, once attoned for you should get a chance to show you've bettered yourself. Too many people will assume ``once a crook, always a crook'', and while not infrequently true, this isn't always the case. If only just for those few people who do better themselves privacy WRT criminal justice is a good thing. Think about it.
There's more: In some countries (eg Spain) the justice system is rooted in the royal prerogative to administer justice, thus criminal justice cases are necessairily crown vs. accused, and therefore the rest of the populace has in principle no need to know the name of the accused. You could argue that for certain cases there would be a legitimate interest or need for the public to know, but that's another discussion and doesn't apply here.
'How quaint' that you're innocent until proven guilty?
Am I the only one that is getting tired more and more frequently by juvenile editorial quips?
I used to come here for impartial, to the minute news - neither of which seem to exist in any great quantity anymore.
"The Mariposa botnet, which has been dismantled, was easily one of the world's biggest. It spread to more than 190 countries, according to researchers. It also appears to be far more sophisticated than the botnet that was used to hack into Google Inc. and other companies in the attack that led Google to threaten to pull out of China." ----- Wait, what? This was written by the AP's "technology writer". I guess he doesn't read /.? The Google attack was not a botnet.
They probably simply changed the IP addresses for the servers that were commanding the bot net. The ISP might have some explanations to do, if it broke the contract with the botnet operators, or the botnet operators might have some explanation to do if they broken their Terms of Service.
"What gives these bloody do-gooders the authority to "take over" other people's servers?"
The same authority I have to "take over" someones car keys if I see them staggering out of a bar, and fumbling around to find the lock on their door while throwing up all over the hood. If you're acutely aware, and certain, that your non-action is allowing an illegal activity to take place then why not intervene? The problem today is that too many people just stand there like idiots doing nothing in the face of evil or criminal activity. The fact the servers these shitbags were using were probably compromised, or funded by illegal activities is neither here nor there.
Code, Hardware, stuff like that.
Sometimes you can just tell it's a kdawson submission. I would like to see a summary of the summary now please!
I tried to think of a good sig, and this wasn't it.
"NOOObody expected the Spanish ISPs to cooperate!" - Cardinal Ximénez
Our law. When I am aware of a crime happening, I have to stop it if it is in my power (without endangering me or anyone else) or call the police. Not doing either would make me an accomplice.
In other words, I pretty much have to take over those servers and shut them down or hand them over to the relevant authorities, or face criminal charges myself.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Why is it so hard to dismantle a botnet? Rather than find the botnet owners by technical means, surely all they need to do is determine who are the businesses being advertised via spam from the botnet, and get them to spill who they did their advertising deal with.
I mean the advert always has to specify somewhere to send your money right?
It seems to me that if they made it as illegal to be an 'spamvertiser' as it is to be a botnet operator, and actually enforced it with presecutions, I bet the whole botnet and spam thing generally would stop happening due to a lack of businesses willing to pay to use that method for advertising.
The most common things people do when they are witnesses to someone committing an illegal activity is re-elect him.
You are in a maze of twisty little passages, all alike.
If ISP helped authorities on these things, there wouldn't be botnets, nor spam. Many attempts at preventing spam stop at their refusal to help. It would be nice to force them by lay to cooperate with spam fighting efforts. Sadly laws to force them to cooperate fighting "piracy" seem to pass easier..... =/
+1 For Georgia Tech!! go jackets!!
The American way (i.e the right way) to do this, would be continuing coverage, so the people stay informed-envolved-in touch: "Still no decision as the trial against Jose Bandito [ugly picture], nicknamed the spam king, goes into its third week, costing the taxpayer almost 10000$ a day."
Here's one reason botnets thrive: In addition to the fact that the perpetrators are likely to get away with it, per one article, They face up to six years in prison if convicted of hacking charges..
6 years max? For hacking 12 million computers? Ignoring the intrusions, how much did it cost the victims in labor and downtime to fix it? Hundreds of millions? And add to that the damage they did with the botnet; I don't know what this one did, but it could be spam, DDoS attacks, stolen personal info, extortion, etc.
Also, I still don't understand why the U.S. government doesn't treat these wide-spread, expensive crimes as a priority. Given the scale of these crimes, there should be a large task force pursuing them. I get the sense they are looked on as computer problems, not crimes.
From a Spanish newspaper:
http://www.elpais.com/articulo/tecnologia/Cae/red/cibercriminal/Mariposa/controlaba/millones/ordenadores/zombis/190/paises/elpepusoc/20100302elpeputec_8/Tes
They controlled 13 million of IP's and personal data of 800,000 people, which they used to sell to third parties. To mask the money income, they engaged in online poker games where they lost intentionally, but they never paid.
They used a system to hide their IP's until one of them forgot to use it.
Their names are protected, but not their initials and alias:
Name.Surname1.Surname2. (age) "alias" (place)
F.C.R. (31 yo) "Netkairo" / "Hamlet1917" (Balmaseda, near Bilbao)
J. B. R. (25 yo) "Ostiator" (Santiago de Compostela, La Coruña)
J.P.R. (30 yo) "Johny Loleante" (Molina de Segura, Murcia)
Also they didn't make the botnet. They bought it.
It could be argued that attaching a pc without adequate AV software would violate FCC Rules Part 68. So why doesn't the government start an AD campaign to get people to use good AV and stop these botnets?
(how quaint: apparently in Spain, the accused have some right to privacy)
Huh? Isn't that how it works in most of the world? You know, the whole "innocent-until-proven-guilty" thing. Habeas data!
If you're acutely aware, and certain, that your non-action is allowing an illegal activity to take place then why not intervene?
Because, in some parts of the world you are accused of conspiracy for just allowing an illegal activity to take place if you or your property were in any way involved even if you were not aware, while in other parts of the world it is strictly prohibited to do anything about it except call the police. In many places, if you see someone raping a child, the only action you are allowed to make is call the police. If you try to help the child, you may go to prison as well, because whatever happened was... none of your business. Both of these "rules" are democratic countries.
Yes, it's sarcasm. Deal with it!
I've heard of this group before. They are one of the few who actually understand what really needs to be done to make an impact on the spamming epidemic. Rather than building enormous black/white lists or developing ever more CPU-intense filtering algorithms, they are actually going after the sources. They identify where spam is actually originating - that is, the spamvertising domains, not the spamvertised domains - and figure out how to shut it down. They are finding where the botnets and their requisite domains can be targeted and getting the work done. And they are doing it within the confines of a civilized society, rather than the bloodthirsty mercanaries that so many people here are calling for regularly.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Comment removed based on user account deletion
Queen Mariposa Botnet of Spain has been beheaded, I declare an international day of mourning.
"When I am aware of a crime happening, I have to stop it if it is in my power (without endangering me or anyone else) or call the police. Not doing either would make me an accomplice."
Not true. If you have absolutely no relationship with either the criminal or the victim, you have no legal responsibility to stop or report the crime. Some cases in which you can be held responsible for the criminal acts of a third party are:
1. When you're an accessory, helping to plan or cover up the crime, fence the stolen loot, pay the hitman, launder the money or whatever.
2. If you have an established relationship with the perpetrator e.g. If one of your employees is engaged in behavior to defraud your suppliers or customers.
3. You are responsible for the well being of the victim. i.e. you can't stand by and watch while someone commits a crime against one of your children.
People watch violent crimes happen all the time, and they don't get arrested for not reporting it. As far as computer crime is concerned, they have a hard enough time tracking down the actual perpetrators. It's absurd to think that you, as a private citizen are somehow responsible for shutting down or reporting a malware server, and even if some such ridiculous statute existed, it would be impossible to pursue any sort of civil or criminal remedies. Can you imagine being charged with "Failure to report a botnet server"? LOL
My home mail server is more reliable and secure than my ISP's mail server. My mailserver has never sent out any spam, theirs has sent literally millions if not billions of spams.
So, you have reduced security and service availability with your silly rule when you apply it to me.
And, for a bonus, plugged up my email!
Blocking all SMTP only makes sense when one has total contempt for the home user. In reality, there are much better solutions, but this one that glories in punishing the innocent - so naturally it's the one meglomaniacs always choose. It's like cutting off everyone in a city's water supply because some few people are pumping sewage back into the lines - sure, it hamfistedly solves the problem, but targeting the problem source would be more desirable than degrading the service as a whole.
The ISPs could kill all the botnets, worms and viruses practically overnight, but they won't because it would mean paying for truly high quality staff. They'd rather hire surly teenagers with delusions of grandeur, or at least that's what it seems like whenever I call them to make them stop one of their customers from attacking one of the hospital networks I work with. They act like blocking a port is integral calculus, and god forbid they should actually try to help their customers decontaminate.
A properly run network would not block any ports of a well behaved paying customer, and would quarantine infected boxes completely. This task could easily be achieved given the financial resources of verizon and comcast, but they are too cheap to hire quality staff and too incompetent to recognize them anyway.
What gives these bloody do-gooders the authority to "take over" other people's servers?
I see you favor spam, spammers, and spam rights.
You sir have just been foe listed by hundreds of people who now think, or rather have your own admission of, actively being against stopping spam.
Enjoy!
The next step is for the ISP's of the world to pull he damn plug.
Look, I know it might inconvenience the owners of the bots. However it is their negligence which is enabling this and as such they are accessories to criminal activity. They may be an unwitting accessory but they are still an accessory and this is no different than a bar tender who keeps pouring drinks for a patron and then watches the drunk head out to the parking lot and drive away.
The bar tender in a case like this can claim all the innocence he wants to claim but as I see it a considerable amount of blame should be assigned if said drunk goes off and kills people.
Its not different than handing a can of gasoline and a package of matches and a blow torch to an arsonist.
When people buy a computer and plug it into the net then they have to accept some responsibility for it just as they have to accept some responsibility for their cars. In the past when they got themselves a horse they needed to accept some responsibility and today when people go get themselves a viscous dog they are ALSO expected to accept some responsibility.
I say this principle needs to apply to our ISP's as well.
It is usually simple to determine if they are hosting a bot. Pull the damn plug.
Certainly now that the botnet has been exposed those who have been hosting these bots should be able to pull the damn plug.
Then we have the situation with guess what company supplied the software! If Toyota should be held accountable for problems in the software that might be controlling the cars they sell then why should software vendors not be held accountable? The simple answer is that if it isn't ready for market tell them to withdraw it and fix it!
At the bottom of what we are facing with these botnets are a lot of people who are shirking their responsibilities.
It is to be EXPECTED that there are criminals in the world. There are lots of criminals and many try to masquerade as honest folks. Check the history of the Opium trade and China and the British Empire. Check the history of the Spanish and their quest for gold in America. Crime has been going on for centuries.
The F1 key?
The summary mentions some Spanish Authorities but then talks about Panda Software, which is a private company, owned by scientologists by the way.
Guess I'll have to RTFA
Talk for your country, I'll talk for mine.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Ottawa-based Defence Intelligence
I can assure you that most Canadians truly believed that there was absolutely no intelligence in Ottawa.
(It's the national capitol - think Washington DC).
Guilty until proven innocent and all that so let's hear their names right now!
It's funny how people are quick to abolish basic rights for other people when those people might have done something they don't like. Or is it quaint, rather than funny?