Slashdot Mirror
Suspected Mariposa Botnet Creator Arrested
mehemiah writes "The writer of the Mariposa Botnet has been arrested through international effort. The FBI said this arrest and the arrests of three alleged operators in February were the result of a two-year joint investigation into the Mariposa Botnet, which may have infected as many as eight million to 12 million computers around the world."
indeed, it is a good day for the interwebs... though with one gone, another will takes its place...
you know you can fry stuff putting things into things that dont like the things you put into it...
Send him off to jail. It's his turn to get a lot of unsolicited male in his inbox.
It's hard enough to find 1 out of 6 billion people in the real world. Harder still to track them in the virtual world through their botnet and relate that back to a physical location where they can be apprehended without causing them to flee. I say kudos and good luck on future captures.
There are more things in heaven and earth than are dreamt of in your philosophy.
You're an idiot.
The good guys do something good and you sit there and call them inept because they didn't do it in a timeframe you find acceptable? You think that they could just type in 'tracert' and show up at an address to arrest someone? How about congratulating them on bringing in a criminal instead of backseat quarterbacking.
D
The first, last, and only tech news site on the net
It took two years and a task force of how many, costing how much, to bring down three people?
Much less than it would have cost to let them run amok.
That sure says a lot about the state of network security, and law enforcement's ineptitude for technology.
While it says a lot about the state of network security, the fact that 8 to 12 million people were infected with a virus they didn't know about says more about the computer literacy of the average individual. And, despite the fact that the botnet was millions of machines large, providing nearly impenetrable anonymity, law enforcement was still able to find the people behind the whole thing. That is actually one of the rare cases where law enforcement has proven they are not technically inept. Maybe this is a sign of better things to come.
Don't get me wrong. I share your cynicism in general about the state of the Internet and all of the security holes you could pilot a starship through, but I don't think that mocking law enforcement when they actually catch somebody is the way to go. The people behind this botnet were responsible for creating international tensions that could have led to violence. They stole credit cards and banking information with no care for who they were harming, all to fuel their own egotistical ambitions. These were not good people, or hacker heroes, or anything of the sort. Sorry, but I'm siding with the FBI on this one.
"Please describe the scientific nature of the 'whammy'" - Agent Scully
In related news, a grass roots campaign has started on the net calling for his release.
Current estimates are that anywhere from 8 to 12 million people around the world are current calling for his release, writing petitions to their local government, and spamming on-line petition sites hoping to bring attention to this issue.
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.
Pft... Everyone knows you just need to create a GUI-interface using Visual Basic to track his IP address.
Just curious, how would you have gone about finding them? You seem to imply you have a deep understanding of the technology involved.
n) watch as some of your infections destabalise critical systems and cause damage or deaths.
"Phone home with info to create the worlds largest DB of infections and update all other machines to prevent same infection"
How exactly would your network recognise a virus you didn't already know about?
that problem is in the same realm as the halting problem.
some botnets do in fact install cracked and patched AV systems to clean their competitors off the systems they infect.
He is a Slovenian citizen, he will be tried in Slovenia and yes Americans are no an über nation.
Also FBI claimed in its press release that THEY arested this man. I just point out that FBI agents have no jurisdiction in Slovenia, they were only guests of our police officers.
Life isn't like 24, Law and Order, or Hackers.
First, in order to put someone in jail, you have to be able to prove beyond a reasonable doubt that they did, in fact, commit the crime. That means you have to have evidence that they actually did the crime, that the don't have an alibi, and have all the evidence admissible in court.
"But my computer was compromised too!" would be a decent defence. How can you get around this? You'd have to track the commands for the botnet and trace each one back to a physical location. You'd then have to prove that whats-his-name was actually at that location at each of those times. Did he use an unsecured wifi hotspot all the time? Did he use his home address? Work? Is there a pattern that points to one individual or group of individuals?
"I don't computer much." So now you have to prove that he's got the skills to actually work the botnet himself, or have the case tossed out or not get to conviction. You'd have to watch the guy actually working. Is he a computer programmer at his day job? Does he have a degree in CS?
It takes a long time to build a solid case. How long did it take for the Unibomber to get to trial? The FBI searched his 10 x 10 shack for six months. What about Robert Pickton? They're still looking through his farm. Things don't get solved in 30 minutes with a pretty bow.
---
ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
I'm from Slovenia and this year, it seems like we're in the news (and that's big, because we're sooooo small that any little thing about us in foreign media makes us go crazy). First the soccer thing, where we didn't loose to the USA and England, almost ending up in next round and now the biggest botnet seems to be coded here "on the sunny side of Alps". The last part is probably not good publicity but hey, even better, we're bad enough for FBI, how's that for some tiny little country where you can't event sneeze without delivering your germs either to Croatia or Italy.
Slovenians are climaxing right now. Somewhere in between "he [the hacker] should have known better, yet, he's a genius" and "letting FBI take him would mean the end of our sovereignty, our government should employ him".
I'll just sit back and enjoy watching. Comments by fellow citizens who don't know much about computers are just hilarious, I don't know about our national media, it's scary how poor the reporting is.
From what I've picked up working with "cyber crime units" in several countries I would say there are plenty of talented people there, but the departments are severely understaffed. It's a pretty ungrateful and badly payed job compared to what you could get elsewhere with the same level of know how... There's also the problem of what kind of loops they have to jump through to get information. Even if we as a company want them to look into a case (and they want to too) they might still have to go through a lot of legal work until we can provide any proof to base the investigation on. I've been surprised at how badly they are connected with other countries police forces, national CERT organizations seem to be good at connectivity though.
I'm not an expert in international law, but I think they could try him in Slovenia on charges relevant there (what illegal actions he took there) and then hand him off to Spain, rinse/repeat and onward to USA. No double jeopardy if the crimes are committed are new in each country (and not sure how each of these countries weighs double jeopardy in light of extradition after trial..)
Anyone with more info - please enlighten us.
Just curious, how would you have gone about finding them? You seem to imply you have a deep understanding of the technology involved.
If it were up to me, I'd harden the targets. Even if that meant making Microsoft financially liable under defective product laws for any losses incurred due to these botnets. The choice for Microsoft would be, stop selling Windows as a general consumer product touting claims of security and ease-of-use or face product liability for its insecurity. If they want to sell Windows as a product designed for skilled/competent users who understand the security issues it would be a different story, but then they'd lose the massive market they currently enjoy. Let them decide whether the product liability or the reduced market is more beneficial to their bottom line. This might have the side-effect of making Windows less of a monopoly, and thus less of a monoculture that allows one exploit to immediately impact millions of machines.
Either way the idea that Joe Sixpack can use an immensely complex system that he doesn't remotely understand and never expect a bad result is an illusion that needs to go. It leads to a parasitic situation where Microsoft profits from Windows and everyone else pays its costs above and beyond its price tag at the point of sale. This is unjust. Doing something about this would be good for everyone except maybe Microsoft, and for that I'd have to quote Spock about the needs of the many outweighing the needs of the few or the one. In the long term, serious pressure on Microsoft to improve Windows might even be beneficial to them as well.
So yes, hardening the targets is the approach I would take. When you have millions of systems with massive vulnerabilities I am not remotely surprised that someone somewhere is going to come along and exploit them. It's rather predictable. You can spend two years and a great deal of effort and expense to catch three of them, but during that two years how many more than three have committed similar crimes? It's a losing game so long as the supply of these criminals exceeds your ability to catch them. That's if your goal is to eliminate botnets. If you have a strong preference for some form of visceral satisfaction, then the current criminal justice approach would be more to your tastes.
It wasn't really my intention to make this a post about Microsoft, but how can you separate them from any sincere discussion about botnets? These million-plus-member botnets might have a great deal of diversity in terms of their function, their method of propagation, their purpose, and who is at the helm. They all have one thing in common: Windows. Targeted attacks by a skilled and determined human adversary are one thing. It's automated self-propagating write-once-exploit-everywhere script-kiddie bullshit for which there is no excuse. It is the latter and not the former that allows for millions of machines to become members of a botnet.
If you're a Microsoft fanboy, Windows is targeted because it's so popular. Because it's so popular and so thoroughly targeted, it needs to be one of the most security-hardened. Call it the price of success. If you're not a Microsoft fanboy, then Windows is targeted because it is inherently less secure. That makes it the squeaky wheel in need of some serious security oil. Either way, it's a pointless debate because what needs to be done about the situation is the same. Because they have such a wealth of resources and talent, I have full confidence that Microsoft could make a Windows secure enough to frustrate automated self-propagating attacks if they truly wanted to do it.
It is a miracle that curiosity survives formal education. - Einstein
Not to mention countries that are rather unfriendly to the US and could really not give two shits if one of their citizens is masterminding a botnet that damages the americans.
For example, there was a Dateline investigation into online scammers. One of the crooknets that got busted moved to Iran. "Hey, we can move to a server in Iran! They can't touch us there!"
We want our ISP to not store indefinite logs on us. But, wait, then how would Mariposa's creator have been discovered if it were not for detailed historical connection logs?
In order to catch the bad kids, you need to watch all the kids closely so you know who the bad kids are. The more you watch them, the more you can tell between the good kids and the bad kids. The less you're allowed to watch them, the more the bad kids are going to be able to get away with.
If you want freedom, then you have to accept that not all the bad kids will be caught, and when they do it's going to be a harder job for the enforcement folks to manage.
Freedom's a big scary place full of unfairness that no one can fix while retaining the freedom, because freedom means there's less authority to make it all fair.
All freedoms and protections from the police and authorities come with a corresponding reduction in the ability of those same people to protect you.
I'm not espousing more police powers, far from it, just saying that you need to know the price tag that comes with freedom.
'Cause it sure as hell ain't free. You've got to fight for it, and you've got to accept that it means the exact same freedoms for people you disagree with on stuff. And it makes it easier for people to do bad things, too.
But it's so totally worth it.
"This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."