Kneber Botnet Strikes, Targets Gov't Agencies

← Back to Stories (view on slashdot.org)

Kneber Botnet Strikes, Targets Gov't Agencies

Posted by CmdrTaco on Thursday January 6, 2011 @05:13AM from the coming-to-get-you dept.

Batblue writes "A botnet fingered for stealing a treasure trove of information last year has struck again, harvesting sensitive documents from dozens of government agencies and contractors, according to a pair of security experts. The botnet, dubbed 'Kneber' by Alex Cox, principal research analyst at NetWitness, was behind a campaign of fake Christmas e-mails waged two weeks ago against government workers. NetWitness deals in advanced threat detection technologies, and conducts post mortem network forensics for firms that have been hit with attacks or data breaches."

49 of 102 comments (clear)

Min score:

Reason:

Sort:

Too early to dupe by Desler · 2011-01-06 05:25 · Score: 4, Informative

Isn't a bit early to already dupe this story? You're supposed to wait at least a week or two before duping something, Taco.
1. Re:Too early to dupe by Monkeedude1212 · 2011-01-06 05:27 · Score: 3, Funny
  
  You're supposed to wait at least a week or two before duping something, Taco.
  You know the site is going downhill when the editors can't even follow the proper rules for duping articles.
2. Re:Too early to dupe by Chapter80 · 2011-01-06 05:50 · Score: 1
  
  How do you moderate the story as -1 Redundant.
  Maybe this one's not a dupe, the last one was a Precognition!
3. Re:Too early to dupe by dougisfunny · 2011-01-06 07:13 · Score: 1
  
  What would be really amusing would be if someone else registered MichaelKristopeit360-399 and started arguing with MichaelKristopeit300-353, that you are in fact not MichaelKristopeit, and you are hiding behind his name. Cower some more/completely pathetic/completely offtopic/completely troll/etc etc.
  
  --
  This is not the funny you're looking for.
4. Re:Too early to dupe by tibman · 2011-01-06 07:44 · Score: 1
  
  Do you ever get phone calls from slashdotters?
  
  --
  http://soylentnews.org/~tibman
5. Re:Too early to dupe by tibman · 2011-01-06 08:08 · Score: 1
  
  I get that but if you are implying that anyone who sees your phone number and doesn't call it is a coward, that's crazy. I was just asking if anyone randomly calls you to discuss your comments?
  
  --
  http://soylentnews.org/~tibman
6. Re:Too early to dupe by Monkeedude1212 · 2011-01-06 08:20 · Score: 1
  
  an intended act can never be random.
  Why not?
  I intended to flip this coin... is the outcome not random?
  I believe tibman was asking if it ever seems out of the blue to you specifically, as in you were not expecting a phone call, but received one anyways, specifically from slashdotters.
  If you don't want to answer the question, than just say you don't want to answer the question. Otherwise it comes off a bit... cowardly.
7. Re:Too early to dupe by tibman · 2011-01-06 08:45 · Score: 1
  
  I called that number and you hung up on me, twice. So, i'm doubting it's really your number.
  I wanted to discuss why you thought people are cowards for not calling you.
  For anyone curious, it went like this:
  Him: Hello?
  Me: Hi, is this Michael from slashdot?
  Him: I'm on a do not call list.
  Me: Ok, but i'm just calling about your post on slashdot..
  Him: bye *click*
  
  --
  http://soylentnews.org/~tibman
8. Re:Too early to dupe by mcgrew · 2011-01-06 08:53 · Score: 1
  
  How do you moderate the story as -1 Redundant.
  
  In the firehose.
  
  --
  Free Martian Whores!
9. Re:Too early to dupe by tibman · 2011-01-06 09:18 · Score: 1
  
  My question to you was: Do you ever get phone calls from slashdotters?
  Your answer: cowards tend to cower.
  Then just incase there was a misunderstanding i re-asked: I get that but if you are implying that anyone who sees your phone number and doesn't call it is a coward, that's crazy. I was just asking if anyone randomly calls you to discuss your comments?
  Your answer: an intended act can never be random. you're an idiot.
  And i did say from slashdot to whoever is at that phone number.
  You seem to only see the negative in everyone around you and attack anyone that comes within arms reach. Your account is pretty new and odds are you'll have to make another soon because nobody will be able to see your posts anymore. Ah, just then it dawned on me and i searched your name. It appears you have dozens if not hundreds of accounts. That's a sad trail of digital corpses you've left behind.. all just as horrible and ignorant as you appear to be. Bye.
  
  --
  http://soylentnews.org/~tibman
10. Re:Too early to dupe by tibman · 2011-01-06 10:44 · Score: 1
  
  Aww, cute. I do call back if someone just hangs up without saying bye. Random hangup is usually a d/c.
  You do read a lot into my phone call, i'm glad it was memorable for you. If you want me to ever call back, you'll have to ask nicely though. Night.
  
  --
  http://soylentnews.org/~tibman
11. Re:Too early to dupe by tibman · 2011-01-06 11:37 · Score: 1
  
  Hah, you are borderline crazy man. I didn't demand identification from you, i asked the person on the other end of a number i've never called before if he was the person i thought he was. Ask != Demand
  ID blocking is a basic feature that almost every phone has. Not everyone is so cavalier with their phone number as you. Feel free to do as you please. I do.
  Anything else batshit insane you'd like to discuss? We could get back on topic and talk about botnets perhaps?
  If you get lonely, you can post your phone number again. But i doubt it will go very well, you are verbally abusive and wouldn't even let me know if i had the right number. On second thought, i'm just going to -5 you and be done with this. Maybe the next incarnation of your account won't be so violent and crazy. Good luck in life.
  
  --
  http://soylentnews.org/~tibman
12. Re:Too early to dupe by dougisfunny · 2011-01-06 13:19 · Score: 1
  
  are you sure you're Michael Kristopeit, and MichaelKristopeit352 isn't?
  
  --
  This is not the funny you're looking for.
13. Re:Too early to dupe by dougisfunny · 2011-01-12 03:32 · Score: 1
  
  why do you cower? what are you afraid of?
  Michael Kristopeit is stagnated.
  
  --
  This is not the funny you're looking for.
This Just In! by Lifyre · 2011-01-06 05:34 · Score: 4, Funny

This just in! The weakest link in the information security chain is the user! More at Eleven!

--
I'll meet you at the intersection of "Should be" and "Reality"
These are the people who run our government by MoldySpore · 2011-01-06 05:44 · Score: 1, Insightful

Yes, the same people that run our government are the same noobs who click fake eCards and run random .exe files attached to emails. Can ANYONE still wonder why our government is so screwed up, especially when it comes to technology and the laws/policies surrounding it?

--
"I hope you know how very lucky you are to know me, because I am so incredibly incredible."
1. Re:These are the people who run our government by Anonymous Coward · 2011-01-06 05:51 · Score: 5, Insightful
  
  While I agree in part with your sentiment, the government employee pool is one and the same with the private sector pool. Target this attack to a private sector company and I'd bet similar results would occur.
2. Re:These are the people who run our government by couchslug · 2011-01-06 06:41 · Score: 2
  
  That's because our culture is bitterly anti-knowledge. Our masses enjoy shiny objects, but not being bothered with how they work.
  Our government will remain fucked up because most of our people deserve that.
  
  --
  "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
3. Re:These are the people who run our government by John+Hasler · 2011-01-06 06:50 · Score: 1
  
  Yes, the same people that run our government are the same noobs who click fake eCards and run random .exe files attached to emails.
  Yes, because the people that run our government are human. There exists no way to select superhumans to give power to nor any way to arrange for those who acquire power to become superhuman. People with political power suffer from all the failings and foibles of those without [1], which is why we should be wary of giving anyone power no matter how persuasive the argument for doing so. He governs best who governs least because he is human.
  [1] But they don't really suffer because they tend to be shielded from the consequences of their actions, thus leading them farther astray. People do not abuse political power because they are inhuman: quite the contrary.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
4. Re:These are the people who run our government by MoldySpore · 2011-01-06 07:07 · Score: 1
  
  Agreed. But these are "government employees and contractors who work on cybersecurity matters." Meaning they are the ones who are supposed to be the ones stopping that stuff. Or, at least, they are in the IT industry. I'm a network engineer so I know what it takes to secure against this type of thing and it isn't hard. It's also not hard to KNOW, as an end user, what not to click on when it comes to spam and phishing attacks.
  these are contractors and employees who work for the government on CYBER SECURITY and they got sensitive information taken because they clicked an eCard. If this happened to me at my job I'd be fired for incompetence.
  
  --
  "I hope you know how very lucky you are to know me, because I am so incredibly incredible."
5. Re:These are the people who run our government by Nadaka · 2011-01-06 07:42 · Score: 1
  
  I had a coworker that read an article on this and entered the example malicious url into her browser, a few minutes later IT came in and took her laptop away. She is the lead of our QC department. So yes, even smart and capable people do dumb things occasionally.
6. Re:These are the people who run our government by tibman · 2011-01-06 07:51 · Score: 1
  
  A lot of people don't really know what they are talking about. In my organization everyone is required to take annual training about these things.. even if you aren't important. Here is the anti-fishing training: http://iase.disa.mil/eta/phishing/Phishing/launchPage.htm
  You have to complete that training and print a certificate annually or you lose access to the network. The government does take these things seriously. It's a small percentage of individuals who aren't paying attention to the training or don't care. Even a simple mind could listen to these directions and follow them.
  
  --
  http://soylentnews.org/~tibman
7. Re:These are the people who run our government by Nadaka · 2011-01-06 08:45 · Score: 1
  
  No, it is an example of dumb things. She is otherwise very good at her job.
8. Re:These are the people who run our government by yuna49 · 2011-01-06 09:27 · Score: 1
  
  The way to solve this problem is not to deliver infected emails in the first place. After all these years of development of systems for scanning email, no one should be getting infected attachments. I don't blame the endusers, but the IT staffs that fail to protect their users, and their organizations, from obvious threats.
9. Re:These are the people who run our government by Sardaukar86 · 2011-01-07 09:48 · Score: 1
  
  yes, people who are capable of faltering on the side of trust have their fingers on the missile launch buttons that could destroy us all.
  you'd rather some paranoid recluse who cowers behind a chosen pseudonym be given the responsibility?
  cower some more feeb
  ...so said whilst cowering behind another ten sock-puppet accounts. In case it isn't obvious, this makes you the 'feeb'.
  Oh, and as an aside, I always get a chuckle out of seeing your use of the word 'hypocrite'. It's almost as if the word was invented solely for your own personal, clueless use.
  MichaelKristopeit's ignorance FTW!
  
  --
  ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
10. Re:These are the people who run our government by Sardaukar86 · 2011-01-07 10:10 · Score: 1
  
  People do not abuse political power because they are inhuman: quite the contrary.
  
  Very well said.
  It's interesting when an individual's humanity is questioned in response to their heinous actions.. such as a comment I heard spoken to a reporter who was garnering local feelings on the Egyptian Christian church bombing that happened recently.
  The woman being interviewed said something to the effect that '[the terrorist bombers] aren't human, they're just animals'.
  Although I wouldn't say our species is worthless, personally I find it a bit shameful that we (still) collectively consider ourselves superior to the other lifeforms on this planet.
  
  --
  ..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
Why? by present_arms · 2011-01-06 05:50 · Score: 2

I really have to ask this, but why the fuck do governments run any iteration of windows? seriously there are more secure OS's out there that than cope with anything the Gov needs, OSX, Linux, BSD. I've notice that in the world of operating systems, you get more the less u pay :D

--
http://chimpbox.us
1. Re:Why? by KillaGouge · 2011-01-06 05:57 · Score: 1
  
  The same reasons companies still use Windows, vendor specific software that requires windows to run.
  
  --
  GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
2. Re:Why? by erroneus · 2011-01-06 06:00 · Score: 1
  
  Because Microsoft pays taxes... ...no? They don't? Oh. Then it's because Microsoft employs a lot of people who pay taxes... ...no? They send a lot of work overseas? Then it's because Microsoft uses lobbyists and other forms of influence peddling/meddling to keep government addicted to windows and microsoft products.
3. Re:Why? by MoldySpore · 2011-01-06 06:01 · Score: 1
  
  Because in the end, it all comes down to $. Even though the product costs less (or is free in the case of Linux or something equally open-source) the man hours and cost of retraining an entire company, or the entire government in this case, would far outweigh the ease of just continuing the use Windows and getting to click on "OMGTHESEPICSOFYOUARESOFUNNY.EXE" every once in a while.
  
  --
  "I hope you know how very lucky you are to know me, because I am so incredibly incredible."
4. Re:Why? by Anonymous Coward · 2011-01-06 06:05 · Score: 1
  
  A UID of less than a million....aren't you over karma whoring?
  If you really are serious about what you said, you need to turn in your geek card
5. Re:Why? by present_arms · 2011-01-06 06:39 · Score: 1
  
  yup all about the $$$ and back handers eh, oh well, I'm in the UK, I just know my private data in Government is safe (uh huh) and we all worry about FB and google, they have nothing compared to our relative Govs :P (our == UK, USA)
  
  --
  http://chimpbox.us
6. Re:Why? by tibman · 2011-01-06 07:56 · Score: 1
  
  It doesn't just start with the gov though. You should also ask why universities teach mostly windows software and OSs. C# is taught over C++/Java/PHP/Python/whatever. Education is based on the windows platform.
  
  --
  http://soylentnews.org/~tibman
7. Re:Why? by mcgrew · 2011-01-06 09:04 · Score: 1
  
  Bashing Microsoft is by no means karma whoring, and in fact may harm your karma. Hell, I've been modded troll and flamebait for daring to ask why anybody would buy anything from Sony after XCP and the linux removal gaffe, and Sony is far more evil than MS.
  Lots of folks in Redmond get mod points. Bashing MS (or any company, sadly) is quite dangerous to your karma.
  
  --
  Free Martian Whores!
8. Re:Why? by Theotherguy_1 · 2011-01-06 16:37 · Score: 1
  
  It doesn't just start with the gov though. You should also ask why universities teach mostly windows software and OSs. C# is taught over C++/Java/PHP/Python/whatever. Education is based on the windows platform.
  Honestly, during my university education in computer science I haven't once been taught a Microsoft language. On the contrary, since my earliest intro classes I've been required to code in a Linux environment (my intro to C class even required me to code in either Vim or Emacs!). The languages I've been required to use are as follows: C, C++, Python, Java, SML, Perl, and Shell, all in a Linux environment.
  In fact, the UNIX environment is emphasized so heavily at my university that in my free time I learned .NET just because I felt that I wasn't getting a well rounded education!
Re:Ambiguous by Farmer+Tim · 2011-01-06 06:21 · Score: 1

...when you feel the need to interject information twice with commas it gets confusing.
This one sentence will make your head explode.

--
Blank until /. makes another boneheaded UI decision.
Re:Ambiguous by mcgrew · 2011-01-06 06:38 · Score: 1

Taco and batblue are nerds, not writers. Not that one can't be both...

--
Free Martian Whores!
Re:Can we be done with governments already? by YrWrstNtmr · 2011-01-06 06:44 · Score: 1

The fact that you're proposing to run the world's business and decisions over the Internet, in reply to an article about people and computers on the Internet getting pwned via botnet, is especially funny.
Re:Ambiguous by kdemetter · 2011-01-06 06:49 · Score: 1

...when you feel the need to interject information twice with commas it gets confusing.
This one sentence will make your head explode.
Do something the Queen doesn't like and suffer the consequences ?

--
Slipping shoelaces ?
Re:Can we be done with governments already? by Anonymous Coward · 2011-01-06 06:49 · Score: 1

The article isn't about the Internet getting owned, it is about government agencies (controlled by politicians, managed by bureaucrats, maintained by hapless government workers and contractors) getting owned.
Politicians, bureaucrats, government workers, and government contractors are the problem, not just a random sideshow.
Re:welcome to the past 40 years by couchslug · 2011-01-06 06:50 · Score: 2

Government should run locked-down machines and give their users orders to conform to proper security standards.
We should remember that Federal employment is desirable, that anyone who has a job is fortunate, and that if they don't like their marching ORDERS they can get the fuck out.
The UCMJ provides for punishment for military personnel, and IMO we should run ALL Federal employees under a military-style chain of command and under military regulations. Don't like to serve the public as a professional?
We should force all government users to run secure operating systems in a secure manner, hammer the shit out of those who don't.
Federal employee unions would be an obstacle, so government should be structured to weaken collective bargaining by outsourcing. Just as military contractors are now required to obey the UCMJ in some theaters of war, Federal contract employees could be both held accountable yet outsourced so they can be shitcanned.

--
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Re:Can we be done with governments already? by YrWrstNtmr · 2011-01-06 06:56 · Score: 1

The article isn't about the Internet getting owned, it is about government agencies

I never said 'the internet getting owned', but rather people. The same people who would be involved in any decision made, be it in a city council office or over the internet. You know...regular people.
Re:Ambiguous by Farmer+Tim · 2011-01-06 07:22 · Score: 1

No, the "something" and consequences are quite specific, and it's not just Mrs Betty Windsor (if it helps, she doesn't like being called that, but I'm in no danger of being arrested for just typing it). The shortest summary I can think of is five words, or three and a number.

--
Blank until /. makes another boneheaded UI decision.
Security, lol by MacGyver2210 · 2011-01-06 07:55 · Score: 2

Further evidence that computer security is a myth.
Your ability to protect information from unauthorized consumption will always be inversely proportional to the desire of determined individuals to know that information.
If you really want to protect files, keep them unconnected to the internet. The only way to win is not to play.

--
If the only way you can accept an assertion is by faith, then you are conceding that it can't be taken on its own merits
Re:welcome to the past 40 years by tsm_sf · 2011-01-06 08:31 · Score: 1

Your ideas sound like a great way to drive the truly competent government employees into the private sector.

You'll end up with a work force that matches the military population:

10% devastatingly clear-headed people
10% fantastically apathetic people
80% angry drunks

--
Literalism isn't a form of humor, it's you being irritating.
Re:welcome to the past 40 years by mcgrew · 2011-01-06 09:29 · Score: 1

We've had viruses and malware since *at least* the 16 bit days, and probably even longer than that.
If I remember a book I read about twenty years ago correctly (and I probably don't), the first virus was written on a mainframe sometime around 1970 as a programming exercise.
Malware makes the damn *headline story* on the BBC and CNN on a regular basis. You pretty much have to be willfully ignorant to not be aware that it exists.
People are ignorant and apathetic. That computer at work? Who cares, it's not my computer, and it's IT's job to keep viruses out. Home computer? Who cares if it sends spam?
They truly don't realise the consequences, because we have been ineffective in teaching them. It's OUR fault.

--
Free Martian Whores!
Re:welcome to the past 40 years by couchslug · 2011-01-06 10:58 · Score: 1

If we get the same efficiency as the military, I'd gladly take the trade.

--
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
Re:welcome to the past 40 years by AHuxley · 2011-01-06 11:41 · Score: 1

The US military lost track of ~2.3 trillion US $.
http://www.youtube.com/watch?v=OTwCRuwJc34
Now data is going too due to an addiction to MS via 75,000 computers.

--
Domestic spying is now "Benign Information Gathering"
Re:Ambiguous by Farmer+Tim · 2011-01-07 05:33 · Score: 1

Only if you advocate use of force as a means of achieving it. Advocating it via legislative process is perfectly legal, and in fact Australia had a referendum on the matter in 1999 (the process was gamed by a monarchist prime minister, so we ended up with a proposed government model so odious not even the hard core republic supporters wanted to touch it).
The odd part about the monarchy in Australia is that the Queen is basically a rubber stamp, the duties are actually performed by the Governor General. There's an excellent article about this and the implications of an Australian republic here if you're interested.

--
Blank until /. makes another boneheaded UI decision.