Kneber Botnet Strikes, Targets Gov't Agencies

Batblue writes "A botnet fingered for stealing a treasure trove of information last year has struck again, harvesting sensitive documents from dozens of government agencies and contractors, according to a pair of security experts. The botnet, dubbed 'Kneber' by Alex Cox, principal research analyst at NetWitness, was behind a campaign of fake Christmas e-mails waged two weeks ago against government workers. NetWitness deals in advanced threat detection technologies, and conducts post mortem network forensics for firms that have been hit with attacks or data breaches."

Too early to dupe

[Desler]

Isn't a bit early to already dupe this story? You're supposed to wait at least a week or two before duping something, Taco.

Re:Too early to dupe

[Monkeedude1212]

You're supposed to wait at least a week or two before duping something, Taco.

You know the site is going downhill when the editors can't even follow the proper rules for duping articles.

This Just In!

[Lifyre]

This just in! The weakest link in the information security chain is the user! More at Eleven!

Why?

[present_arms]

I really have to ask this, but why the fuck do governments run any iteration of windows? seriously there are more secure OS's out there that than cope with anything the Gov needs, OSX, Linux, BSD. I've notice that in the world of operating systems, you get more the less u pay :D

Re:These are the people who run our government

While I agree in part with your sentiment, the government employee pool is one and the same with the private sector pool. Target this attack to a private sector company and I'd bet similar results would occur.

Re:These are the people who run our government

[couchslug]

That's because our culture is bitterly anti-knowledge. Our masses enjoy shiny objects, but not being bothered with how they work.

Our government will remain fucked up because most of our people deserve that.

Re:welcome to the past 40 years

[couchslug]

Government should run locked-down machines and give their users orders to conform to proper security standards.

We should remember that Federal employment is desirable, that anyone who has a job is fortunate, and that if they don't like their marching ORDERS they can get the fuck out.

The UCMJ provides for punishment for military personnel, and IMO we should run ALL Federal employees under a military-style chain of command and under military regulations. Don't like to serve the public as a professional?

We should force all government users to run secure operating systems in a secure manner, hammer the shit out of those who don't.

Federal employee unions would be an obstacle, so government should be structured to weaken collective bargaining by outsourcing. Just as military contractors are now required to obey the UCMJ in some theaters of war, Federal contract employees could be both held accountable yet outsourced so they can be shitcanned.

Security, lol

[MacGyver2210]

Further evidence that computer security is a myth.

Your ability to protect information from unauthorized consumption will always be inversely proportional to the desire of determined individuals to know that information.

If you really want to protect files, keep them unconnected to the internet. The only way to win is not to play.