Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Gets Court Permission To Attack Botnet

Posted by samzenpus on from the getting-the-greenlight dept.

itwbennett writes "In an unprecedented move, the Department of Justice (DOJ) and the FBI have been issued a temporary restraining order that will allow the FBI and the US Marshal for the District of Connecticut to set up servers at the Internet Systems Consortium or other ISPs that would stop infected computers from continuing to spread the Coreflood virus, according to court records. This week, the DOJ and FBI seized five servers that controlled Coreflood-infected computers, the DOJ said in a press release. The agencies also seized 29 domain names used by the Coreflood botnet to communicate with the servers."

15 of 84 comments (clear)

  1. Governet by cosm · · Score: 3, Informative

    The Connecticut criminal complaint said a Michigan real estate company lost more than $115,000 to fraudulent wire transfers because of the Coreflood virus. A South Carolina law firm lost more than $78,000, and a North Carolina investment company lost more than $151,000, the complaint said. A defense contractor in Tennessee lost more than $241,000 due to the botnet, the complaint said.

    Emphasis mine. I wouldn't expect any less out of firms like this first of all. They really need to change the keyboarding classes in high-school to teach basic do-not-download-stupid-shit classes. And second of all, FTA:

    "Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.

    Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:Governet by ktappe · · Score: 3, Interesting

      "Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.

      Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.

      The internet has been serious business for a while, in case you've not been paying attention. The "gub'ment" is in the intertubes by necessity. Let's not blame this on the gov't.....it's those stealing hundreds of thousands of dollars who ruined it, not Washington.

      --
      "We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
    2. Re:Governet by cosm · · Score: 3, Informative

      I was being a bit satirical, I do understand the important global ramifications of our great communication medium, but I still split the blame equally between evil botnet operators and poor IT practices. I would agree that the necessity for government intervention is there, albeit with things like the Patriot Act and aforementioned ICE-raids I get leary when things like this start to set precedents.

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    3. Re:Governet by Gordo_1 · · Score: 4, Insightful

      OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!

      Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?

    4. Re:Governet by afidel · · Score: 3, Insightful

      When even RSA can be spearfished I'm not so sure I would go all holier than thou on those companies. We do a fairly good job of security at my work but the more idiotproof I make the protections the more they improve the idiots =)

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    5. Re:Governet by phantomfive · · Score: 2

      So what? As long as it is done according to the rule of law, and with proper oversight.....the ones who are going to be hurt here are the ones who are downloading stupid shit and the people who made the stupid shit. Win-win-win for the rest of us.

      --
      "First they came for the slanderers and i said nothing."
    6. Re:Governet by hairyfeet · · Score: 4, Insightful

      Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else. Example follows:

      Last week a customer needed to pay me for a cleaning on a machine I built him nearly a month ago. Did I leave him unprotected? did I not harden the machine? NOPE, total PEBKAC. When the AV practically threw itself in front of him trying to install the "new Limewire" a hacked Limewire ripoff he uninstalled it so it would "shut up" and let him have his bugs. Well he got it alright, more than 60 bugs running.

      Now the ONLY way the government can have ANY effect on that level of stupid is to take away all our rights to run what we want and give us basically "approved disc images" or locked down OSes with app store style "choice" as to what you run.

      Because lets be honest folks: the government can shut down botnets until the cows come home, but from THAT level of stupid, as shown above? Hell they might as well be pissin in the wind for all the good it will do. I mean how can you even attempt to stop something that all they have to do is print the equivalent of "free candy" on the side to get morons to ignore their AV and everything else just so they can install malware onto their own machines? Short of baby proofing the world how can you stop super stupidity without taking choice?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    7. Re:Governet by c6gunner · · Score: 3, Insightful

      Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else.

      Frankly, so what? The question isn't "whose fault is it", the question is "how do we stop it". If you answer is "stop people from being stupid", then you obviously don't live in the real world.

      It's equally valid to say that 90% of people who fall for pyramid schemes or various other types of fraud are also being stupid. We still do our best to stop fraudsters from victimizing people, or punish them when they do. Whether you like it or not, we as a society have decided that pursuing criminals is a worthwhile endeavor. If you can't live with that, I hear Somalia is much more lax about such things ...

    8. Re:Governet by TapeCutter · · Score: 2

      It not about "baby proofing the world" it's about justice; ie: holding fraudsters to account for their crimes no matter how dumb/greedy/ignorant their victims are.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    9. Re:Governet by Anonymous Coward · · Score: 2, Informative

      Asset seizure, both permanent and temporary, is a power granted by both judicial and municipal civil institutions all the fucking time. If you own property on which a crime has been committed, it sucks to be you, but you lose some control over that property while the crime is being investigated. Cities can and do seize and destroy property on grounds of being hazards to the public: environmental, health, criminal, etc. This action is trivially defensible on similar grounds.

      Certainly procedures should be established, adhered to, and audited to help ensure this power isn't wielded indiscriminately. But pretending that it has no precedent is either naive or disingenuous.

    10. Re:Governet by halowolf · · Score: 3, Interesting

      I logged into that to have a look and it took about 30 seconds before I had some fed pretending to be a teenage girl to start cracking onto me. I logged out and deleted it and never looked back.

    11. Re:Governet by Zironic · · Score: 2

      I think you're serverely overvaluing the value of a server, by possibly over half a dozen magnitudes.

  2. Seizing Domain names by icebike · · Score: 4, Insightful

    This is a total waste of time.
    Half the ones they seize are innocent bystanders. The rest are replaced for $16 bucks at some sleezey registrar. Probably most are simply
    decoys and the ones of real importance are out of country.

    Perhaps the Defense contractor whined, and that finally got the Fed's attention, but it seems to me that various private initiatives (like those by Microsoft and others) have been way out ahead of this.

    Why not audit that Defense Contractor's IT procedures and practices. A bot net owning one of their boxes? Seriously?

    --
    Sig Battery depleted. Reverting to safe mode.
    1. Re:Seizing Domain names by PRMan · · Score: 2

      This isn't seizing mooo.com with 86,000 bystanders. These botnets have algorithms which predict the next 1000 domain names they will try. By calculating ahead and seizing them all, the FBI can then control the botnet and issue commands to clean all the infected computers.

      Since everything is well-specified, this is EXACTLY what the government should be doing, and how they should be doing it. Bravo! (For once)

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
  3. Possibly a non-jackbooted response by russotto · · Score: 4, Informative

    I haven't found the order itself, but the request is here

    If that's what they were granted, it looks remarkably restrained. It actually specifies the servers in question (it's not just a blanket "We get to grab anything we claim is a C&C server, now or in the future").

    The part the article seems to be going on about is "A permanent injunction that requires the Defendants to uninstall Coreflood on any computers not owned by the Defendants and authorizes the operation of a substitute command and control server to give effect to the Court's orders;" This is pretty radical, in that it lets the FBI operate the botnet at least in so far as to shut it down. But it doesn't give them any authority over computers which aren't already infected.