Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOJ Gets Court Permission To Attack Botnet

Posted by samzenpus on from the getting-the-greenlight dept.

itwbennett writes "In an unprecedented move, the Department of Justice (DOJ) and the FBI have been issued a temporary restraining order that will allow the FBI and the US Marshal for the District of Connecticut to set up servers at the Internet Systems Consortium or other ISPs that would stop infected computers from continuing to spread the Coreflood virus, according to court records. This week, the DOJ and FBI seized five servers that controlled Coreflood-infected computers, the DOJ said in a press release. The agencies also seized 29 domain names used by the Coreflood botnet to communicate with the servers."

10 of 84 comments (clear)

  1. Governet by cosm · · Score: 3, Informative

    The Connecticut criminal complaint said a Michigan real estate company lost more than $115,000 to fraudulent wire transfers because of the Coreflood virus. A South Carolina law firm lost more than $78,000, and a North Carolina investment company lost more than $151,000, the complaint said. A defense contractor in Tennessee lost more than $241,000 due to the botnet, the complaint said.

    Emphasis mine. I wouldn't expect any less out of firms like this first of all. They really need to change the keyboarding classes in high-school to teach basic do-not-download-stupid-shit classes. And second of all, FTA:

    "Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.

    Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.

    --
    'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    1. Re:Governet by ktappe · · Score: 3, Interesting

      "Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.

      Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.

      The internet has been serious business for a while, in case you've not been paying attention. The "gub'ment" is in the intertubes by necessity. Let's not blame this on the gov't.....it's those stealing hundreds of thousands of dollars who ruined it, not Washington.

      --
      "We can categorically state we have not released man-eating badgers into the area." - UK military spokesman, July 2007
    2. Re:Governet by cosm · · Score: 3, Informative

      I was being a bit satirical, I do understand the important global ramifications of our great communication medium, but I still split the blame equally between evil botnet operators and poor IT practices. I would agree that the necessity for government intervention is there, albeit with things like the Patriot Act and aforementioned ICE-raids I get leary when things like this start to set precedents.

      --
      'We are trying to prove ourselves wrong as quickly as possible, because only in that way can we find progress.' RPF
    3. Re:Governet by Gordo_1 · · Score: 4, Insightful

      OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!

      Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?

    4. Re:Governet by afidel · · Score: 3, Insightful

      When even RSA can be spearfished I'm not so sure I would go all holier than thou on those companies. We do a fairly good job of security at my work but the more idiotproof I make the protections the more they improve the idiots =)

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    5. Re:Governet by hairyfeet · · Score: 4, Insightful

      Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else. Example follows:

      Last week a customer needed to pay me for a cleaning on a machine I built him nearly a month ago. Did I leave him unprotected? did I not harden the machine? NOPE, total PEBKAC. When the AV practically threw itself in front of him trying to install the "new Limewire" a hacked Limewire ripoff he uninstalled it so it would "shut up" and let him have his bugs. Well he got it alright, more than 60 bugs running.

      Now the ONLY way the government can have ANY effect on that level of stupid is to take away all our rights to run what we want and give us basically "approved disc images" or locked down OSes with app store style "choice" as to what you run.

      Because lets be honest folks: the government can shut down botnets until the cows come home, but from THAT level of stupid, as shown above? Hell they might as well be pissin in the wind for all the good it will do. I mean how can you even attempt to stop something that all they have to do is print the equivalent of "free candy" on the side to get morons to ignore their AV and everything else just so they can install malware onto their own machines? Short of baby proofing the world how can you stop super stupidity without taking choice?

      --
      ACs don't waste your time replying, your posts are never seen by me.
    6. Re:Governet by c6gunner · · Score: 3, Insightful

      Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else.

      Frankly, so what? The question isn't "whose fault is it", the question is "how do we stop it". If you answer is "stop people from being stupid", then you obviously don't live in the real world.

      It's equally valid to say that 90% of people who fall for pyramid schemes or various other types of fraud are also being stupid. We still do our best to stop fraudsters from victimizing people, or punish them when they do. Whether you like it or not, we as a society have decided that pursuing criminals is a worthwhile endeavor. If you can't live with that, I hear Somalia is much more lax about such things ...

    7. Re:Governet by halowolf · · Score: 3, Interesting

      I logged into that to have a look and it took about 30 seconds before I had some fed pretending to be a teenage girl to start cracking onto me. I logged out and deleted it and never looked back.

  2. Seizing Domain names by icebike · · Score: 4, Insightful

    This is a total waste of time.
    Half the ones they seize are innocent bystanders. The rest are replaced for $16 bucks at some sleezey registrar. Probably most are simply
    decoys and the ones of real importance are out of country.

    Perhaps the Defense contractor whined, and that finally got the Fed's attention, but it seems to me that various private initiatives (like those by Microsoft and others) have been way out ahead of this.

    Why not audit that Defense Contractor's IT procedures and practices. A bot net owning one of their boxes? Seriously?

    --
    Sig Battery depleted. Reverting to safe mode.
  3. Possibly a non-jackbooted response by russotto · · Score: 4, Informative

    I haven't found the order itself, but the request is here

    If that's what they were granted, it looks remarkably restrained. It actually specifies the servers in question (it's not just a blanket "We get to grab anything we claim is a C&C server, now or in the future").

    The part the article seems to be going on about is "A permanent injunction that requires the Defendants to uninstall Coreflood on any computers not owned by the Defendants and authorizes the operation of a substitute command and control server to give effect to the Court's orders;" This is pretty radical, in that it lets the FBI operate the botnet at least in so far as to shut it down. But it doesn't give them any authority over computers which aren't already infected.