FBI Shuts Down Major Scareware Gang

Trailrunner7 writes "The FBI has made a major dent in the huge scareware and rogue antivirus problem, arresting two people and seizing dozens of computers, servers and bank accounts as part of a large-scale coordinated operation in twelve countries. The operation, which involved authorities in the United States, Germany, France, Latvia, the UK and several other nations, was designed to disrupt the scareware ecosystem that has been preying on users' security fears in an effort to scam them out of millions of dollars in licensing fees for useless or outright malicious software."

Now they've removed the bin.laden filter

[VIPERsssss]

...Echelon has more clock cycles available.

Re:Now they've removed the bin.laden filter

[causality]

...Echelon has more clock cycles available.

LMAO. That deserves some mod points but sadly the overlords at slashdot haven't consented to grace me with some in a while. I have excellent Karma so go figure.

I once asked Rob Malda about this and he was kind enough to explain it to me. It depends on a variety of things like how often you post; too much or too little and you don't get mod points so often. How new or old your account is also has a bearing on it. There's probably more to it than he explained to me but suffice to say it's not as simple as maintaining good karma. For example, some users get 15 mod points at a time while I have personally only received five at a time though I get them relatively frequently.

Back on topic, I have a mixed take on this. While I'm glad to see a legitimate use of police power to take down those who serve no purpose other than preying on others for their selfish gain, I don't see how this will fix the real problem. It seems like for each group they bust, a few more rise up to take its place. I wouldn't be the least bit surprised if they look at how and why this group got caught and try to avoid making the same mistakes so they can stand a better chance of getting away with it.

This has a social engineering aspect but otherwise follows all of the same principles of computer security. It is not practical to apprehend every offender and prevent every new offender from rising up to cause more damage. It simply cannot be done. What is difficult, but possible, is to harden the targets, to increase the cost of compromise. For social engineering and other forms of deceit, that requires that we value, encourage, and cultivate knowledge and critical thinking. For so long as there are many vulnerable people who continue to fall for these schemes, and thereby enrich and reward the predators with the money they seek, you will never truly solve this problem.

It's not a matter of fairness or who deserves what. It's a matter of actually understanding the problem. It is true that stepping on a poisonous snake does not really injure the snake; it is likewise true that death by snake venom is too high a punishment for such an act, that the punishment grossly exceeds the crime. You can try explaining that to the snake only to find that it cannot be reasoned with. Yet if you know you are marching through an area with a high population of such snakes, the wise wear protective boots. If you know the Internet is a hostile network with criminals eager to defraud you, the wise maintain an awareness of such, perhaps do a little study of security best practices, and are glad that the price of protecting themselves is so low.

Re:Now they've removed the bin.laden filter

[trum4n]

same here.

Re:Now they've removed the bin.laden filter

[swb]

So if people were smarter, they wouldn't walk by the park and night which would keep them from being targets of mugging, which in turn will make muggers become more productive citizens?

I agree with the idea that capturing one group will result in a second group popping up, but the same is true with crime -- arresting people who commit $criminal_offense won't stop $criminal_offense from occurring.

I do believe, though, that there are a lot of people profiting on cyber crime who sit in the middle and make money off it, while being able to claim they aren't involved -- the banks, the credit card companies, the hosting companies, the ISPs who turn a blind eye and provide the air and water that criminals need to be criminals.

What I'd like to see are RICO prosecutions where the otherwise "legitimate" entities who claim ignorance get prosecuted. I think you'd quickly end up with a lot more self-policing by the passive beneficiaries.

I'd also like to see a little more regulation on the credit card side of things -- why can't I arbitrarily limit what countries or states my credit card is good in? If credit cards by default didn't work overseas -- you had to call 1-800 and get them enabled in the specific countries you wanted them to work in -- that would help, too.

If you can make it harder to charge a credit card overseas, wire transfer money, etc, you might make it harder to profit from these kinds of crimes.

Re:Now they've removed the bin.laden filter

[SilentStaid]

I'd also like to see a little more regulation on the credit card side of things -- why can't I arbitrarily limit what countries or states my credit card is good in? If credit cards by default didn't work overseas -- you had to call 1-800 and get them enabled in the specific countries you wanted them to work in -- that would help, too.

If you can make it harder to charge a credit card overseas, wire transfer money, etc, you might make it harder to profit from these kinds of crimes.

That's actually brilliant and I'm surprised that I've never heard anyone mention it before. If all it took was a call to the card companies to change the working status of your card in other states/countries that wouldn't even be inconvenient for a legitimate customer. And if the service was opt-in users who thought it was too much effort for security wouldn't ever have to deal with it.

Re:Now they've removed the bin.laden filter

[mark_elf]

Actually I think it does work that way sometimes, just not consistently. While I was visiting Taiwan I made a couple of department store purchases and had my card turned off. I had to 800 them to turn it back on. Since then I usually call to tell them when I'll be gone. I wonder why the inconsistency.

Re:Now they've removed the bin.laden filter

[bws111]

I think it depends on your card issuer. My credit union issued Visa came with a warning to call them before attempting to use it overseas.

Re:Now they've removed the bin.laden filter

[Smauler]

I agree with the idea that capturing one group will result in a second group popping up, but the same is true with crime -- arresting people who commit $criminal_offense won't stop $criminal_offense from occurring.

It will to some degree.... but prevention is better than cure. For example, car theft in the UK has dropped to about 1/3 of what it was 10 years ago, due to better security. Now, we have boiler room scams and internet fraud to take its place.

I never ever, ever, never ever, ever (ever never), would buy anything off of someone who contacts me randomly out of the blue. I don't understand the mentality of it... even if the company calling/e-mailing/mailing me are legitimate, they're spending money on marketing which could be used better on service for their customers. That's _if_ they're legit...

Re:Now they've removed the bin.laden filter

[SomePgmr]

I know a lot of cards work like that as a "fraud prevention service". Unfortunately it's always that reactive flagging, instead of proactive rules. :(

I should call my card company and see if they'll do that on request, though.

Re:Now they've removed the bin.laden filter

Actually, my local bank issued debit card automatically doesn't work... well, in California, at least, I think outside my state (or nearby states) as well. Had to call them up to remove the block, was quite painless. Works online (even for CA based companies) so its not at all an inconvenience. If my local bank can do it, everyone should.

Re:Now they've removed the bin.laden filter

[causality]

So if people were smarter, they wouldn't walk by the park and night which would keep them from being targets of mugging, which in turn will make muggers become more productive citizens?

Mugging is a violent crime. Since it involves the use of force, it does not depend on the cooperation of the victim. I see the point you're trying to make here but it just isn't a valid comparison. Saying no to a mugger won't stop him from getting your wallet and is likely to provoke him.

These scammers are non-violent fraudsters. Without the active cooperation of their victims, they cannot do harm. The would-be victims can say "no thanks" and stop the crime cold. That's the difference between fraud and force, though both are evil.

All I am saying is: since people actually can say "no" to this kind of criminal, why aren't we teaching them how to? It's not an either-or proposition. We can send law enforcement after the criminals while also educating their targets. The fact that we don't equates to turning a blind eye to the underlying vulnerability.

Re:Now they've removed the bin.laden filter

[EdZ]

That is how the majority of credit & debit cards work in the UK. It can be a massive pain in the ass, especially when even after calling them and telling them you are visiting country X between dates Y and Z, they will still block your card and attempt to call you on a number in the wrong country.
It;s not a bad idea in theory, but the implementation needs work.

Re:Now they've removed the bin.laden filter

[causality]

Unfortunately it's always that reactive flagging, instead of proactive rules

They are merely following the examples which are all around them. It's the "virus scanner" model instead of the "security system" model. The difference is a security system is all about proactive prevention, not after-the-fact damage control.

Damage control has its place, as a last resort. It should not be the focus of the effort though.

Re:Now they've removed the bin.laden filter

[bws111]

How are you going to teach people how to say no to that kind of criminal? We have spent a couple of decades scaring people with 'you must protect your computer, if you don't protect it you are an idiot, etc'. All that 'teaching' is what directly lead to this scam. So what do you propose teaching? That your computer will never pop up a warning saying an infection was found, and click to do something about it? Many (all?) legit virus scanners do exactly that. Never purchase something just because your computer said to? What happens when your AV subscription is up and you get prompted for exactly that (with the same dire 'you could be exposed' messages that the scams use?

Re:Now they've removed the bin.laden filter

[causality]

How are you going to teach people how to say no to that kind of criminal? We have spent a couple of decades scaring people with 'you must protect your computer, if you don't protect it you are an idiot, etc'. All that 'teaching' is what directly lead to this scam. So what do you propose teaching? That your computer will never pop up a warning saying an infection was found, and click to do something about it? Many (all?) legit virus scanners do exactly that. Never purchase something just because your computer said to? What happens when your AV subscription is up and you get prompted for exactly that (with the same dire 'you could be exposed' messages that the scams use?

You would teach them that there is no substitute for an actual understanding of the systems you are using and how they work. With computers and networks, enough basic competence to stop the majority of these scams is much more achievable than true expertise. It would be difficult, but unlike apprehending every last malicious person on the planet, it could be done. We routinely spend more resources than it would require on far less worthy things. It would begin with the realization that there is something wrong with using a system for years without ever knowing much more about it than when you began.

The biggest obstacle is the pity-driven, well-meaning but thoroughly misguided mentality of validating and legitimizing the ignorance that exists. It takes many forms. A common one is the fallacy of the excluded middle, wherein you are either a total expert or a complete newbie with no degree of competence in-between. Another common one is the unstated, implicit notion that there is anything normal or natural about the failure to slowly acquire knowledge over time with experience (leading to what I call the "permanent newbie"). Yet another is the idea that a literate person with 'Net access ever needs to wait around for someone else to educate them.

Sometimes the easy way is to go ahead and do it the hard way. Your alternative is to try multiple "easy ways", have all of them fail miserably, and then fall back to doing it the hard way. The only people benefitting from the status quo are law enforcement agencies and those with investments in the cottage industry of all the security "solutions" designed to protect users from themselves.

Self-directed education can be a joyful process of discovery powered by curiosity and a desire for independence. I know that doesn't suit the top-down bureaucracies involved in our school systems. It definitely doesn't suit the politicians and marketers who view independent thought and the initiative to not wait on strangers to hand you easy answers as obstacles in their path to power and gratification, but maybe, just maybe, the edification and advancement of the average person is more important than what they value. Maybe, just maybe the portrayal as normal of undisciplined immaturity that doesn't want to invest in the quality of its own experience, that denies the notion of getting out of something what one is willing to put into it, inevitably serves the interests of someone other than we the users.

Knowledge and understanding really is power. If you depend on anyone else to hand you those things, that person has power over you that they may abuse. If people realize that their literacy and access to information is all they need to educate themselves, if they realize the freedom represented by not being beholden to someone else to tell you what they think you need to know and how you should feel about and act on that knowledge, well, making criminals' jobs more difficult is one of the least significant benefits we would receive. It would be nothing short of a new Golden Age. It would change everything from the way people live their personal lives, to the kinds of businesses they run, to the kind of leaders they demand, to their views on what really matters in this life.

Re:Now they've removed the bin.laden filter

[SilentStaid]

Very interesting. I imagine it is a little harder on you because you'll be going from country to country whereas in N. America I get cell reception pretty much everywhere I need to go. Cool though.

hmmmm

and how much collateral damage did this one cause?

Re:hmmmm

[Oxford_Comma_Lover]

IIIRC, direct damages were in the high tens of millions. Collateral damage is massive--lots of tech support broken window fallacy stuff. Lots of frustration.

Re:hmmmm

New oxymoron?

"broken window fallacy stuff"

Re:hmmmm

[Oxford_Comma_Lover]

An Oxymoron and an Anonymass walk into a bar...

One encapsulated concepts by reference which a sharp mind will decode: Collateral damage includes hundreds of thousands of sometimes complex tech support calls, which are financially beneficial to the tech support community, perhaps, but which cost society more than having the computers not fail because some criminal with an e-crowbar (i.e. scareware) came along and smashed up their windows, as the windows broken in the broken window fallacy.

The other re'd to hmmmm.

well crap!

[uncanny]

Now who's going to fix the virus that a virus scanner on a porn-site-popup tells me that i have?

Re:well crap!

Sounds like you need APK AntiVirus Pro 2012++.

Re:well crap!

Tell me of these porn sites with popups. I thought you got porn-sites and porn-popup-sites.

Re:well crap!

[uninformedLuddite]

I always get a pop-up when browsing porn sites

Kudos

[DemonGenius]

Thanks FBI! I finally get to hear less from my mom about her computer troubles... hopefully... who the hell am I kidding...

Re:Kudos

[ohcrapitssteve]

Buying the mother-in-law an iPad was the best money I ever spent. Let's see her get AntiVirus2009 installed on -that- thing.

Dammit she's calling my phone right now.

I can't believe this.

[Bobakitoo]

I can't believe they have shutdown Symentec. I am forwarding this to everyone!

are they gonna give the money back to the victims?

Or just use it to fund their "War of Drugs"

Re:available

[TaoPhoenix]

Shutting down a two person operation = massive dent in the problem? How many hundreds of people were raided by copyright SWATs?

Let this be a warning

[countertrolling]

If you think offshore servers are safe from the long arm of US law, you're in for a big surprise.. It all looks good when they go after spammers and such, but next it will be anything the FBI, DEA, or DHS, or whoever considers a 'threat'..

Be sure to hide the roaches..

Re:Let this be a warning

If you think offshore servers are safe from the long arm of US law, you're in for a big surprise.. It all looks good when they go after spammers and such, but next it will be anything the FBI, DEA, or DHS, or whoever considers a 'threat'..

Be sure to hide the roaches..

You just really have this undying, all-consuming, blind, frothing hatred of the US, don't you?

"The US today has just developed a general cure for all forms of cancer! And it's cheap, safe, and the company that made it has freed it from all patent restrictions! THIS CLEARLY PROVES THE US HAS MASSIVE BIOENGINEERING SECTOR AND IS DEVELOPING VIRUSES TO KILL YOU AND YOUR CHILDREN!!!"

"After generations of fighting deeply bred hatred and violence into the very fabric of society in the Middle East, the US finally successfully brokered peace between all major warring factions. Local authorities are still cleaning up smaller terrorist groups trying to re-establish themselves, but the desert nations are finally returning to an era of prosperity, PROVING THAT THE US HAS MIND-CONTROL BEAMS THAT THEY HAVE BEEN USING ON YOU FOR YEARS AND THIS IS ALL A BIG LIE TO GET YOU TO LIKE THEM!!!!! zomg why cant anyone else see this but me"

Re:Let this be a warning

Oh shit.

They know we know.

Oh shit, now they know we know they know we know.

OH GOD.

What a relief!

So my computer isn't broadcasting an IP address after all.

Oh the joy.

[Ross+R.+Smith]

No matter how many people you arrest, more will take there place.

The sad, simple fact is that you can't fix stupid. No matter how much you try to educate the end user, they don't seem to listen. If Joe Public wasn't so uneducated about it the problem would go away entirely.

Re:Oh the joy.

This. One can certainly have a debate about how much we should protect people from their own ignorance. The problem is that there will *always* be more people to take advantage of the gullible. That has been happening throughout human history, and it isn't going to stop now. If we try to build a world where no one has to understand anything, then no one will understand anything, and people will keep being taken advantage of. People are exactly as dumb as they can get away with being.

The only long term sustainable solution I see is education and awareness.

Captcha: learner

Re:Oh the joy.

[spauldo]

I think that'll be a generational issue. Today's children are growing up with computers, whereas most of my generation didn't.

Most people who are computer literate don't fall for these scams. Once the computer illiterate die off, it'll be a lot harder to scam people using these methods. There will still be scams, but there were scams before the internet too.

Sure, devices will change, and software will change, and people will fall behind, but I doubt we'll see the kind of technological revolution that the internet brought about for quite some time.

Re:Oh the joy.

...The sad, simple fact is that you can't fix stupid. No matter how much you try to educate the end user, they don't seem to listen. If Joe Public wasn't so uneducated about it the problem would go away entirely.

Not stupid, just untrained. How about teaching basic (really basic) computer skills in primary school? Things like "how to do an effective web search" and "not everything on the Internet is true" and "how to tell if a website is really who you think it is".

Surely that would be helpful to society as a whole.

Re:Oh the joy.

[mrnobo1024]

The sad, simple fact is that you can't fix stupid. No matter how much you try to educate the end user, they don't seem to listen. If Joe Public wasn't so uneducated about it the problem would go away entirely.

We could fix all 7,000,000,000 people in existence, or we could just fix all 3 operating systems that anyone uses. Which is more practical?

The problem is that current OSes make it very easy to install software and give it full privileges, and very hard to install software and give it only limited privileges such that it can't cause you harm (in both Windows and *nix, you have to create a new user account for it, but Windows is worst because most programs can't even be installed unless you're running as administrator)

Reverse the difficulty, and malware relying on "user stupidity" would pretty much disappear.

Re:Oh the joy.

[screwzloos]

On the contrary, the "computer illiterate" group you're talking about is growing, not dying off. While it's true that more and more people own computers every day, there is a considerably larger market share of "casual" users than there was ten years ago. With operating systems getting easier to use and more tailored to the general public, the amount of real understanding any given user needs in order to mistakenly install malware/scareware is continuing to go down.

I think it's going to get worse (more profitable) before it gets better.

Re:Oh the joy.

Do you actually believe that shit? Go to any college's tech support and behold the staggering number of laptops that have 'something wrong' with them - mostly viruses. Computer literate my ass. You might as well say the current generation are all mechanical geniuses because cars have been around their whole lives. Most of them probably don't even know there is oil in the engine until 'that red light came on and now my car won't start'.

Re:Oh the joy.

[Smauler]

(in both Windows and *nix, you have to create a new user account for it, but Windows is worst because most programs can't even be installed unless you're running as administrator)

I run as admin all the time on my Vista machine. I do this because :

Only I use it.
My sytem files are replaceable.
My user files are the most important to me.
It's way more convenient.

Running as a limited user on Windows does not protect your user files, obviously - you have full access to them. I've recently had a couple of malware attacks with firefox that use user priveledges only, and infiltrate via the browser.

I moniter my network traffic, I look at what is running (note - HijackThis and Malwarebytes failed to pick up the problem, though I do like both those programs... running an old Firefox probably didn't help).

I guess my point is that for people like me, with their own computer, the user data is the most important... and running as admin does not endanger that (in my case I think it helps in some ways... I can see what is running in my user space more easily). The only real problem with running as admin with a personal computer is the possibility it can get infected completely without the user's knowledge, and do harm to someone else.

Re:Oh the joy.

Yes, as soon as you make something idiot proof they build a better idiot.

Re:Oh the joy.

[spauldo]

That's what I meant by generational. A large number of those casual users are people of my generation or older.

My dad clicks on spam stuff all the time. My sister, who just turned 18 (she's a lot younger than me) doesn't. She's less technical than my dad is - she's just been using the internet most of her life, and knows better.

Symantec, you're next!!

[madhatter256]

Watchout Symantec, you're next on the FBI's list!!! Always bugging people that you need to be renewed, bugging people that their license will expire in 60 months and that it needs to be renewed immediately to stop that from happening. Letting most viruses go through undetected and infect the PC. Taking over the PC and making it difficult to get rid of by always encountering some sort of 'error' while uninstalling or leaving shit behind that allows it to reinstall itself (Norton 2004 heydays).

McAfee, you're next, too!!!

Re:Symantec, you're next!!

[hamburgler007]

And unfortunately this isn't isolated to symantec. All the majority of antivirus applications do is eat up cpu.

Re:Symantec, you're next!!

[Runaway1956]

Correct. That's why I switched to a Unix-like.

Maybe the doomsayers have a point. Maybe one day, the malware makers will target Linux, and I'll have a virus laden *nix machine that can't boot it's sorry self up. But, that day is down the road, somewhere. Today, I'm enjoying a computer running full speed, unencumbered by any cycle-hungry security software.

Maybe I should apologize now to my great-great-great-grandchildren for being so selfish and uncaring?

Nahhhhh - screw the little jerks. They won't be bringing flowers to the old man's grave anyway. Not that I want any, but they won't even think of it. Let them wrestle with tomorrow's problems. I'm happy with Linux today!!

Re:Symantec, you're next!!

[hamburgler007]

I always find it amusing when a "your computer is infected1!!" windows style popup comes up on my linux machine.

Re:Symantec, you're next!!

[Tarlus]

... and with a convincing-looking "My Computer" window, showing hundreds of viruses on the "C Drive." Always amusing.

More info...

[nlewis]

Either I'm not seeing a lot of detail in the linked article, or it's just not there. This one has more info:

      BBC News - FBI targets cyber security scammers
      http://www.bbc.co.uk/news/technology-13887152

Dozens? Whose dozeons?

[jaiteend]

What it doesn't say is whose dozens they took down / stole. The wording of the correct. It doesn't say "dozens of computers, servers and bank accounts associated with the culprits", does it?

http://blog.instapaper.com/

Hmm

[return+42]

Scareware? Antivirus? Oh yeah, I remember now! That stuff Windows users have to worry about.

Re:Hmm

[spauldo]

It's annoying for Linux users too. Google images if full of links to sites that try to run a virus scan and force you to download their stupid product.

Unless you close the tab quickly, you'll likely have to kill firefox altogether because of the modal windows that it pops up. One more reason modal windows are fucking evil.

Re:Hmm

[return+42]

Really? I haven't been getting those at all. Some plugin I installed and forgot about, maybe.

Re:Hmm

[spauldo]

I only run across them myself on Google images, so maybe your usage just doesn't match the targets they're aiming for. If it is a plugin, I'd like to know what it is so I can stop getting them.

I had some of this crap infect my computer

[ackthpt]

It came in through holes in Flash and Microsoft's crappy javascript interpreter. I yanked the network cable from the box, but it was too late. As I was researching what to do about the Virus Scan Pro 2000 it then tried repeatedly to launch IE to pr0n websites. Took a full weekend to repair the PC and it's never quite worked the same, since, thanks in part to Microsoft's All Your Eggs In One Basket system architecture.

Nice people. I hope they are buried in cement.

Re:I had some of this crap infect my computer

[sconeu]

My daughter got one of these on her laptop... during finals week... (ugh).

Luckily, she had already printed out and/or submitted all her term papers.

The damn thing also installed a MBR virus (at least FIXMBR reported a changed MBR).

I wound up booting from a Linux LiveCD, copying her "My Documents" and "My Pictures" onto flash. Then I *ZEROED* /dev/sda before I reinstalled XP from scratch.

I hope they lock these bastards up and throw away the key.

Re:I had some of this crap infect my computer

[Runaway1956]

Why do people always over react? Buried in cement? What, you think these little turds are worthy of a Jimmy Hoffa ending? Those kind of funeral arrangements are reserved for people who piss of really IMPORTANT people. You know, powerful people. So, these guys pissed off a few little pissants, stole a few million dollars, and prevented you from logging into WOW for a weekend. Phhht. They don't deserve anything better than being shot, and left for the dogs to eat. Just regular scum, not worth gettting all worked up about.

Re:I had some of this crap infect my computer

If they're pissing in your pool, they deserve to be mutilated, fed to live piranha, a few millimeters at a time.

ie - this kind of shit hits home for most slashdotters - most of us have to clean up the mess it causes, so yeah, untimely demises et all are quite appropriate for these bastards - oh, and their bank account contents, mason jar collections are all belong to us.

lol - my verify was hospital for this one - quite apropos.

Re:I had some of this crap infect my computer

[Tarlus]

Why do people always over react?

They don't deserve anything better than being shot, and left for the dogs to eat.

I'd call that overreacting.

Re:I had some of this crap infect my computer

[hamburgler007]

The only thing I agree with in your post is the scammers don't deserve to be executed, but the rest is just fucking idiocy. You seem to imply that the people involved aren't important or powerful. A multination effort resulting in the arrest of these assholes implies otherwise. Most people with a computer and access to the internet have had to deal with some form of malware at some point, and almost certainly were pissed off about it. Apparently these people you so kindly refer to as pissants were powerful enough to take care of the problem. The extent of the problem extends beyond being able to play online games unfortunately. This software has resulted millions upon millions of hours wasted.

Re:I had some of this crap infect my computer

[Runaway1956]

Actually, some of us blame the problem on the users who insist on using an insecure operating system. Worse, they use those insecure operating systems in stupid ways.

Would you like to see a video of dancing pink ponies? Just click the Windows executable, wait for it to download, then click through all the silly Windows warnings - don't worry about all those warnings!

Re:I had some of this crap infect my computer

[sjames]

Yeah, they're not worth risking a dog's health over.

FBI = good or FBI = bad?

[rritterson]

Just yesterday, we had a story about the FBI seizing servers in virginia and most of the comments were negative. Of course, in this thread, most of the comments are positive.

One difference is we know the purpose of the seizures in this case, which makes it seem less fly-by-night, but I wonder how the hosting providers felt when the servers were first seized. Not that we should let the FBI seize whatever, whenever, but sometimes quick action to seize evidence is necessary, even if it inconveniences others.

Re:FBI = good or FBI = bad?

[softWare3ngineer]

from what I can tell they are the same event.

http://blog.instapaper.com/post/6830514157

Re:FBI = good or FBI = bad?

Yeah, except for these are actual bad guys. Pure filth. Anyone willing to do business with them deserves the collateral damage left by the crater.
These are the people that cause the real harm. The untold lost man-hours to de-worming (or better reinstalling) windows. The money spent to pay for said man hours. The side effect of generating more business for the geek squad..

Oh god the geek squad. If I believed in hell, that would be it. I once accidentally overheard a conversation.. Typical clueless user, infested computer that was underpowered to begin with.. The soulless, broken wreck of an employee behind the counter reciting BS he knew was pure lies, but forced to tell the customer to generate as much revenue as possible. Pitty the wretched existence that is the geek squad. They are the walking dead. .. Anyway, justice for the scareware/malware promulgators would be nothing less than than public stoning by all of the geeks, admins, it professionals, and family members that have had to deal with their shit. There would be nothing left but misshapen bloody stumps underneath piles of rocks.

Re:FBI = good or FBI = bad?

[bws111]

What makes you think that the servers that were confiscated a couple of days ago were not taken as part of this operation? On the 21st, the FBI seized a bunch of servers, and there was much howling. On the 22nd they make this announcement, which includes 'seizure of more than 40 computers and servers'.

Re:FBI = good or FBI = bad?

[Kiaser+Zohsay]

The problem with yesterday's FBI story was the ham-fisted way that servers were removed from the data center, causing outages for legitimate customers in addition to taking the bad guys offline.

Re:FBI = good or FBI = bad?

[Rockoon]

Some might argue that the hosting companies that enable the peddling of scareware are also 'the bad guys'

Instapaper Servers Stolen in Bust

[WarpedCore]

http://blog.instapaper.com/post/6830514157

Marco Arment explains his version of the situation in his blog. Basically, the FBI has this "drug bust" proximity to the evidence must also be evidence mentality to executing a search warrant. Anything unrelated to the crime could have been loaded on adjacent servers. Did they only need one search warrant for DigitalOne?

Re:Instapaper Servers Stolen in Bust

[jace.m.miller]

The blog is a place to vent. The fact of the matter is that unlike other circumstances where one would be justified in filing a complaint that their hardware was illegally seized, there was well documented warrant that was executed. Now, I also realize that other hardware was taken as they were hauling off entire racks of servers. The individuals complaining about this procedure lack both an understanding of exigent circumstances and cryptography. In many cases exigent circumstances are cited as a bullshit reason to justify an otherwise illegal search. In the DigitalOne case, the servers had to be captured without the loss of power to prevent the crypto keys from leaving the RAM. Exigent circumstances exists to specifically to capture evidence before it can be deleted. In this case it fit the letter of the law exactly. As such, I would suggest finding a better avenue to vent about abuse of power. There are plenty examples of unconstitutional searches that we don't want to diminish a legitimate argument by yelling about something that was actually logical. As an addendum, I also realize that you can freeze the ram with liquid nitrogen and transport it that way, but if you've ever tried to do it you would realize that it's a pain in the ass with a huge margin for error. That margin for error also factored into why the server were captured the way they were.

While your at it...

[WaffleMonster]

Why not do something about those TV commercials which advertise virus protection and instantly fix your computer while of course also making the Internet faster? They are all worthless scams...whats the difference?

So

So when are they gonna go after the MyCleanPC scareware scammers?

FBI my ass - shoulda been SEAL Team 6

Nevermind the FBI, shoulda sent the SEALs. If the scareware cycle went like this:

1) Write scareware
2) Infest millions of PCs and collect mad cash using dodgy Russian card processors
3) PROFIT!
4) Take a 5.56mm round to the head

It might reduce the volume a little... ;)

well crap!

Now who's going to fix the virus that a virus scanner on a porn-site-popup tells me that i have?

Re:available

[Reverand+Dave]

Copyright SWATs are only working in the interest of the corporations, not the general public, therefore copyright SWATs aren't working to deter an actual problem, just a noisome behaviour.

Phrasing abiguity...

So are they saying scareware is ok as long as you're not promoting "useless or outright malicious software"?

Re:Phrasing abiguity...

[bws111]

Well, why not? At that point it's just an ad for a product.

Self-policing by passive beneficiaries

[Crag]

What I'd like to see are RICO prosecutions where the otherwise "legitimate" entities who claim ignorance get prosecuted. I think you'd quickly end up with a lot more self-policing by the passive beneficiaries.

Oh god please no. Don't give service providers an excuse to discriminate against potentially illegal activity. I do not want VISA, MasterCard, Quest, Comcast, FedEx or UPS guessing at my true purposes when I use their services and then blocking me if I trip their "illicit activity" filter.

"Innocent until proven guilty" is a good idea. Let's stick with that, please?

We are victims of this FBI Sting! What about us?

If you read the full story of this on the web here's what happened, the FBI posed as someone selling advertising for the StarTribune newspaper here in Minneapolis Minnesota. They let these bad guys post a legitimate add and it was left running on the www.startribune.com website but the bad guys changed the original coding so that if their add appeared when you were on the Star Tribune website you got the virus! We had 3 computers get this virus because the employees happened to go to the www.startribune.com website as part of their job and I'm the guy that had to remove this crap from our computers! It took me about 2 days to get these employees equipment cleaned and back in service. Hey FBI, do you think you could have shut this down AS SOON AS YOU DETECTED IT! Do we qualify for some of the funds you recover in your operation? I'm down to working part time hours and have to use valuable time and resources to fix equipment because of your sting?

I am glad that the FBI did get these guys, every year this fake antivirus program gets harder and harder to remove, I really feel sorry for the people that don't have an IT guy to fix this for them. There are allot of snow birds that go south in the winter and follow their home town thru the local media websites.

I know I'm just venting here but let me say "Thanks FBI agents" this will help many people from loosing valuable data, pictures etc...

Dan E.

A major dent?

[Muros]

Lets try rearranging some of the words in that summary to encapsulate the message...


The operation, which involved authorities in the United States, Germany, France, Latvia, the UK and several other nations, seizing dozens of computers, servers and bank accounts as part of a large-scale coordinated operation in twelve countries, made a major dent in the huge scareware and rogue antivirus problem, arresting two people .

scareware gand ???

[slick7]

Fox news is off the air? When?