Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Drops Suit Against Firm In Botnet Case

Posted by samzenpus on from the on-second-thought dept.

wiredmikey writes "Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet. In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits. 'Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFree Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,' blogged Richard Domingues Boscovich, Senior Attorney for Microsoft's Digital Crimes Unit. 'Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain.' In regards to Kelihos, Boscovich said Microsoft is continuing its legal fight against the 22 'John Does' listed as co-defendants in the lawsuit."

49 comments

  1. Defamation, anybody? by Anonymous Coward · · Score: 1

    That's a serious accusation to make, especially when lacking in adequate evidence to support such a claim.

    FTA: As part of the settlement, Piatti agreed to delete all the subdomains used to either operate the Kelihos botnet or for other illegitimate purposes or to transfer those subdomains to Microsoft. In addition, Piatti and dotFree Group will work with Microsoft to implement best practices to prevent abuse of free subdomains and use these best practices to establish a secure free Top Level Domain as they expand their business going forward.

    What exactly does Piatti get in exchange for the damage to his company's reputation?

    1. Re:Defamation, anybody? by khallow · · Score: 2

      There are two things to note here. It looks similar to plea bargains in criminal court cases where the defendant pleads to a lesser offense in exchange for cooperation on other targets of investigation. Second, we don't actually know that Piatti was innocent of these charges. The mere fact that they're acquiescing so readily tells me that they probably were looking at serious charges, even if the original ones were pure slander (and those may well have not been!).

    2. Re:Defamation, anybody? by realityimpaired · · Score: 1

      Or maybe that they were acting in good faith and were unwittingly helping the botnet people do their nefarious work, and that now that they have egg on their face, they welcome the chance to have help establishing procedures that would prevent it from happening again?

      Never ascribe to malice that which can adequately be explained by incompetence.

    3. Re:Defamation, anybody? by khallow · · Score: 1

      Never ascribe to malice that which can adequately be explained by incompetence.

      And never ascribe to incompetence that which can be explained by self-interest.

    4. Re:Defamation, anybody? by Runaway1956 · · Score: 4, Insightful

      What does Piatti get? He gets a bot-free business. Damage to his company's reputation? That's HIS problem, seeing that he carelessly allowed his domains to be used for bot-netting. He caused the damage himself, by way of neglect.

      I don't even like Microsoft, and I resent the fact that you have forced me to defend Microsoft. FFS, AC, have you no sense at all? If the White House were to come under cybernetic attack, and the majority of those attacks appeared to originate from my house, you bet your ASS that the Secret Service will be knocking on my door, with a battering ram! They will confiscate every electronic device I own, they will confiscate my ass, and they will publicize my arrest around the world.

      In which case, I will be solely responsible for the "damage" to my reputation, for having failed to secure my computers.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    5. Re:Defamation, anybody? by bill_mcgonigle · · Score: 2

      In which case, I will be solely responsible for the "damage" to my reputation, for having failed to secure my computers.

      No, you'd be solely to blame for the failure to secure your computers, but you wouldn't be responsible for the attack which is the action of an unassociated third party - you'd not be guilty of aiding them or being part of a conspiracy. http://en.wikipedia.org/wiki/Mens_rea Perhaps people would do a better job at security if this was different, but that has large risks as well.

      The more troubling bit to me, though, is that you feel that if the White House's computers respond poorly to a certain pattern of signaling on a wire, they're justified in sending men with guns to your house and violently breaking in.

      Have we abstracted away common sense?

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    6. Re:Defamation, anybody? by peppepz · · Score: 2
      This is not the way things work in a state of rights. In particular, you usually can't get arrested for things you haven't done.

      In some countries, unjustly accusing people of having committed a crime is itself a crime.

    7. Re:Defamation, anybody? by Anonymous Coward · · Score: 0

      There is a world beyond criminal law, you know. This article, for example, does not fall under criminal law. Thus, Mens rea does not apply (assuming, of course, wikipedia is correct).
      A quote for the lazy:
      "In civil law, it is usually not necessary to prove a subjective mental element to establish liability for breach of contract or tort, for example."

    8. Re:Defamation, anybody? by ozmanjusri · · Score: 1

      you bet your ASS that the Secret Service will be knocking on my door, with a battering ram!

      Doesn't it worry you that you're endowing a private (and frequently predatory) company with government responsibilities and powers?

      The US Secret Service has a mandate to protect your nation's leaders, visiting world leaders, national special security events, and the integrity of the nation's currency. Microsoft has a mandate solely to take money from you, yet you're giving them virtual search and seizure powers.

      --
      "I've got more toys than Teruhisa Kitahara."
    9. Re:Defamation, anybody? by adolf · · Score: 1

      Meh. A lot of things respond poorly to various patterns.

      Walking into a bank with a hand in your pocket and a demand for money elicits a poor response.

      Escalating a disagreement with another person to the extent of dismemberment elicits a "poor response," and the jury won't care who was "right."

      And sending a certain pattern of signalling to the White House's computers will also elicit a poor response, just as setting the pins on a lock (which does not belong to you) in a certain orientation may bring about a "poor response."

      It's not that common sense is too abstract. It's that it's not being applied properly to computer crimes.

      --
      Kid-proof tablet..
    10. Re:Defamation, anybody? by Runaway1956 · · Score: 1

      Actually, no. I haven't researched just how they identified the botnet. It's possible that they exceeded any reasonable authority to do so. But, once the botnet was identified, it seems that they went to court, seeking reparations, and to shut the net down. That much seems reasonable. I would do as much. Search and seizure? It would seem that the court did that, after being presented with some reasonable evidence.

      As I already said, I don't even like Microsoft. But, I can't go for mindlessly bashing Microsoft, either. It appears that MS was doing the right thing this time around, by stopping a botnet.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    11. Re:Defamation, anybody? by Anonymous Coward · · Score: 0

      Doesn't it worry you that you're endowing a private (and frequently predatory) company with government responsibilities and powers?

      That has already been the trend the US government has been working on over the past decade. Department of Homeland Security employs several private security and data gathering firms to do a lot of their spying and information gathering. These companies are granted special powers in emergency situations and do not have to answer to the federal government at all. They also don't have to repond to FOIA requests and can keep their information completely concealed from the public.

    12. Re:Defamation, anybody? by Xest · · Score: 1

      "If the White House were to come under cybernetic attack, and the majority of those attacks appeared to originate from my house, you bet your ASS that the Secret Service will be knocking on my door, with a battering ram!"

      Cybernetic attack?

      If it was a cybernetic attack then I think the secret service would have more to worry about than you as I suspect it would look more like Rise of the Machines than it would Hackers.

      Yes this is just a typical Slashdot pedant post, I just couldn't help but point out that cybernetic != cyber.

    13. Re:Defamation, anybody? by bill_mcgonigle · · Score: 1

      You really think that a cyber attack on the White House is going to be prosecuted in civil court?

      I'm not arguing that it shouldn't be, but I'm certain it won't be.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  2. Usual Slashdot response by SharkLaser · · Score: 2, Insightful

    The usual Slashdot response is to put a bullet into botnet owners heads or nuke them from orbit, no questions asked. Well, in this case there would be an innocent man dead. It just shows it isn't always so easy to find them.

    1. Re:Usual Slashdot response by Anonymous Coward · · Score: 1, Funny

      According to the Source Code of Hammurabi both parties should be killed, just to be sure.

    2. Re:Usual Slashdot response by shutdown+-p+now · · Score: 1

      Isn't that the part where you throw both parties in the river, and the one that doesn't drown is guilty?

  3. now-defunct Kelihos bonnet by Anonymous Coward · · Score: 1

    Damn that evil headwear!

    1. Re:now-defunct Kelihos bonnet by Anonymous Coward · · Score: 0

      There's a bee in my bonnet!

    2. Re:now-defunct Kelihos bonnet by Nidi62 · · Score: 1

      There's a bee in my bonnet!

      There needs to be another t in your bonnet, too

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  4. Operating Systems by jimpop · · Score: 1

    I wonder what OSes Mr. Piatti uses. I wonder they will be the same ones next year.

    1. Re:Operating Systems by Anonymous Coward · · Score: 0

      Why do you think it has anything to do with OSes? Guy runs a hosting company, and the BotNet controllers were using sub-domains he offers.

    2. Re:Operating Systems by Bungie · · Score: 1

      No, Microsoft really doesn't give a sh*t about which OS is used to host a bunch of DNS servers, and they don't give away Window Server licenses to any company because that's their biggest money maker: selling their server products to corporations.

      MS could care less about home users pirating a $130 copy of Windows 7. The real money is in selling $1000+ server licenses to companies for many servers, as well as having to buy things like seat licenses and other expensive server products (like SharePoint). Plus those companies also have to purchase "professional" level Windows clients for their workstations which connect to their servers. That's why they regularily audit corporations and organizations for license compliance in person, and invent schemes like WGA Validation to handle the home users who they don't have time to care about.

      --
      The clash of honour calls, to stand when others fall.
    3. Re:Operating Systems by Runaway1956 · · Score: 1

      http://www.google.com/search?cx=w&sourceid=chrome&client=ubuntu&channel=cs&ie=UTF-8&q=microsoft+donate+Windows

      Of those hits, this one seems to be more to the point than the rest I've looked at:
      http://www.encludeit.org/node/2494

      There is nothing that "MS could care less about" when it comes to computing. MS has engaged in one of the biggest social engineering experiments in history. They are actively engaged in conditioning children worldwide, to use Microsoft products.

      So, yes, they would rather give away a copy of Windows, than to see that computer running Linux, Unix, Mac, or any other operating system. Teach them early, if possible, but teach them whenever possible, that Windows is the one and only operating system!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  5. "the now-defunct Kelihos bonnet"? by Anonymous Coward · · Score: 1

    Surely that should be botnet, not bonnet. Turn off autocorrect.

    1. Re:"the now-defunct Kelihos bonnet"? by Mathness · · Score: 1

      Nah, it is part of car analogies often used on /. :D

      --
      Carbon based humanoid in training.
    2. Re:"the now-defunct Kelihos bonnet"? by Smallpond · · Score: 1

      They slammed the door on this lawsuit. It crashed and burned.

  6. Microsoft is the judge now? by Anonymous Coward · · Score: 1

    "Microsoft has dismissed a lawsuit

    I had no idea Microsoft was that powerful - isn't it normally judges who dismiss lawsuits?

    1. Re:Microsoft is the judge now? by Lexx+Greatrex · · Score: 1

      The author should have written "settled" instead of "dismissed". All around this is a badly summarized article verging on "Troll" status. Surprised it got through? Nope.

  7. No apology then by folderol · · Score: 2, Insightful

    We falsely accused you, maybe made a sizable dent in you business, but that's OK. We're Microsoft and beyond all possible reproach.

    1. Re:No apology then by Anonymous Coward · · Score: 2, Informative

      I'ts not a false accusation. The standards for malicious prosecution are actually quite high, and would require evidence of either severe incompetence or willful and reckless disregard for the truth.

      However, since the botnet was controlled through their hosting services, it'll be a case of an acceptable interpretation of the information they had, and not punished.

      Microsoft's apology probably goes something like this "Hey, sorry you weren't actually doing it yourselves, but just foolishly sold your services to them which they used to cause severe damage to lots of people, gee, I hope they don't sue you for negligence or anything."

    2. Re:No apology then by AftanGustur · · Score: 1

      I'ts not a false accusation. The standards for malicious prosecution are actually quite high, and would require evidence of either severe incompetence or willful and reckless disregard for the truth.

      However, since the botnet was controlled through their hosting services, it'll be a case of an acceptable interpretation of the information they had, and not punished.

      If microsoft woudl just have looked at the "information they had" they would have figured out in 10 minutes that

      A) the IP addresses of the bothet controllers did not belong to the company dotFree Group SRO and
      B) The subdomain cz.cc used by the botnet controllers, is a free DNS service that anyone can use.

      If you turned the table and accused Microsoft of something similar based on the same "evidence", you can be sure that Microsoft would sue you out of existence.

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  8. What are you implying? by Anonymous Coward · · Score: 1

    So what exactly are you implying here? Say it flat out. Don't pussyfoot around it. Instead of making indirect accusations, man up and actually say exactly what we all know you're trying to say.

    1. Re:What are you implying? by kermidge · · Score: 1

      Man up? Might be a more credible exhortation if not posted AC, no?

    2. Re:What are you implying? by Anonymous Coward · · Score: 0

      The GP's request is perfectly valid and credible regardless of the name that's attached. After all, it's the message that matters, not who delivers it.

      We're all still waiting for "jimpop" to act with honor and state his accusations clearly, by the way.

    3. Re:What are you implying? by bill_mcgonigle · · Score: 1

      Man up? Might be a more credible exhortation if not posted AC, no?

      OK, 'kermidge' (don't get me wrong, I find an AC slapfight as funny as anybody else).

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    4. Re:What are you implying? by kermidge · · Score: 1

      Hi, Bill. Thanks; sorry 'bout the snark, was only into second cuppa, and couldn't resist.

      I've been using "kermidge" for a decade, there's only one other on the 'net that I've found (and I'm not sure about him), but there are thousands with my "real" name.

  9. owned much? by Anonymous Coward · · Score: 0

    Anyone can get a .cz.cc subdomain. Try it yourself: http://www.nic.cz.cc/index.php

    Did they not even visit the webpage and realize this?

    1. Re:owned much? by larry+bagina · · Score: 0

      is go.at.se.cz.cc taken?

      --
      Do you even lift?

      These aren't the 'roids you're looking for.

  10. Late to the party again Slashdot? by Anonymous Coward · · Score: 0

    Is it just me or are stories on Slashot coming in on time delay? This was news a while ago, now this story is in syndication.

  11. Bonnet ?! by Anonymous Coward · · Score: 0

    Wow! That's a low even for MS: suing people for wearing bonnets ?!

  12. Open court by AHuxley · · Score: 1

    Would have seen much code and skills on display as a set of older OS's and a few new ones where examined?
    The public face of MS's security experts been cross examined ...

    --
    Domestic spying is now "Benign Information Gathering"
  13. Just what is Microsoft suing them for? by Anonymous Coward · · Score: 0

    Someone remind me again how Microsoft has standing to bring actions in courts against these alleged botnet owners? I mean, what specific harm are they suffering?

    1. Re:Just what is Microsoft suing them for? by AHuxley · · Score: 1

      Just like in old Europe, a black Mercedes van pulls up.
      Men in black leather coats run up stairs and demand to see your license agreement with Microsoft ....

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Just what is Microsoft suing them for? by cavreader · · Score: 1

      "what specific harm are they suffering" They are not directly suffering a lot of harm from bot nets. It's the users who get harmed when their computers get botted and used to support criminal activities. The vast majority of these bots spread using social engineering attacks to dupe the users into infecting them selves. Bot attacks also take advantage of poor system administration practices to infect a system. No OS security can totally prevent these types of attacks. MS just seems to be the only IT company sinking money and time into identifying and shutting down the bot nets. This is not the first case of them doing so. What are all the other IT companies doing to address this problem?

    3. Re:Just what is Microsoft suing them for? by Kalriath · · Score: 1

      Actually, Microsoft is part of a consortium of IT companies who are on a rampage trying to find and sue out of existence all the botnet operators. There's an anti-virus vendor or two and possible a couple of major search engines in it as well.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  14. I hate legal articles by AK+Marc · · Score: 1

    Micorsoft can't "dismiss" a case. They can "drop" a case (drop being a non-technical term). But "dismiss" is a technical term. Only the Judge can dismiss a case. Microsoft can drop the case by requesting a dismissal, but if the defendants object to the dismissal (and they often do, because to accept it often blocks the "winner" collecting fees from the "loser"), then the judge will likely not dismiss the case. It's like the term "broadband" being misused constantly, with most fiber connections not being technically broadband, even while much faster than 14.4kbps modems (and 9.6 kbps GSM modem speed), which are technically "broadband" in the technical (not FCC) definition.

    --
    Learn to love Alaska