Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paul Vixie On DNS Changer: We're Dealing With Malware the Wrong Way

Posted by timothy on from the should-be-using-branding-irons dept.

AlistairCharlton writes with this snippet: "Victims of the DNS Changer malware think they have better things to do than check their internet security, and as a digital society we're dealing with malware in completely the wrong way. These are the thoughts of Paul Vixie who worked with the FBI in intercepting servers used by a gang of Estonian hackers who made millions of dollars from redirecting internet users away from the websites they requested, directing them to advertisements instead." The linked article also offers an interesting description of how the FBI's quiet takeover of a botnet came to be.

28 of 163 comments (clear)

  1. The FBI shouldn't have set up the alternate server by Alranor · · Score: 3, Insightful

    ... the victims would have noticed that their internet was cut off, and had to take steps to fix the problem then and there.

    But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant

  2. Definitely the wrong way by SJester · · Score: 5, Insightful

    I'm not sure why it's even the government's obligation to "close the deal" (from TFA) and help a victim fix their infected systems. If the victim felt they "have more important things to worry about" than prevent infection, then felt they "have more important things to worry about" than routinely scan their system, AND THEN when told that they were infected they "have more important things to worry about" than fix it themselves and pay out of pocket... maybe the government has "more important things to worry about", too. tl;dr If you didn't wear a condom, and you didn't get tested, and you found out you had syphilis and didn't care - why should I?

    1. Re:Definitely the wrong way by fa2k · · Score: 2, Interesting

      It's like if someone left their car unlocked, and did not have car insurance, and they had their car stolen. Then the FBI had to drive them to and from work in a police car for 6 months.

  3. Cornficker by SJHillman · · Score: 5, Funny

    "Taking the Cornficker virus as another recent example of computer malware, Vixie predicts an uncertain future where computer users don't understand or simply don't care about the risks involved."

    Cornficker is related to the Conficker malware, but prefers to fick it's victims with vegetables instead. Many vicitms did not mind.

  4. Summary: Area Man Has Gut Feelings by Lord+Grey · · Score: 4, Insightful

    From TFA:

    Summing up, Vixie says: "These victims seem to feel that [they] have more important things to worry about. My gut feeling is that they're wrong, but I can't seem to prove it. My other gut feeling about all this is that we, as a digital society, are doing this all wrong."

    My gut feeling is that International Business Times didn't really have a useful article but needed some more ad space, so they wrote this thing.

    For the few of you considering actually reading the article: There is nothing new to see there. Move along.

    --
    // Beyond Here Lie Dragons
    1. Re:Summary: Area Man Has Gut Feelings by fermat1313 · · Score: 2
      Totally agree. This is a completely useless article that brings nothing new. Best quote is the last line from the article.

      My other gut feeling about all this is that we, as a digital society, are doing this all wrong.

      ...which I read as: There's a big problem. I have no solutions, but dammit, this is a problem.

  5. the lies we tell ourselves and each other by speculatrix · · Score: 4, Insightful

    "I'll get round to doing backups one day"

    "I'll renew my antivirus licence next day pay"

    "The cheque is in the post"

    "I'll pull out in time"

    All are the many lies people tell themselves and each other.

    Basically as humans we tend to only do things which will have an immediate impact, and are capable of doublethink over things which might not happen or can be deferred.

    1. Re:the lies we tell ourselves and each other by Chrisq · · Score: 4, Funny

      "The cheque is in the post" "I'll pull out in time" .

      Hey, is that you Dad?

  6. hack is brilliant technically, stupid tactically by circletimessquare · · Score: 3, Insightful

    why did the hackers think they were ever going to get away with it?

    it is a brutally effective hack, but...

    1. they thought no one was going to notice?
    2. and if they noticed, no one was going to do anything about it?
    3. and if anyone was going to do anything about it, they didn't see the glaring weak point that would so easily undo all of their hard effort?

    commandeer your rogue DNS server. duh!

    how come these hackers spent so much time energy and effort in a scheme so easily undone?

    this not a matter of "oh, it's easy to point problems in hindsight". these guys obviously had the intellectual capacity to think through the technical requirements of their hack. so they obviously had the intellectual capacity to think through the tactical requirements. none of them said "it will never work: single easy point of failure."

    "These are the thoughts of Paul Vixie who worked with the FBI in intercepting servers used by a gang of Estonian hackers who made millions of dollars from redirecting internet users away from the websites they requested, directing them to advertisements instead."

    well ok, jokes on me: they realized the weakness, and they bet the authorities were going to react slowly, and they won the bet

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  7. Time to take the tinfoil hat off... by fermat1313 · · Score: 5, Insightful

    But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant

    Care to show a source, even a single one, for that? The FBI handled this right, asking ISC to install and run the DNS servers. I really doubt the ISC would play ball with any extra-legal requests for data.

    Amazing how much pure paranoia is modded up around here

    1. Re:Time to take the tinfoil hat off... by h4rr4r · · Score: 5, Insightful

      How is this handling it right?

      Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

    2. Re:Time to take the tinfoil hat off... by fermat1313 · · Score: 2

      How is this handling it right?

      Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

      We can debate whether just dropping the servers should have happened or not. Personally I think that was correct, as just dropping internet connectivity for a large group of infected people (most of whom wouldn't have a clue about what's going on and how to fix it) would have been far more disruptive than the campaign that attempted to notify people they had a problem and how to fix it (with clickable links that worked while they were on the computer.)

      That said, my original comment about them "handling it right" had more to do with the way they handled replacing the DNS servers once that decision had been made. They used a private organization with a good reputation that wasn't beholden to any governmental organization. This pretty much nullifies the paranoid delusions of people like GP

    3. Re:Time to take the tinfoil hat off... by kiriath · · Score: 3, Insightful

      I appreciate the FBI intervention, it gave people ample time to upgrade their virus scanners and get it fixed - or go to the website that gave them tips on removing it and get it fixed... worst case they wound up with another piece of malicious software and had someone fix it in the interim. Being in direct to customer Tech Support, I was grateful that I did not have to answer a single call regarding this yesterday, and that would not have been the case had they just turned off those servers when they took this beast down. It would be interesting to see if the virus scanning companies saw an increase in installs/updates/upgrades since the mass media coverage last week.

    4. Re:Time to take the tinfoil hat off... by Anonymous Coward · · Score: 2, Insightful

      I seriously doubt the FBI needs to run DNS servers to get your private data without a warrant. The US government, evil or not, does have an interest in keeping its people's computers safe from non-US gvmt surveillance.

      Remember, the NSA has two goals: getting into your data and keeping its enemies out. Don't forget #2.

    5. Re:Time to take the tinfoil hat off... by Daniel+Dvorkin · · Score: 2

      Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

      Suppose a cop sees someone walking down the street checking doors to see who's left their houses unlocked. Should he let an obvious burglar continue in his work to "teach folks a lesson" about locking their doors?

      --
      The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
    6. Re:Time to take the tinfoil hat off... by fermat1313 · · Score: 4, Informative

      Exactly. We know we never have to worry about a private corporation using personal data for profit, right? And no company would ever play ball with the feds in return for a juicy government contract. And its a good things they have a good reputation. I mean, someday companies might even have to start hiring PR people and the like to try to hide the evil things they do behind a good reputation.

      Who said anything about a private corporation. Do you know what ISC IS?

      They are a non-profit organization whose sole purpose is to support the infrastructure of the Internet. They build open-source software (like BIND and implementations of DHCP). Sorry, but you really should research before you spout off.

    7. Re:Time to take the tinfoil hat off... by heypete · · Score: 3, Informative

      They are a non-profit organization whose sole purpose is to support the infrastructure of the Internet. They build open-source software (like BIND and implementations of DHCP). Sorry, but you really should research before you spout off.

      Not to mention running the F root name server. They really know DNS.

      Off the top of my head, I can think of only a few organizations in the world who have the know-how and ability to run a large-scale DNS system properly. ISC is at the top of that list. IMHO, the FBI chose wisely.

    8. Re:Time to take the tinfoil hat off... by kelemvor4 · · Score: 2

      How is this handling it right?

      Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

      Hopefully you don't actually work in IT... If you do, I'm sure it won't last with an attitude like that. Dropping requests, and disconnecting users with no warning is almost never a good idea.

    9. Re:Time to take the tinfoil hat off... by MikeBabcock · · Score: 2

      They're also a huge part of the problem in dealing with the DNS system's shortcomings.

      IPv6 DNS lookups are a fiasco, so is DNSSEC, and for that matter, so is BIND.

      We really need a research group a little more separated from Vixie working on a much better replacement for modern DNS.

      --
      - Michael T. Babcock (Yes, I blog)
    10. Re:Time to take the tinfoil hat off... by DarkOx · · Score: 2

      No redirecting users to a page they were not expecting to see and then encouraging them to run software or blindly make system modifications they don't understand is a terrible idea.

      The right thing to would have been to have a simple message telling them their system is compromised (show a nice FBI logo) and direct them to contact their ISP or a local computer support firm.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  8. Remember back when... by nitehawk214 · · Score: 3, Informative

    Vixie predicts an uncertain future where computer users don't understand or simply don't care about the risks involved.

    As opposed to today when uhh...

    At what point did the average home user understand or care about security? We should consider ourselves lucky that service providers at least pretend to care about security these days. Any home user that can understand computer security policy and practice is most likely in the industry, or trained to do so.

    Now a High School / GED level computer security class might sound hilariously basic for someone on Slashdot; but might be as useful as drivers ed classes for the masses. Sure there are morons that will drive/compute unsafely no matter what training, but some basic learning on how to protect one's self would really help intelligent people that just don't know better.

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  9. Correct link to cited Vixie post by wkcole · · Score: 5, Informative

    As has become all too common the /. summary is linked to a negative-added-value article at the totally worthless IBT.

    Paul's actual post is at CircleID: http://www.circleid.com/posts/20120327_dns_changer/ and is over 3 months old. Not news. As is normal for Paul it is well written and smart but if you've been following DNSChanger, you've read this already.

  10. Behavior not new by Guppy06 · · Score: 3, Interesting

    Victims of the DNS Changer malware think they have better things to do than check their internet security

    Victims of food poisoning think they have better things to do than check their food safety. Victims of STDs think they have better things to do than practice safe sex. Victims of car theft think they have better things to do than lock their car doors. Victims of lightning strikes think they have better things to do than to seek cover in a storm.

    Humans have always engaged in risky behavior, and generally for the same old reasons. You can educate those willing to listen, but you can't force those who won't.

  11. Cheap marketing and greed by erroneus · · Score: 2

    It's at the core of all the problems. Many see the internet as [near]-free advertising and easy and anonymous commerce. Trust is placed in all of the wrong places.

    This, of course, was all inevitable. We are not going to overcome human nature, impulse or desire. There were things that could have been done to prevent that. The internet was not designed for or intended for the uses we have put it to today. But even in its early days, people were quite annoyed by mass emails among many other things. So I guess I am saying "they should have known" and should have adjusted and updated the internet's protocols with these problems in mind.

    The internet was not considered a "public internet" initially and so there was a weird notion that everyone can and should trust one another. People will always ruin Utopia. It is easier to blame the few than to blame the masses and it is the masses who are "ruining" the internet. The few who engineered the internet could have and should have done things to fix it. Now the standards and protocols are pretty much at "critical mass" and they are "too big to change."

  12. Re:The FBI shouldn't have set up the alternate ser by PerfectionLost · · Score: 5, Funny

    Or better - all requests to lemonparty.org.

    NOT work safe, in case you were wondering. That was awkward.

  13. Re:Computer administration by Sentrion · · Score: 3, Insightful

    Wasn't this the original intent of the web browser? Rather than connecting your computer to a network of other PCs and running executable files, internet users would be able to set up "webpages" using a markup language that did not execute code on the computers of others who were only viewing the webpage. Drive-by virus downloads were not even possible back in 1995 or 1997 when web browsers actually "browsed" the internet. But browsing endless pages of text, sound, graphics, pictures, GIF animations and even motion video was not enough. Users wanted more interaction. They wanted in-browser games rather than playing stand-alone games in multiplayer mode. They wanted interactive web applications that could perform calculations, not just read back text and pictures like a magazine. Rather than standing against the demands of the uneducated masses due to the risk of anonymous cyber criminals hijacking their machines, HTML was enhanced with JavaScript, Flash and other exotic tools. The browsers made add-ons available and later these functions were buried and integrated deep within the next release of the bare bones browser. Like a boy crying "wolf" the browsers began warning users of the dangers of clicking a hyperlink, allowing cookies, allow scripts, leaving a secure site, certificate missing, etc. while at the same time very few of the websites users needed to see could be accessed without these warnings. Naturally the users began to dismiss most if not all of the automated warning notices. With time the scale and bloat of web browsers increased to surpass that of whole operating systems of old. Plug-ins, pop-ups, location sharing, data mining cookies, and notifications became standard industry practice. The malware hackers had endless fun with the complex, bloated, and vulnerable layers of code that left gaping exploits such that even a benign jpg image could become the carrier for a globally devastating virus. Hackers were even able to add malicious code to legitimate sites. Before long the intrinsically safe browser became the PC users most vulnerable liability.

  14. Re:The FBI shouldn't have set up the alternate ser by kat_skan · · Score: 2

    Oh hey, it's the last person on Earth who hasn't been exposed to a shock site. And he's on Slashdot. This will end well.

  15. All wrong? by Tony+Isaac · · Score: 2

    "...we're dealing with malware in completely the wrong way."

    So what would he suggest?

    Many problems in technology, computer-related or not, can take design lessons from nature. Nature's methods tend to be very elegant and ingenious, worth replicating in the digital world.

    How do our bodies deal with viruses or other organic "malware"? Antibodies may be the best analog to antivirus software, as they work in a very similar way. White blood cells are more intelligent and active, possibly more like heuristic algorithms applied network-wide. Barriers (skin) functions something like firewalls.

    I have to disagree with the author. We're not doing it all wrong. We just need to keep looking for new ways to make it harder for malware to survive. Yes, it's an arms race, it always will be. Same as nature...we learn to conquer bacteria, only to have superbugs crop up, that are resistant to antibiotics.

    Malware is a fact of life, both digital and organic.