Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Mercenary Approach To Botnets

Posted by Soulskill on from the highest-bidder-gets-your-grandma's-bank-account dept.

CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."

34 comments

  1. Who needs privacy? by DavidClarkeHR · · Score: 4, Insightful

    Great. Slashdot has been subverted by the NSA ... again.

    This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

    --
    - Nec Impar Pluribus, or so I'm told.
    1. Re:Who needs privacy? by fuzzyfuzzyfungus · · Score: 3, Insightful

      It's a trifle hard to tell (which is itself a bad sign) whether this is an apologist and/or geek merc, gleefully discussing the exciting opportunities. or a dissident pointing out the absurdly dangerous situation created by a perverse inventive for 'security' entities to tolerate, or even promote, widespread insecurity...

      I don't doubt that there are people who take the former stance; but I'd like to stick up for the latter, and would argue that encouraging insecurity is a hubristic and ultimately self-defeating strategy unless you are the cheap, low-tech adversary, rather than the expensive first-world spook shop with the big, rich, tech-dependent economy behind it.

      Do spook nerds get off on how much of other people's email they can read? I don't doubt it. Are our spook nerds sure that they are so much better than everybody else's spook nerds that they can compensate for the fact that some people (like, oh, the ones they ostensibly protect...) are far more heavily exposed to the internet, and to IT system vulnerabilities in their personal, professional, and financial activities than are less heavily wired countries; but there are few to no countries so poor that they can't field at least a few modestly competent surveillance geeks.

      Why would you knowingly continue a game that everybody can play; but where only some people, you among them, have a significant stake on the table?

    2. Re:Who needs privacy? by Jah-Wren+Ryel · · Score: 3, Insightful

      This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

      Oh come on, it doesn't read like that at all. All it does is explain why the guys who are supposed to be fighting these things now have incentive to do a really bad job of fighting them. Much in the same way that NSA perverted their own mission statement by weakening crypto standards used by the US government so that they could snoop on anyone using those same crypto standards.

      --
      When information is power, privacy is freedom.
    3. Re:Who needs privacy? by Anonymous Coward · · Score: 0

      It's stating the value, not extolling the virtue. This isn't propaganda. It's a slashdot submission, let's grip something quick.

    4. Re:Who needs privacy? by Anonymous Coward · · Score: 1

      Guess you missed the part mentioning "foreign entities"? That can come from only one country, the same country whose people used to believe that all men are created equal but over the years through the propaganda machine they've come to believe that "foreigners" should not be treated the same as "citizens."

    5. Re:Who needs privacy? by mattie_p · · Score: 1

      So, you just discovered Poe's Law? Bully for you!

    6. Re:Who needs privacy? by flyneye · · Score: 1

      I'm with you, no need to continue to promote a bad thing.
      However, I do think those participating willfully in the botnet business, should be made to REPAY losses. Every single cent. If this exceeds their value, the state should extract it in trade for work done to roadways and ditches until every last cent is repaid or the bot supporter dies.
      Let's hear it for chaingangs! Tired of being stuck in traffic, watching a dozen bosses regulate the activities of one or two people actually working? Fire 'em and put in road crews from the local prison. They don't even CARE what a botnet is and sure as hell won't either when they're digging a ditch in 100 deg F with a shotgun on their neck and a dog at their heel. Let's turn these bad pennies into an asset. Track em down, extradite them, prosecute them and put them to work, right beside the gangstas. We deserve better roads than we've been getting for our money and fewer computer problems too.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    7. Re:Who needs privacy? by flyneye · · Score: 1

      You really need to look up legal definitions of things like ; men, monsters, citizens, people, then come back and repost your sentiments
      All men may be born equal, but vary in value from a burden to a prize, by their education, accomplishments and disposition. Rather than deport the valueless and burdensome, it is best to deny access to begin with. Nobody said" Give us your poor, we'll take care of them for you and they'll never have to work again, why, they can come here and we'll give them a Cadillac and let them screw our sisters" . In fact the French wrote something mistaken for that on a plaque for a cheapshit copper statue. We didn't say that, but the French can come and take it back, if they don't like it. Better yet, let the seething masses of those yearning to live free, move to FRANCE! If you noticed, Free doesn't even stand for beer anymore.

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
    8. Re:Who needs privacy? by Anonymous Coward · · Score: 0

      You've got a grip, now just move your hand up and down, that's it, now just use your mouth...

    9. Re:Who needs privacy? by Anonymous Coward · · Score: 0

      You concern is tangential in an ISON making it's closest approach to the sun kind of way.

  2. The most interesting thing about this article by toygeek · · Score: 1

    Is that I just noticed that CowboyNeal has been replaced by a Robot.

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
    1. Re:The most interesting thing about this article by Anonymous Coward · · Score: 0

      I know you're joking, but CowboyNeal died from a heart attack 3 or 4 years back.

    2. Re:The most interesting thing about this article by EvilSS · · Score: 1

      I know you're joking, but CowboyNeal died from a heart attack 3 or 4 years back.

      Somebody should probably let him know

      --
      I browse on +1 so AC's need not respond, I won't see it.
    3. Re:The most interesting thing about this article by flyneye · · Score: 1

      SHHHHHH, if the NSA find out he's still alive, they'll be spying on him too!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  3. Botnets are aren't bad, mmmkay? by toygeek · · Score: 2

    People have told you how bad botnets are but those people are bad, mmmkay? And if you think botnets are bad, then you're bad, because botnet aren't bad, mmmkay? mmmkay? mmmkay!

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
  4. When i come across a botnet by Anonymous Coward · · Score: 2, Interesting

    When i come across a botnet, i just tend to shut the whole thing down and collect any bitcoin there is to be had.
    Lately many warez release posted on NNTP are packaged with a malware-ish bitcoin miner that connects to a remote pool.
    Those privates pools are vulnerable more often than not in some way.

    It's always enjoyable to start a new game with a bonus amount of PO :)

    1. Re:When i come across a botnet by flyneye · · Score: 1

      +1 YOU ROCK!

      --
      *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  5. Look, if governments are no longer the good guys by Anonymous Coward · · Score: 0

    we shall treat them like the bad guys. I learned French history in school. Did you?

  6. Re:Look, if governments are no longer the good guy by Anonymous Coward · · Score: 0

    So you'll surrender?

  7. Re:Look, if governments are no longer the good guy by Shakrai · · Score: 4, Insightful

    we shall treat them like the bad guys. I learned French history in school.

    Did you cover the part where the glorious revolution elevated a dictator that that united the whole of Europe against France, got hundreds of thousands of French soldiers killed, and cost France her self-determination for two or three generations? It might be satisfying to root for revolutions where the former powers-that-be get lined up and shot (or guillotined), but they never seem to end real well for the peoples involved.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  8. Re: Look, if governments are no longer the good gu by Anonymous Coward · · Score: 0

    How much French history? Didn't go so well the first few years there....

  9. The logic here is astounding by wbr1 · · Score: 2

    It is a real shame criminals broke your door in and stole some stuff. However, we recommend leaving your door broken, as it allows us (the good guys, just trust us), to look around and make sure everything is oka and keep an aye on the criminals activity.

    --
    Silence is a state of mime.
  10. Thar be whales! by Anonymous Coward · · Score: 0

    My favorite term that explains everything that's wrong with having a CEO who is technologically clueless: whaling

  11. mattias nilsson reporting in by Anonymous Coward · · Score: 0

    "I'll call you... Lovisa. Let's go kill a whole lot of people now, Lovisa!"

  12. bitcoin by Anonymous Coward · · Score: 0

    Oh, I thought they were going to post the silk road web site where you can donate bitcoins to take down the operator/owner of malware/spam and botnets. Maybe next time.

  13. Really? by bmimatt · · Score: 1

    "combating the global botnet pandemic"
    I am responsible for the well-being of close to a hundred servers and run several computers on my home net. Have been for over a decade and I am yet to see one becoming a bot. Hyperbole much?

    1. Re:Really? by Anonymous Coward · · Score: 0

      Most bots run on computers that have no one acting responsible for their well-being. The people that own these computers do little to nothing to maintain them. These people are often known by the aliases "grandma", "grandpa", or "boss".

  14. Is there a major difference... by Gordo_1 · · Score: 3, Insightful

    between so called 'legitimate software' and botnets these days anyway?

    Each is used to collect data that can be analyzed for profit in various ways. Legitimate software, you might argue, provides actual value to the end-user, is not surreptitiously installed and doesn't exploit software vulnerabilities. However, if that's all it takes to be legit, then witness the gobs of commercial software (not to mention greyware) out there that fit the definition of 'legit', but in actuality provide only the thinnest veneer of value behind a EULA so broad that it allows the software vendor to pretty much do as they please across your hard drive and Internet connection.

  15. Bank robbers need safe crackers by Taco+Cowboy · · Score: 2

    People have told you how bad botnets are but those people are bad, mmmkay?

    Them NSA are like bank robbers.

    They rob away the privacy of HUNDREDS OF MILLIONS OF PEOPLE without even blinking an eye.

    Them botnet operators ? They are like safe crackers.

    Safe crackers get to crack safes no matter if they are inside the bank vaults or inside somebody's bedroom.

    They don't really need bank robbers.

    But on the other hand, bank robbers doing a heist may need safe crackers to crack open the vault.

    Neither of them are goodie two shoes. but the robbers need the safe crackers more than the other way around.

    --
    Muchas Gracias, Señor Edward Snowden !
  16. Anecdote versus statistics by dbIII · · Score: 1

    There's apparently a very large number of machines where people don't pay very much attention to their well being and such things have sunk into a malware swamp. That's where most of that vast supply of spam is coming from. I'd say the "hyperbole" is because the number of infected machines is far beyond the dreams of bad SF from a decade or so back.

  17. Re:Look, if governments are no longer the good guy by Anonymous Coward · · Score: 0

    Cool, everything has a way of working out right, doesn't it?
    Except France wasn't broken up and parted out for the rest of Europe and we still have to tolerate it's silliness and attitude.
    Oh well, it wasn't like nobody tried. In retrospect, Hitler wasn't wrong about EVERYTHING and did give us the Volkswagen too.

  18. Re: Look, if governments are no longer the good gu by flyneye · · Score: 1

    I like the Mel Brooks version of the history, probably more accurate and a Roman soldier with a giant joint, saves the day with a Miracle.

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  19. Hypocritite Oath by meerling · · Score: 1

    Willingly allowing botnets to survive to collect data is much like a doctor with the cure letting a nasty disease to spread just to see who it infects and if anything interesting happens, and maybe loot a few corpses.
    It's not the Hippocratic Oath, rather it's more of a Hypocrite Oath.

    To those who don't know those two, the Hippocratic Oath is the one doctors take to do no harm. Actually it's a lot more complex than that, but tv writers only use soundbites at best.
    http://en.wikipedia.org/wiki/Hippocratic_Oath

    As to a Hypocrite, that's someone who indulges in Hypocrisy.
    http://en.wikipedia.org/wiki/Hypocrisy

  20. Intelligent Agent BotNet is over a decade old news by OldHawk777 · · Score: 1

    Intelligent_Agent BotNet Data_Mining ...
    http://en.wikipedia.org/wiki/Intelligent_agent
    http://en.wikipedia.org/wiki/Software_agent
    http://en.wikipedia.org/wiki/History_of_artificial_intelligence

    --
    Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?