Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Mercenary Approach To Botnets

Posted by Soulskill on from the highest-bidder-gets-your-grandma's-bank-account dept.

CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."

9 of 34 comments (clear)

  1. Who needs privacy? by DavidClarkeHR · · Score: 4, Insightful

    Great. Slashdot has been subverted by the NSA ... again.

    This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

    --
    - Nec Impar Pluribus, or so I'm told.
    1. Re:Who needs privacy? by fuzzyfuzzyfungus · · Score: 3, Insightful

      It's a trifle hard to tell (which is itself a bad sign) whether this is an apologist and/or geek merc, gleefully discussing the exciting opportunities. or a dissident pointing out the absurdly dangerous situation created by a perverse inventive for 'security' entities to tolerate, or even promote, widespread insecurity...

      I don't doubt that there are people who take the former stance; but I'd like to stick up for the latter, and would argue that encouraging insecurity is a hubristic and ultimately self-defeating strategy unless you are the cheap, low-tech adversary, rather than the expensive first-world spook shop with the big, rich, tech-dependent economy behind it.

      Do spook nerds get off on how much of other people's email they can read? I don't doubt it. Are our spook nerds sure that they are so much better than everybody else's spook nerds that they can compensate for the fact that some people (like, oh, the ones they ostensibly protect...) are far more heavily exposed to the internet, and to IT system vulnerabilities in their personal, professional, and financial activities than are less heavily wired countries; but there are few to no countries so poor that they can't field at least a few modestly competent surveillance geeks.

      Why would you knowingly continue a game that everybody can play; but where only some people, you among them, have a significant stake on the table?

    2. Re:Who needs privacy? by Jah-Wren+Ryel · · Score: 3, Insightful

      This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

      Oh come on, it doesn't read like that at all. All it does is explain why the guys who are supposed to be fighting these things now have incentive to do a really bad job of fighting them. Much in the same way that NSA perverted their own mission statement by weakening crypto standards used by the US government so that they could snoop on anyone using those same crypto standards.

      --
      When information is power, privacy is freedom.
  2. Botnets are aren't bad, mmmkay? by toygeek · · Score: 2

    People have told you how bad botnets are but those people are bad, mmmkay? And if you think botnets are bad, then you're bad, because botnet aren't bad, mmmkay? mmmkay? mmmkay!

    --
    Nobodies Prefect
    Tidbits for Techs Technology Blog
  3. When i come across a botnet by Anonymous Coward · · Score: 2, Interesting

    When i come across a botnet, i just tend to shut the whole thing down and collect any bitcoin there is to be had.
    Lately many warez release posted on NNTP are packaged with a malware-ish bitcoin miner that connects to a remote pool.
    Those privates pools are vulnerable more often than not in some way.

    It's always enjoyable to start a new game with a bonus amount of PO :)

  4. Re:Look, if governments are no longer the good guy by Shakrai · · Score: 4, Insightful

    we shall treat them like the bad guys. I learned French history in school.

    Did you cover the part where the glorious revolution elevated a dictator that that united the whole of Europe against France, got hundreds of thousands of French soldiers killed, and cost France her self-determination for two or three generations? It might be satisfying to root for revolutions where the former powers-that-be get lined up and shot (or guillotined), but they never seem to end real well for the peoples involved.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  5. The logic here is astounding by wbr1 · · Score: 2

    It is a real shame criminals broke your door in and stole some stuff. However, we recommend leaving your door broken, as it allows us (the good guys, just trust us), to look around and make sure everything is oka and keep an aye on the criminals activity.

    --
    Silence is a state of mime.
  6. Is there a major difference... by Gordo_1 · · Score: 3, Insightful

    between so called 'legitimate software' and botnets these days anyway?

    Each is used to collect data that can be analyzed for profit in various ways. Legitimate software, you might argue, provides actual value to the end-user, is not surreptitiously installed and doesn't exploit software vulnerabilities. However, if that's all it takes to be legit, then witness the gobs of commercial software (not to mention greyware) out there that fit the definition of 'legit', but in actuality provide only the thinnest veneer of value behind a EULA so broad that it allows the software vendor to pretty much do as they please across your hard drive and Internet connection.

  7. Bank robbers need safe crackers by Taco+Cowboy · · Score: 2

    People have told you how bad botnets are but those people are bad, mmmkay?

    Them NSA are like bank robbers.

    They rob away the privacy of HUNDREDS OF MILLIONS OF PEOPLE without even blinking an eye.

    Them botnet operators ? They are like safe crackers.

    Safe crackers get to crack safes no matter if they are inside the bank vaults or inside somebody's bedroom.

    They don't really need bank robbers.

    But on the other hand, bank robbers doing a heist may need safe crackers to crack open the vault.

    Neither of them are goodie two shoes. but the robbers need the safe crackers more than the other way around.

    --
    Muchas Gracias, Señor Edward Snowden !