Slashdot Mirror
Police Reveal Tactics For Fighting Botnets (databreachtoday.com)
Botnet herders have sophisticated "disaster recovery" plans, according to speakers at a recent cybersecurity conference, with many splitting their botnets into smaller herds, making them more resilient. In addition, kierny writes: Researchers say these backup botnets are tough to detect, until gangs have already spooled them up and put them to use in major campaigns... "What we're seeing is the bad guys are starting to learn from this," said Steven Wilson, head of the European Cybercrime Center at Europol -- the EU's law enforcement agency...
Wilson said authorities are now gathering tremendous amounts of data by "sink-holing" -- forcibly redirecting the infected endpoints onto servers controlled by law enforcement. And he also reports that authorities have also successfully mined the blockchains of bitcoin transactions for information. Eamonn Keane, A detective from a cybercrime unit with the Scotland Police, added that authorities are also infiltrating dark net forums to bust bitcoin-using criminals. "Are law enforcement in there? Absolutely... We have a mandate to protect you in the real world; increasingly it's moving into the online environment."
Wilson said authorities are now gathering tremendous amounts of data by "sink-holing" -- forcibly redirecting the infected endpoints onto servers controlled by law enforcement. And he also reports that authorities have also successfully mined the blockchains of bitcoin transactions for information. Eamonn Keane, A detective from a cybercrime unit with the Scotland Police, added that authorities are also infiltrating dark net forums to bust bitcoin-using criminals. "Are law enforcement in there? Absolutely... We have a mandate to protect you in the real world; increasingly it's moving into the online environment."
Now we can have long boisterous drawn-out laugh
Maybe I have misunderstood the practicalities of running a botnet, or perhaps there is something not quite "right" about what we're being told here.
If you deploy a piece of malware that turns a PC into a zombie, that unit can only be useful after it has been programmed to do something for the botnet ringmaster. Typically, or so we're told, zombie's are used to send spam, maybe compute bitcoins, that sort of thing...
But, since we know that in a large part of the western world [certainly in the UK] that ISPs are now required to keep extensive logs and copies of things like web searches, pages visited, emails received and so on, surely if law enforcement agencies are determined to stamp out botnets, then we should expect to see much greater successes than those reported...
1. Flag any end-user PC that is originating SMTP port calls - workstations should be using IMAP or POP...
2. Flag any end-user device that calls or polls known botnet "master" servers...
3. Once a piece of malware is identified [for example emails with suspicious attachments] then work "out" from the point of detection - i.e. trace back to the originator of the email; look into any other emails sent with similarly sized attachments, etc, etc.
We know, thanks to Snowden, that our governments easily have the capability to do all this and more. However, despite the fact that they certainly have plenty of evidence to know where all this criminal activity is coming from, nothing seems to be happening to crack down on it. I've always been a bit suspicious of the conspiracy theory that says the reason for the inaction is that had the authorities run round closing down gangs of cyber criminals quickly and easily, word would have gotten out about how powerful the security monitoring really was.
But the curious thing is that we now know just how intrusive all the monitoring has become, yet we don't see any benefits from all the supposed safeguards being put into place. Maybe - just maybe - people would actually be less suspicious of authorities who made a demonstrable positive change in the on-line security of the general public...?
Police doing actual police work is a Good Thing (TM). Listening-in on private communications has always been a crutch which only dulled down policing skills. Engaging with the community instead of trying to demonize people who make good locks is what police should be doing.
Any guest worker system is indistinguishable from indentured servitude.
That's silly. There is no practical distinction between federated access to resources you own and resources to which you acquired access without owners' consent (until you are discovered). Not to mention the fact that even if the distinction did exist, it would be virtually impossible to tell the difference between those who deploy it willingly and those who host and deploy them without their own knowledge of it. Eliminating legitimate technical tools would only hamper industry and hamper security research. In fact, the only reason police have access to tools like these is that people can learn how to use them by using them on their own hardware and researching it.
Any guest worker system is indistinguishable from indentured servitude.
You are mixing two concepts. This should not be a crime at all. Mandatory sentencing is a Good Thing (TM) because it acts as a check on judicial system. And judges, as all people, may err. We have mechanisms for fixing their errors when they are overly zealous (appeals, pardons, etc.) We should have mechanisms to fix their judgement when they err on the side of being too lenient.
Any guest worker system is indistinguishable from indentured servitude.
We should have mechanisms to fix their judgement when they err on the side of being too lenient./quote.
No, we shouldn't. This is why our legal system is innocent until proven guilty, and why we have double jeopardy laws. It is specifically designed to err on the side of too lenient.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
ANY site that discusses politics has this happen to it IMMEDIATELY.
Really? I've never seen it happen here, and we discuss politics all the fucking time. In fact, That mountain is clearly a mole hill.
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
Possession of the command and control apparatus of a botnet (so to speak) should be a felony with an automatic 20 year sentence.
Yeah I can see Putin and Xi Jinping totally going along with that.
In the free world the media isn't government run; the government is media run.
ANY site that discusses politics has this happen to it IMMEDIATELY.
Really? I've never seen it happen here, and we discuss politics all the fucking time. In fact, That mountain is clearly a mole hill.
Lets amend that;
Any site that discusses politics unfriendly to SJW's has this happen to it immediately
In the free world the media isn't government run; the government is media run.
Cool, so this works for protecting websites from DDOS too?
In the free world the media isn't government run; the government is media run.
Have the Police considered prosecuting people for allowing their Microsoft Windows desktop computer being hijacked to be used in such botnets.
No, we shouldn't. This is why our legal system is innocent until proven guilty, and why we have double jeopardy laws. It is specifically designed to err on the side of too lenient.
I was waiting for this argument. Sentencing happens after you are proven guilty. It's ok to err on the side of finding someone innocent if they are guilty. But once guilt is legally established, erring on the of being lenient (in sentencing) undermines legislative intent to treat certain activities as crimes. It takes away the power from the legislature to make certain activities crimes. Let's take this example to an extreme. Let's say there are no minimal sentences. Then someone found guilty of murder could be sentenced to serve 1 day. I am not saying this is what would ever happen. But I am saying that this is what a system without minimal sentences would allow to happen.
Any guest worker system is indistinguishable from indentured servitude.