Slashdot Mirror
Police Reveal Tactics For Fighting Botnets (databreachtoday.com)
Botnet herders have sophisticated "disaster recovery" plans, according to speakers at a recent cybersecurity conference, with many splitting their botnets into smaller herds, making them more resilient. In addition, kierny writes: Researchers say these backup botnets are tough to detect, until gangs have already spooled them up and put them to use in major campaigns... "What we're seeing is the bad guys are starting to learn from this," said Steven Wilson, head of the European Cybercrime Center at Europol -- the EU's law enforcement agency...
Wilson said authorities are now gathering tremendous amounts of data by "sink-holing" -- forcibly redirecting the infected endpoints onto servers controlled by law enforcement. And he also reports that authorities have also successfully mined the blockchains of bitcoin transactions for information. Eamonn Keane, A detective from a cybercrime unit with the Scotland Police, added that authorities are also infiltrating dark net forums to bust bitcoin-using criminals. "Are law enforcement in there? Absolutely... We have a mandate to protect you in the real world; increasingly it's moving into the online environment."
Wilson said authorities are now gathering tremendous amounts of data by "sink-holing" -- forcibly redirecting the infected endpoints onto servers controlled by law enforcement. And he also reports that authorities have also successfully mined the blockchains of bitcoin transactions for information. Eamonn Keane, A detective from a cybercrime unit with the Scotland Police, added that authorities are also infiltrating dark net forums to bust bitcoin-using criminals. "Are law enforcement in there? Absolutely... We have a mandate to protect you in the real world; increasingly it's moving into the online environment."
Now we can have long boisterous drawn-out laugh
Maybe I have misunderstood the practicalities of running a botnet, or perhaps there is something not quite "right" about what we're being told here.
If you deploy a piece of malware that turns a PC into a zombie, that unit can only be useful after it has been programmed to do something for the botnet ringmaster. Typically, or so we're told, zombie's are used to send spam, maybe compute bitcoins, that sort of thing...
But, since we know that in a large part of the western world [certainly in the UK] that ISPs are now required to keep extensive logs and copies of things like web searches, pages visited, emails received and so on, surely if law enforcement agencies are determined to stamp out botnets, then we should expect to see much greater successes than those reported...
1. Flag any end-user PC that is originating SMTP port calls - workstations should be using IMAP or POP...
2. Flag any end-user device that calls or polls known botnet "master" servers...
3. Once a piece of malware is identified [for example emails with suspicious attachments] then work "out" from the point of detection - i.e. trace back to the originator of the email; look into any other emails sent with similarly sized attachments, etc, etc.
We know, thanks to Snowden, that our governments easily have the capability to do all this and more. However, despite the fact that they certainly have plenty of evidence to know where all this criminal activity is coming from, nothing seems to be happening to crack down on it. I've always been a bit suspicious of the conspiracy theory that says the reason for the inaction is that had the authorities run round closing down gangs of cyber criminals quickly and easily, word would have gotten out about how powerful the security monitoring really was.
But the curious thing is that we now know just how intrusive all the monitoring has become, yet we don't see any benefits from all the supposed safeguards being put into place. Maybe - just maybe - people would actually be less suspicious of authorities who made a demonstrable positive change in the on-line security of the general public...?
You are mixing two concepts. This should not be a crime at all. Mandatory sentencing is a Good Thing (TM) because it acts as a check on judicial system. And judges, as all people, may err. We have mechanisms for fixing their errors when they are overly zealous (appeals, pardons, etc.) We should have mechanisms to fix their judgement when they err on the side of being too lenient.
Any guest worker system is indistinguishable from indentured servitude.
No, we shouldn't. This is why our legal system is innocent until proven guilty, and why we have double jeopardy laws. It is specifically designed to err on the side of too lenient.
I was waiting for this argument. Sentencing happens after you are proven guilty. It's ok to err on the side of finding someone innocent if they are guilty. But once guilt is legally established, erring on the of being lenient (in sentencing) undermines legislative intent to treat certain activities as crimes. It takes away the power from the legislature to make certain activities crimes. Let's take this example to an extreme. Let's say there are no minimal sentences. Then someone found guilty of murder could be sentenced to serve 1 day. I am not saying this is what would ever happen. But I am saying that this is what a system without minimal sentences would allow to happen.
Any guest worker system is indistinguishable from indentured servitude.