Slashdot Mirror

← Back to Stories (view on slashdot.org)

The FBI Is Arresting People Who Rent DDoS Botnets (bleepingcomputer.com)

Posted by EditorDavid on from the denial-of-liberty-counterattack dept.

This week the FBI arrested a 26-year-old southern California man for launching a DDoS attack against online chat service Chatango at the end of 2014 and in early 2015 -- part of a new crackdown on the customers of "DDoS-for-hire" services. An anonymous reader writes: Sean Krishanmakoto Sharma, a computer science graduate student at USC, is now facing up to 10 years in prison and/or a fine of up to $250,000. Court documents describe a service called Xtreme Stresser as "basically a Linux botnet DDoS tool," and allege that Sharma rented it for an attack on Chatango, an online chat service. "Sharma is now free on a $100,000 bail," reports Bleeping Computer, adding "As part of his bail release agreement, Sharma is banned from accessing certain sites such as HackForums and tools such as VPNs..."

"Sharma's arrest is part of a bigger operation against DDoS-for-Hire services, called Operation Tarpit," the article points out. "Coordinated by Europol, Operation Tarpit took place between December 5 and December 9, and concluded with the arrest of 34 users of DDoS-for-hire services across the globe, in countries such as Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States." It grew out of an earlier investigation into a U.K.-based DDoS-for-hire service which had 400 customers who ultimately launched 603,499 DDoS attacks on 224,548 targets.
Most of the other suspects arrested were under the age of 20.

93 of 212 comments (clear)

  1. hey, how about you don't do that by SirSlud · · Score: 4, Insightful

    A couple of years sounds good to me. Reform, know that it's serious, and don't any of your freedom for granted. I think we're still decades away from the law and society catching up to finding the balance.

    --
    "Old man yells at systemd"
    1. Re:hey, how about you don't do that by Ol+Olsoc · · Score: 5, Insightful

      A couple of years sounds good to me. Reform, know that it's serious, and don't any of your freedom for granted. I think we're still decades away from the law and society catching up to finding the balance.

      A couple years is significant, although in the US it seems everyone wants everyone executed for anything. Of course we'd all be dead.

      I wonder if we should start teaching civics again in schools. Seems a freaking CS graduate should know better, both socially and technically.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:hey, how about you don't do that by wonkey_monkey · · Score: 4, Informative

      now facing up to 10 years in prison and/or a fine of up to $250,000.

      Doesn't mean he's going to get exactly that.

      --
      systemd is Roko's Basilisk.
    3. Re:hey, how about you don't do that by Anonymous Coward · · Score: 1, Informative

      A couple of years sounds good to me. Reform, know that it's serious, and don't any of your freedom for granted. I think we're still decades away from the law and society catching up to finding the balance.

      It's nice to know you've made that decision based on knowing all the facts of the case contained in a slashdot summary.

      Jail is serious. Even the threat of jail can cause reform. He is facing ten years but depending on how much damage the attack actually did, they should let him plead it down to much less, especially if he's a first-time offender. Someone out early on probation who knows that they're going away for five years if they screw up can be more useful to society and more likely to reform than someone who we have to pay to keep in jail.

    4. Re:hey, how about you don't do that by ColdWetDog · · Score: 5, Insightful

      You only get justice if you can afford it.

      It's the American way.

      --
      Faster! Faster! Faster would be better!
    5. Re:hey, how about you don't do that by CaptainDork · · Score: 2

      Those don't matter as much as the long term effects for a young CS graduate.

      --
      It little behooves the best of us to comment on the rest of us.
    6. Re:hey, how about you don't do that by Dutch+Gun · · Score: 4, Insightful

      Given that the estimated damage was $5000, I'd hope he just gets a rather stiff fine (maybe five to ten times the estimated damages). There's no need for him to be in prison, as he's not a danger to society, although he does need to be punished. The greater value is in letting people know they can't get away with hiring these services without consequences.

      For people wishing for law enforcement to go after the botnets themselves, we just had a story from a week ago about international law enforcement removing a very large botnet. They seem to be attacking the problem from both ends, which seems like a reasonable approach.

      Now we just need to figure out how to secure all these damned routers and IoT devices so they can't be used as botnets so easily. This wouldn't be nearly so much a problem if the fruit wasn't quite so low-hanging.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    7. Re:hey, how about you don't do that by Dahamma · · Score: 2, Insightful

      Jail is serious.

      So it depriving a business of their livelihood. Someone walking into a store with a gun and robbing the cash register does a LOT less financial damage than these A-holes, but no one argues that armed robbers should be let off with a warning.

      That said, I agree that no 18 year old should get multiple years in jail for a first time computer crime that didn't cause human harm. But there needs to be some SERIOUS repercussion, possibly including some (brief) jail time or everyone is going to think you get one get our of jail free card for white collar crimes...

      (speaking of that, why not punish *all* white collar crimes by financial damage instead of the wealth of the criminal in that case... half of Wall Street would be in for 10 years after the last shitshow).

    8. Re:hey, how about you don't do that by PlusFiveTroll · · Score: 1

      >Why, so that they get a guilty plea and don't have to actually find, assess and present evidence?

      That's not 'completely' true. The DA has to present the plea deal to a judge (in theory the same judge that you would have your trial in front of) and the judge tell the DA the plea is not accepted because of lack of evidence and that it must be brought to trial.

    9. Re:hey, how about you don't do that by Dutch+Gun · · Score: 2

      I'd say a better analogy would be burglary instead of armed robbery, as threatening someone with a gun is serious because of the implied threat to human life. Also, it's a bit strange that he supposedly brought down this chat site for two months, yet damages are valued at $5000. One can only draw the conclusion that this was not a large, money-making operation.

      I'm not making light of this, but this was the equivalent of some small time burglary or shoplifting, not some masterful hack bringing down million-dollar businesses. He may have spent more renting the botnet than the site lost because of his attacks. I'd be up for fining him a decent amount, but jail time punishes the taxpayer as well as the criminal, so should be reserved for serious or violent offenders.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    10. Re: hey, how about you don't do that by Anonymous Coward · · Score: 1

      Prison isn't punishment. Prison is a training ground for future criminal behavior.

    11. Re: hey, how about you don't do that by dyeazel · · Score: 1

      I thought the purpose of prison was deterrence? Give the guy a heavy fine and criminal record to make an example of him. The damages were low--why should my tax dollars support this guy while he's in jail?

    12. Re:hey, how about you don't do that by ShanghaiBill · · Score: 1

      Paperwork you have to file, refile, pay to file, copy and send to someone else to file, etc...

      Defendants don't have to pay to file, and the paperwork is not so much. I have represented myself in several cases (civil not criminal) that were too simple to waste money on a lawyer. I would never do that as a plaintiff, but as a defendant it worked out okay. All were settled out of court on reasonable terms.

    13. Re:hey, how about you don't do that by Megol · · Score: 1

      IMHO: Someone robbing a place at gunpoint should be sentenced to attempted murder, OTOH I think people that attempt to kill someone should be sentenced as if they succeeded.

    14. Re:hey, how about you don't do that by mmell · · Score: 1
      Require a built-in firewall? After all, how many ports does it take to change colors on an LED light bulb?

      Ba-dum bum.

    15. Re: hey, how about you don't do that by SirSlud · · Score: 1

      When you commit a crime, you deserve to be punished.

      This means nothing. You've committed crimes.

      --
      "Old man yells at systemd"
    16. Re:hey, how about you don't do that by SirSlud · · Score: 1

      Ah yes, money is more important than the threat of physical violence.

      --
      "Old man yells at systemd"
    17. Re:hey, how about you don't do that by Gojira+Shipi-Taro · · Score: 4, Insightful

      Then perhaps NOT DOING THAT would be a good decision.

      "It was just a prank, bro" isn't a valid defense. Ever.

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    18. Re:hey, how about you don't do that by CaptainDork · · Score: 2

      Fuck valid defense.

      I was 26, 45 years ago.

      I'm an expert at doing stupid shit.

      I just never got caught.

      He'll grow up.

      --
      It little behooves the best of us to comment on the rest of us.
    19. Re: hey, how about you don't do that by Anonymous Coward · · Score: 2

      You didn't get caught that's the problem.... it's not an excuse.

      I for one would like to see you discovered and punished appropriately (ok maybe a bit more than appropriate would be nice)

      The world would have 1 less asshole and be less full of shit.

    20. Re:hey, how about you don't do that by Dahamma · · Score: 1

      I'd say a better analogy would be burglary instead of armed robbery, as threatening someone with a gun is serious because of the implied threat to human life. Also, it's a bit strange that he supposedly brought down this chat site for two months, yet damages are valued at $5000. One can only draw the conclusion that this was not a large, money-making operation.

      Ok, sure. Felony burglary can get you 10-20 years in many states. Though it usually doesn't unless there are other circumstances. Still, breaking into someone's house and stealing $5000 is most definitely a felony (if the state wants to prosecute it as such). I'm just saying if you are going to give a black teenager 3 years for felony burglary, give a white teenager the same sentence for felony computer hacking. Or decide neither is worth that.

    21. Re:hey, how about you don't do that by Dahamma · · Score: 3, Interesting

      Sure depends on the amount of each. I'd sure prefer a threat of physical violence over some douche bag stealing my life savings from an investment account, and would gladly argue the latter should pay more.

    22. Re:hey, how about you don't do that by Dutch+Gun · · Score: 1

      I notice nobody bothered to discuss the bail amount - $100,000! That's outrageous, only people of means could possibly raise that, poor people just rot in prison until their trial eventually happens. In the mean time they can't earn an income and the bills keep coming in.

      I guess you're not familiar with bail bonds?

      --
      Irony: Agile development has too much intertia to be abandoned now.
    23. Re:hey, how about you don't do that by Gojira+Shipi-Taro · · Score: 4, Insightful

      Good for you?

      Actions, even mistakes, have consequences.

      It affects other people, so it's not harmless.

      He'll grow up, but he'll have to suffer the consequences of his own actions and decisions.

      I personally managed to never do stupid shit that happened to be a felony. Because you know, I understand the whole consequences thing.

      Congratulations for getting away with it, I guess.

      --
      "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
    24. Re:hey, how about you don't do that by gravewax · · Score: 1

      prisons are full of people that did stupid shit when they were young, Murder, Rape, assault, theft. Just because you committed felonies and got away with it and realised later it was dumb doesn't mean everyone under 30 now gets a free pass. It is bad enough the free passes given out to most teenagers.

    25. Re: hey, how about you don't do that by ChoGGi · · Score: 1

      Not a punishment? You're fine with going to jail tomorrow then?

    26. Re:hey, how about you don't do that by mrchaotica · · Score: 1

      I'm just saying if you are going to give a black teenager 3 years for felony burglary, give a white teenager the same sentence for felony computer hacking. Or decide neither is worth that.

      In my jurisdiction, at least, they don't. Black teenage burglars get time served and probation. We've got some local criminals who've gotten arrested literally ninety-plus times, and still can't get the judge to put them in actual prison for any significant length of time.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    27. Re:hey, how about you don't do that by dwillden · · Score: 1

      While going after botnets should be part of the plan. Going after those who hire the botnets also needs to be part of the equation. Botnets need to be attacked from both ends, both those who create them and those who use them, a botnet that never does anything wrong isn't really a problem, it could be used as a distributed computer to process complex problems with all those wasted processor cycles out there on IoT enabled devices. Only if used for DDOS or similar attacks do they become problematic. If nobody wanted to hire or use them, they would be mostly harmless. So we go after both ends, both the creators and maintainers of the nets and those who use them for nefarious purposes. And that means throw the book at the first few individuals to make the point that hiring a botnet for a DDOS is going to send you away to prison for a painful amount of time. It won't eliminate those who would do so, but it might just discourage a few more casual individuals from engaging in the crime.

      --
      I'm too lazy to compose a creative sig.
    28. Re:hey, how about you don't do that by swillden · · Score: 1

      A couple of years sounds good to me.

      Keep in mind that "a couple of years" has a tremendous lifetime impact. The problem is that any crime that carries a maximum sentence of one year or more is a felony. Felonies dog you for life, and in many cases make you unemployable in your chosen profession.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    29. Re:hey, how about you don't do that by CaptainDork · · Score: 1

      Shoot 'em all, eh?

      --
      It little behooves the best of us to comment on the rest of us.
    30. Re:hey, how about you don't do that by AmiMoJo · · Score: 1

      In EU countries stuff like this is eventually considered "spent", in that you don't have to tell employers or banks about it. The police keep a permanent record but it won't screw up your life forever.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    31. Re:hey, how about you don't do that by AmiMoJo · · Score: 1

      Prison is completely unsuitable for a first offence of this nature. It won't provide him with the skills to live a reformed life afterwards, he already has those it seems. A fine seems like the best option, because he could keep his career going and build a life to move past what he did and be a productive contributor to society, but still be punished and deterred from doing it again.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    32. Re: hey, how about you don't do that by TWX · · Score: 1

      There's no one point of prison. Everyone has their own views on what it's supposed to accomplish and even then, many people have amorphous or at least shifting views on it.

      The only thing that is generally agreed upon is that prison separates the convicted from the rest of society. Beyond that, whether it's used to punish, or to rehabilitate, or to act as a deterrent, or as a form of cheap labor, or to "enforce the underclass" to maintain a population that must do the menial jobs that no one wants to otherwise do is up to debate.

      As to this kind of case, where young adults commit computer-based crimes, it's common for this to essentially render them unemployable in their field of choice even without any kind of formal equivalent to disbarrment. They've done something that proves that they're not necessarily trustworthy with computers or information technology, yet they also haven't done something so novel, so ballsy as to make names for themselves as possible security consultants. In short, employers don't want workers that might attack the employer's network or services or intellectual property, so they'll just never hire those that committed computer crimes.

      --
      Do not look into laser with remaining eye.
    33. Re:hey, how about you don't do that by TWX · · Score: 1

      Now we just need to figure out how to secure all these damned routers and IoT devices so they can't be used as botnets so easily. This wouldn't be nearly so much a problem if the fruit wasn't quite so low-hanging.

      Stronger product liability laws and rulings against manufacturers or distributors would probably be a good start. Make the source responsible for the ability to compromise the device, with financial penalities based on install base when vulnerabilities are not discovered. Use the recall process like most other products are subject to as well.

      If it hurts their bottom lines, companies will actually start paying attention to security.

      --
      Do not look into laser with remaining eye.
    34. Re:hey, how about you don't do that by lactose99 · · Score: 1

      Renting a botnet to DoS a site isn't just "stupid shit", this should have consequences.

      --
      Fully licensed blockchain psychiatrist
    35. Re:hey, how about you don't do that by Ol+Olsoc · · Score: 1

      In fact, there is quite a bit of evidence that the chance of being caught at all or rather the perception of it, has a lot more to do with modification of behaviour than harshness of punishment. We have been optimizing the wrong way then wondering why it fails.

      The problem with the get tough on crime movement is that it escalates punishment so quickly that it very quicklys makes for people who aren't afraid to die because they have nothing to live for any more. Or become incredibly violent because that is how Law enforcement treats them. Enter the War on Drugs, which drugs have clearly won. Enter Prohibition, which was the best thing ever to happen to organized crime.

      Because the "tough on crime" crowd breeds this weird chimera person who wants the most harsh punishment for everything, the longest sentences - yet does not want to pay for the incarceration. And the incarceration doesn't go down, because there's always something more to be punished harshly. This doesn't work at all. We end up with huge numbers of people in the prisons with no hope, and people who cannot understand why more harshness doesn't stop crime.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    36. Re:hey, how about you don't do that by Wulf2k · · Score: 1

      > I personally managed to never do stupid shit that happened to be a felony.

      I guarantee that you have, especially if you do anything computer related.

      Have you ever sat down at somebody's computer and tried to help them figure out why something on a remote site didn't work? CFAA violation if they were logged in with their own credentials. Unauthorized use of blahblahblah.

      Now, go be a stupid kid doing stupid kid stuff in the legal minefield of the internet these days.

      May as well just execute this generation.

    37. Re:hey, how about you don't do that by Wulf2k · · Score: 1

      It is "stupid shit" compared to the sentence he'll get for it.

      He'd have been better off committing a violent crime.

    38. Re: hey, how about you don't do that by Rakarra · · Score: 1

      Sending criminals to hard labour with poor conditions makes them more productive.

      Instead of making iPhones in China we should make them in the US prisons with the same pay and working conditions with anti suicide nets to ensure there is no escape from punishment.

      It seems strange, but here in the US we have some sort of stigma against laws that set up slave labor or "indentured servitude."
      Wonder why. Must be some relic of the past.

    39. Re:hey, how about you don't do that by ebvwfbw · · Score: 1

      I wonder if we should start teaching civics again in schools.

      No question about it. That's far better than the liberal BS they replaced it with.

    40. Re:hey, how about you don't do that by Dahamma · · Score: 1

      Anecdotes are useless in this case. And why should I even believe you have any idea what the real stats are? I prefer to trust actual research...

      http://www.nytimes.com/2016/12...

    41. Re:hey, how about you don't do that by mrchaotica · · Score: 1

      I didn't say black burglars weren't getting treated more harshly (i.e., unfairly) than white burglars, just that they were getting time served and probation instead of three years in prison. It's hard to tell though, because there aren't any white burglars around here to begin with (or maybe there are, but they don't even get arrested).

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  2. For Rent? by freeze128 · · Score: 2

    If you can rent botnets, then maybe that would be useful to large corporations who do not want to be DDOSed. They rent the botnet, then don't use it. That way, those millions of bots aren't being used to attack their site.

    1. Re:For Rent? by 91degrees · · Score: 1

      It could be useful. But the bots are still going to be hijacked PCs. Still breaking the law by using other peoples devices without their consent.

    2. Re:For Rent? by ls671 · · Score: 1

      Great idea! It seems legit. So, we will me setting multiple botnets shortly to take advantage of this great market opportunity. Shouldn't cost much either since the bots will never be used!

      Thanks you!

      --
      Everything I write is lies, read between the lines.
    3. Re:For Rent? by 93+Escort+Wagon · · Score: 1

      If you can rent botnets, then maybe that would be useful to large corporations who do not want to be DDOSed. They rent the botnet, then don't use it. That way, those millions of bots aren't being used to attack their site.

      Yes, I'm sure the people who control these botnets would not notice they weren't being used; or would notice but feel bound by their sense of ethics to not take advantage and simultaneously rent the botnet to someone else.

      --
      #DeleteChrome
    4. Re:For Rent? by wisnoskij · · Score: 1

      Still breaking the law by using other peoples devices without their consent.

      The question here is, is it still breaking the law by NOT using other peoples devices without their consent?

      --
      Troll is not a replacement for I disagree.
    5. Re:For Rent? by v1 · · Score: 1

      that's not how botnets generally work. They're more like timehare services, and typically you can even get time on just a specific number of machines at a time - you pay by the hour by the cpu time. So if you rent a botnet and don't use it, you're just throwing your money away and someone else will use your time and pay for it too, making the bot herder more money.

      This article is a little surprising in that it sounds like the FBI going after these people is a *new* thing. I thought it was part of their mandate to deal with interstate crime, and that botnets would be right up their alley?

      Should be interesting to see what he gets for his crime. I personally see taking control over thousands or even hundreds of thousands of computers is deserving of some pretty severe punishment and I don't think the criminals or the law for that matter takes it as seriously as they should. This sort of crime is just going to continue to grow until we start throwing the book at them. Traditionally it's been a low-risk, low punishment, high-gain crime that's only been restricted by the technical requirements, which is proving to be a lower and lower bar as time passes.

      --
      I work for the Department of Redundancy Department.
    6. Re:For Rent? by fredgiblet · · Score: 1

      So essentially pay a permanent bribe to not be attacked.

    7. Re:For Rent? by Dahamma · · Score: 2

      Sounds like extortion to me. The mob uses the same strategy - "hey, pay us to protect you and we don't destroy your business".

    8. Re:For Rent? by John.Banister · · Score: 1

      I think the problem with a successful botnet protection racket is turf. When a gang runs a protection racket on the stores in a neighborhood, the understanding is that they're the only gang with access to that neighborhood. Unless there's a successful way for one botnet to counter another botnet, protection from paying a botnet not to attack won't work unless you're paying every botnet not to attack.

    9. Re:For Rent? by mmell · · Score: 1
      Rent botnet A to attack botnet B. Simultaneously rent botnet B to attack botnet A.

      Sit back and enjoy the show.

    10. Re:For Rent? by rhazz · · Score: 1

      That's self-defeating. More people renting botnets leads to higher demand for botnets which leads to people creating more botnets because it's lucrative. While there is a theoretical limit to the amount of hardware out there that can be recruited into botnets, we are pretty far from that limit so things can get a lot worse.

      It's the same reason any civil society should ban paying ransoms to terrorists etc. While you may personally benefit, society loses because you are funding the problem.

    11. Re:For Rent? by Anomalyst · · Score: 1

      LEO should rent the botnets and attack a honeypot, record the attacking IP addresses and require the ISP to notify/filter the owners.

      --
      There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
  3. How about targeting the source? by Anonymous Coward · · Score: 5, Informative

    Busting a few users sounds like the same failure that is the War On Drugs. They should go after the purveyors of these DDoS/stresser/booter services. Check out this recent list of them, all serviced by CloudFlare in the last year. This is who they need to arrest.

    alphastress.com, anonymous-stresser.net, aurastresser.com, beststresser.com, boot4free.com, booter.eu, booter.org, booter.xyz, bullstresser.com, buybooters.com, cnstresser.com, connectionstresser.com, crazyamp.me, critical-boot.com, cstress.net, cyberstresser.org, darkstresser.info, darkstresser.net, databooter.com, ddos-fighter.com, ddos-him.com, ddos.city, ddosbreak.com, ddosclub.com, ddostheworld.com, defcon.pro, destressbooter.com, destressnetworks.com, diamond-stresser.net, diebooter.com, diebooter.net, down-stresser.com, downthem.org, exitus.to, exostress.in, free-boot.xyz, freebooter4.me, freestresser.xyz, grimbooter.com, heavystresser.com, hornystress.me, iddos.net, inboot.me, instabooter.com, ipstresser.co, ipstresser.com, jitterstresser.com, k-stress.pw, layer-4.com, layer7.pw, legionboot.com, logicstresser.net, mercilesstresser.com, mystresser.com, netbreak.ec, netspoof.net, networkstresser.com, neverddos.com, nismitstresser.net, onestress.com, onestresser.net, parabooter.com, phoenixstresser.com, pineapple-stresser.com, powerstresser.com, privateroot.fr, purestress.net, quantumbooter.net, quezstresser.com, ragebooter.net, rawlayer.com, reafstresser.ga, restricted-stresser.info, routerslap.com, sharkstresser.com, signalstresser.com, silence-stresser.com, skidbooter.info, spboot.net, stormstresser.net, str3ssed.me, stressboss.net, stresser.club, stresser.in, stresser.network, stresser.ru, stresserit.com, synstress.net, titaniumbooter.net, titaniumstresser.net, topstressers.com, ts3booter.net, unseenbooter.com, vbooter.org, vdos-s.com, webbooter.com, webstresser.co, wifistruggles.com, xboot.net, xr8edstresser.com, xtreme.cc, youboot.net

    If CloudFlare would stop providing bulletproof hosting for criminals and spammers, the internet would be a better place. But CloudFlare apparently loves its criminal customers and the FBI loves CloudFlare. DDoS purveyors, terrorist websites, malware distributors, CloudFlare seems to welcome them all to its hive of scum and villainy. Maybe it's time to revive the concept of the Usenet Death Penalty and apply it to all traffic to and from CloudFlare. They're the sewer of the internet and should be null routed and de-peered.

    1. Re:How about targeting the source? by Anonymous Coward · · Score: 2, Insightful

      This might be an unpopular comment, but CloudFlare also hosts prominent private bittorrent sites, and I'm glad that they do. Piracy is a problem, but the dysfunction we've had in government (in the US) means that copyright isn't going to be meaningfully reformed anytime soon. Without piracy sites, I doubt that services like Netflix or Apple Music would exist -- they exist now because competition made the business model of the music and film labels / studios obsolete. I think this is a good thing. Piracy also makes content available to people who would not otherwise be able to afford it. Poor people aren't entitled to luxury cars, but I think they are entitled to western culture, whether they can afford it or not. Going after CloudFlare isn't the answer. Giving ISPs an incentive to kill connections that are obviously being abused for DDoS purposes is.

    2. Re:How about targeting the source? by mmell · · Score: 1
      Pendulum swings hard left - we get a "Wild West" internet where nothing can be trusted.

      Pendulum swings hard right - we get AOL, the sanitized (government?) internet where nothing can be trusted.

      Who should be less mistrusted - the left or the right? Self-regulation hasn't worked. Government regulation has seldom been any better. Perhaps the solution is to hold manufacturers of IOT devices accountable? General purpose computers, no - those are managed by people and those people should be held to account for the actions of the systems under their control (because before they get to drive a computer, they ought to know how to drive a computer. Hey, it works for cars!). But the vast collection of internet appliances exist because the manufacturers implicitly assert that they've done their job right - that's a whole lot of toes to hold in the fire, yes?

    3. Re:How about targeting the source? by ChoGGi · · Score: 2

      Free speech means taking the good with the bad.

    4. Re:How about targeting the source? by Anonymous Coward · · Score: 1

      The war on drugs is significantly different in that drugs are addictive. The users of drugs are victims of a sort themselves.
      Arresting a botnet renter is much more like arresting people who try to hire hit-men. Both the purchaser and the purveyor should be arrested and treated harshly in these scenarios.

    5. Re:How about targeting the source? by ChoGGi · · Score: 1

      I never said it did, I meant Cloudflare.

    6. Re:How about targeting the source? by Rakarra · · Score: 1

      Without piracy sites, I doubt that services like Netflix or Apple Music would exist

      Netflix is an example of where we've slid backwards -- lost freedom compared to what we had before. Strongly-controlled DRM platform, streaming that's not on your terms, no ownership by the end user, and high fees from the content companies.

      Don't get me wrong, I like me some Netflix, but online streaming is an example of a power grab by the content companies that worked.

  4. Re:Grown Up Children by 93+Escort+Wagon · · Score: 4, Insightful

    The immaturity of some of these graduate students is astonishing, they're essentially grown up children.

    Modern society is such that people aren't often forced to grow up until their 20s or 30s.

    --
    #DeleteChrome
  5. Actual Charges by Anonymous Coward · · Score: 1

    Transmission of a Program, Information, Code, and Command to Cause Damage to a Protected Computer. -- Felony

    Maximum Term 10 year. Maximum Fine $250,000

    1. Re:Actual Charges by CaptainDork · · Score: 1

      So no guns (legally) for this dude.

      --
      It little behooves the best of us to comment on the rest of us.
  6. Re:Grown Up Children by ls671 · · Score: 1

    The immaturity of some of these graduate students is astonishing, they're essentially grown up children.

    Every adult is a grown up child! ;-)

    https://english.stackexchange....

    --
    Everything I write is lies, read between the lines.
  7. Unauthorised Access is already a US felony by redelm · · Score: 1

    Doh! Accessing a computer without the owners permission is a felony under 18 USC 1030 . Even if the vendors did not access/test their botnet, they are accessories-before-the-fact. DDoS on open, public ports may or may not be covered as contrary to 18 USC 1030 , however accessing all the little 'bots most certainly is.

  8. Re:Meanwhile APK stops botnets dead all week by JustAnotherOldGuy · · Score: 1

    P.S.=> It's NOT easy being "world-class"... apk

    Maybe that's why you've never managed to achieve such a status, except in terms of "being a spammer".

    --
    Just cruising through this digital world at 33 1/3 rpm...
  9. Chatango by DaMattster · · Score: 1

    I have to wonder why Sharma chose Chatango as a target. It looks like a pretty worthless target to me. There has to be more to this story than meets the eye so I'm left wondering if he was part employed by Chatango, got screwed by them, and decided to exact some revenge. If it was the case that Sharma got screwed by Chatango, I fail to see the problem here. I don't automatically think that just because someone is arrested or charged with a crime that they are guilty.

    1. Re:Chatango by 93+Escort+Wagon · · Score: 1

      He probably got kicked off Chatango for harassing some woman.

      --
      #DeleteChrome
  10. Danegeld by liquid_schwartz · · Score: 1

    I see you've never heard of thisDanegeld. Here's a citation: https://en.wikipedia.org/wiki/...

  11. New ways to attack politicians by John.Banister · · Score: 1

    or anyone else you don't like. If I'm a hacker in a non-extradition country, I gain access to someone's system and I want them in jail, I just make it look like I'm selling (if I can't get access to their bank account, I can always create a promise of assistance with trafficking) them the use of my botnet, which I then use to attack their rivals. OTOH, if I want to buy the services of a botnet, then I want to first try and piss off hackers online, so I can later claim that my purchase was actually their doing.

  12. Requires remuneration and public service by ebusinessmedia1 · · Score: 1

    People like this should be made to pay back every penny of damage, and then put into a MANDATORY public service program for 2 years where they spend WEEKENDS (no weekends off!) teaching kids in poor neighborhoods how to code, or some other socially redeemable task. For every weekend he misses, he has to make up two more - and there is no financial remuneration. If he does it again, jail!

  13. Agreed 110% & thanks (me?) by Anonymous Coward · · Score: 1

    See subject: For providing 102 means to FURTHER "arrest operations" of 8 botnets this week by your providing those DDoS'ing sites to block via custom hosts files (the means I use to protect others online as well as speed them up + make their connections more reliable & more anonymous)

    * MOD WHO I REPLIED TO UP TO +5 FOLKS!

    (I may or MAY NOT have had those already but it never hurts to build those into hosts for tonite's build as blocked here if not)

    APK

    P.S.=> Per my subject's termination above? This is what I meant -> https://yro.slashdot.org/comments.pl?sid=10010777&cid=53510613/ as what I use to "arrest botnet's operations" stopping them DEAD (as far as an end-user's concerned stopping access to C&C servers + other networked parts of botnets OR stalling them even IF they are infested as they can't "talk back to mama C&C" for orders)... apk

  14. So how did he get caught? by denis.goddard · · Score: 1

    What did he do, pay with a credit card? Or with a BTC address publicly connected to himself?

    1. Re:So how did he get caught? by mmell · · Score: 1

      Probably cash - a bag full of used twenties slipped under the men's room stall.

  15. What? by Gumbercules!! · · Score: 3, Insightful

    The FBI estimate his attacks cost Chatango about $5,000.... so bail is set at $100,000 and fines are around $250,000 with 10 years in prison? What?!? Surely a payment of say - $5,000 or maybe even $10,000 to the effected company would be a more suitable response?

    1. Re:What? by Gumbercules!! · · Score: 1

      Hence me saying "or maybe even $10,000...." - but a x70 increase (fine and penalties combined) plus jail seems OTT, to me.

    2. Re:What? by gravewax · · Score: 1

      his maximum fine is 250,000 with 10 years prison. That is simply what the maximum is for the crime he committed, the judge then has between 0-250,000 to play with if he is found guilty. FYI, $5000 or $10,000 would be way to small in my opinion, the fine does need to be orders or magnitude greater. I would be thinking more $25k-$50k with 1-2 years jail.

  16. Isn't that rather like paying blackmail? by mmell · · Score: 1

    Besides, if a major corporation were to rent a botnet, what makes you think they wouldn't use it?

  17. Hey - good to see you here! by mmell · · Score: 1
    Hate to admit it, but you're dead-bang right here.

    Don't get me wrong - DNS is not the cause and your solution is not the cure for all ills (and has practically no application in the IOT), but with Windows systems being only somewhat more secure than the average baby monitor, it might be a start. Hell, I can even think of a couple of major players who could benefit from something like this. I can't name 'em, but I've worked at a couple of major tech-sector firms which still use hostfiles because DNS can't fill the bill for them (due to complexity or insecurity, or both).

    It's also good to see you've dialed the hyperbole down a few notches. This is respectable behavior, the sort which might get you the notice you want. Keep it up!

    Mike Mell

  18. Re:Grown Up Children by Anonymous Coward · · Score: 1

    Or, if they (which is to say, their parents) have money, they don't have to grow up at all.

  19. Re: Multiple identical posts (only two so far) by mmell · · Score: 1
    You do have to stop reposting the same thing over and over. Combined with your immediate resort to personal attacks, this only serves to blunt and dilute your message.

    Change will only come gradually - a lot of people here (especially the older /.'ers) will see an A/C post with "APK" in the body as a sign that you're not to be taken seriously. Easy, man! Lay off the spambardment and the personal attacks and soon you'll be able to post without fear of being ostracized. In this area, you've definitely got something right - time to make people listen while you whisper, rather than plugging their ears when you shout.

  20. *Sigh* by mmell · · Score: 1
    This sort of behavior got Herr Drumpf elected, but it isn't doing you any good here. If you will insist on dwelling on the past, we of the present will be more than happy to leave you there.

    If this is your only use for an olive branch, I'll be more than happy to stop offering it. However, I doubt very seriously that you will find anyone else here even remotely interested in giving you even this much benefit of the doubt. Really - my comments were the closest I've seen here (aside from your own) to even remotely according you the respect of a peer.

    But never mind - I'll stop. After all, a simple Windows hostfile manager is hardly the solution to all the worlds ills - and if yours continues to languish in obscurity because you do not understand civilized behavior, who am I to object? After all, I've never seen your solution in use in an enterprise environment and don't expect to - because no competent IT professional could recommend its use in an enterprise environment, not if it comes with the baggage of someone such as yourself attached.

    Let me know when you understand the difference between friend and foe, won't you? I'd rather hoped you were learning to behave like an adult, but I see you're more like our President-erect.

  21. OMG, Arresting people that break the law... by melting_clock · · Score: 2

    There are very few applications for a DDoS attack that could be considered legal. The FBI, and other law enforcement agencies, should be arresting those that break the law. Maybe that will leave them less time to spy on the rest of us...

    There are more victims in a DDoS attack than the target. They can include:
    * The people or organisations with infected devices that launch the attack that can have actual costs due to the use of their connections.
    * Internet service providers.
    * The rest of us that just want to be able to surf the net without reduced performance.
    * Those that have a legitimate reason and right to access the target of the attack.

    I can't see any reason to feel sympathetic towards the customers of DDoS for hire that get caught. Lock them up like any other criminal.

  22. Hey how about by siamesevodka · · Score: 2

    DON'T DO THE CRIME IF YOU CAN'T DO THE TIME. I don't feel sorry for this guy.He is twenty five years old. What do you want him to have? A participation certificate instead. The reason I shell out good money for malware and anti-virus every year, is to keep assholes like this from messing up my computer. Put him in jail with Rachel from cardholder services. I used to think used car salesman were the bottom feeders, but telemarketers and people that just want to ruin things like this guy are the new bottom feeders. The benefit of a good education isn't worth much if you make poor decisions like this. 10 years will give him time to learn how to be a janitor or fast food worker, because nobody is going to hire him for what education says he is. What a waste.

    1. Re:Hey how about by siamesevodka · · Score: 1

      Also this guy ends up in prison with hardened criminals he may find out there is an entirely new meaning to denial of service.

    2. Re:Hey how about by siamesevodka · · Score: 1

      Then it's amazing to me they start whining when they do get caught that your being unfair to them. What you are saying in essence is everyone is a felony criminal everyday and this is being unfair to the one's who get caught. The reason they punish people is to be a deterrent to other people. In the end this fellow ruined his life, not society. You are always taking a risk of getting caught if you ignore the laws. If you don't feel you should be punished then don't do it. The big misconception with crime is that some people are better at not getting caught than others. But leaving a trail of breadcrumbs for them to find you or having your best friend turn you in for the reward money can shave points off that notion as well. You are playing a fools lottery if you think you can get away with it on a daily basis. Also in certain states [Oklahoma for one] they have sentencing guidelines that can be tough as well. A friend of mine who is a prison guard found a guy in Oklahoma prison who was serving a life sentence for selling methamphetamines and it was his first offense. The sentence guidelines stated that on a statistical basis formula that every so often a convicted criminal had to be given the maximum sentence. Nowhere in the guideline does it say first offense will be treated differently. Guess he won the lottery huh?

  23. Misleading Title/Summary by coofercat · · Score: 1

    So as I read this, you get busted for *using* a botnet, not just renting one. If you fancy renting a botnet to dos yourself to collect the IPs so you contact all the participants to help them fix their stuff, I think you'd be okay ;-)

  24. Re:Grown Up Children by sunking2 · · Score: 1

    Clearing these grad students are spoiled and have too much extra cash laying around if they are spending money on such things.

  25. Re:Sounds like by TWX · · Score: 1

    Sharma you for that...

    --
    Do not look into laser with remaining eye.
  26. Re: pipes and their dreams by Phusion · · Score: 1

    Hi there, I don't have any comment on this argument, but your sig rubbed me the wrong way. I BELIEVE the phrase "pipe dream" is a reference to opium, not hallucinogens. Opium users nod out into a dreamy state, I've seen one picture from China Town in SF in the early 1900's of an opium cart that says "Dreams $5" or something like that... anyway, carry on.

    --
    640k ought to be enough for anyone.
  27. Re:You're dismantling yourself YETI by another_twilight · · Score: 1

    You're dismantling yourself YETI

    Only you think so, and that's only because you cannot read and ignore the points that are made. You've addressed nothing in my posts, just repeated your usual claims.

    The speedup of resolving a name via a hosts whitelist vs DNS cache is below human perception in most cases. The difference between operating in kernelmode vs usermode is imperceptible in most cases. You keep ignoring the fact that your big selling point - increased efficiency and speed is trivial for most users these days. It's unnoticeable. It's a couple of percent of system resources, or less. It's technically faster, but it _just_ _doesn't_ _matter_. Did you read that? Do you understand what I am saying? Feel free to disagree. Reason with me. Present a counter argument, or examples where it does matter. Or ignore this and concede the point. Again.

    Your program updates automatically, but the host file does not. I would have to launch your program to edit the file each time I want to browse. Add ons not only update each time I open my browser, they also update their lists. Even while I am browsing. I don't have to do anything. That's me having to do 'less'. Win to add ons.

    Hostfiles do not stop scripts for sites you want to visit and hence haven't blocked. It cannot stop a script from a site that you have not yet added as being bad. A script blocker will stop both. You admit that your browser is set to stop scripts. This is the fundamental difference between whitelisting and blacklisting and is another thing you refuse to address. Blacklisting, alone, is not enough. Please address this, or concede the point. Again.

    Few run their own ads!

    Hooray, I'm nearly safe.

    My program backup's @ end run. Don't restart it FINALHOSTS.TXT is it. A restart erases it

    So you can check when a particular entry was added? No? Didn't think so. Having a single copy that is overwritten on use is not a 'backup' in any but the most trivial of definitions.

    Don't put words in my mouth

    I think you are using phrases you don't quite understand, again.

    YOU TRYING TO TELL US

    There is no 'us', APK. I'm talking to you. Cheap rhetoric. Appeal to popularity by association.

    addons = BETTER

    Yes. Your 'more' is misleading, your 'less' is trivial.

    You have a double standard. You obsessively list every minor advantage that your solution has over browser extensions but keep ignoring the things they do that a cannot. That's how you keep coming up with 'more'. It's not more, it's different. The things that extensions allow me to do are more useful to me than the things they cannot do that a hostfile can. I argue that this is also true for most users, as 'most' approaches 'all'.

    The additional resources that are used to achieve this are literally unnoticeable they are so slight, so the fact that your solution uses even 'less' is moot.

    This is the argument. The 'less' you claim is meaningless in use and the 'more' only exists if you ignore the things add ons can do that a host file cannot. So, can you actually stop chanting your pet phrases and address these points, or are you, once again, going to -

    a) fall back on claiming some really cool people think that you are right;
    b) repeating yourself while claiming you are 'dismantling' my arguments;
    or
    c) ignoring me, and moving straight to insulting me and claiming victory.

    I wait with bated breath,

    YT

  28. Re:Wait - I have a better idea . . . by Coren22 · · Score: 1

    Love the sig.

    It would be funny to attack Russia, but what would it accomplish? If they really did perform the hack, what are you going to charge them with? All they did was expose the truth, what a horrible crime.

    --
    APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?