FBI's Bot Roast II Sees Great Success 129
coondoggie passed us another Network World link, this one discussing the FBI's newest offensive against botnets. They're calling it Operation Bot Roast II. Apparently it's already been quite successful, leading to indictments, search warrants, and the uncovering of some '$20 million in economic loss. writes "Today, botnets are the weapon of choice of cyber criminals. They seek to conceal their criminal activities by using third party computers as vehicles for their crimes. In Bot Roast II, we see the diverse and complex nature of crimes that are being committed through the use of botnets," said FBI Director Robert S. Mueller. "Despite this enormous challenge, we will continue to be aggressive in finding those responsible for attempting to exploit unknowing Internet users." I can't help but think, though: how many more of these things are out there that this 'sting' didn't touch?
just a drop in the bucket (Score:3, Insightful)
Re: (Score:2)
Sometimes the inconvenience is more than just the monetary loss.
Imagine you were a uni student awaiting your examination results, or a researcher who couldn't get vital information to perform an experiment.
something along the lines of.. (Score:1)
How much bigger is the Sun than Earth?
The glass is half empty? (Score:2)
It's like the so-called 'war' on drugs, it is unfortunately very hard to align the same financial - and therefore physical - resources as the bad guys.
Also as per the war on drugs, the bad guys also include people in governments - but think Russia and China rather than Colombia & Afghanistan...
Re: (Score:2, Insightful)
Re: (Score:1)
Re: (Score:3, Insightful)
I'm for a little deregulation of things like pot that aren't that addictive or dangerous, but a completely uncontrolled drug system would be at least as bad or worse for our country than the drug war is now.
Re:The glass is half empty? (Score:4, Insightful)
Re: (Score:1, Troll)
Will you also be subsidizing other people's consumption of those drugs, and for that matter the rest of their not-as- or non-productive lives as they consume them? With other people's tax dollars? Because if you expect that people are still going to have to pay for what they consume, many of those over-21-year-olds that you'd
Re: (Score:2)
And don't forget, the first thing that happens when drugs are decriminalised is a massive drop in price.
Re: (Score:2)
We already do. It is called prison and over 50% of the people there are in there for drug convictions. Who do you think pays for the courts and prison systems? The taxpayers.
"Because if you expect that people are still going to have to pay for what they consume, many of those over-21-year-olds that you'd be
Re: (Score:2)
Because people who trash their nervous systems (and have all sorts of indirect problems, like useless immune systems) are a train wreck. It's harder to treat people like that, and harder to understand when something else is causing complications.
if drugs were legal tomorrow would you go out and binge on her
Re: (Score:2)
No, I don't. Want proof? You offered it yourself -
If drugs were legal tomorrow would you go out and binge on heroin and cocaine?
No.
Why would the rest of the population be any different from you? There are already scores of drug addicts, so obviously the threat of incarceration isn't an effective deterrent. So what are the benefits of dra
Re: (Score:2)
Re: (Score:2)
So, when some 18-year-old ODs on heroin, legal or otherwise, you're going to make sure that doesn't show up, indirectly, as an expense that I get to pay for? We're already in a position where people's bad choices cost the rest of us untold hundreds of billions of dollars. And all people can talk about is making health care in the US an even more gl
Re: (Score:2)
You can be addicted to opiates and still make a living. In fact, you can be a world renowned surgeon [wikipedia.org] and be addicted to opiates. Most of the problems opiate addiction causes is due to the social stigma and difficulty involved in getting the drug. Oh, and without the overhead of t
Re: (Score:2)
And then you sue all those companies for umpteen billions. Indeed, why should Big Cocaine be different from Big Tobacco?
Re:The glass is half empty? (Score:5, Funny)
Hey now, relax. Currently we're only sending the US Marines against the drug cartels. Now you want to unleash an army of lawyers on them?! Talk about your cruel and unusual punishment.
Heck, forget waterboarding. Let's just put the terrorists at the Gitmo through a prolonged child custody battle. They'll crack in no time.
Re: (Score:2)
How about starting by eliminating the federal war on drugs that unconstitutionally prevents states from implementing such common sense policies? I think
Re: (Score:2)
There is also evidence that much of the dysfunction seen in addicts does NOT come from the heroine. Instead, either they turn to h
Re: (Score:2)
Re: (Score:2)
I'm not sure things would 'dry up' though. Prohibition (of alocohol) led to the same sad results that we've got with hard drugs.
Well-organised and financed crime.
Sadly though, alcohol abuse is still with us...
Re: (Score:1)
I used to work with a local cadet unit. Our cadets were a fairly even mix of males and females who were aged 13 - 20.
Whilst working with them I had my eyes opened to just how seriously lacking drug education in schools is here in the UK.
In schools, the drugs education basically consists of about an hour to an hour and a half during which a teacher, not usually from any particular subject area, who had absolutely no experience or training in the subject of substanc
Re: (Score:1, Insightful)
Re: (Score:1)
> eradicated demand for those products.
True. But when was the last time you heard about somebody getting shot for a cigarette?
Some problems are worse than others.
Re: (Score:1)
Re: (Score:1, Flamebait)
FYI, he started as a pothead. So forgive me if I don't exactly support the notion that pot is an ok drug, safe to legalize.
Re: (Score:2)
Re: (Score:2)
Odds are he started on booze. Same as everybody else.
While I do not deny that the "hardcore" drugs beat the living hell out of people's lives, and I have the upmost sympathy for what you personally have most likely gone through, the war on ganja is pure unadulterated bullshit. The only proven tie between pot use and hard drug use is the dealer - you go in to buy weed and are offered , you try it, you
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
well (Score:5, Insightful)
And what was the cost of this project to begin with?
Who cares? (Score:5, Insightful)
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
Infact its clearly written into law like that. They have varying degrees of burglary, from simple breaking and entering to grand theft. There is a clearly defined monetary difference attached to burglary. The same should be applied to the FBI's approach. If it was, RIAA/MPAA would not have them running around like errand boys. How much did I "steal" from RIAA/MPAA? None. None at all.
Re:Who cares? (Score:4, Insightful)
A better analogy would be investigating a serial arsonist and discovering a link to a recent rash of burglary incidents in the process.
=Smidge=
Re: (Score:1)
Re: (Score:1)
don't worry about how many... (Score:2, Informative)
Industrial espionage doesn't seem likely, but it is happening already. Those without visible malicious activities or results will go undetected. They are out there in the
Re:don't worry about how many... (Score:5, Insightful)
I don't understand why the NSA needs a botnet; they have all the computing power they need and know how to spoof anything else. They don't need your computer to do their dirtywork; they can do it all on their own.
Re: (Score:2)
I'd agree, and to extend that argument, if they used your computer there are enough smart people out there who could figure out NSA secrets! It's just not worth it.
Re: (Score:2)
More seriously, one can think of several reasons, (including denyability - does that word exist?), for a gov. to maintain a secret botnet. The attack on Estonia springs to mind...
http://en.wikipedia.org/wiki/Cyberattacks_on_Estonia_2007 [wikipedia.org]
Re: (Score:2)
Re: (Score:1, Flamebait)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And more to the point (Score:2)
So for the NSA to put classified data on public machines would imply that people could get at it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2, Insightful)
Re: (Score:3, Insightful)
Now not saying that your THEORY that the NSA has their own botnets does not have merit (I can think of reasons why) but do you actually have evidence? Or are you just saying "The NSA is Evil and Evil hackers like Botnets so the NSA has botnets"
Re: (Score:2)
It goes undetected for several years... data loss is attributed to poor system performance/upgrades/hardware failures.
If it's indistinguishable from normal poor system maintenance/structure/whatever, then who cares? Whether last year's TPS reports are lost because of my own negligence or due to some malicious code, the result is the same -- a useless piece of data is gone. The trick is to make sure this malicious code actually deletes things that are *useful* -- things whose deletion has meaning.
I delete old useless stuff all the time. If I was to change the selection of things I delete from my personal hand-selection met
Re: (Score:2)
As to backups. Well, I guess that explains the erosion of privacy. If people don't care enough to backup their shit, why should they care who knows what about them?
Re:don't worry about how many... (Score:5, Interesting)
Where are the grizzled, thick russian accented, boots wearing, crusty hackers in their survival-style grey-market Russian SUVs decked out with a hodgepodge of the sweetest, cutting edge tech and an old C-64 for shits and giggles online in the back? Where are the dark, smoke-filled bars where suits and data cowboys secretly meet up to exchange USB keys and microdrives for cold, hard cash?
The future is here, but it's certainly not sexy. Geeks are still geeks.
Re: (Score:2)
The "shady bars" are called IRC (and I hear that they exist, for real, in Russia, but I've never been there so I can't actually say).
Uhh... really? [sans.org] You act like it never happens, and sure, that's a sensationalized white paper, but guess what? It's more common than you seem to think.
I laughed at your comment because you present it with suc
dude, you should work in hollywood (Score:2)
that was the most craptastic display of doom and gloom paranoid hysteric FUD i've seen in a long time
"If you believe that the NSA is NOT using one, you need to go get a tin foil hat this afternoon, and I mean it"
yeah, okay then
!?
Re: (Score:1)
Re: (Score:2)
Beuwulf! Beuwulf! (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
A. They're both crooks.
Seems like a cool job (Score:4, Interesting)
Re: (Score:2)
But I think the job satisfaction level would be great once the arrests start happening.
Re: (Score:2)
It is certainly too narrow of a field for me. ;) I was never evil genius level good enough to get snatched up by the NSA like a couple of guys I know. Those are the kind of jobs where they almost prefer you to have as shady of a background as possible.
Re:Seems like a cool job (Score:5, Informative)
Get to use all your skills? Full stop. Let's review.
This is the government, with everything that comes with it. Those of you with government experience know what this means. Bureaucracy. Red Tape. Paperwork. For those of you who haven't had the experience, think of the most amazingly, monumentally, mind-bogglingly inane busywork paperwork you've ever had to deal with, and then multiply that by the biggest number you can imagine. Keep imagining.
How well does bureaucracy adapt to change and embrace new technology, and all of it's associated skills? Here's a hint. The Bureau is still using Hoover's secretary's original filing system. Yes, it's still manual. Still paper. No changes. The same system. CSI is entertaining fiction.
Other than small numbers of your fellow squad-mates who are also on cyber detail, your fellow agents are likely neo-luddites, mildly intimidated by word-processing. They're very, very bright people, with a lot of skills. Those skills, however, largely don't involve computers. And for the most part, they don't have to. Most areas of the office are air gapped, anyway. (Really, for the most part, they probably don't trust computers -- which, if you think about it, suggests they are pretty bright after all -- but they're probably not entirely sure they trust someone who spends too much time with them either. Put in enough time on the range, working out, knocking on doors, pounding pavement, and using your head to show you have a clue and you won't get them killed, and then you'll be okay. But not before.)
As for your primary prey, it will not be spammers. It will not be botnet operators. It will not be industrial spies. You will not for the most part, young padawan, be matching your jedi skills against the very best the dark side has to offer.
You will be chasing kiddie porn peddlars, and child molesters. You will be pretending to be 12-year-old girls in chat rooms. When you're doing well, you will be knocking on doors at 5 am, having to spend countless hours reviewing video tape collections to see what has been taped somewhere in the middle of those 400 episodes of 'the golden girls', or all of those Richard Simmons videos. When you find it, you will have to catalog it. (You will learn to be grateful for the fast-forward button on your remote. And you will see things you wish you could unsee.)
If you're a badge-carrying Special Agent, yes, you're armed. "How cool, is that!", you say. You're armed whenever you're on duty, wherever you go. It's a Federal License. Those pesky little state limitations on firearms don't apply.
Add one little detail. You're on call 24x7x365. Which means you have to be able to report for duty at any time, with no advance warning. Which means you're armed -- all the time. No breaks. No holidays. No days off without a sidearm. (Ponder this: where do you put your piece if you want to go to the beach?)
Pay? For a rough rule of thumb calculation, take your current salary in your technical field. Divide by 2 to 2.5. The greater your technical skills the larger the number you'll divide by. You don't get paid based upon your skill set. You get paid based upon your grade. Which is dependent upon time in chair, once you're actually in. Unless you're former law enforcement, former military, or worked for a different governmental agency, in which case you'll start at a higher grade than someone without that background. (Though not necessarily at your previous grade, either.)
Hours? Standard base is a 50 hour week. Unless you're needed for anything else, in which case it may be more. For a lot of tech folks, 50 hours is no big deal, you think. But, here's the kicker. Your morning will usually start at 5 am, in order to get to the office by 7 am. Unless you're knocking on someone's door, in which case you're probably up by 3 am. Or you're on stake out, in which case you're working whatever you're working. (If you're early, you're o
Re: (Score:2)
We are building a fighting force... (Score:1)
About half (Score:5, Interesting)
New acronym? (Score:2)
Spiced Ham (Score:2)
Numeric addressing disappeared (Score:2)
A couple of days ago, it went away. Zip, zilch, zero, nada. To a first Occamatic approximation, they must have nailed the generator of this stuff.
Crime is relatively unchanged (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
Yes, they have a lot of botnets there, but that is NOT where the bot-herders reside. That is simply an indication of an internet populace that hasn't caught up with the concept of needing to patch, update AntiVirus, clean off malware.
The same thing holds true for China, even more so. Being that China runs on pirated software, they don't have access to windows update (They fail windows genuine validation) so they deliberately avoid p
Re: (Score:2)
Hope you don't do business there, and block ALL e-mails originating from Russian, Nigerian, or Brazilian IPs. That'll hit spam hard.
If I had to guess (Score:2)
If I had to guess, I would say it is roughly the same number of computers in use by the US government...
95% of all email is spam (Score:3, Insightful)
When the level of spam drops back below 95% of it being spam [slashdot.org], I'll believe these guys are doing their jobs.
Until then, they're just a bunch of ineffectual wankers, and are increasingly more ineffectual as time goes on.
The FTC, FBI, CIA, and NSA are wasting their resources chasing some overinflated bogeyman risk ("terrorists") and meanwhile our communications, financial and transaction systems are under heavy assult. The long term effect of this is lack of confidence in transactions in general, and that is the primary thing that holds economies together.
In other words, we're seriously boned unless these jokers get their act together.
We need RICO prosecutions. (Score:3, Insightful)
If the legitimate world was worried about $100k fines and 20 years in a Federal-run-by-the-Aryan-Brotherhood-pound-me-in-the-ass prison for dealing with spammers and their ilk, it'd get a lot colder out there for spammers.
Re: (Score:1)
One thing that was overlooked here (Score:3, Interesting)
So it begs the question who now has all those Bots??? Are they or how do they plan to notify these people that their machines are infected and that they need to be cleaned...???
Re: (Score:2)
I had tried to before, but I lack the legal tools: subpoenas. It's so interesting that the FBI considers botnets dangerous, but so far I haven't seen a government-sponsored campaign to prevent botnets and virus infections.
If all the major e-mail companies (hotmail, google, yahoo) and the US government united in identifying the bot-infected machines in the U.S (assume every spam comes fr
Tools needed to do this (Score:5, Informative)
Assuming that the 'nets were employed to do something blatant (and this is surely not universally the case) you would watch the DDOS or spam attack and see what IP addresses were doing that, then you'd want to go back and see what machines communicated with those machines in the past, and the machines that communicated with those machines. Mining that information should, at some point, lead you to the systems that originated and controlled the attack.
Of course, nobody has that information, right? Nobody can possibly save all the connections between all machines on the internet, certainly not for any length of time...[now is the time to get out your envelopes to do calculations -- I don't think it's by any means impossible to do this.]
If you can't save the whole net, then perhaps you can set probes -- watch internet nexi for IP addresses to go by, once you've identified a few hundred thousand bot-infested machines. Assuming that a bot herder uses machines more than once [another perhaps unsupportable assumption] you could do the same analysis, more slowly, by tracking with these probed addresses as they come across the wire.
I hate botnets, they will destroy the 'net, but I'm not sure that the solution is any better than the problem.
The latest XKCD comic could give us a clue... (Score:2)
In the comic, a guy has a 40+inches computer display showing a network of viruses in virtualized Windows installs, as an alternative to an aquarium. What is most interesting is the alternate text. It says:
News according to Borat? (Score:1)
Was this done with (Score:1)
If so, when and where were they issued and by whom? If not - WHY not?
Inquiring minds want to know.
So does the ACLU, I bet.
FBI vs. Russian Mafia (Score:2, Informative)
Re: (Score:1, Insightful)
My response is that the Russian mafia will never be as effective as American capitalism and democracy. It's the thug-like 'take and take' mentality that guides the motivations of these individuals will only really get them so far. They really don't want to work for anything at all. They're the bottom of the barrel scum of humanity. They know it, and that's all they apparently know how to be.
Unfortunately, a gang of thugs like the Russian mafia aren't savvy
It's too bad they're treating the symptom... (Score:4, Informative)
...but not the disease. So a bunch of botnet-herder script kiddies and other ne'er-do-wells who exploit a situation are in jail. Did they patch even a single one of the compromised Windows systems that were a part of the botnet? No, they "disrupted" the botnets, which supposedly is going to reduce their ability to be compromised for criminal purposes in the future. I'm sorry, but unless they somehow repaired the exploits, or confiscated the compromised machines and thus removed them from the internet, they're still a bunch of junkers spewing malicious packets and waiting for some new bot-herder to take the helm, hazardous to the infrastructure as well as all the other computers they share the "tubes" with.
The fundamental problem is a single-user operating system that had networking capabilities cobbled-on, but that still is set up like a single-user environment where trust and security weren't perceived as issues. I'd like to see Microsoft step-up to the plate and put effort into developing exciting extras to be bundled with security updates that would at least make their users get more motivated about patching. Of course there's more to security than that, but we're all going to have to live with the mess Microsoft has made with pretty much every OS up to (and quite possibly still including) Vista, for years to come. Barring any proactive effort on Microsoft's part, it seems to me like the FBI has some responsibility to track down computers used in crimes and do something just a bit more permanent than just "reducing" their ability to facilitate criminal activity in the future.
Re: (Score:1)
Re: (Score:2)
You patch a machine on my network? Yeah that's a federal offense. Get a warrant.
Its amazing how little people care about law and rights when it comes to technology.
>I'd like to see Microsoft step-up to the plate and put effort into developing exciting extras to be bundled with security updates that would at least make their users get more motivated about patching.
And I'd like a pony. MS turns on auto u
Is this a good thing? (Score:3, Insightful)
Re: (Score:2)
Assholes like that will sooner or later give governments an excuse large enough to regulate the internet. To actually brag on