Researchers Cripple Pushdo Botnet 129
Trailrunner7 writes with this from ThreatPost: "Researchers have made a huge dent in the Pushdo botnet, virtually crippling the network, by working with hosting providers to take down about two thirds of the command-and-control servers involved in the botnet. Pushdo for years has been one of the major producers of spam and other malicious activity, and researchers have been monitoring the botnet and looking for ways to do some damage to it since at least 2007. Now, researchers at Last Line of Defense, a security intelligence firm, have made some serious progress in crushing the botnet's spam operations. After doing an analysis of Pushdo's command-and-control infrastructure, the researchers identified about 30 servers that were serving as C&C machines for the botnet. Working with the hosting providers who maintained the servers in question, the LLOD researchers were able to get 20 of the C&C servers taken offline, the company said."
Re:Legal hacking? (Score:5, Insightful)
Fed: "Wanna work with the FBI, Fido? Wanna help us catch bad guys?"
Snitch: "Yeahyeahyeahyeahyeahyeah!
Fed: "There's an athiest group that looks suspicious. I think they're laundering money to fund their picnics. You need to infiltrate them, earn their trust, and if you don't find anything make something up so we have a good excuse to raid their headquarters. You will get a pat on the head and a nice, big doggy bone if we get convictions. Snitch: "Yeahyeahyeahyeahyeah!
[ Months later, a number of the atheist group's members are arrested for child pornography for unwittingly having nude pics of their 17 year-old sons and daughters who kept them stored "privately" in facebook ]
Fed: "Bad news, Fido. The D.A. wants to charge you with computer crimes. You're expected to do 5 years in the pen."
Snitch: *whimper*
Fed: "It's okay, you helped us save the children. Just suck it up and don't drop the soap."
Unresponsive providers might be more likely... (Score:5, Insightful)
All traffic.
For the remaining 10 providers: (Score:1, Insightful)
Re:Legal hacking? (Score:5, Insightful)
There's no legal authority for the courts to order such actions. Even execution orders are authorized by the legislative body, approved by the chief executive, and carried out by subordinates to the executive (subject to the lack of intervention by the judicial body). Any offensive action against spammers/hackers would require a similar path.
Re:Pretty much (Score:2, Insightful)
Re:I would love to see... (Score:5, Insightful)
I assume that the providers were just notified by the researcher and were able to see for themselves whether the server is doing something malicious or not.
And when they look into it, they'll probably see a bunch of SSL-secured HTTP requests.
In addition every ISP I've dealt with, has a contract clause that allows them to cancel the service if you use it to violate the laws of the country - which is often the case when sending SPAM. You are then free to sue them if you believe that terminating the service was not justified.
A command and control server doesn't send out spam. It only acts as a server for the bots that do all the spam sending.
Surveillance and tracking instead of shut down (Score:4, Insightful)
I wonder why the police did not just add spying logging equipments, kept silent and followed wires (IP addresses ) and money transfers. (obviously, someone paid for the servers, even with stolen cards). Shutting down 2/3rd of C&C is like 2/3rd done job. The organized crime behind this is still runing fine.
That's not what I'm proposing (Score:5, Insightful)
I'm proposing that people deal with their own dirty laundry, and if they won't, that the people above them do. For example if I am causing a problem, my ISP will call me and say "Hey fix your shit." Happened many years ago, a roommate got a virus on his computer. They called me, I turned it off, life was good. Should I refuse, however, the ISP would have shut down my line. They were not interested in sending out viruses all over the place.
What I'm proposing is that the big bandwidth providers take the same attitude. If some hosting provider has systems doing evil, you contact them. However if they refuse to deal with it, you can then contact the big providers. They can check, if evil is going on they warn the company. If it doesn't stop, they shut down the links.
I fail to see a problem here. Such a thing wouldn't be done capriciously because it is against a business's best interest. If a customer is paying money and not causing problems of course they want to keep the connection active. They don't want to turn it off for fun (and probably break the contract).
All lines have AUPs, even big ones. I just think they need a mechanism to allow for complaints and enforcement, and something that is less severe than a total disconnection. Rather than something having to get to the "You cause so much trouble you are in violation of the contract and we stop selling service to you," point instead they can say "You've refused to deal with complaints so you are blocked, fix your shit and promise to listen in the future and we turn you back on."
The reason I want to see this is first because I want less shit on the net, but also because with many things you find you either self regulate or the government will regulate you. What happens if instead the US government, or a council at the UN gains complete regulatory power and can tell providers who to shut down? I'd much rather have it as a self regulating system.
It works well for ISPs, and most ISPs do it. As I said, as a university we are an ISP and we do just that. We investigate and respond to claims of malicious network activity. However, we need a higher level to deal with the ISPs that won't respond to the complaints.
Comment removed (Score:4, Insightful)
Re:Pretty much (Score:3, Insightful)
Your proposal would work best, to be honest, if the major backbone providers did this to the entire ISP instead of leaving the ISP to half-assed "police" its members. If a large amount of spam is coming from a provider, shutting it off entirely will get them to comply with their terms(which I can guarantee has terms and conditions concerning malicious use and so on). It's currently entirely within their bounds to do so but to date, they still refuse to do it. It's also not rocket science to see where the spam and activity is coming from.
I bet if Earthlink (as an example) had a quarter of its network taken down it would scrub the spammers and infected accounts off of its servers in under 24 hours. And for a small country that might be home to a major control center, well, having the entire country go black until it is fixed would certainly get some action I'd wager. Having your DS4 and DS5 lines go down gets your attention immediately.
It should be up to the major companies that run the Internet to do the policing and not the Government. The more that they refuse to do their job, the more they end up being taken over by government agencies. Which means more and more of the Internet is controlled by just a couple of countries, essentially, which is obviously a bad thing in the long term.