DOJ Gets Court Permission To Attack Botnet 84
itwbennett writes "In an unprecedented move, the Department of Justice (DOJ) and the FBI have been issued a temporary restraining order that will allow the FBI and the US Marshal for the District of Connecticut to set up servers at the Internet Systems Consortium or other ISPs that would stop infected computers from continuing to spread the Coreflood virus, according to court records. This week, the DOJ and FBI seized five servers that controlled Coreflood-infected computers, the DOJ said in a press release. The agencies also seized 29 domain names used by the Coreflood botnet to communicate with the servers."
unprecedented? (Score:1)
Not anymore...
What is the price of one piano compared to the terrible crime that's been committed here?
Re: (Score:1, Interesting)
What is the price of one piano compared to the terrible crime that's been committed here?
Negligible. I say it's fine as long as the feds 'return it' expeditiously when they are done and make certain the owner is fully compensated (erring on the side of overcompensated) for any loss incurred.
For example, if the servers were required to generate $1 million in revenue a day; I would expect the owner to be paid $1 million + 10% for every day the revenue cannot be generated because servers are impounde
Re: (Score:1)
But you are the one who neglected computer security. I don't think you deserve a penny.
Re: (Score:1)
But you are the one who neglected computer security. I don't think you deserve a penny.
No. You are the one whose security was defeated by a criminal. You can fix the server, just like you can fix a building's Window after a break-in.
That doesn't give police the right to seize your office pending another burglary attempt (without providing you fair compensation as required by the 5th amendment in order to take/hold your private property for public use.), even if it is suspected the burglar might be u
Re: (Score:2)
That doesn't give police the right to seize your office
Actually it does. Police routinely cordon off crime-scenes during an investigation.
pending another burglary attempt [...] even if it is suspected the burglar might be using your office as a rendezvous point with his other criminal buddies.
And police can certainly act to prevent a crime. For an IRL situation, I doubt they would even need the court-order if they had a "reasonable belief" that a crime was being committed within a building.
Re: (Score:1)
Actually it does. Police routinely cordon off crime-scenes during an investigation.
Cordoning off the scene of a crime != Seizing innocent people's property.
Last I checked, the police don't come by with a heavy loader, pack up the building/office, and ship it to HQ; leaving the owner with a piece of bare land and no shelter, for months/years, until they are done with their investigation.
Re: (Score:1)
another BS reason why IT workers need to be unionized and have their right protected. There is no way to predict another break-in unless we have something similar in "Minority Report".
Re: (Score:2)
unprecedented?
The problem is that the existence of a large botnet stealing banking information is not unprecedented.
Governet (Score:4, Informative)
The Connecticut criminal complaint said a Michigan real estate company lost more than $115,000 to fraudulent wire transfers because of the Coreflood virus. A South Carolina law firm lost more than $78,000, and a North Carolina investment company lost more than $151,000, the complaint said. A defense contractor in Tennessee lost more than $241,000 due to the botnet, the complaint said.
Emphasis mine. I wouldn't expect any less out of firms like this first of all. They really need to change the keyboarding classes in high-school to teach basic do-not-download-stupid-shit classes. And second of all, FTA:
"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.
Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.
Re: (Score:2)
hide yo pron hide yo russian wife
Re:Governet (Score:4, Interesting)
Re:Governet (Score:4, Interesting)
"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.
Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.
The internet has been serious business for a while, in case you've not been paying attention. The "gub'ment" is in the intertubes by necessity. Let's not blame this on the gov't.....it's those stealing hundreds of thousands of dollars who ruined it, not Washington.
Re:Governet (Score:4, Informative)
Comment removed (Score:4, Insightful)
Re: (Score:2)
I've dealt with the same thing. I clean off computers for clients with dozens of toolbars and spyware that they installed themselves. When they say they didn't do it, I download a simple program and ask them to install it. The program will have a checkbox for "Would you also like to install this (toolbar | spyware)? They are simply amazed and stunned when I point that out, but worst of all they continue doing it. Simply reading the plain English would prevent most of this crap.
I remain convinced that most p
Re: (Score:2)
I remain convinced that most people cannot or will not read anything present on a computer screen.
This is because of the too easy use of the modal popup. A popup is very easy for a programmer to create and deploy, but it gets in the way of what I am doing now. So the question asked by the user is not "What options should I select on this pane to achieve optimal results for me?" but "How do I get rid of this and back to what I want to be doing?"
I would love to see installers/programs in general avoid using them. Even if it means users are staring at a"broken program" that needs configuring the first t
Re:Governet (Score:4, Insightful)
Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else.
Frankly, so what? The question isn't "whose fault is it", the question is "how do we stop it". If you answer is "stop people from being stupid", then you obviously don't live in the real world.
It's equally valid to say that 90% of people who fall for pyramid schemes or various other types of fraud are also being stupid. We still do our best to stop fraudsters from victimizing people, or punish them when they do. Whether you like it or not, we as a society have decided that pursuing criminals is a worthwhile endeavor. If you can't live with that, I hear Somalia is much more lax about such things ...
Re: (Score:2)
Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else.
Frankly, so what? The question isn't "whose fault is it", the question is "how do we stop it".
But the granddaddy question of them all is "how do we stop it without penalizing the other 90% of the world who are not dumbasses."
I believe that's what the GP was getting at.
(and I know, 90% is a pretty optimistic number, but anything else is just depressing...)
Re: (Score:2)
Yeah, it's probably more like 20%.
But, regardless, I've never been "penalized" by any such measures. The real question is "how do we stop it without everyone wetting their pants over it despite the fact that the vast majority of them will never be negatively impacted". I agree that it's important to keep their power in check, but it's ridiculous to start pulling the Chicken Little act because the government is targeting some botnets, and it's even more ridiculous to claim that it will "penalize 90% of the
Re: (Score:3)
Re: (Score:1)
"he uninstalled it so it would "shut up" and let him have his bugs"
the botnets love him, so dont pick on him or they will come to protect their flock
Re: (Score:1)
also as a side note, never give idiots control should have given him a limited account
Re: (Score:1)
Re: (Score:2)
Dumb users should have dumb terminals.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
"can you baby proof the world?".
Obviously not. But - those people who permit and/or place their baby in harm's way out of negligence can be fined, or even imprisoned.
I say, if your computer is part of a botnet, you should be fined. It isn't that difficult for your ISP to figure out that 5, 10, or maybe even 50% of your traffic goes to a botnet. (It should have been blatantly obvious to the ISP of the server, not merely detectable!) So, the ISP sends you freindly warning that it appears you have been com
Re: (Score:2)
I say, if your computer is part of a botnet, you should be fined. It isn't that difficult for your ISP to figure out that 5, 10, or maybe even 50% of your traffic goes to a botnet. (It should have been blatantly obvious to the ISP of the server, not merely detectable!) So, the ISP sends you freindly warning that it appears you have been compromised - and after a week or two, you're STILL actively participating in the botnet.
This fails because it requires that ISPs be competent and don't mess up when a custo
Re: (Score:1)
Re: (Score:1)
Re:Governet (Score:5, Insightful)
OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!
Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?
Re: (Score:1)
OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!
Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?
I suppose you didn't rtfa or the summary?
They seized servers and domain names.
Seized means, they didn't ask permission.
It wouldn't be sensible to ass-u-me that the
ONLY thing running on those servers was
botnet controls. As well, it wouldn't be the
same to assume the domains were specific
to the botnet.
ie, someone may be suffering financially for
the broad seizure of tangible and intangible
items. THAT would be egregious.
-AI
Re: (Score:2, Informative)
Asset seizure, both permanent and temporary, is a power granted by both judicial and municipal civil institutions all the fucking time. If you own property on which a crime has been committed, it sucks to be you, but you lose some control over that property while the crime is being investigated. Cities can and do seize and destroy property on grounds of being hazards to the public: environmental, health, criminal, etc. This action is trivially defensible on similar grounds.
Certainly procedures should be est
Re: (Score:1)
Asset seizure, both permanent and temporary, is a power granted by both judicial and municipal civil institutions all the fucking time. If you own property on which a crime has been committed, it sucks to be you, but you lose some control over that property while the crime is being investigated. Cities can and do seize and destroy property on grounds of being hazards to the public: environmental, health, criminal, etc. This action is trivially defensible on similar grounds.
Certainly procedures should be established, adhered to, and audited to help ensure this power isn't wielded indiscriminately. But pretending that it has no precedent is either naive or disingenuous.
Don't you think seizing a server is a bit MORE than
seizing a car, or a house or just about any "single"
thing.
A server is rarely a "single" thing, it's more akin to
a city. So, seizing a CITY to catch ONE criminal is
a BIT much.
You have to understand, I'm not saying that they
were not within rights that they granted themselves.
I'm just saying, it's not really fair, just or however
you want to term it, to have someone else's stuff
taken, when their stuff might be making them a
living. It's not their fault their web
Re: (Score:3)
I think you're serverely overvaluing the value of a server, by possibly over half a dozen magnitudes.
Re: (Score:2)
Yes they did - that's what 'getting a court order' means.
Re: (Score:2)
To which I say - tough titty. That someone who may be suffering financially is guilty of aiding and abetting, even if only by negligence.
Re: (Score:1)
To which I say - tough titty. That someone who may be suffering financially is guilty of aiding and abetting, even if only by negligence.
I get the vague impression that those replying
about the servers going bye-bye... really don't
have the slightest clue about how virtual hosting
works.
In the late 90s, we had Pentium 100 boxes with
HUNDREDS of web sites on them. I'm certain
that has scaled a bit now.
So, ONE seized asset, ie, one seized server
that may have been compromised will have as
my prior analogy... a "city's worth" of potential
commerce. And those people depending on
that commerce, have no connection whatsoever
to the malcontents doing the dam
Re:Governet (Score:4, Insightful)
Re: (Score:1)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
They charge extra to record the wrong information on their end.
i see, a national problem. (Score:1)
ok, being a u.s. national issue, is this an all-american botnet?
Re: (Score:1)
Seizing Domain names (Score:5, Insightful)
This is a total waste of time.
Half the ones they seize are innocent bystanders. The rest are replaced for $16 bucks at some sleezey registrar. Probably most are simply
decoys and the ones of real importance are out of country.
Perhaps the Defense contractor whined, and that finally got the Fed's attention, but it seems to me that various private initiatives (like those by Microsoft and others) have been way out ahead of this.
Why not audit that Defense Contractor's IT procedures and practices. A bot net owning one of their boxes? Seriously?
Re: (Score:2)
You don't need to seize domain names to do that. The ISP wants the sniffers rooted out just as much as the victims.
Don't kid yourself into believing the DOJ/FBI have enough people to actually run a Domain so that no one would notice
its been taken over.
Seizing the domain name has been totally ineffective to date, serving more as a club to beat hapless ISPs than anything else.
Its one thing when you have a pirate warz site. But seizures are now used when ever there is a case with anything to do
with the inter
Re: (Score:3)
This isn't seizing mooo.com with 86,000 bystanders. These botnets have algorithms which predict the next 1000 domain names they will try. By calculating ahead and seizing them all, the FBI can then control the botnet and issue commands to clean all the infected computers.
Since everything is well-specified, this is EXACTLY what the government should be doing, and how they should be doing it. Bravo! (For once)
Possibly a non-jackbooted response (Score:5, Informative)
I haven't found the order itself, but the request is here [fbi.gov]
If that's what they were granted, it looks remarkably restrained. It actually specifies the servers in question (it's not just a blanket "We get to grab anything we claim is a C&C server, now or in the future").
The part the article seems to be going on about is "A permanent injunction that requires the Defendants to uninstall Coreflood on any computers not owned by the Defendants and authorizes the operation of a substitute command and control server to give effect to the Court's orders;" This is pretty radical, in that it lets the FBI operate the botnet at least in so far as to shut it down. But it doesn't give them any authority over computers which aren't already infected.
Re: (Score:1)
Send in the drones! (Score:1, Troll)
We should leave this matter to DoD. Instead of deploying the drones in Pakistan, we should target the botnet controllers instead. If we're gonna do extrajudicial killings, might as well target people who actually harm the country.
Re: (Score:1)
Targetting the Symptom only (Score:1)
Re: (Score:2)
The money likely flows to places where the US cant touch it like China or Russia.
What they are doing makes a lot of sense in this case.
They are seizing all the domain names all the known variants of the bot are programmed to look for and will be pointing them at a command and control server run by the US government. This server will direct the bot to shut itself off, stop stealing peoples private information
and to stop spreading to other machines.
Tracking the money (Score:1)
Oh God (Score:1)
The ISC is an ISP? (Score:2)
Internet Systems Consortium or other ISPs
Since when is the ISC an internet service provider?
"Internet Systems Consortium, Inc. (ISC) is a non-profit 501(c)(3) public benefit corporation dedicated to supporting the infrastructure of the universal connected self-organizing Internet—and the autonomy of its participants—by developing and maintaining core production quality software, protocols, and operations." Other than hosting a few Open Source projects, the ISC doesn't act as an ISP to the best of my knowledge.
I guess they mean somethin
Are they so incompetent.. (Score:1)
.. they need to steal someone else's botnet to do their spying now?
Just curious..
For THAT the exectutive branch seeks approval (Score:2)
For THAT the executive branch seeks approval of one of the other two branches, yet when it comes to real physical war, that, you know, kills people, they do not feel the need.
No such thing as (Score:1)