Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zeus Botnet Dealt a Blow As ISPs Troyak, Group 3 Knocked Out

timothy posted more than 4 years ago | from the brief-respite-while-sauron-regroups dept.

Botnet 156

itwbennett writes "Ninety of the 249 Zeus command-and-control servers were knocked offline overnight when two ISPs, named Troyak and Group 3, were taken offline. Whoever was behind the takedown 'just decided to knock out a large area of cyber-crime, and this was probably one of the easiest ways to do it,' said Kevin Stevens, a researcher with SecureWorks. As with the McColo takedown of just over a year ago, Troyak's upstream providers seem to have knocked it off the Internet, Cisco said in a statement. 'The ISP was "De-peered,"' Cisco said. 'Troyak's upstream network providers effectively pulled the plug on Troyak's router, refusing to transmit its traffic.'"

cancel ×

156 comments

Sorry! There are no comments related to the filter you selected.

Good (5, Insightful)

drDugan (219551) | more than 4 years ago | (#31432820)

What about the other 150?

I have a difficult time understanding how Zeus is *still* around; it started in mid 2007! According to WP, it has more than 3.6 Million infected PCs.

There is no reasonable stance that defends the existence or the activities of botnets either legally or morally. How is it that we know there are 150 other command nodes, presumably that we can also discover their IP addresses, but law enforcement has been unable to bring them down?

While I understand there are differences in laws, and with what is legal and what is accepted in different jurisdictions, but this seems patently absurd. If an ISP provides service to a verified botnet control node, and refuses to quickly turn them off, I would expect immediate upstream action like this. Why hasn't this happened even more?

Re:Good (4, Interesting)

c++0xFF (1758032) | more than 4 years ago | (#31432908)

From the article:

Troyak is based in Kostanay, Kazakhstan, according to whois records.

Taking down the servers is a political matter, not a technical one (in general). But I would imagine that clearly harboring illegal activity would be sufficient motivation for anybody. Imagine if we classified servers like we do countries that support terrorism?

But even if we got all 249, it's like playing whack-a-mole or cutting off the head of a hydra.

Re:Good (2, Funny)

John Hasler (414242) | more than 4 years ago | (#31433214)

> Imagine if we classified servers like we do countries that support terrorism?

Because that works so well...

Re:Good (4, Informative)

shentino (1139071) | more than 4 years ago | (#31433318)

And for once it WOULD be a good idea.

Just look at what happened to Blue Security. They put spam down so well that a pissed off spammer lobbed an electronic nuke at them.

The guys that took out Blue were able to do so because they had a freaking ARMY of computers. An army, by the way, that they built up through illegal means. Now, accumulating firepower through theft, that does sound like a form of terrorism to me.

Re:Good (-1, Flamebait)

Sir_Lewk (967686) | more than 4 years ago | (#31433398)

pissed off spammer lobbed an electronic nuke at them.

Oh come on now! What is this, a bad hollywood movie? We don't have to be so overly dramatic.

Re:Good (3, Interesting)

Hadlock (143607) | more than 4 years ago | (#31434318)

Pretty much obliterated Blue Security, I had to google them to figure out what the hell he was talking about. He used a fairly generic term, but the end result is the same.

Re:Good (1)

Korin43 (881732) | more than 4 years ago | (#31433488)

It's not like we need to go in those countries. All that needs to be done is force ISPs in other countries to stop peering with them.

Re:Good (2, Insightful)

efalk (935211) | more than 4 years ago | (#31433792)

All that needs to be done is force ISPs in other countries to stop peering with them.

"Force"? How do you propose we do that?

Re:Good (1)

Korin43 (881732) | more than 4 years ago | (#31433864)

Laws? "ISPs in country X may not peer with other ISPs known to be allowing activity prohibited by law x"

Re:Good (1)

Hadlock (143607) | more than 4 years ago | (#31434342)

Laws don't mean anything unless you enforce them.

Re:Good (0)

Anonymous Coward | more than 4 years ago | (#31434936)

Here we go again....

"known to be allowing activity prohibited by law x"

Whose law? Yours? Why? Did the population of country x just get a say in your daily life and, if not, what makes you think that you have a right to say what is legal or not in their country? The best solution here is a technical one but you might have to use diplomacy to convince other governments to follow your lead. By the way, diplomacy does not entail sending an army in to force someone to do as you would wish.

Re:Good (1, Insightful)

Anonymous Coward | more than 4 years ago | (#31434974)

It isn't always so clear cut. Sure, there's ISPs like McColo and the two from TFA, but what about ISPs frequented by stupid people (often the major telecom in most countries) who get themselves infected? We all know that these masses of zombie machines are out there, including the ISPs in question. So should those ISPs start cutting off infected users? Let alone the opportunity to sabotage competing ISPs (rent their service and do something illegal, then report them and get them shut down).

The other problem with your plan is that you suggest that ISPs should be responsible for their traffic. I can hear the cheers from the *IAAs from here, and I bet you can too. They'd pounce on this to force the ISPs to police their product, since obviously the ISPs are obligated to take down illegal traffic. And you better believe that any ISP-policing law won't explicitly target only botnets; in fact, I wouldn't be surprised if stopping botnets was a secondary consideration by the lawmakers (the primary being "stop those nasty internet folk from 'stealing' from the nice company that bought me this yacht").

This is all ignoring the fact that we don't have a world government and that diplomats will gladly refuse to police another country's laws, just to spite them (depending on the particulars of the political relationship) or to turn an advantage. And the criminals only need find one country which doesn't want in on this absurd law.

The same way Turkey took down YouTube (1)

tlambert (566799) | more than 4 years ago | (#31434966)

The same way Turkey took down YouTube

By pushing bogus BGP packets to the backbone routers you have access to. Only the routers the people who dislike botnets have administrative control over are not just inside Turkey.

-- Terry

Re:Good (3, Insightful)

HungryHobo (1314109) | more than 4 years ago | (#31433804)

Ya I'm not really seeing the victory here.

If 90 of their command and control servers are knocked off can't they just push an update out through one of their other 159 command servers to the botnet to add another 1000 potential command and control servers scattered around the internet?

Re:Good (1)

NEDHead (1651195) | more than 4 years ago | (#31432974)

Why are you asking me? I just got home.

The short answer? Money. (5, Insightful)

khasim (1285) | more than 4 years ago | (#31432978)

Why hasn't this happened even more?

Because the spammers and such are paying good money for such "bullet-proof" hosting sites.

Meanwhile, the more legitimate ISP's don't want to spend the money to block the command/control servers individually on their networks.

Re:The short answer? Money. (1)

failedlogic (627314) | more than 4 years ago | (#31433126)

It would be interesting to find out how much money they are being paid though.

Re:The short answer? Money. (1)

xanadu-xtroot.com (450073) | more than 4 years ago | (#31434002)

AH! I saw what you did there.

Re:The short answer? Money. (1)

failedlogic (627314) | more than 4 years ago | (#31434284)

I know what you're probably thinking. I want to figure out how much they make to start a business. My username probably doesn't help much. I intended to phrase it as a rhetorical question.

Would it really be worth getting your server(s) kicked off the Net as a hosting/ISP in order to make some quick bucks off some guys hosting a bot net instead of pursuing likely bigger paying corporate clients?

I don't know much about this ISP. Maybe this is the only type of business they've tried to acquire in the first place.

Re:The short answer? Money. (0)

Anonymous Coward | more than 4 years ago | (#31434040)

Are you looking for a new career?

Re:The short answer? Money. (3, Interesting)

Nefarious Wheel (628136) | more than 4 years ago | (#31433266)

Meanwhile, the more legitimate ISP's don't want to spend the money to block the command/control servers individually on their networks.

I suspect the "expense" they're afraid to incur would most likely be in the form of legal costs. Give a decent sysadmin any size list of culprits and he'll script a way to block them within a day, max. Fighting lawsuits, OTOH, is quite expensive, bogus or otherwise.

Re:The short answer? Money. (3, Informative)

Anonymous Coward | more than 4 years ago | (#31433338)

This is called a pink contract.

http://catb.org/jargon/html/P/pink-contract.html [catb.org]

Re:Good (1)

icebike (68054) | more than 4 years ago | (#31432996)

Not all the command nodes are in jurisdictions that are reachable. Some peer with larger carriers from behind borders where they are essentially untouchable.

Some may represent a large amount of income for there ISPs. Some may cross the palms of their upstreams.

Its hard to cut off an entire country just because the only backbone provider has one customer that bribes them to look the other way.

 

Re:Good (1)

shentino (1139071) | more than 4 years ago | (#31433332)

Depends on if the country's government looked the other way with the backbone that was aiding and abetting.

Re:Good (1)

camperdave (969942) | more than 4 years ago | (#31434042)

It's also possible that the botnet is controlled by the ISP in the first place.

Re:Good (1)

grandpa-geek (981017) | more than 4 years ago | (#31433382)

... presumably that we can also discover their IP addresses, but law enforcement has been unable to bring them down?

As I understand it, they don't use static IP addresses. They change their IP addresses frequently. They use all kinds of tricky schemes to shield their activities. It sounds like some of their schemes have been figured out lately and successfully attacked.

Re:Good (3, Insightful)

Attila Dimedici (1036002) | more than 4 years ago | (#31433430)

Any system that can reliably take botnets offline can also be (mis)used to reliably take something like wikileaks offline.

Re:Good (3, Insightful)

jd2112 (1535857) | more than 4 years ago | (#31433446)

There is no reasonable stance that defends the existence or the activities of botnets either legally or morally.

"We can make money off of it" seems to work for a lot of people.

Re:Good (1)

erroneus (253617) | more than 4 years ago | (#31434030)

With your line of reasoning, thepiratebay would have gone down and stayed down in spite of Swedish law and not because of it.

I can't say whether or not the laws of the lands in which the remaining servers reside make their existence illegal -- I hope they do or I hope they will soon -- but it is best to act within the law rather than outside of it.

I am glad that thepiratebay is still up and running. I find it useful. And if it means tolerating the existence of botnets for the same reasons, I could learn to live with it. I seriously dislike it when business and/or government decide to ignore the law to go after their aims directly. I much prefer that they stay within the rules.

It can still be done if there is enough interest expressed in it. Write your congressman. Contact your ambassadors. Email the president.

Wolfram Alpha (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31432822)

Remember that thing? It's not a search engine though, its a computational knowledege engine. That took off like a lead balloon.

Re:Wolfram Alpha (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31432900)

It was pretty Cuil.

Niney (3, Informative)

Evelas (1531407) | more than 4 years ago | (#31432830)

Read that, figured it was Nine, read the article, 90 of 249

Re:Niney (1)

monkeySauce (562927) | more than 4 years ago | (#31433588)

I figured it was either supposed to be ninety or niner. In case of the former... spellcheck? editing? In the latter case... was this story submitted via walkie talkie?

Re:Niney (1)

schlick (73861) | more than 4 years ago | (#31433852)

Niney you know kinda like sevenish.

Niney!? (1, Funny)

Anonymous Coward | more than 4 years ago | (#31432844)

I'm not sure exactly how many Niney is, but it sounds like a lot!

Re:Niney!? (5, Funny)

LikwidCirkel (1542097) | more than 4 years ago | (#31433006)

It comes after atey and before teny

Re:Niney!? (1, Funny)

Anonymous Coward | more than 4 years ago | (#31433586)

It comes after atey and before teny

Epic... Made me LOL real hard...

Re:Niney!? (3, Funny)

SimonTheSoundMan (1012395) | more than 4 years ago | (#31433030)

I think it's after twelfty.

Niney (5, Funny)

jamesyouwish (1738816) | more than 4 years ago | (#31432860)

Niney n. The amount of drinks it takes to say this word correctly.

Words (5, Insightful)

Threni (635302) | more than 4 years ago | (#31432862)

knocked offline...taken offline....takedown...knock out.......have knocked it off..."De-peered,"'...pulled the plug... refusing to transmit

I'm sorry, you're going to have to repeat that; what happened? Were they somehow removed from the internet?

Re:Words (5, Informative)

chadenright (1344231) | more than 4 years ago | (#31432926)

The Internet Service Providers providing internet service to the 90 zeus command nodes suddenly (and involuntarily) stopped providing internet service. TFA attributes this to "anonymous community action". Basically, someone got irritated at the bot net and blacked out a fair chunk of Kazakhstan in order to damage it.

Re:Words (3, Insightful)

Angst Badger (8636) | more than 4 years ago | (#31434032)

TFA attributes this to "anonymous community action".

Of which there might be more if someone would be thoughtful enough to publicly post the IP addresses of the command and control nodes of major botnets on a regular basis.

Re:Words (5, Funny)

Anonymous Coward | more than 4 years ago | (#31432928)

Troyak and Group 3 were like car dealerships, who sold cars to evil customers, who ran car-botnets. The suppliers of Troyak and Group 3 decided to stop supplying cars to them, so they couldn't resell the cars.

Re:Words (2, Funny)

obarthelemy (160321) | more than 4 years ago | (#31433228)

this has to be the worst car analogy ever.

Re:Words (5, Funny)

NF6X (725054) | more than 4 years ago | (#31433684)

this has to be the worst car analogy ever.

You might say it's like the Yugo of car analogies.

Re:Words (2, Funny)

grcumb (781340) | more than 4 years ago | (#31433710)

this has to be the worst car analogy ever.

Yeah, it's like the AMC Pacer of car analogies.

Re:Words (1)

Wayne247 (183933) | more than 4 years ago | (#31434352)

Which makes it the best. +5 insightful

Re:Words (2, Funny)

witherstaff (713820) | more than 4 years ago | (#31434782)

How about this one then - Zeus is like a Toyota. It keeps going and going, no matter how hard you try to put on the brakes to its activities. However after a long fight someone found a way to hit the brakes, emergency brakes, positioned a cop car in front of, and slowed it down enough to yank the key out. Troyak and Group 3 are like Toyota car dealerships. All of their cars (Servers) are now sitting idle because no one in their right mind wants to go anywhere near - or in front of - a Toyota, er a Zeus bot.

Re:Words (0)

Anonymous Coward | more than 4 years ago | (#31433760)

Troyak and Group 3 were like car dealerships, who sold cars to evil customers, who ran car-botnets. The suppliers of Troyak and Group 3 decided to stop supplying cars to them, so they couldn't resell the cars.

But that would only stop new cars from driving on the road, not take the evil customer driven ones off "overnight." No, Troyak and Group 3 were service stations who sold fuel to customers who drove evil cars ...

Re:Words (1)

icebike (68054) | more than 4 years ago | (#31432936)

The ISPs that hosted these botnet control centers had their wires cut. The entire ISP is offline. None of the companies they send their internet traffic to will talk to them any more.

Re:Words (0, Troll)

MrMista_B (891430) | more than 4 years ago | (#31433000)

You suck at reading comprehension, huh? Yes, yes they ere removed from the internet, 'somehow'.

Re:Words (2, Funny)

Anonymous Coward | more than 4 years ago | (#31433052)

He sucks at reading comprehension just like you're awesome at sarcasm.

Re:Words (0)

Anonymous Coward | more than 4 years ago | (#31433192)

It's amusing how the loudest people are rarely the sharpest. How can you miss that that was sarcasm? If it wasn't sarcasm, what exactly was it?

Re:Words (1)

blackraven14250 (902843) | more than 4 years ago | (#31433902)

A troll.

PININ' for the FJORDS?! (2, Insightful)

asdf7890 (1518587) | more than 4 years ago | (#31433194)

knocked offline...taken offline....takedown...knock out.......have knocked it off..."De-peered,"'...pulled the plug... refusing to transmit

... IT IS A DEAD ISP! </cleese>

Re:PININ' for the FJORDS?! (2, Funny)

don_bear_wilkinson (934537) | more than 4 years ago | (#31433404)

IT IS A DEAD PEER NET (better meter for 'par-rot')

Re:PININ' for the FJORDS?! (5, Funny)

plover (150551) | more than 4 years ago | (#31433726)

Mr Praline walks into a datacenter.
He walks to a desk where a sysadmin tries to hide below a tape rack.

PRALINE: Hello, I wish to register a complaint... Hello? Miss?

SYSADMIN: What do you mean, miss?

PRALINE: Oh, I'm sorry, I have a cold. I wish to make a complaint.

SYSADMIN: Sorry, we're closing for patch Tuesday.

PRALINE: Never mind that my lad, I wish to make a complain about this hosting service what I leased not half an hour ago from this very datacenter.

SYSADMIN: Oh yes, the Kazakhstan Big Blue Blade Server package. What's wrong with it?

PRALINE: I'll tell you what's wrong with it. It's offline, that's what wrong with it.

SYSADMIN: No, no it's connecting, look!

PRALINE: Look my lad, I know a dead host when I ping one and I'm pingin' one right now.

SYSADMIN: No, no sir, it's not dead. It's syncing.

PRALINE: Syncing?

SYSADMIN: Yeah, remarkable host the Kazakhstan Big Blue, beautiful rackmounting job, innit?

PRALINE: The rackmountin' don't enter into it - it's stone dead.

SYSADMIN: No, no - it's just syncing.

PRALINE: All right then, if it's syncing I'll sync with it. (shouts into cabinet) Hello Khaki! I've got a nice piece of Cat 6 for you when you wake up, Khaki!

SYSADMIN: (jogging rack) There it blinked.

PRALINE: No it didn't. That was you yankin' the wire.

SYSADMIN: I did not.

PRALINE: Yes, you did. (unplugs wire from cabinet, shouts into the end of the ethernet cable) Hello Khaki, Khaki (whips it against counter) Khaki host, wake up. Khaki. (throws it in the air and lets it fall to the floor) Now that's what I call a dead host.

SYSADMIN: No, no it's stunned.

PRALINE: Look my lad, I've had just about enough of this. That host is definitely depeered. And when I leased it not half an hour ago, you assured me that its lack of connectivity wad due to it being tired and shagged out after delisting a porn site.

SYSADMIN: It's probably pining for the fjords.

PRALINE: Pining for the fjords, what kind of talk is that? Look, why did it refuse to connect the moment I got home?

SYSADMIN: The Kazakhstan Big Blue prefers connecting via SSL. Beautiful host, lovely rackmounting.

PRALINE: Look, I took the liberty of examining that host, and I discovered that the only reason that its lights were blinking in the first place was that there was a flashlight taped inside the case.

SYSADMIN: Well of course it was taped there. Otherwise it would roll out the back and voom.

PRALINE: Look matey (picks up cable) this host wouldn't voom if I put four thousand volts through it. It's bleeding offline.

SYSADMIN: It's not, it's pining.

PRALINE: It's not pining, it's unplugged. This host is no more. It has ceased to be. Its license has expired. This is a late host. It's a brick. Bereft of electrons, it rests in peace. And if you hadn't taped a flashlight inside the case, the only cycles it would ever see from here on out are re-cyclers. It's dropped out of DNS and unjoined the internet invisible. This is an ex-host.

SYSADMIN: Well, I'd better replace it then.

PRALINE: (to camera) If you want to get anything done in this country you've got to complain till you're blue in the mouth.

SYSADMIN: Sorry guv, we're right out of blade servers.

PRALINE: I see. I see. I get the picture.

SYSADMIN: I've got a PC running Windows.

PRALINE: Does it scale?

SYSADMIN: Not really, no.

PRALINE: Well, it's scarcely a replacement, then is it?

Re:PININ' for the FJORDS?! (1)

nlindstrom (244357) | more than 4 years ago | (#31433802)

If I had any mod points, I'd give them all to you. That was brilliant, absolutely brilliant! Well done!

Re:PININ' for the FJORDS?! (0)

Anonymous Coward | more than 4 years ago | (#31434500)

Aw come on mods, the meter may be a tad off (I'm used to the audio-only version) but give this guy his props already.

That was the best laugh I've had all week.

Re:Words (2, Informative)

Nefarious Wheel (628136) | more than 4 years ago | (#31433294)

I'm sorry, you're going to have to repeat that; what happened? Were they somehow removed from the internet?

They were the recipients of a staged compaction of fissile material achieving critical mass and subsequent chain reaction within a projectile arriving from an exospheric source.

Re:Words (1)

Kalriath (849904) | more than 4 years ago | (#31433862)

It's the only way to be sure.

Beowulf cluster (2, Insightful)

nacturation (646836) | more than 4 years ago | (#31433616)

36% of their highly redundant infrastructure was made unavailable, leaving 64% of the control servers online and fully capable of servicing the millions of bots under its control.

Re:Words (0)

Anonymous Coward | more than 4 years ago | (#31433686)

For those who didn't get it, (about a dozen replies at the time of this posting), parent is referring to how pointless the summary is. The submitter basically took the title and rephrased it 4 different ways instead of adding additional useful information.

Re:Words (1)

Dachannien (617929) | more than 4 years ago | (#31434054)

knocked offline...taken offline....takedown...knock out.......have knocked it off..."De-peered,"'...pulled the plug... refusing to transmit

If they weren't pushing out the spam, they'd be pushing up the daisies!

Yay!! KILL THE COMMIES TO HELL AND MOSCOW !! (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31432880)

We don't need no stinkin' commies on this here AMERICAN internet.

Internet Death Penalty (4, Informative)

Anonymous Coward | more than 4 years ago | (#31432906)

Might as well call it by its name: Internet Death Penalty [catb.org]

Cisco? (1)

GPLDAN (732269) | more than 4 years ago | (#31432934)

John Chambers thinks he's John Wayne.

Re:Cisco? (0)

Anonymous Coward | more than 4 years ago | (#31434120)

Or Juan Jane, as the case may be.

Violation of network neutrality? (0)

Anonymous Coward | more than 4 years ago | (#31432948)

Violation of network neutrality?

Re:Violation of network neutrality? (3, Funny)

Anonymous Coward | more than 4 years ago | (#31433062)

Their network has been neutralized alright.

re (1)

Mantis8 (876944) | more than 4 years ago | (#31433008)

All I have to say is, "Bout time"!

Re:re (1)

gwdoiron (1590237) | more than 4 years ago | (#31433322)

Or is that, "'bot time"!

Re:re (1)

AlamedaStone (114462) | more than 4 years ago | (#31434760)

Or is that, "'bot time"!

It isn't.

Tangled memes (2, Insightful)

moteyalpha (1228680) | more than 4 years ago | (#31433024)

In Russia, Chuck Norris knocks out your bot net niney times , as he turns seveny.
I smell my karma burning.

Re:Tangled memes (1)

Crudely_Indecent (739699) | more than 4 years ago | (#31434394)

You beat me to it.....only I was going to say:

WTF is "Niney"

You turned it into a triple-combo!

Re:Tangled memes (0)

Anonymous Coward | more than 4 years ago | (#31434532)

I smell your liniment grandpa.

Update: Troyak is back online (5, Informative)

angry tapir (1463043) | more than 4 years ago | (#31433104)

According to this article [goodgearguide.com.au] : "Just hours after Internet service providers severed network connectivity to Troyak, an ISP associated with the Zeus botnet, the ISP has regained connectivity after peering with a new upstream Internet service provider."

Re:Update: Troyak is back online (3, Funny)

NiteMair (309303) | more than 4 years ago | (#31433208)

They say only sixeyate made it back online though...

Re:Update: Troyak is back online (0)

Anonymous Coward | more than 4 years ago | (#31434630)

nice.

Re:Update: Troyak is back online (0)

Anonymous Coward | more than 4 years ago | (#31433242)

This is believable. I got 25% ~more~ spam on my domains today than any day in the last month. From the patterns, I suspect they felt obliged to resend some after their outage.

Why the "statement" from Cisco? (2, Insightful)

Seor Jojoba (519752) | more than 4 years ago | (#31433128)

As far as I can tell, Cisco wasn't involved in the decisions. It looks like the writer went to the two ISPs for comment, but came up dry--well, except for that one anoymous comment. Then the writer asked Cisco what they thought about the whole thing to fill out the piece. Probably the ISPs are afraid of being targeted in retaliation and want to keep a low profile.

Zeus shall have his revenge! (1)

ae1294 (1547521) | more than 4 years ago | (#31433386)

When the gods are at war it is us, mere mortals who suffer because of it. Ye best beware the Ides of March [wikipedia.org] will soon be upon us!

Re:Zeus shall have his revenge! (0)

Anonymous Coward | more than 4 years ago | (#31433482)

These guys? [wikipedia.org] Ye gods! Help us!

Re:Zeus shall have his revenge! (1)

ae1294 (1547521) | more than 4 years ago | (#31433608)

These guys? Ye gods! Help us!

What? no no, The God Mars isn't into that crap! Zeus is planing to fuck up Silverstein's concert this coming 15th down at the Jersey shore. You know, the post-hardcore band with that song, The Ides of March? It's track #3 on their full length studio album, Discovering the Waterfront. Mars really digs them, loves to get totally wasted, get in brutal fights and steal lose women from their punk-ass boyfriends while at their shows...

Haven't you been keeping up with all this? We're talking about the Gods for Gods sake!

Windows again (-1, Flamebait)

straponego (521991) | more than 4 years ago | (#31433496)

Once again, the summary and the linked article neglect to mention the vulnerable OS. Once again, it's Windows. I guess that goes without saying, but it really seems like there's a widespread agreement to refrain from mentioning Microsoft or Windows in articles on viruses and botnets. Seems to me that mentioning the targets, and how to secure them, would be integral to any such story. It could be one sentence and a link, fer chrissakes.

Re:Windows again (5, Insightful)

cdrguru (88047) | more than 4 years ago | (#31433528)

The target is a "user". Anyone that doesn't understand system administration and security that is left alone with a computer can defeat anything that the OS does. If your grandma wants to install something like WeatherBug on Linux and the software to do this exists, she will succeed. If it requires root access and she has it, she will provide it in copious amounts for the malware application. Whatever is needed will be provided. Because she knows she wants to install this, for some utterly unknown reason.

Now, if you have a computer that it is impossible for the user to install stuff on, well then you have a much more secure platform. Unfortunately, this requires an administrator for those cases where something is really needed and actually should be installed. Once the user and the administrator are the same person, you have just lost any semblance of security.

99% of the Windows machines in homes out there do not have an administrator other than the user themselves. If these were magically replaced by Linux machines with the same administrator, this wouldn't solve anything. Sure, the user would need to do sudo or su in order to really screw things up, but if the application they thought they wanted to install asked for it, they would do it.

Re:Windows again (3, Informative)

cortesoft (1150075) | more than 4 years ago | (#31434788)

Now, if you have a computer that it is impossible for the user to install stuff on, well then you have a much more secure platform.

What you have is a damn iPad

As will become more and more apparent... (2, Insightful)

cdrguru (88047) | more than 4 years ago | (#31433504)

The only way to truely combat cybercrime is to just cut the connection.

When you have a country that willingly harbors criminals - just because they are attacking someone else - the problem ceases to be one of law enforcement or diplomacy. Sure, you can try to send some cops over there and see what can be accomplished. For the most part, not much.

The key is that if Russia, Bulgaria, Romania or whereever wants to have "Internet freedom" for their citizens where they can do whatever they heck they want without any consequences, the only possible response is for everyone else on the planet to just agree to pull the plug.

Now, so far it has been impossible to make this happen. Nobody has cared enough because "well, it is just some virtual land called cyberspace." For the most part, law enforcement doesn't care if people are robbed in cyberspace - it isn't really their jurisdiction. There is no global cop that can go anywhere to track down cybercriminals, and in most of the world a request to please go down and arrest someone because they committed a crime somewhere else is met with guffaws and snickers. So as long as your local law enforcement was willing to turn a blind eye to your activities, you could pretty much get away with anything.

And believe me, in most of the world today, law enforcement has a lot better things to do than deal with any sort of computer crime. So there are zero consequences. Something a lot of people have learned over the last 15 years or so. Of course a few Unix geeks knew that since 1980 or so.

Now, if this sticks and if it can be repeated - both of which are highly doubtful - we might actually get somewhere in having some real consequences for bad actions on the Internet. But I suspect this will all be put back together next week (if not sooner) and there will continue to be zero consequences. Keep this in mind, because if you annoy someone enough on the Internet there is a chance they already know there are no consequences in most of the world. Lori Drew is a case in point. They really wanted to nail her for something, anything. But the rule of cyberspace wins out in the end. The physical world has real consequences, the virtual world has only virtual consequences.

Re:As will become more and more apparent... (2, Insightful)

Plekto (1018050) | more than 4 years ago | (#31433630)

The only way to truly combat cybercrime is to just cut the connection.

What will end up happening is that there will be several chunks of the "Net". So Nigeria can do its own thing(as an example). There's absolutely nothing to keep other countries from yanking the plug on anyone that they want as soon as it crosses their borders. "We don't like you - get lost" seems like a fairly effective way, especially for countries that lack a proper satellite infrastructure and have to rely on optical and metal/copper wire connections to get in and out.

Often this boils down to as few as 2-3 main optical cables. Cut those at the border and they're in the dark. People are exactly correct that this is a political problem. The countries of the world that have the power need to flex their muscles and deny those who don't police their own traffic adequately a chance to participate. Now, I'm all for freedom and all of that, but it's like having a town meeting and one guy in the back with Tourette's keeps screaming at the top of his lungs. Sensible people politely push him out the door, lock it, and proceed with the meeting.

I bet even a week without any net in most countries would suddenly get a few thousand police mobilized and start kicking down doors. But as it is, without any stick, there's no incentive for them to do anything at all about it.

Re:As will become more and more apparent... (1)

Culture20 (968837) | more than 4 years ago | (#31433900)

it's like having a town meeting and one guy in the back with Tourette's keeps screaming at the top of his lungs. Sensible people politely push him out the door, lock it, and proceed with the meeting.

Sensible and caring people would muzzle him so that he could still listen and participate (via writing or sign language), you NARGIN FLARGIN WERTHERS CANDIES!

Re:As will become more and more apparent... (1)

Plekto (1018050) | more than 4 years ago | (#31434230)

Sensible and caring people would muzzle him so that he could still listen and participate (via writing or sign language), you NARGIN FLARGIN WERTHERS CANDIES!

Heh. But, seriously. They can't get internet, but they do have news feeds and newspapers and all of the non-digital technology at their disposal, so it IS a bit like they can effectively only listen to part of what's going on until they stop trying to ruin it for everyone else.

Re:As will become more and more apparent... (1)

!eopard (981784) | more than 4 years ago | (#31434958)

Did you just advocate the ACTA, but on a much larger scale?

Re:As will become more and more apparent... (1)

vajorie (1307049) | more than 4 years ago | (#31433932)

When you have a country that willingly harbors criminals - just because they are attacking someone else - the problem ceases to be one of law enforcement or diplomacy. Sure, you can try to send some cops over there and see what can be accomplished. For the most part, not much.

The key is that if Russia, Bulgaria, Romania or whereever wants to have "Internet freedom" for their citizens where they can do whatever they heck they want without any consequences, the only possible response is for everyone else on the planet to just agree to pull the plug.

That sounds quite familiar but I cannot... Oh, wait!

And these ISP's other customers...? (3, Insightful)

J'raxis (248192) | more than 4 years ago | (#31433544)

There seems to be an implication that Troyak and Group 3 were somehow complicit with all this botnet activity, yet no such claims are actually being explicitly made - just that the ISPs have been "associated" with these botnets, whatever that means.

Did these ISPs have legitimate customers who have now been cut off because of the criminals alongside them on the ISP's network? Was the ISP asked to deal with the situation first, and either ignored or refused such requests? If these ISPs were fronts for the botnet owners, where's the evidence? Did someone just think, oh, there are a bunch of bad guys on this ISP; let's cut the whole thing off and fuck the rest of their customers?

This action sounds like the IT equivalent of a government blowing up an entire city block because a couple terrorists are renting an apartment there.

If these ISPs have legitimate customers, hopefully they sue the hell out of the upstream for this.

No Longer Vigilantism? (1)

IonOtter (629215) | more than 4 years ago | (#31433592)

In the past, when this sort of thing has been suggested, the cries of "vigilante" and "lawlessness" were cried from the highest mountaintops, and the lowest swamps of the Internet. And anyone who actually DID anything was pilloried and run out of town on a rail.

[sarcasm] What changed, I wonder? [/sarcasm]

Now that the losses are in the hundreds of millions, in several dozen different currencies, those same voices seem to have lost their enthusiasm.

Re:No Longer Vigilantism? (2, Informative)

Anonymous Coward | more than 4 years ago | (#31433748)

The Internet Death Penalty is older than Slashdot and even older than some Slashdot users. The internet is based on huge number of peering agreements, agreements which can be made, changed and terminated. The structure of the internet changes all the time. Take a look at the BGP updates if this interests you. One of the reasons for depeering is "you're causing us too much trouble, so we don't want your business anymore." Then the shunned ISP has to find another uplink. Sometimes no other ISP wants to act as uplink for an ISP with a bad reputation and the bad ISP can't get back online. That's the IDP. There's nothing lawless or vigilante about it.

Re:No Longer Vigilantism? (1)

John Hasler (414242) | more than 4 years ago | (#31433916)

It isn't "vigilantism" to choose to cease doing business with someone. If these ISPs feel that there was a breach of contract they can sue.

YRO (0)

bl8n8r (649187) | more than 4 years ago | (#31433688)

Nobody likes to see crooks get away with being crooks but keep in mind if you are championing the forced removal of content like this, then you are also championing the removal of any content deemed objectionable by a governing body.

Re:YRO (2, Insightful)

Anonymous Coward | more than 4 years ago | (#31433742)

Nobody likes to see crooks get away with being crooks but keep in mind if you are championing the forced removal of content like this, then you are also championing the removal of any content deemed objectionable by a governing body.

Please drop the strawman and move away slowly.
Botnets are NOT content.

Re:YRO (1)

Dan541 (1032000) | more than 4 years ago | (#31434252)

Absolutely, at the end of the day I would rather just deal with a few more spam emails.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>