Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DOJ Gets Court Permission To Attack Botnet

samzenpus posted more than 3 years ago | from the getting-the-greenlight dept.

Government 84

itwbennett writes "In an unprecedented move, the Department of Justice (DOJ) and the FBI have been issued a temporary restraining order that will allow the FBI and the US Marshal for the District of Connecticut to set up servers at the Internet Systems Consortium or other ISPs that would stop infected computers from continuing to spread the Coreflood virus, according to court records. This week, the DOJ and FBI seized five servers that controlled Coreflood-infected computers, the DOJ said in a press release. The agencies also seized 29 domain names used by the Coreflood botnet to communicate with the servers."

cancel ×

84 comments

unprecedented? (1)

countertrolling (1585477) | more than 3 years ago | (#35813814)

Not anymore...

What is the price of one piano compared to the terrible crime that's been committed here?

Re:unprecedented? (1, Interesting)

mysidia (191772) | more than 3 years ago | (#35813894)

What is the price of one piano compared to the terrible crime that's been committed here?

Negligible. I say it's fine as long as the feds 'return it' expeditiously when they are done and make certain the owner is fully compensated (erring on the side of overcompensated) for any loss incurred.

For example, if the servers were required to generate $1 million in revenue a day; I would expect the owner to be paid $1 million + 10% for every day the revenue cannot be generated because servers are impounded by law enforcement or not returned to the owner, and repaid any lost long-term revenue caused by the outage.

Re:unprecedented? (0)

Anonymous Coward | more than 3 years ago | (#35814150)

What is the price of one piano compared to the terrible crime that's been committed here?

Negligible. I say it's fine as long as the feds 'return it' expeditiously when they are done and make certain the owner is fully compensated
(erring on the side of overcompensated) for any loss incurred.

For example, if the servers were required to generate $1 million in revenue a day; I would expect the owner to be paid
$1 million + 10% for every day the revenue cannot be generated because servers are impounded by law enforcement or not returned to the owner,
and repaid any lost long-term revenue caused by the outage.

long as there's a 2 million dollar per day fine for running an insecure system i'd be ok with that.

Re:unprecedented? (1)

hydrofix (1253498) | more than 3 years ago | (#35815376)

But you are the one who neglected computer security. I don't think you deserve a penny.

Re:unprecedented? (1)

mysidia (191772) | more than 3 years ago | (#35817490)

But you are the one who neglected computer security. I don't think you deserve a penny.

No. You are the one whose security was defeated by a criminal. You can fix the server, just like you can fix a building's Window after a break-in.

That doesn't give police the right to seize your office pending another burglary attempt (without providing you fair compensation as required by the 5th amendment in order to take/hold your private property for public use.), even if it is suspected the burglar might be using your office as a rendezvous point with his other criminal buddies.

Re:unprecedented? (1)

FatLittleMonkey (1341387) | more than 3 years ago | (#35818238)

That doesn't give police the right to seize your office

Actually it does. Police routinely cordon off crime-scenes during an investigation.

pending another burglary attempt [...] even if it is suspected the burglar might be using your office as a rendezvous point with his other criminal buddies.

And police can certainly act to prevent a crime. For an IRL situation, I doubt they would even need the court-order if they had a "reasonable belief" that a crime was being committed within a building.

Re:unprecedented? (1)

mysidia (191772) | more than 3 years ago | (#35819914)

Actually it does. Police routinely cordon off crime-scenes during an investigation.

Cordoning off the scene of a crime != Seizing innocent people's property.

Last I checked, the police don't come by with a heavy loader, pack up the building/office, and ship it to HQ; leaving the owner with a piece of bare land and no shelter, for months/years, until they are done with their investigation.

Re:unprecedented? (1)

Anonymous Coward | more than 3 years ago | (#35818398)

another BS reason why IT workers need to be unionized and have their right protected. There is no way to predict another break-in unless we have something similar in "Minority Report".

Re:unprecedented? (1)

WrongSizeGlass (838941) | more than 3 years ago | (#35813922)

unprecedented?

The problem is that the existence of a large botnet stealing banking information is not unprecedented.

Governet (3, Informative)

cosm (1072588) | more than 3 years ago | (#35813870)

The Connecticut criminal complaint said a Michigan real estate company lost more than $115,000 to fraudulent wire transfers because of the Coreflood virus. A South Carolina law firm lost more than $78,000, and a North Carolina investment company lost more than $151,000, the complaint said. A defense contractor in Tennessee lost more than $241,000 due to the botnet, the complaint said.

Emphasis mine. I wouldn't expect any less out of firms like this first of all. They really need to change the keyboarding classes in high-school to teach basic do-not-download-stupid-shit classes. And second of all, FTA:

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.

Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35813890)

Hide yo pron hide yo second life.

Second Life? I thought that was basically dead by now...

Re:Governet (1)

cosm (1072588) | more than 3 years ago | (#35813928)

Best slant rhyme I could come up with at the time, maybe

hide yo pron hide yo russian wife

Re:Governet (3, Interesting)

halowolf (692775) | more than 3 years ago | (#35814652)

I logged into that to have a look and it took about 30 seconds before I had some fed pretending to be a teenage girl to start cracking onto me. I logged out and deleted it and never looked back.

Re:Governet (3, Interesting)

ktappe (747125) | more than 3 years ago | (#35813914)

"Botnets and the cyber criminals who deploy them jeopardize the economic security of the United States and the dependability of the nation's information infrastructure," Shawn Henry...said in a statement.

Obviously, the internet is now truly Serious Business. DHS, Ice-Raids, I hate to say it but as other /.ers have said in the past, we are entering the downward slope of the golden age of the internet, the gub'ment is now all up in our intertubes for good. Hide yo pron hide yo second life.

The internet has been serious business for a while, in case you've not been paying attention. The "gub'ment" is in the intertubes by necessity. Let's not blame this on the gov't.....it's those stealing hundreds of thousands of dollars who ruined it, not Washington.

Re:Governet (3, Informative)

cosm (1072588) | more than 3 years ago | (#35813956)

I was being a bit satirical, I do understand the important global ramifications of our great communication medium, but I still split the blame equally between evil botnet operators and poor IT practices. I would agree that the necessity for government intervention is there, albeit with things like the Patriot Act and aforementioned ICE-raids I get leary when things like this start to set precedents.

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35819054)

So the next time they do it the botnet is programmed to wipe those millions of PC when they either get the wrong termination code or don't receive required input after a period of time? The government isn't competent enough to make the right choices behind these things. Wait till millions of PCs are dead in the water and the government just claims it was unanticipated and it is your fault not backing up your computer.

Do you know what millions of dead computers at once brings to the businesses and individuals concerned, let alone the economy?

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35822288)

We only need the government because busineses permit bad practices. The best thing we could do is step back and make businesses liable for failing to develope or use secure computing software. Generic software should not be used (ms windows).

Re:Governet (4, Insightful)

hairyfeet (841228) | more than 3 years ago | (#35814190)

Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else. Example follows:

Last week a customer needed to pay me for a cleaning on a machine I built him nearly a month ago. Did I leave him unprotected? did I not harden the machine? NOPE, total PEBKAC. When the AV practically threw itself in front of him trying to install the "new Limewire" a hacked Limewire ripoff he uninstalled it so it would "shut up" and let him have his bugs. Well he got it alright, more than 60 bugs running.

Now the ONLY way the government can have ANY effect on that level of stupid is to take away all our rights to run what we want and give us basically "approved disc images" or locked down OSes with app store style "choice" as to what you run.

Because lets be honest folks: the government can shut down botnets until the cows come home, but from THAT level of stupid, as shown above? Hell they might as well be pissin in the wind for all the good it will do. I mean how can you even attempt to stop something that all they have to do is print the equivalent of "free candy" on the side to get morons to ignore their AV and everything else just so they can install malware onto their own machines? Short of baby proofing the world how can you stop super stupidity without taking choice?

Re:Governet (1)

zach_the_lizard (1317619) | more than 3 years ago | (#35814338)

I've dealt with the same thing. I clean off computers for clients with dozens of toolbars and spyware that they installed themselves. When they say they didn't do it, I download a simple program and ask them to install it. The program will have a checkbox for "Would you also like to install this (toolbar | spyware)? They are simply amazed and stunned when I point that out, but worst of all they continue doing it. Simply reading the plain English would prevent most of this crap.

I remain convinced that most people cannot or will not read anything present on a computer screen.

Re:Governet (1)

TENTH SHOW JAM (599239) | more than 3 years ago | (#35814472)

I remain convinced that most people cannot or will not read anything present on a computer screen.

This is because of the too easy use of the modal popup. A popup is very easy for a programmer to create and deploy, but it gets in the way of what I am doing now. So the question asked by the user is not "What options should I select on this pane to achieve optimal results for me?" but "How do I get rid of this and back to what I want to be doing?"

I would love to see installers/programs in general avoid using them. Even if it means users are staring at a"broken program" that needs configuring the first time it is opened. Not with a helpful wizard, but with appropriate preference dialogs. This would mean an install would be

1. Run Executable.

2. Be informed by some scrolly that installation was successful.

3. Open program and start configuring.

Re:Governet (3, Insightful)

c6gunner (950153) | more than 3 years ago | (#35814418)

Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else.

Frankly, so what? The question isn't "whose fault is it", the question is "how do we stop it". If you answer is "stop people from being stupid", then you obviously don't live in the real world.

It's equally valid to say that 90% of people who fall for pyramid schemes or various other types of fraud are also being stupid. We still do our best to stop fraudsters from victimizing people, or punish them when they do. Whether you like it or not, we as a society have decided that pursuing criminals is a worthwhile endeavor. If you can't live with that, I hear Somalia is much more lax about such things ...

Re:Governet (1)

CCarrot (1562079) | more than 3 years ago | (#35818446)

Yes in a way we CAN blame it on the government, because it ultimately comes down to "can you baby proof the world?". Because as someone who cleans these things for a living I can tell you a good 90% of infections are from users being dumbasses and NOTHING else.

Frankly, so what? The question isn't "whose fault is it", the question is "how do we stop it".

But the granddaddy question of them all is "how do we stop it without penalizing the other 90% of the world who are not dumbasses."

I believe that's what the GP was getting at.

(and I know, 90% is a pretty optimistic number, but anything else is just depressing...)

Re:Governet (1)

c6gunner (950153) | more than 3 years ago | (#35821342)

Yeah, it's probably more like 20%.

But, regardless, I've never been "penalized" by any such measures. The real question is "how do we stop it without everyone wetting their pants over it despite the fact that the vast majority of them will never be negatively impacted". I agree that it's important to keep their power in check, but it's ridiculous to start pulling the Chicken Little act because the government is targeting some botnets, and it's even more ridiculous to claim that it will "penalize 90% of the world".

Re:Governet (2)

TapeCutter (624760) | more than 3 years ago | (#35814568)

It not about "baby proofing the world" it's about justice; ie: holding fraudsters to account for their crimes no matter how dumb/greedy/ignorant their victims are.

Re:Governet (1)

monkyyy (1901940) | more than 3 years ago | (#35814868)

"he uninstalled it so it would "shut up" and let him have his bugs"
the botnets love him, so dont pick on him or they will come to protect their flock

Re:Governet (1)

monkyyy (1901940) | more than 3 years ago | (#35814878)

also as a side note, never give idiots control should have given him a limited account

Re:Governet (1)

orange47 (1519059) | more than 3 years ago | (#35815246)

I'm not sure if slashdot crowd would agree with your point of view if that AV was Norton, for eg. I'd advice that user to do 'format c:' After reinstalling everything himself, he'll think twice before running unknown .exe again.

Re:Governet (1)

mikelieman (35628) | more than 3 years ago | (#35816128)

Dumb users should have dumb terminals.

Re:Governet (1)

bipedalhominid (1828798) | more than 3 years ago | (#35816324)

You know, that's exactly what we used to give them. Old IBM 3270s, if I remember correctly. They really could not mess up anything but their own Cobol or Pascal assignments. Let's face it, most folks dont want or need or can even handle a real computer. Too much responsibility. Give em all Iphones and Ipads, leave em in the walled garden of Apple apps and these bot nets might be eliminated.

Re:Governet (1)

bipedalhominid (1828798) | more than 3 years ago | (#35816304)

Free Candy, where? I clicked on all those warnings and still got no candy, Waaah Waaaah.

Re:Governet (1)

Runaway1956 (1322357) | more than 3 years ago | (#35817732)

"can you baby proof the world?".

Obviously not. But - those people who permit and/or place their baby in harm's way out of negligence can be fined, or even imprisoned.

I say, if your computer is part of a botnet, you should be fined. It isn't that difficult for your ISP to figure out that 5, 10, or maybe even 50% of your traffic goes to a botnet. (It should have been blatantly obvious to the ISP of the server, not merely detectable!) So, the ISP sends you freindly warning that it appears you have been compromised - and after a week or two, you're STILL actively participating in the botnet.

Turn it over to the cops, they confiscate your computer as evidence, you get a summons, and are charged with a misdemeanor, public nuisance type. I see revenue here - the courts should jump on this!

Re:Governet (1)

Jiro (131519) | more than 3 years ago | (#35818138)

I say, if your computer is part of a botnet, you should be fined. It isn't that difficult for your ISP to figure out that 5, 10, or maybe even 50% of your traffic goes to a botnet. (It should have been blatantly obvious to the ISP of the server, not merely detectable!) So, the ISP sends you freindly warning that it appears you have been compromised - and after a week or two, you're STILL actively participating in the botnet.

This fails because it requires that ISPs be competent and don't mess up when a customer has anything slightly unusual (such as a Linux system). It's too easy for an ISP to say "you're compromised" when you're not, with no way to appeal.

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35814246)

How about the people stealing billions? When will the government go after them? The real criminals get positions at the White House and government bailouts. It's selective enforcement. They go after mid level criminals, but the really nasty guys are given a "get out of jail free card".

Re:Governet (1)

ColdFury (2040946) | more than 3 years ago | (#35815540)

There's been a lot of metaphors drawn between the web and the Wild West.... As the West became more settled, by necessity it became more regulated, less 'Wild'. So has the Internet, as more people 'plug in' and start to embrace it, the more the law enforcement efforts we see aimed at the criminals running rampant on it.

Re:Governet (1)

cavreader (1903280) | more than 3 years ago | (#35816738)

The existing criminal code was written before the arrival of the Internet. When those codes were written I doubt anyone was thinking ahead about needing to police a world wide computer network. I think law enforcement agencies are scrambling to decide if the existing laws and prohibitions are capable of inhibiting criminal actions online.

Re:Governet (4, Insightful)

Gordo_1 (256312) | more than 3 years ago | (#35813972)

OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!

Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?

Re:Governet (1)

AlienIntelligence (1184493) | more than 3 years ago | (#35814376)

OMG, the gub'ment is taking down botnet servers illegally controlling millions of PCs!

Seriously, I'm all for hating on government control, but is what they're doing in this instance so egregious?

I suppose you didn't rtfa or the summary?

They seized servers and domain names.

Seized means, they didn't ask permission.

It wouldn't be sensible to ass-u-me that the
ONLY thing running on those servers was
botnet controls. As well, it wouldn't be the
same to assume the domains were specific
to the botnet.

ie, someone may be suffering financially for
the broad seizure of tangible and intangible
items. THAT would be egregious.

-AI

Re:Governet (2, Informative)

Anonymous Coward | more than 3 years ago | (#35814640)

Asset seizure, both permanent and temporary, is a power granted by both judicial and municipal civil institutions all the fucking time. If you own property on which a crime has been committed, it sucks to be you, but you lose some control over that property while the crime is being investigated. Cities can and do seize and destroy property on grounds of being hazards to the public: environmental, health, criminal, etc. This action is trivially defensible on similar grounds.

Certainly procedures should be established, adhered to, and audited to help ensure this power isn't wielded indiscriminately. But pretending that it has no precedent is either naive or disingenuous.

Re:Governet (1)

AlienIntelligence (1184493) | more than 3 years ago | (#35815150)

Asset seizure, both permanent and temporary, is a power granted by both judicial and municipal civil institutions all the fucking time. If you own property on which a crime has been committed, it sucks to be you, but you lose some control over that property while the crime is being investigated. Cities can and do seize and destroy property on grounds of being hazards to the public: environmental, health, criminal, etc. This action is trivially defensible on similar grounds.

Certainly procedures should be established, adhered to, and audited to help ensure this power isn't wielded indiscriminately. But pretending that it has no precedent is either naive or disingenuous.

Don't you think seizing a server is a bit MORE than
seizing a car, or a house or just about any "single"
thing.

A server is rarely a "single" thing, it's more akin to
a city. So, seizing a CITY to catch ONE criminal is
a BIT much.

You have to understand, I'm not saying that they
were not within rights that they granted themselves.
I'm just saying, it's not really fair, just or however
you want to term it, to have someone else's stuff
taken, when their stuff might be making them a
living. It's not their fault their website was hosted
on the same server that someone was committing
a crime on. But is there really insurance against
that?

-AI

Re:Governet (2)

Zironic (1112127) | more than 3 years ago | (#35815756)

I think you're serverely overvaluing the value of a server, by possibly over half a dozen magnitudes.

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35817540)

Don't forget that the server is hosting a botnet or a botnet controle center, assuming it's completely conpromised is not really a stretch, Having it forced offline is better then the alternative.

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35814772)

It depends on how they handle it. If they just seized the servers and shut out the owners then it could be classed as egregious. If they seized the servers, worked with the owners to cleanse and protect the servers from becoming botnet controllers then its not egregious.

Lets compare this to a real world situation shall we? Company A is (deliberately/accidently) dumping tons of toxic chemicals into a river. This dumping is causing millions of dollars worth of damage due to illnesses/loss of wildlife/etc. Should the government be able to come in and closed down the company to stop the flow? Or does the loss of profits incurred override everything?

Re:Governet (1)

Angostura (703910) | more than 3 years ago | (#35815752)

Seized means, they didn't ask permission.

Yes they did - that's what 'getting a court order' means.

Re:Governet (1)

Runaway1956 (1322357) | more than 3 years ago | (#35817792)

To which I say - tough titty. That someone who may be suffering financially is guilty of aiding and abetting, even if only by negligence.

Re:Governet (1)

AlienIntelligence (1184493) | more than 3 years ago | (#35865218)

To which I say - tough titty. That someone who may be suffering financially is guilty of aiding and abetting, even if only by negligence.

I get the vague impression that those replying
about the servers going bye-bye... really don't
have the slightest clue about how virtual hosting
works.

In the late 90s, we had Pentium 100 boxes with
HUNDREDS of web sites on them. I'm certain
that has scaled a bit now.

So, ONE seized asset, ie, one seized server
that may have been compromised will have as
my prior analogy... a "city's worth" of potential
commerce. And those people depending on
that commerce, have no connection whatsoever
to the malcontents doing the damage to the
server.

And it is on that point that I am saying, the
sweeping take down of servers, is way overkill.

Literally like carpet bombing from WWII.

-AI

Re:Governet (3, Insightful)

afidel (530433) | more than 3 years ago | (#35813994)

When even RSA can be spearfished I'm not so sure I would go all holier than thou on those companies. We do a fairly good job of security at my work but the more idiotproof I make the protections the more they improve the idiots =)

Re:Governet (1)

symbolset (646467) | more than 3 years ago | (#35816046)

"If you make your software idiot-proof, only an idiot will want to use it." - Anon

Re:Governet (2)

phantomfive (622387) | more than 3 years ago | (#35814122)

So what? As long as it is done according to the rule of law, and with proper oversight.....the ones who are going to be hurt here are the ones who are downloading stupid shit and the people who made the stupid shit. Win-win-win for the rest of us.

Re:Governet (0)

Anonymous Coward | more than 3 years ago | (#35814726)

"So y’all need to hide your kids, hide your wife, and hide your husband..."

Re:Governet (1)

hellop2 (1271166) | more than 3 years ago | (#35815932)

How do you illegally "wire transfer" money without being caught? It always seemed to me that it would be easily traceable.

Re:Governet (1)

Even on Slashdot FOE (1870208) | more than 3 years ago | (#35816462)

They charge extra to record the wrong information on their end.

i see, a national problem. (1)

Anonymous Coward | more than 3 years ago | (#35813874)

ok, being a u.s. national issue, is this an all-american botnet?

.~.

Re:i see, a national problem. (1)

symbolset (646467) | more than 3 years ago | (#35816058)

Of course. It runs Windows.

Seizing Domain names (4, Insightful)

icebike (68054) | more than 3 years ago | (#35813910)

This is a total waste of time.
Half the ones they seize are innocent bystanders. The rest are replaced for $16 bucks at some sleezey registrar. Probably most are simply
decoys and the ones of real importance are out of country.

Perhaps the Defense contractor whined, and that finally got the Fed's attention, but it seems to me that various private initiatives (like those by Microsoft and others) have been way out ahead of this.

Why not audit that Defense Contractor's IT procedures and practices. A bot net owning one of their boxes? Seriously?

Re:Seizing Domain names (0)

Anonymous Coward | more than 3 years ago | (#35814048)

This is a total waste of time.

Oh, but is not. Do you think they are going to immediately dismantle that network of sniffers inside ISPs? I'll go with the tinfoil idea that those servers will stay and remain monitoring traffic for the DoJ and the FBI.

Re:Seizing Domain names (1)

icebike (68054) | more than 3 years ago | (#35814118)

You don't need to seize domain names to do that. The ISP wants the sniffers rooted out just as much as the victims.
Don't kid yourself into believing the DOJ/FBI have enough people to actually run a Domain so that no one would notice
its been taken over.

Seizing the domain name has been totally ineffective to date, serving more as a club to beat hapless ISPs than anything else.
Its one thing when you have a pirate warz site. But seizures are now used when ever there is a case with anything to do
with the internet. Even entire hosting companies can be seized with nothing but a bit of paper work.

http://www.zeropaid.com/news/91460/law-professor-points-out-flaws-in-us-domain-seizure-campaign/ [zeropaid.com]
http://www.techdirt.com/articles/20110314/01204913484/more-reasons-why-homeland-security-seizing-domain-names-is-unconstitutional.shtml [techdirt.com]

Re:Seizing Domain names (0)

Anonymous Coward | more than 3 years ago | (#35814204)

Send in drones! Botnets are a problem, a matter of national security! Defcon 9!!! Defcon 9!!! Send a done over the datacenter where the defense contractor has these maladies on the security of the US, and use a drone strike to take out those bad computer servers! No more botnet running from them! Or, you know, the defense contractor could bother with security or something. Its not exactly rocket surgery here. If a nutter with a botnet can make a defense contractors servers bend over and bark like a dog, surely the Chinese can send in a few dozen divisions and analyse what they have on the servers in real time. What kind of defense contractor is it who allows this? One who provides toilet seats guaranteed not to sliver for 1000 poops or a money back guarantee?

Re:Seizing Domain names (2)

PRMan (959735) | more than 3 years ago | (#35816558)

This isn't seizing mooo.com with 86,000 bystanders. These botnets have algorithms which predict the next 1000 domain names they will try. By calculating ahead and seizing them all, the FBI can then control the botnet and issue commands to clean all the infected computers.

Since everything is well-specified, this is EXACTLY what the government should be doing, and how they should be doing it. Bravo! (For once)

Possibly a non-jackbooted response (4, Informative)

russotto (537200) | more than 3 years ago | (#35813966)

I haven't found the order itself, but the request is here [fbi.gov]

If that's what they were granted, it looks remarkably restrained. It actually specifies the servers in question (it's not just a blanket "We get to grab anything we claim is a C&C server, now or in the future").

The part the article seems to be going on about is "A permanent injunction that requires the Defendants to uninstall Coreflood on any computers not owned by the Defendants and authorizes the operation of a substitute command and control server to give effect to the Court's orders;" This is pretty radical, in that it lets the FBI operate the botnet at least in so far as to shut it down. But it doesn't give them any authority over computers which aren't already infected.

Thanks, & here's good info. I got from it... a (-1)

Anonymous Coward | more than 3 years ago | (#35814524)

GOOD INFORMATION, in short!

I.E.-> All the COREFLOOD botnet's "Command & Control" (C&C) servers, &/or bogus name servers it was using (which I verified vs. what's in my HOSTS file here already to block them off, & they were there already, thank goodness!)

So thank you for the information.

This is information anyone can gain by & use in the future, who uses either HOSTS files or firewall rules tables to block out known bogus sites:

COREFLOOD C&C SERVERS + BOGUS NAME SERVERS LIST:

---

0.0.0.0 accounts.nethostplus.net
0.0.0.0 acdsee.licensevalidate.net
0.0.0.0 ads.antrexhost.com
0.0.0.0 a-gps.vip-studions.net
0.0.0.0 brew.fishbonetree.biz
0.0.0.0 cafe.antrexhost.com
0.0.0.0 coffeeshop.antrexhost.com
0.0.0.0 dru.realgoday.net
0.0.0.0 exchange.stafilocox.net
0.0.0.0 f1u.medical_carenews.org
0.0.0.0 imap.nethostplus.net
0.0.0.0 iogon.nethostplus.net
0.0.0.0 ipadnews.netwebplus.net
0.0.0.0 iu.medical_carenews.org
0.0.0.0 jane.unreadmsg.net
0.0.0.0 logon.nethostplus.net
0.0.0.0 marker.anlrexhost.com
0.0.0.0 mediastream.nethostplus.net
0.0.0.0 medical_carenews.org
0.0.0.0 medicalcarenews.org
0.0.0.0 ns1.cyberwatchfloor.com
0.0.0.0 ns1.diplodoger.com
0.0.0.0 ns2.cyberwatchfloor.com
0.0.0.0 old.antrexhost.com
0.0.0.0 onlinebooking.nethost.plus.net
0.0.0.0 onlinebooking.nethostplus.net
0.0.0.0 pop3.nethostplus.net
0.0.0.0 savupdate.1icensevalidate.net
0.0.0.0 schedu1es.nethostplus.net
0.0.0.0 schedules.nethostplus.net
0.0.0.0 spamblocker.antrexhost.com
0.0.0.0 taxadvice.ehostville.com
0.0.0.0 taxfree.nethostplus.net
0.0.0.0 ticket.hostnetli_ne.com
0.0.0.0 ticket.hostnetline.com
0.0.0.0 vaccina.medinnovation.org
0.0.0.0 vaccina.medinnovation.org
0.0.0.0 wellness.hostfields.net

---

& there you are...

APK

P.S.=> Yes - I was ALREADY, protected!

(And, so were my family + friends who use the same HOSTS file, which I give them... it works vs. machinations online like these!)... apk

Re:Possibly a non-jackbooted response (0)

melstav (174456) | more than 3 years ago | (#35816832)

I just read the request you linked. What they're asking for is:

1. A temporary restraining order and preliminary injunction that prohibits the Defendants (a) from using Coreflood to engage in wire fraud, bank fraud, or unauthorized interception of electronic communications, and (b) from running Coreflood on any computers not owned by the Defendants, by authorizing the operation of a substitute command and control server to give effect to the Court's orders;

2. A permanent injunction that requires the Defendants to uninstall Coreflood on any computers not owned by the Defendants and authorizes the operation of a substitute command and control server to give effect to the Court's orders; and

3. Such other relief as the Court deems just and proper.

So, what they asked for was:

  • an order telling the people running the botnet to STOP THAT and to uninstall Coreflood from any computer it's on that they don't personally own,
  • AND permission to take control of the botnet, OSTENSIBLY TO
  • remove the Coreflood software from any infected computers it finds.

Maybe I'm just waving a tinfoil hat, but would you be surprised if, sometime in the future, it comes out that either

  1. The FBI took the opportunity to search the hard drives of any infected computer they find before removing Coreflood.
  2. The FBI never got around to actually removing the Coreflood software from people's computers and maintained control of their C&C server. or
  3. In a separate operation, the FBI actively went out to try to infect MORE systems with Coreflood to expand the impact of (a) and/or (b) above.

In the mean time, you can protect yourself (0)

Anonymous Coward | more than 3 years ago | (#35817008)

COREFLOOD C&C SERVERS + BOGUS NAME SERVERS LIST:

---

0.0.0.0 accounts.nethostplus.net
0.0.0.0 acdsee.licensevalidate.net
0.0.0.0 ads.antrexhost.com
0.0.0.0 a-gps.vip-studions.net
0.0.0.0 brew.fishbonetree.biz
0.0.0.0 cafe.antrexhost.com
0.0.0.0 coffeeshop.antrexhost.com
0.0.0.0 dru.realgoday.net
0.0.0.0 exchange.stafilocox.net
0.0.0.0 f1u.medical_carenews.org
0.0.0.0 imap.nethostplus.net
0.0.0.0 iogon.nethostplus.net
0.0.0.0 ipadnews.netwebplus.net
0.0.0.0 iu.medical_carenews.org
0.0.0.0 jane.unreadmsg.net
0.0.0.0 logon.nethostplus.net
0.0.0.0 marker.anlrexhost.com
0.0.0.0 mediastream.nethostplus.net
0.0.0.0 medical_carenews.org
0.0.0.0 medicalcarenews.org
0.0.0.0 ns1.cyberwatchfloor.com
0.0.0.0 ns1.diplodoger.com
0.0.0.0 ns2.cyberwatchfloor.com
0.0.0.0 old.antrexhost.com
0.0.0.0 onlinebooking.nethost.plus.net
0.0.0.0 onlinebooking.nethostplus.net
0.0.0.0 pop3.nethostplus.net
0.0.0.0 savupdate.1icensevalidate.net
0.0.0.0 schedu1es.nethostplus.net
0.0.0.0 schedules.nethostplus.net
0.0.0.0 spamblocker.antrexhost.com
0.0.0.0 taxadvice.ehostville.com
0.0.0.0 taxfree.nethostplus.net
0.0.0.0 ticket.hostnetli_ne.com
0.0.0.0 ticket.hostnetline.com
0.0.0.0 vaccina.medinnovation.org
0.0.0.0 vaccina.medinnovation.org
0.0.0.0 wellness.hostfields.net

---

Add those, as they are, to your local HOSTS file (in Windows, that's under %Windir%\System32\drivers\etc & Linux it's under your home user etc folder) & you're all set (you can't touch them, & they cannot "talk back to mama/communicate" back to said C&C servers...).

The person whom you replied to's link to this information led me to the actual .pdf files where this information is stored and yes, is publicly available too... I got it from the scanned .pdf files of the gov't.'s request to shut those servers down, & until they do? Protect yourself.

(I already had them in my HOSTS file, I verified said list against it to see IF I HAD THEM ALL, & luckily, I did... so, myself, my family, & my friends who use the HOSTS file I have with over 950,000++ known bad sites/servers/hosts-domain names blocked out in it, worked to protect they, AND myself, already, vs. this malicious threat COREFLOOD!)

APK

P.S.=> Alternately, you can add rules into your firewall rules table but, minus the leading "0.0.0.0" blocking "IP Address"!

(Doable in software firewall in Windows, or IPTables in Linux for example)

You can block them that way too...

OR

IF you have a firewalling router? Those also usually have entries for blocking in their interface for setup also (Linksys units, for example, do)...

I personally just find that editing a text file, HOSTS, is simpler/faster/easier to do (and portable easily across computers & even Operating Systems that use a BSD based IP stack - even ANDROID phones can use HOSTS, because they're a LINUX derivant, in fact...) ...apk

Send in the drones! (0, Troll)

zill (1690130) | more than 3 years ago | (#35813998)

DoJ? Pssh, those guys are too bogged down in red tape.

We should leave this matter to DoD. Instead of deploying the drones in Pakistan, we should target the botnet controllers instead. If we're gonna do extrajudicial killings, might as well target people who actually harm the country.

Re:Send in the drones! (1)

linuxwebadmin (694411) | more than 3 years ago | (#35818648)

I agree.

Targetting the Symptom only (1)

atuk_daud (617073) | more than 3 years ago | (#35814154)

Seriously. This is like taking aspirin for a cold. Doesn't cure anything but makes everyone feel better (except for the side effects, of course). Since they know about it, why not take the step to track down and arrest the 'money' behind it? Seems to me this is grandstanding rather than serious crime busting. And... if they want to do it properly, don't be stupid! Don't tell them you are coming!

Re:Targetting the Symptom only (0)

Anonymous Coward | more than 3 years ago | (#35814668)

Since they know about it, why not take the step to track down and arrest the 'money' behind it?

Because we Americans are stupid and love explosions, but they have to be for FREEDOM, not for, you know, that there technawhazzit stuff.

(AKA, any "cyber" criminal who isn't a complete and utter retard isn't going to be caught inside the US or one of her core allies.)

Re:Targetting the Symptom only (1)

jonwil (467024) | more than 3 years ago | (#35814698)

The money likely flows to places where the US cant touch it like China or Russia.

What they are doing makes a lot of sense in this case.
They are seizing all the domain names all the known variants of the bot are programmed to look for and will be pointing them at a command and control server run by the US government. This server will direct the bot to shut itself off, stop stealing peoples private information
and to stop spreading to other machines.

Tracking the money (1)

symbolset (646467) | more than 3 years ago | (#35816092)

Apparently the defective software that permitted the viruses to run is sold out of Ireland (through the Netherlands and Dutch Antilles in an accounting blind called the "Irish Double-Dutch") by a company headquartered in Redmond, Washington, USA. Many Bothans died to bring you this information.

Re:Tracking the money (0)

Anonymous Coward | more than 3 years ago | (#35817814)

Sadly, not enough botnets died to bring us this info.

Read between the lines here (0)

Anonymous Coward | more than 3 years ago | (#35814168)

This is essentially saying the security of the ISC itself is now unequivocally compromised by the Feds. Before, they had to at least pretend it wasn't.

Oh God (1)

symbolset (646467) | more than 3 years ago | (#35816112)

Next you'll say the Internet itself was a DoD skunkworks project from ARPA. Who would believe that? Time to loosen the tinfoil hat.

slippery slope? (0)

Anonymous Coward | more than 3 years ago | (#35814348)

I wonder if a DA can convince a Judge that TOR or Bittorrent are "criminial botnets".

The ISC is an ISP? (1)

blacklint (985235) | more than 3 years ago | (#35814372)

Internet Systems Consortium or other ISPs

Since when is the ISC an internet service provider?

"Internet Systems Consortium, Inc. (ISC) is a non-profit 501(c)(3) public benefit corporation dedicated to supporting the infrastructure of the universal connected self-organizing Internet—and the autonomy of its participants—by developing and maintaining core production quality software, protocols, and operations." Other than hosting a few Open Source projects, the ISC doesn't act as an ISP to the best of my knowledge.

I guess they mean something to do with the F-root server at ISC and redirecting DNS requests for the control servers? Color me confused, and TFA isn't helping.

Re:The ISC is an ISP? (0)

Anonymous Coward | more than 3 years ago | (#35814592)

ISC provides ISP service to the city of Palo Alto in CA. Or at least they did, until the city pissed off a friend of the ISC... In any case, they do provide some level of ISP service, I just don't think they are a pubic ISP. (IE: they operate as an ISP but you can't get an account there) I imagine this is also in some way related to F root, but it's not like you can subvert the C&C network if you only use one root server...or maybe you can, but that would be weird.

Seems to me that ISC is getting into all kinds of interesting shit these days.

hide ur devices (0)

Anonymous Coward | more than 3 years ago | (#35814526)

hide ur laptops, hide ur PCs, becuz theyz hacking ev'body up in here!

We have to seize the command center (-1)

Anonymous Coward | more than 3 years ago | (#35814638)

that is in control of Obama's brain!!

Are they so incompetent.. (0)

cheros (223479) | more than 3 years ago | (#35815284)

.. they need to steal someone else's botnet to do their spying now?

Just curious..

For THAT the exectutive branch seeks approval (1)

mapkinase (958129) | more than 3 years ago | (#35816030)

For THAT the executive branch seeks approval of one of the other two branches, yet when it comes to real physical war, that, you know, kills people, they do not feel the need.

A new leaf for the US Goverment (0)

Anonymous Coward | more than 3 years ago | (#35816550)

Amazing, the US government asking permission instead of forgiveness?
Maybe they will start getting warrants for wiretaps next, we can only hope.

Spam cut in half last couple of days (0)

Anonymous Coward | more than 3 years ago | (#35816898)

Every morning I have to go through the quarantined spam looking for false positives. I've done this for MANY years now.

There are some days where the spam is wayyy down. Why? I usually can't tell. I did see it drop a little over a year ago when a large botnet was shut down (a US data center was taken off line, if I remember correctly).

In the last couple of days, we've had half the number of spam emails. That's a pretty significant reduction!

No such thing as (1)

Cartman's Mom (1956666) | more than 3 years ago | (#35818566)

District of Connecticut?.......Wha? Is that near the general vicinity of New Yorkland?

Today it's botnets, tomorrow its? (0)

Anonymous Coward | more than 3 years ago | (#35818696)

So, today the feds are going after botnets. How will they eventually distort this in the future to go after you?

Is Coreflood an XP only threat or can it hit W7? (0)

Anonymous Coward | more than 3 years ago | (#35818970)

Is AFcore/Coreflood an XP only threat? Can it also infect Windows 7machines?

If people were kind and fair humaitarian (0)

Anonymous Coward | more than 3 years ago | (#35826884)

We would not have botnets and all this bullshit, 419, boiler houses, politicians changing minds, starting wars stealing oil etc the world is a peaceful place and I would cook food for people less fortunate than me, help children men and women. These cunts have destroyed society, so do not be fooled. I am a humanitarian. Ask yourself the question where do you stand?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...