Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Drops Suit Against Firm In Botnet Case

samzenpus posted more than 2 years ago | from the on-second-thought dept.

Botnet 49

wiredmikey writes "Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet. In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits. 'Since the Kelihos takedown, we have been in talks with Mr. Piatti and dotFree Group s.r.o. and, after reviewing the evidence voluntarily provided by Mr. Piatti, we believe that neither he nor his business were involved in controlling the subdomains used to host the Kelihos botnet,' blogged Richard Domingues Boscovich, Senior Attorney for Microsoft's Digital Crimes Unit. 'Rather, the controllers of the Kelihos botnet leveraged the subdomain services offered by Mr. Piatti's cz.cc domain.' In regards to Kelihos, Boscovich said Microsoft is continuing its legal fight against the 22 'John Does' listed as co-defendants in the lawsuit."

cancel ×

49 comments

Defamation, anybody? (1)

Anonymous Coward | more than 2 years ago | (#37887248)

That's a serious accusation to make, especially when lacking in adequate evidence to support such a claim.

FTA: As part of the settlement, Piatti agreed to delete all the subdomains used to either operate the Kelihos botnet or for other illegitimate purposes or to transfer those subdomains to Microsoft. In addition, Piatti and dotFree Group will work with Microsoft to implement best practices to prevent abuse of free subdomains and use these best practices to establish a secure free Top Level Domain as they expand their business going forward.

What exactly does Piatti get in exchange for the damage to his company's reputation?

Re:Defamation, anybody? (2)

khallow (566160) | more than 2 years ago | (#37887424)

There are two things to note here. It looks similar to plea bargains in criminal court cases where the defendant pleads to a lesser offense in exchange for cooperation on other targets of investigation. Second, we don't actually know that Piatti was innocent of these charges. The mere fact that they're acquiescing so readily tells me that they probably were looking at serious charges, even if the original ones were pure slander (and those may well have not been!).

Re:Defamation, anybody? (1)

realityimpaired (1668397) | more than 2 years ago | (#37887510)

Or maybe that they were acting in good faith and were unwittingly helping the botnet people do their nefarious work, and that now that they have egg on their face, they welcome the chance to have help establishing procedures that would prevent it from happening again?

Never ascribe to malice that which can adequately be explained by incompetence.

Re:Defamation, anybody? (1)

khallow (566160) | more than 2 years ago | (#37887606)

Never ascribe to malice that which can adequately be explained by incompetence.

And never ascribe to incompetence that which can be explained by self-interest.

Re:Defamation, anybody? (4, Insightful)

Runaway1956 (1322357) | more than 2 years ago | (#37887672)

What does Piatti get? He gets a bot-free business. Damage to his company's reputation? That's HIS problem, seeing that he carelessly allowed his domains to be used for bot-netting. He caused the damage himself, by way of neglect.

I don't even like Microsoft, and I resent the fact that you have forced me to defend Microsoft. FFS, AC, have you no sense at all? If the White House were to come under cybernetic attack, and the majority of those attacks appeared to originate from my house, you bet your ASS that the Secret Service will be knocking on my door, with a battering ram! They will confiscate every electronic device I own, they will confiscate my ass, and they will publicize my arrest around the world.

In which case, I will be solely responsible for the "damage" to my reputation, for having failed to secure my computers.

Re:Defamation, anybody? (2)

bill_mcgonigle (4333) | more than 2 years ago | (#37887934)

In which case, I will be solely responsible for the "damage" to my reputation, for having failed to secure my computers.

No, you'd be solely to blame for the failure to secure your computers, but you wouldn't be responsible for the attack which is the action of an unassociated third party - you'd not be guilty of aiding them or being part of a conspiracy. http://en.wikipedia.org/wiki/Mens_rea [wikipedia.org] Perhaps people would do a better job at security if this was different, but that has large risks as well.

The more troubling bit to me, though, is that you feel that if the White House's computers respond poorly to a certain pattern of signaling on a wire, they're justified in sending men with guns to your house and violently breaking in.

Have we abstracted away common sense?

Re:Defamation, anybody? (0)

Anonymous Coward | more than 2 years ago | (#37888658)

There is a world beyond criminal law, you know. This article, for example, does not fall under criminal law. Thus, Mens rea does not apply (assuming, of course, wikipedia is correct).
A quote for the lazy:
"In civil law, it is usually not necessary to prove a subjective mental element to establish liability for breach of contract or tort, for example."

Re:Defamation, anybody? (1)

bill_mcgonigle (4333) | more than 2 years ago | (#37895638)

You really think that a cyber attack on the White House is going to be prosecuted in civil court?

I'm not arguing that it shouldn't be, but I'm certain it won't be.

Re:Defamation, anybody? (1)

adolf (21054) | more than 2 years ago | (#37891276)

Meh. A lot of things respond poorly to various patterns.

Walking into a bank with a hand in your pocket and a demand for money elicits a poor response.

Escalating a disagreement with another person to the extent of dismemberment elicits a "poor response," and the jury won't care who was "right."

And sending a certain pattern of signalling to the White House's computers will also elicit a poor response, just as setting the pins on a lock (which does not belong to you) in a certain orientation may bring about a "poor response."

It's not that common sense is too abstract. It's that it's not being applied properly to computer crimes.

Re:Defamation, anybody? (2)

peppepz (1311345) | more than 2 years ago | (#37888652)

This is not the way things work in a state of rights. In particular, you usually can't get arrested for things you haven't done.

In some countries, unjustly accusing people of having committed a crime is itself a crime.

Re:Defamation, anybody? (1)

ozmanjusri (601766) | more than 2 years ago | (#37888690)

you bet your ASS that the Secret Service will be knocking on my door, with a battering ram!

Doesn't it worry you that you're endowing a private (and frequently predatory) company with government responsibilities and powers?

The US Secret Service has a mandate to protect your nation's leaders, visiting world leaders, national special security events, and the integrity of the nation's currency. Microsoft has a mandate solely to take money from you, yet you're giving them virtual search and seizure powers.

Re:Defamation, anybody? (1)

Runaway1956 (1322357) | more than 2 years ago | (#37891452)

Actually, no. I haven't researched just how they identified the botnet. It's possible that they exceeded any reasonable authority to do so. But, once the botnet was identified, it seems that they went to court, seeking reparations, and to shut the net down. That much seems reasonable. I would do as much. Search and seizure? It would seem that the court did that, after being presented with some reasonable evidence.

As I already said, I don't even like Microsoft. But, I can't go for mindlessly bashing Microsoft, either. It appears that MS was doing the right thing this time around, by stopping a botnet.

Re:Defamation, anybody? (0)

Anonymous Coward | more than 2 years ago | (#37892302)

Doesn't it worry you that you're endowing a private (and frequently predatory) company with government responsibilities and powers?

That has already been the trend the US government has been working on over the past decade. Department of Homeland Security employs several private security and data gathering firms to do a lot of their spying and information gathering. These companies are granted special powers in emergency situations and do not have to answer to the federal government at all. They also don't have to repond to FOIA requests and can keep their information completely concealed from the public.

Re:Defamation, anybody? (1)

Xest (935314) | more than 2 years ago | (#37893746)

"If the White House were to come under cybernetic attack, and the majority of those attacks appeared to originate from my house, you bet your ASS that the Secret Service will be knocking on my door, with a battering ram!"

Cybernetic attack?

If it was a cybernetic attack then I think the secret service would have more to worry about than you as I suspect it would look more like Rise of the Machines than it would Hackers.

Yes this is just a typical Slashdot pedant post, I just couldn't help but point out that cybernetic != cyber.

Usual Slashdot response (2, Insightful)

SharkLaser (2495316) | more than 2 years ago | (#37887250)

The usual Slashdot response is to put a bullet into botnet owners heads or nuke them from orbit, no questions asked. Well, in this case there would be an innocent man dead. It just shows it isn't always so easy to find them.

Re:Usual Slashdot response (-1)

Anonymous Coward | more than 2 years ago | (#37887264)

Microsoft now has the egg on their face, and must receive this bullet

Re:Usual Slashdot response (1, Funny)

Anonymous Coward | more than 2 years ago | (#37887312)

According to the Source Code of Hammurabi both parties should be killed, just to be sure.

Re:Usual Slashdot response (1)

shutdown -p now (807394) | more than 2 years ago | (#37888208)

Isn't that the part where you throw both parties in the river, and the one that doesn't drown is guilty?

now-defunct Kelihos bonnet (1)

Anonymous Coward | more than 2 years ago | (#37887274)

Damn that evil headwear!

Re:now-defunct Kelihos bonnet (0)

Anonymous Coward | more than 2 years ago | (#37887336)

There's a bee in my bonnet!

Re:now-defunct Kelihos bonnet (1)

Nidi62 (1525137) | more than 2 years ago | (#37887482)

There's a bee in my bonnet!

There needs to be another t in your bonnet, too

Operating Systems (1)

jimpop (27817) | more than 2 years ago | (#37887292)

I wonder what OSes Mr. Piatti uses. I wonder they will be the same ones next year.

What are you implying? (1)

Anonymous Coward | more than 2 years ago | (#37887386)

So what exactly are you implying here? Say it flat out. Don't pussyfoot around it. Instead of making indirect accusations, man up and actually say exactly what we all know you're trying to say.

Re:What are you implying? (1)

kermidge (2221646) | more than 2 years ago | (#37887516)

Man up? Might be a more credible exhortation if not posted AC, no?

Re:What are you implying? (0)

Anonymous Coward | more than 2 years ago | (#37887748)

The GP's request is perfectly valid and credible regardless of the name that's attached. After all, it's the message that matters, not who delivers it.

We're all still waiting for "jimpop" to act with honor and state his accusations clearly, by the way.

Re:What are you implying? (1)

bill_mcgonigle (4333) | more than 2 years ago | (#37887864)

Man up? Might be a more credible exhortation if not posted AC, no?

OK, 'kermidge' (don't get me wrong, I find an AC slapfight as funny as anybody else).

Re:What are you implying? (1)

kermidge (2221646) | more than 2 years ago | (#37889396)

Hi, Bill. Thanks; sorry 'bout the snark, was only into second cuppa, and couldn't resist.

I've been using "kermidge" for a decade, there's only one other on the 'net that I've found (and I'm not sure about him), but there are thousands with my "real" name.

Re:Operating Systems (0)

Anonymous Coward | more than 2 years ago | (#37887594)

Why do you think it has anything to do with OSes? Guy runs a hosting company, and the BotNet controllers were using sub-domains he offers.

Re:Operating Systems (-1, Troll)

Runaway1956 (1322357) | more than 2 years ago | (#37887682)

MS will leverage whatever information they have to ensure that the domains are hosted on WINDOWS computers. GP's question seems reasonable to me. MS would rather give away a Windows Server license or ten, than to see the server running any other OS. MS would rather see Windows pirated, than to see kids learning how to use a real operating system.

Re:Operating Systems (1)

Bungie (192858) | more than 2 years ago | (#37892396)

No, Microsoft really doesn't give a sh*t about which OS is used to host a bunch of DNS servers, and they don't give away Window Server licenses to any company because that's their biggest money maker: selling their server products to corporations.

MS could care less about home users pirating a $130 copy of Windows 7. The real money is in selling $1000+ server licenses to companies for many servers, as well as having to buy things like seat licenses and other expensive server products (like SharePoint). Plus those companies also have to purchase "professional" level Windows clients for their workstations which connect to their servers. That's why they regularily audit corporations and organizations for license compliance in person, and invent schemes like WGA Validation to handle the home users who they don't have time to care about.

Re:Operating Systems (1)

Runaway1956 (1322357) | more than 2 years ago | (#37892512)

http://www.google.com/search?cx=w&sourceid=chrome&client=ubuntu&channel=cs&ie=UTF-8&q=microsoft+donate+Windows [google.com]

Of those hits, this one seems to be more to the point than the rest I've looked at:
http://www.encludeit.org/node/2494 [encludeit.org]

There is nothing that "MS could care less about" when it comes to computing. MS has engaged in one of the biggest social engineering experiments in history. They are actively engaged in conditioning children worldwide, to use Microsoft products.

So, yes, they would rather give away a copy of Windows, than to see that computer running Linux, Unix, Mac, or any other operating system. Teach them early, if possible, but teach them whenever possible, that Windows is the one and only operating system!

"the now-defunct Kelihos bonnet"? (1)

Anonymous Coward | more than 2 years ago | (#37887302)

Surely that should be botnet, not bonnet. Turn off autocorrect.

Re:"the now-defunct Kelihos bonnet"? (1)

Mathness (145187) | more than 2 years ago | (#37888596)

Nah, it is part of car analogies often used on /. :D

Re:"the now-defunct Kelihos bonnet"? (1)

Smallpond (221300) | more than 2 years ago | (#37890600)

They slammed the door on this lawsuit. It crashed and burned.

Microsoft is the judge now? (1)

Anonymous Coward | more than 2 years ago | (#37887320)

"Microsoft has dismissed a lawsuit

I had no idea Microsoft was that powerful - isn't it normally judges who dismiss lawsuits?

Re:Microsoft is the judge now? (1)

Lexx Greatrex (1160847) | more than 2 years ago | (#37887484)

The author should have written "settled" instead of "dismissed". All around this is a badly summarized article verging on "Troll" status. Surprised it got through? Nope.

No apology then (2, Insightful)

folderol (1965326) | more than 2 years ago | (#37887330)

We falsely accused you, maybe made a sizable dent in you business, but that's OK. We're Microsoft and beyond all possible reproach.

Re:No apology then (2, Informative)

Anonymous Coward | more than 2 years ago | (#37888028)

I'ts not a false accusation. The standards for malicious prosecution are actually quite high, and would require evidence of either severe incompetence or willful and reckless disregard for the truth.

However, since the botnet was controlled through their hosting services, it'll be a case of an acceptable interpretation of the information they had, and not punished.

Microsoft's apology probably goes something like this "Hey, sorry you weren't actually doing it yourselves, but just foolishly sold your services to them which they used to cause severe damage to lots of people, gee, I hope they don't sue you for negligence or anything."

Re:No apology then (1)

AftanGustur (7715) | more than 2 years ago | (#37892726)

I'ts not a false accusation. The standards for malicious prosecution are actually quite high, and would require evidence of either severe incompetence or willful and reckless disregard for the truth.

However, since the botnet was controlled through their hosting services, it'll be a case of an acceptable interpretation of the information they had, and not punished.

If microsoft woudl just have looked at the "information they had" they would have figured out in 10 minutes that

A) the IP addresses of the bothet controllers did not belong to the company dotFree Group SRO and
B) The subdomain cz.cc used by the botnet controllers, is a free DNS service that anyone can use.

If you turned the table and accused Microsoft of something similar based on the same "evidence", you can be sure that Microsoft would sue you out of existence.

owned much? (0)

Anonymous Coward | more than 2 years ago | (#37887436)

Anyone can get a .cz.cc subdomain. Try it yourself: http://www.nic.cz.cc/index.php

Did they not even visit the webpage and realize this?

Re:owned much? (0)

larry bagina (561269) | more than 2 years ago | (#37887486)

is go.at.se.cz.cc taken?

Late to the party again Slashdot? (0)

Anonymous Coward | more than 2 years ago | (#37887536)

Is it just me or are stories on Slashot coming in on time delay? This was news a while ago, now this story is in syndication.

Bonnet ?! (0)

Anonymous Coward | more than 2 years ago | (#37887574)

Wow! That's a low even for MS: suing people for wearing bonnets ?!

Open court (1)

AHuxley (892839) | more than 2 years ago | (#37888500)

Would have seen much code and skills on display as a set of older OS's and a few new ones where examined?
The public face of MS's security experts been cross examined ...

Just what is Microsoft suing them for? (0)

Anonymous Coward | more than 2 years ago | (#37888562)

Someone remind me again how Microsoft has standing to bring actions in courts against these alleged botnet owners? I mean, what specific harm are they suffering?

Re:Just what is Microsoft suing them for? (1)

AHuxley (892839) | more than 2 years ago | (#37888604)

Just like in old Europe, a black Mercedes van pulls up.
Men in black leather coats run up stairs and demand to see your license agreement with Microsoft ....

Re:Just what is Microsoft suing them for? (1)

cavreader (1903280) | more than 2 years ago | (#37893682)

"what specific harm are they suffering" They are not directly suffering a lot of harm from bot nets. It's the users who get harmed when their computers get botted and used to support criminal activities. The vast majority of these bots spread using social engineering attacks to dupe the users into infecting them selves. Bot attacks also take advantage of poor system administration practices to infect a system. No OS security can totally prevent these types of attacks. MS just seems to be the only IT company sinking money and time into identifying and shutting down the bot nets. This is not the first case of them doing so. What are all the other IT companies doing to address this problem?

Re:Just what is Microsoft suing them for? (1)

Kalriath (849904) | more than 2 years ago | (#37902488)

Actually, Microsoft is part of a consortium of IT companies who are on a rampage trying to find and sue out of existence all the botnet operators. There's an anti-virus vendor or two and possible a couple of major search engines in it as well.

I hate legal articles (1)

AK Marc (707885) | more than 2 years ago | (#37890318)

Micorsoft can't "dismiss" a case. They can "drop" a case (drop being a non-technical term). But "dismiss" is a technical term. Only the Judge can dismiss a case. Microsoft can drop the case by requesting a dismissal, but if the defendants object to the dismissal (and they often do, because to accept it often blocks the "winner" collecting fees from the "loser"), then the judge will likely not dismiss the case. It's like the term "broadband" being misused constantly, with most fiber connections not being technically broadband, even while much faster than 14.4kbps modems (and 9.6 kbps GSM modem speed), which are technically "broadband" in the technical (not FCC) definition.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...