Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

A Mercenary Approach To Botnets

Soulskill posted about a year ago | from the highest-bidder-gets-your-grandma's-bank-account dept.

Botnet 34

CowboyRobot writes "The incentives are high for many businesses and government agencies to not be too heavy handed in combating the global botnet pandemic. There's money to be had and, with each passing day, more interesting ways are being uncovered in how to package the data, and how to employ it. It used to be that the worlds of bug hunters and malware analysts were separate and far between. In the last couple of years the ability to analyze malware samples and identify exploitable vulnerabilities in them has become very important. Given that some botnets have a bigger pool of victims than many commercial software vendors have licensed customers, the value of an exploit that grants reliable remote control of a popular malware agent is rising in value. In many ways, botnets have become a golden goose to those charged with gathering intelligence on the populations of foreign entities. The bulk of the victim's data is useful for mapping populations, communication profiles, and as egress points for counter intelligence exercises. Then, given how many botnet victims there are, the probability that a few 'interesting' computers will have succumbed along the way is similarly high — providing direct insight in to a pool of high value targets."

Sorry! There are no comments related to the filter you selected.

Who needs privacy? (4, Insightful)

DavidClarkeHR (2769805) | about a year ago | (#45558241)

Great. Slashdot has been subverted by the NSA ... again.

This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

Botnets are aren't bad, mmmkay? (2)

toygeek (473120) | about a year ago | (#45558257)

People have told you how bad botnets are but those people are bad, mmmkay? And if you think botnets are bad, then you're bad, because botnet aren't bad, mmmkay? mmmkay? mmmkay!

Bank robbers need safe crackers (2)

Taco Cowboy (5327) | about a year ago | (#45559219)

People have told you how bad botnets are but those people are bad, mmmkay?

Them NSA are like bank robbers.

They rob away the privacy of HUNDREDS OF MILLIONS OF PEOPLE without even blinking an eye.

Them botnet operators ? They are like safe crackers.

Safe crackers get to crack safes no matter if they are inside the bank vaults or inside somebody's bedroom.

They don't really need bank robbers.

But on the other hand, bank robbers doing a heist may need safe crackers to crack open the vault.

Neither of them are goodie two shoes. but the robbers need the safe crackers more than the other way around.

Re:Who needs privacy? (3, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#45558371)

It's a trifle hard to tell (which is itself a bad sign) whether this is an apologist and/or geek merc, gleefully discussing the exciting opportunities. or a dissident pointing out the absurdly dangerous situation created by a perverse inventive for 'security' entities to tolerate, or even promote, widespread insecurity...

I don't doubt that there are people who take the former stance; but I'd like to stick up for the latter, and would argue that encouraging insecurity is a hubristic and ultimately self-defeating strategy unless you are the cheap, low-tech adversary, rather than the expensive first-world spook shop with the big, rich, tech-dependent economy behind it.

Do spook nerds get off on how much of other people's email they can read? I don't doubt it. Are our spook nerds sure that they are so much better than everybody else's spook nerds that they can compensate for the fact that some people (like, oh, the ones they ostensibly protect...) are far more heavily exposed to the internet, and to IT system vulnerabilities in their personal, professional, and financial activities than are less heavily wired countries; but there are few to no countries so poor that they can't field at least a few modestly competent surveillance geeks.

Why would you knowingly continue a game that everybody can play; but where only some people, you among them, have a significant stake on the table?

Re:Who needs privacy? (1)

mattie_p (2512046) | about a year ago | (#45559369)

So, you just discovered Poe's Law? Bully for you!

Re:Who needs privacy? (1)

flyneye (84093) | about a year ago | (#45560649)

I'm with you, no need to continue to promote a bad thing.
However, I do think those participating willfully in the botnet business, should be made to REPAY losses. Every single cent. If this exceeds their value, the state should extract it in trade for work done to roadways and ditches until every last cent is repaid or the bot supporter dies.
Let's hear it for chaingangs! Tired of being stuck in traffic, watching a dozen bosses regulate the activities of one or two people actually working? Fire 'em and put in road crews from the local prison. They don't even CARE what a botnet is and sure as hell won't either when they're digging a ditch in 100 deg F with a shotgun on their neck and a dog at their heel. Let's turn these bad pennies into an asset. Track em down, extradite them, prosecute them and put them to work, right beside the gangstas. We deserve better roads than we've been getting for our money and fewer computer problems too.

Re:Who needs privacy? (3, Insightful)

Jah-Wren Ryel (80510) | about a year ago | (#45558443)

This time they're trying to push their propaganda on us. "Oh yes, botnets are bad, but oh my, aren't they neat?".

Oh come on, it doesn't read like that at all. All it does is explain why the guys who are supposed to be fighting these things now have incentive to do a really bad job of fighting them. Much in the same way that NSA perverted their own mission statement by weakening crypto standards used by the US government so that they could snoop on anyone using those same crypto standards.

Re:Who needs privacy? (1)

Anonymous Coward | about a year ago | (#45558709)

Guess you missed the part mentioning "foreign entities"? That can come from only one country, the same country whose people used to believe that all men are created equal [wikipedia.org] but over the years through the propaganda machine they've come to believe that "foreigners" should not be treated the same as "citizens."

Re:Who needs privacy? (1)

flyneye (84093) | about a year ago | (#45560709)

You really need to look up legal definitions of things like ; men, monsters, citizens, people, then come back and repost your sentiments
All men may be born equal, but vary in value from a burden to a prize, by their education, accomplishments and disposition. Rather than deport the valueless and burdensome, it is best to deny access to begin with. Nobody said" Give us your poor, we'll take care of them for you and they'll never have to work again, why, they can come here and we'll give them a Cadillac and let them screw our sisters" . In fact the French wrote something mistaken for that on a plaque for a cheapshit copper statue. We didn't say that, but the French can come and take it back, if they don't like it. Better yet, let the seething masses of those yearning to live free, move to FRANCE! If you noticed, Free doesn't even stand for beer anymore.

Re:Who needs privacy? (0)

Anonymous Coward | about a year ago | (#45565805)

You concern is tangential in an ISON making it's closest approach to the sun kind of way.

Re:Who needs privacy? (0)

Anonymous Coward | about a year ago | (#45558537)

It's stating the value, not extolling the virtue. This isn't propaganda. It's a slashdot submission, let's grip something quick.

Re:Who needs privacy? (0)

Anonymous Coward | about a year ago | (#45560723)

You've got a grip, now just move your hand up and down, that's it, now just use your mouth...

The most interesting thing about this article (1)

toygeek (473120) | about a year ago | (#45558243)

Is that I just noticed that CowboyNeal has been replaced by a Robot.

Re:The most interesting thing about this article (0)

Anonymous Coward | about a year ago | (#45558353)

I know you're joking, but CowboyNeal died from a heart attack 3 or 4 years back.

Re:The most interesting thing about this article (1)

EvilSS (557649) | about a year ago | (#45558527)

I know you're joking, but CowboyNeal died from a heart attack 3 or 4 years back.

Somebody should probably let him know [cowboyneal.org]

Re:The most interesting thing about this article (1)

flyneye (84093) | about a year ago | (#45560729)

SHHHHHH, if the NSA find out he's still alive, they'll be spying on him too!

When i come across a botnet (2, Interesting)

Anonymous Coward | about a year ago | (#45558265)

When i come across a botnet, i just tend to shut the whole thing down and collect any bitcoin there is to be had.
Lately many warez release posted on NNTP are packaged with a malware-ish bitcoin miner that connects to a remote pool.
Those privates pools are vulnerable more often than not in some way.

It's always enjoyable to start a new game with a bonus amount of PO :)

Re:When i come across a botnet (1)

flyneye (84093) | about a year ago | (#45560731)

+1 YOU ROCK!

Look, if governments are no longer the good guys (0)

Anonymous Coward | about a year ago | (#45558343)

we shall treat them like the bad guys. I learned French history in school. Did you?

Re:Look, if governments are no longer the good guy (0)

Anonymous Coward | about a year ago | (#45558397)

So you'll surrender?

Re:Look, if governments are no longer the good guy (4, Insightful)

Shakrai (717556) | about a year ago | (#45558401)

we shall treat them like the bad guys. I learned French history in school.

Did you cover the part where the glorious revolution elevated a dictator that that united the whole of Europe against France, got hundreds of thousands of French soldiers killed, and cost France her self-determination for two or three generations? It might be satisfying to root for revolutions where the former powers-that-be get lined up and shot (or guillotined), but they never seem to end real well for the peoples involved.

Re:Look, if governments are no longer the good guy (0)

Anonymous Coward | about a year ago | (#45560749)

Cool, everything has a way of working out right, doesn't it?
Except France wasn't broken up and parted out for the rest of Europe and we still have to tolerate it's silliness and attitude.
Oh well, it wasn't like nobody tried. In retrospect, Hitler wasn't wrong about EVERYTHING and did give us the Volkswagen too.

Re: Look, if governments are no longer the good gu (0)

Anonymous Coward | about a year ago | (#45558419)

How much French history? Didn't go so well the first few years there....

Re: Look, if governments are no longer the good gu (1)

flyneye (84093) | about a year ago | (#45560763)

I like the Mel Brooks version of the history, probably more accurate and a Roman soldier with a giant joint, saves the day with a Miracle.

The logic here is astounding (2)

wbr1 (2538558) | about a year ago | (#45558541)

It is a real shame criminals broke your door in and stole some stuff. However, we recommend leaving your door broken, as it allows us (the good guys, just trust us), to look around and make sure everything is oka and keep an aye on the criminals activity.

Thar be whales! (0)

Anonymous Coward | about a year ago | (#45558659)

My favorite term that explains everything that's wrong with having a CEO who is technologically clueless: whaling [infosecinstitute.com]

mattias nilsson reporting in (0)

Anonymous Coward | about a year ago | (#45558685)

"I'll call you... Lovisa. Let's go kill a whole lot of people now, Lovisa!"

bitcoin (0)

Anonymous Coward | about a year ago | (#45559029)

Oh, I thought they were going to post the silk road web site where you can donate bitcoins to take down the operator/owner of malware/spam and botnets. Maybe next time.

Really? (1)

bmimatt (1021295) | about a year ago | (#45559041)

"combating the global botnet pandemic"
I am responsible for the well-being of close to a hundred servers and run several computers on my home net. Have been for over a decade and I am yet to see one becoming a bot. Hyperbole much?

Re:Really? (0)

Anonymous Coward | about a year ago | (#45559747)

Most bots run on computers that have no one acting responsible for their well-being. The people that own these computers do little to nothing to maintain them. These people are often known by the aliases "grandma", "grandpa", or "boss".

Anecdote versus statistics (1)

dbIII (701233) | about a year ago | (#45560159)

There's apparently a very large number of machines where people don't pay very much attention to their well being and such things have sunk into a malware swamp. That's where most of that vast supply of spam is coming from. I'd say the "hyperbole" is because the number of infected machines is far beyond the dreams of bad SF from a decade or so back.

Is there a major difference... (3, Insightful)

Gordo_1 (256312) | about a year ago | (#45559213)

between so called 'legitimate software' and botnets these days anyway?

Each is used to collect data that can be analyzed for profit in various ways. Legitimate software, you might argue, provides actual value to the end-user, is not surreptitiously installed and doesn't exploit software vulnerabilities. However, if that's all it takes to be legit, then witness the gobs of commercial software (not to mention greyware) out there that fit the definition of 'legit', but in actuality provide only the thinnest veneer of value behind a EULA so broad that it allows the software vendor to pretty much do as they please across your hard drive and Internet connection.

Hypocritite Oath (1)

meerling (1487879) | about a year ago | (#45562169)

Willingly allowing botnets to survive to collect data is much like a doctor with the cure letting a nasty disease to spread just to see who it infects and if anything interesting happens, and maybe loot a few corpses.
It's not the Hippocratic Oath, rather it's more of a Hypocrite Oath.

To those who don't know those two, the Hippocratic Oath is the one doctors take to do no harm. Actually it's a lot more complex than that, but tv writers only use soundbites at best.
http://en.wikipedia.org/wiki/Hippocratic_Oath

As to a Hypocrite, that's someone who indulges in Hypocrisy.
http://en.wikipedia.org/wiki/Hypocrisy
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?