×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

NY Times On Spam Zombies

Zonk posted more than 8 years ago | from the creddiiiiit-caaaaaardssss dept.

Security 166

A discreetly valorous slashdotter writes "The NY Times is featuring a story about the growing armies of spam zombies. It focuses on New Jersey teen spammer Jasmine Singh. Choice quote: 'Hacking in its purest form is not about compensation or about wrecking a Web site. Hacking in its pure form is to show what you can do.'"

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

166 comments

discreetly valorous slashdotter (4, Funny)

Anonymous Coward | more than 8 years ago | (#12905036)

"A discreetly valorous slashdotter writes"

From dictionary.com: valorous - Marked by or possessing great personal bravery; valiant

From the same: discreetly - Marked by, exercising, or showing prudence and wise self-restraint in speech and behavior; circumspect.

Meaning an anonymous coward?

Don't you love sales/marketing speak?

Re:discreetly valorous slashdotter (3, Insightful)

Nasarius (593729) | more than 8 years ago | (#12905308)

Tip: over-explaining the joke makes it not funny. I don't think most of us had to consult a dictionary for that one.

Re:discreetly valorous slashdotter (3, Funny)

bitflip (49188) | more than 8 years ago | (#12905595)

Reminded me of a D Adams quote:

"just as discretion was the better part of valor, so was cowardice the better part of discretion, he valiantly hid himself in a closet"

Subscription Shmubscription (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#12905037)

Does anyone have a link for lazy people like me that can't be bothered registering?

Zombies (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#12905043)

Fuck Taco. Fuck 'im in the asshole with a big rubber dick!

Re:Zombies (0)

Anonymous Coward | more than 8 years ago | (#12905075)

Woohoo right on I agree

Is it something against indians (1, Interesting)

Anonymous Coward | more than 8 years ago | (#12905059)

Is it me or something ? Slashdot is featuring more and more stories against/about indians. First the credit card fraud, ibm transfers job overseas, and now this.

May be we should call this section It is what Indian Technology is.

Re:Is it something against indians (1)

beef curtains (792692) | more than 8 years ago | (#12905155)

The main thing I was wondering about is, what kind of self-respecting Punjabi would name their son "Jasmine?"

Wait, check that: replace "Punjabi" with "individual."

HOLY FUCK! This "Jasmine" is a boy?! (1)

CyricZ (887944) | more than 8 years ago | (#12905186)

Sonofabitch! I didn't know that this Jasmine was actually a boy. Shit! It's no wonder he has to resort to crackery in order to get his shits and giggles. The real boys playing baseball and football would kick his lily ass just because he has such a pansy name.

Re:HOLY FUCK! This "Jasmine" is a boy?! (1)

flyneye (84093) | more than 8 years ago | (#12905654)

best yet,whatever happened to printing the personal info ,pics and addresses of spamholes like jasmine?

NYT link (0, Offtopic)

mabu (178417) | more than 8 years ago | (#12905062)

Hey, you forgot the obligatory, "first born child required for access" - this is the NYT we're talking about, so the link goes to a sign-up screen if you haven't registered.

How disappointing. One of the few things I look forward to on slashdot are how creative the posters can be with maligning the NYT's registration process. Don't let me down!

Re:NYT link (1)

saur2004 (801688) | more than 8 years ago | (#12905469)

Speeking of which, there used to be passwords like cypherpunk:cypherpunk registered in a whole host of places. I wonder if NYT has one in there.

Let me spoil it for you (1)

suso (153703) | more than 8 years ago | (#12905063)

"Hacking in its pure form is to show what you can do.'"

Alright then, given enough time, you can do anything, so there is no need to try. ;-)

Why can't this be stopped ? (1)

zymano (581466) | more than 8 years ago | (#12905073)

ISP's should be held accountable if their users are using windows and using no firewalls.

If ISP's were to be fined then you would see change.

But they aren't so who cares, right .

Re:Why can't this be stopped ? (2, Insightful)

Seumas (6865) | more than 8 years ago | (#12905117)

If the SBL can shot down an entire group of blocks because of one spammer on one IP, then someone should be able to shut down an entire ISP (say, AOL, Earthlink, etc) if they have just one spam-sending zombie. Period.

I mean, what's good for one group is good for the other, right?

Re:Why can't this be stopped ? (2, Insightful)

yog (19073) | more than 8 years ago | (#12905197)

All responsible ISPs have terms of service agreements that strictly prohibit abusive practices such as phishing, spamming, warez and media trading. They reserve the right to terminate anyone's service who is violating these agreements. Beyond that, it's not reasonable to expect the ISPs to be punished for other people's irresponsible or illegal behavior, any more than the car dealer should be punished for selling a car that is used in a bank robbery or the hunting goods store for selling ammo. You can't have freedom and also place that kind of restriction on third parties. That said, service providers such as Verizon are closing certain ports to reduce this kind of attack.

The bottom line is that the software is flawed and should be replaced. That's something that is happening over time; Apples and Linux and other OSes are pretty secure now, and Microsoft is really trying to catch up.

Eventually it will be a lot harder for a 17-year-old to command an army of zombie PCs. In the 1970s, it was incredibly easy to hack into sites via a modem, using easily guessed passwords (guest/guest) because it was such a rare thing even to have a computer and a modem. The teen hackers of that era would be clueless today, just as these punks will be clueless 5-10 years from now.

I don't buy the car dealer analogy. (1)

NextGaurd (844638) | more than 8 years ago | (#12905394)

This is more like a gun dealer who continues to sell bullets to someone when he knows the previous bullets he sold the guy were used for a robbery.

That's beyond being a service provider and closer to being an accessory.

Re:Why can't this be stopped ? (2, Funny)

NextGaurd (844638) | more than 8 years ago | (#12905414)

>>
Eventually it will be a lot harder for a 17-year-old to command an army of zombie PCs. In the 1970s, it was incredibly easy to hack into sites via a modem, using easily guessed passwords (guest/guest) because it was such a rare thing even to have a computer and a modem. The teen hackers of that era would be clueless today, just as these punks will be clueless 5-10 years from now.

Are you kidding? They are probably tomorrow's managers. :)

Re:Why can't this be stopped ? (3, Insightful)

caskey (226047) | more than 8 years ago | (#12905202)

I think everyone is better off when ISPs stay out of the business of controlling customers based upon the type of traffic they're sending or even worse what type of equipment they have. Consider the following two scenarios:

SnoopyISP has a 'we can shut you down based upon the traffic you send' policy. After doing so, they could be set upon to offer this service to RIAA, MPAA, etc, etc. After all, they can't say they can't/won't do it.

SnoopyISP says, "sorry, we don't let anyone who isn't running XP with our approved set of firewall apps running on it.", "But sir, I run linux, no worms here!", "Linux? Isn't that the hacker os? Sorry, we need to be sure that spam zombies don't attack. Therefore you must run UltraFireSoft Anti Hack Pro which we provide for free." "Do they have a Linux version? BSD? OSX? etc?" "Sorry, no, only windows XP. Oh and you need to have their auto-update feature turned on at all times--just to be safe."

I'll take a net where I can pay for network connectivity and get that, and I can pay for email filtering, and get that. I most certainy and emphatically DO NOT want to create inroads (beyond such that may already exist) into ISPs doing traffic or configuration based filtering/management of customers.

Re:Why can't this be stopped ? (1)

Eggplant62 (120514) | more than 8 years ago | (#12905382)

so, what's wrong with JoeISP who implements firewall devices into the DSL/cable modem equipment? Seems to be the easiest fix, though it's costly to the ISP, and I can see where only companies like SBC, Comcast, et al would be able to afford it. In the end, though, it will thwart this type of zombie nonsense. I see it everyday. Joe Luser hooks his XP SP1 pc to the internet, wonders why it performs slow and keeps throwing popups in his face, but lives with the problem because he doesn't want to pay the expense of having a pro out to figure out why it's doing what it does.

Register? (2, Funny)

comzen (830240) | more than 8 years ago | (#12905077)

Today, a pure form of hacking would be to read the article without actually being a registered user.

From BugMeNot.com (3, Informative)

Silverlancer (786390) | more than 8 years ago | (#12905079)

Username: loser1234
Password: loser123

Re:From BugMeNot.com (1)

beef curtains (792692) | more than 8 years ago | (#12905173)

Someone actually modded the previous post "Offtopic" for posting NYT login info?

What, did a New York Times staffer get mod points or something?

Holding systems hostage... (3, Informative)

dancpsu (822623) | more than 8 years ago | (#12905089)

In one recent case, a small British online payment processing company, Protx, was shut down after being bombarded in a zombie attack and warned that problems would continue unless a $10,000 payment was made, the company said. It is not known whether the authorities ever arrested anyone in that case.

Where would they send the money? This is like a kidnapping scheme. There is far too much involved when you actually want something back from the person you commit the crime against. You would think they would be easier to catch.

Re:Holding systems hostage... (4, Interesting)

Beryllium Sphere(tm) (193358) | more than 8 years ago | (#12905175)

>Where would they send the money?

A Western Union office in Belarus, in one recent case. Once Western Union hands over the cash the transaction is irreversible and the victim's only recourse is local law enforcement. Extortionists can pick whatever country has the most cheaply bribable cops. And sometimes cops will ignore foreigners for free.

Pure delight (1)

carlos_benj (140796) | more than 8 years ago | (#12905098)

'Hacking in its purest form is not about compensation or about wrecking a Web site. Hacking in its pure form is to show what you can do.'

Oh, good. So she'll be delighted when law enforcement shows her what they can do.....

maybe its me (0)

sakura the mc (795726) | more than 8 years ago | (#12905099)

but i dont see a correlation between spamming and hacking. this dumb ass bitch has no idea what shes fucking talking about.

Re:maybe its me (1)

grimharvest (724023) | more than 8 years ago | (#12905215)

I'll second that. For a minute there I thought I missed something. WTF does spamming have to do with cracking? He/she thins that spamming is impressive?

Re:maybe its me (2, Insightful)

anitha cn- (863678) | more than 8 years ago | (#12905438)

Probably it's not the spamming they are talking about. Probably it's the fact the spammers are cracking into other computers in order to spam.

Re:maybe its me (0)

Anonymous Coward | more than 8 years ago | (#12905456)

From TFA "Mr. Sharpe, the New Jersey prosecutor in the case, said that Mr. Singh had boasted to his high school friends about his ability to create the zombie networks. "It was an ego thing," Mr. Sharpe said. "Hacking in its purest form is not about compensation or about wrecking a Web site. Hacking in its pure form is to show what you can do.""

It's a lawyer that is being quoted (though he is quoting the high school kid). And yes, Jasmine is an unfortunate name for the lad. Especially if he spends a lot of time at the correctional facility.

Attention all c00l haxxors out there (0, Troll)

davidwr (791652) | more than 8 years ago | (#12905111)

Get your own machines and challenge your friends to break in and hope they reciprocate.

For a summer's worth of lawnmowing money, you should be able to buy a decent system, load it up with virtual machines courtesy of the latest Linux kernel, and "let the games begin."

Mess with my box and if I'm feeling generous you'll just have the FBI breathing down your neck for computer trespass. If I'm not in a good mood, well, let's just say my lawyers have advised me not to make threats in a public forum.

Re:Attention all c00l haxxors out there (1, Insightful)

Anonymous Coward | more than 8 years ago | (#12905153)

I seriously doubt the FBI gives a shit about your box.

You sound just as childish as the script kiddies who think they can own you if you touch them.

I also doubt that the kiddies in Russia really give a damn about your petty FBI threats, considering they are untouchable.

Re:Attention all c00l haxxors out there (0)

Anonymous Coward | more than 8 years ago | (#12905237)

Dude don't please !!! This is a tough guy you're dealing with. He thinks if someone haxx0rs his pathetic little Windows XP box that runs his pathetic little home bussiness where he calls himself 'a consultant' that anyone is actually going to give a shit. He thinks laws on 'data trespass' are made for him. He thinks he will be able to bust some kid in his bedroom by ringing up the ISP of the offending attack. He thinks he has 'powers' at his disposal. We must not mess with a guy like this, he is too tough for us. Hell, maybe we all need square jawed John Wayne netcops like this guy to make us all get into line and stop downloading files with bittorrent and stuff. People like him make us safer.

As for me what do I say about these zombie networks ? I say boo fucking hoo, hearing that has really messed up my day. I'm so sad about it, we need to have to special ID tags stapled into our brains to stop thought crimes and terroris.....zzzzzzzzzZZZZZZZZZZZZZZZZZ

Wow, an internet tough guy (0)

Anonymous Coward | more than 8 years ago | (#12905289)

Kindly shut the fuck up. You're being just as retarded as the shitbag poof of a script kiddie in the article.

Re:Attention all c00l haxxors out there (1)

eclectro (227083) | more than 8 years ago | (#12905351)

Mess with my box and if I'm feeling generous you'll just have the FBI breathing down your neck for computer trespass.

Unfortunately the FBI is lame. They won't even talk to you if your loss is less than $5000. And even then it is difficult to get their help.

I think the problem is partly that hacked systems are so prevalent thet they are unable to keep up with all the requests.

It's better to make sure that your own system is secure rather than trying to chase down a two bit crook who happens to be in Romania.

I wish that there was greater international cooperation in this area, but the interests simply are not monied enough.

Re:Attention all c00l haxxors out there (1)

Infernal Device (865066) | more than 8 years ago | (#12905420)

Would $deity that I had the ability to call down permanent, dolorous and terrible retribution on those who would defile the computer systems of others, because I'd be handing it out like oxygen.

Unfortunately, all one can do is sigh, restore and begin again.

the most surprising part of the article to me (1)

circletimessquare (444983) | more than 8 years ago | (#12905127)

was how much money there is to be made in selling sports jerseys

the rest of the article, technology-wise, is boilerplate: it should be obvious to any typical slashdotter what zombie computers are, how they are made, and how they are used

perhaps what this article should mean to the average slashdotter then is that awareness of zombie computers has moved into popular culture

that, and that there's a lot of money to be made in sports jerseys

No Registration! (3, Insightful)

Anonymous Coward | more than 8 years ago | (#12905128)

Would Slashdot please quit posting stories
that you have to register for to read.

Thank You.

Re:No Registration! (1)

joeldg (518249) | more than 8 years ago | (#12905309)

not just that, but sites that have you register and then plaster ads on anything..
then, from what I gather is going on, the ads your mouse hovers over your email gets added to the lists for those advertisers to spam you..

yay for sites like bugmenot and mailinator.com

but remember you can always pay for slashdot if you want... maybe that is how you get links without registration required? hrm

no.. probably get added to the "willing to pay for stuff that is free anyway.." lists.

bah.. screw the article, not interested in even bothering today

Re:No Registration! (1)

Hugh Lilly (600956) | more than 8 years ago | (#12905413)

Don't want the ads? Click on the "Print" link, or tack "&pagewanted=print" onto the end of the URL. :-)

Re:No Registration! (0)

Anonymous Coward | more than 8 years ago | (#12905341)

fuckit:fuckit

Re:No Registration! (1)

prjames (813849) | more than 8 years ago | (#12905368)

Who needs registration, we're Slashdotters, just hack your way in. Oops cover blown!

Quitcher bitchin' (4, Insightful)

jfengel (409917) | more than 8 years ago | (#12905475)

I'm afraid you're kinda screwed on this point. Slashdot is a news aggregator. This story is effectively a dupe of one that came before, but the "news" is that it's the New York Times publishing it, which has a far more important readership than PC World.

In other words, the news isn't that there are zombies, but that a very important mainstream newspaper is telling people that there are zombies, and lots of 'em. You can't get this story from any other source, because the source is the story.

And because the New York Times is so important, they get to charge for content. In this case the charge is cheap: you just let them know who you are, so that they can better sell ad space. That's not free, but it's pretty cheap.

So basically I doubt Slashdot is ever going to "quit posting stories taht you have to register for to read", because that's where the good news is. If you'd like to establish an open source news gathering organization and make it available for free without registration, feel free.

That's news "gathering" like the Times, not "aggregating", like Slashdot. News gathering is usually considered pretty expensive. You have to have a lot of reporters, and editors. And it takes time to establish the reputation that the Times has. And like software, news depends on trust.

But hey, news, like software, is free to distribute once it's created, so maybe the open source model will apply. Go for it.

Alternatively, stop bitching about what people are giving you for free (Slashdot summaries) or cheap (New York Times articles for the price of some trivial and easily lied about demographics). Your choice.

Re:No Registration! (1)

B11 (894359) | more than 8 years ago | (#12905498)

Why? Its not like anyone on /. bothers to RTFA before getting on their soapbox anyways.

That's exactly right... (3, Informative)

Omega (1602) | more than 8 years ago | (#12905139)

'Hacking in its purest form is not about compensation or about wrecking a Web site. Hacking in its pure form is to show what you can do.'
That's it exactly. Hacking is about putting your skills and knowledge to the test. Such as kernel hacking or writing a device driver without any specs.

Cracking is about breaking into a system. It might require some hacking, but it can also be done by script kiddies.

A new term is needed: Crackery. (1)

CyricZ (887944) | more than 8 years ago | (#12905216)

A new term is needed, that is somewhat between hacking and cracking.

Crackery is about putting your skills and knowledge to the test by breaking into a system.


Re:A new term is needed: Crackery. (0, Redundant)

geekoid (135745) | more than 8 years ago | (#12905388)

breaking into a system is hacking.
breaking into a system without permission is cracking.

Re:A new term is needed: Crackery. (1)

Hugh Lilly (600956) | more than 8 years ago | (#12905448)

So does this mean the word crockery takes on a new meaning -- perhaps something along the lines of software/hardware used to crack a system?

Re:That's exactly right... (1)

MoogMan (442253) | more than 8 years ago | (#12905272)

I don't believe that Hackers do what we do to prove a point, or to get one up on someone else. We do it to satisfy curiosity.

Re:That's exactly right... (1)

geekoid (135745) | more than 8 years ago | (#12905358)

Not to speak for you, but most Hackers I know are always out to prove a point, and espically like to one up each other. In a competitive way.
"Ha! that took you 27 lines of Code? I can do it in 17"

Certianly curiosity is a drive as well.

Re:That's exactly right... (1)

sconeu (64226) | more than 8 years ago | (#12905550)

You had lines of code? Why back in my day, we had to wire the connections up and then read the connections to see what we had written!

Darned kids rassum fassum mumble grumble get off of my lawn!

Re:That's exactly right... (5, Insightful)

Anonymous Coward | more than 8 years ago | (#12905364)

It's not right in any meaningful sense.

There are a crapload of people who for over 20 years have been using the term "hacker" in conjunction with words like "phreaker," which were the terms used by everyone in the 80s BBS scene. When people like you tell them "the word you've been using for two decades doesn't actually mean that," they will pat you on your cute little head and say "ok, whatever, run along now." Because ya know what? You don't own the word or its meaning. If I start calling my car a puppy and act condescending when people correct me then I'm an asshole, but if I've been using 'hacker' along with a huge community of others to self-identify for over 20 years then that's another story.

The long and short of it is you don't control the word and it escaped your definition a long time ago. The word spawned another meaning a LONG time ago and although you might not like it you're powerless to make it go away. That's how language works.

I'm sorry it annoys you, but thems the brakes, kiddo.

Ok Article.... (2, Insightful)

thesnarky1 (846799) | more than 8 years ago | (#12905152)

but I don't think they really got to the real news here. The article doesn't mention how users can protect themselves at all. And it only focuses on the one case, when I think there could have been bigger name cases that would display the same message better. Is this article going to make the average user care at all, not in my opinion. The underlying theme I got from the article is that hackers are these crafty people who are sneaking onto your system, not something you can stop *coughfirewallscough*. Ok, maybe not ever totally stop, but slow down. My windows machine (only for games, I swear) has been clean (cept for Windows) for a month now, behind a hardware firewall (linux Fedora core 3) and a software (Zone Alarm). Just my two cents.

--Snarky

Re:Ok Article.... (0)

Anonymous Coward | more than 8 years ago | (#12905293)

Why did you list Fedora Core as a hardware firewall?

So he/she treats crackery like it were a sport. (4, Interesting)

CyricZ (887944) | more than 8 years ago | (#12905158)

Okay, so this teen treats crackery like it was a sport. To show his or her proverbial "balls", as it were. This would be a prefect opportunity for some older, social-concious geeks to get together and set up a crackery league for these youth. Let them perform their crackery against each other. Each youth could set up a system, and then they would go head-to-head to crack the other youth's system. Indeed, it would be an intellectual junior soccer- or baseball-style league.

Re:So he/she treats crackery like it were a sport. (1)

inKubus (199753) | more than 8 years ago | (#12905169)

There's definitely crack involved somewhere here..

Yes, it would be like Scouts for geeks. (1)

CyricZ (887944) | more than 8 years ago | (#12905242)

It would in a way be like Scouts for geeks. Instead of learning how to start fires and whittle wood, the older geeks would mentor their scout group in acts of benevolent computer use. They would suggest to the youth the use of programming achievement, rather than crackery, to obtain a sense of self worth. That's more beneficial than locking these youth up in prison.

Re:So he/she treats crackery like it were a sport. (1)

login: (155941) | more than 8 years ago | (#12905343)

The problem here is that his 'sport' costs other people in stress, time, and money.

I wonder how he would feel if other people used him to practise their sports. Perhaps some aspiring boxers or martial artists could help him gain perspective of what it's like when other people 'practice' their sport at your expense.

Re:So he/she treats crackery like it were a sport. (1)

CyricZ (887944) | more than 8 years ago | (#12905511)

The problem here is that his 'sport' costs other people in stress, time, and money.

Indeed. Nobody is disputing that.

I wonder how he would feel if other people used him to practise their sports. Perhaps some aspiring boxers or martial artists could help him gain perspective of what it's like when other people 'practice' their sport at your expense.

That's why I'm suggesting that you take two of these youth, and let them perform crackery on each other. If two youths are attempting to crack each other's system, then they are not performing crackery on YOUR system. It focuses their crackery attempts away from essential systems towards another device of crackery owned by some similar youth.

Re:So he/she treats crackery like it were a sport. (1)

EasyT (749945) | more than 8 years ago | (#12905417)

Each youth could set up a system, and then they would go head-to-head to crack the other youth's system.

A great idea, but I doubt it'll ever catch on. There's little glory in declaring that you've cracked some other kid's system that nobody's ever heard of. But when you can point to a major corporate player that spends hundreds of thousands of dollars on computer securtiy and announce you've cracked their system, that's some bragging rights.

Re:So he/she treats crackery like it were a sport. (1)

CyricZ (887944) | more than 8 years ago | (#12905528)

There's little glory in declaring that you've cracked some other kid's system that nobody's ever heard of.

There's little glory in knowing that you hit a baseball futher than some other kid that nobody's ever heard of. That's why in youth baseball, like in organized youth crackery, there would have to be some reward or incentive given. There could be national crackery leagues for these youths that could offer prizes far beyond whatever damage they might cause to large corporate systems. A youth who partakes in crackery who might win $20000 in an organized crackery competition may be more inclined to attack his peers than your corporate network.

Re:So he/she treats crackery like it were a sport. (1)

lseltzer (311306) | more than 8 years ago | (#12905556)

What are the various prison sentences for the winners of the tournement?

Re:So he/she treats crackery like it were a sport. (1)

CyricZ (887944) | more than 8 years ago | (#12905586)

There are no prison sentences. Had you not been a complete idiot and instead read the parent post, you would have seen that the youth were performing crackery on each other's computers, and would each be consenting to the other attempting such crackery.

Re:So he/she treats crackery like it were a sport. (1)

mugnyte (203225) | more than 8 years ago | (#12905727)

Whoa. First, abandon that term immediately. "Crackery" hurts my ears.

If two script kiddies want to one-up each other in a hacking contest, there's many an entry-level point for this. I remember fondly of Corewars and it's ilk, then onto the ACM computing contests, etc. Today, the real world of white-hat hacking is, IMO, the OSS contributors. I am simply wowed each time I stumble through Sourceforge or such and find programming elegance.

However, you're missing something. The "sport" has to involve a sense of publicity and real-world control. Hence, these trolls needs to act on the internet at large, not in a little sandbox network. This is the concept of having your peers see your handiwork and claiming "dominance" over things by way of a hack. It's a game that teaches you lots of computing tricks but not necessarily a lot of elegance.

So, your idea is cute, but it already exists: OSS projects are waiting for cool ideas. If someone had real brains for coding, they'd find where their skills could apply and help build the better [system]. But these kids are just out for kicks, and oh, your credit card number.

Hmm.... (1)

tktk (540564) | more than 8 years ago | (#12905181)

I smell a cross-licensing agreement with George A. Romero.

  • Night of the Living Dead
  • Day of the Dead
  • Land of the Dead
  • Spam of the Dead

Is this the nail in the coffin for the Internet? (0)

Anonymous Coward | more than 8 years ago | (#12905194)

Slashdot forgot to add their regular hyperbole, which them seem to love to do the past few months.

Full Article Text (1)

Armadni General (869957) | more than 8 years ago | (#12905210)

An Army of Soulless 1's and 0's

WASHINGTON, June 23 - For thousands of Internet users, the offer seemed all too alluring: revealing pictures of Jennifer Lopez, available at a mere click of the mouse.

Zombie Computer GrowthBut the pictures never appeared. The offer was a ruse, and the click downloaded software code that turned the user's computer into a launching pad for Internet warfare.

On the instructions of a remote master, the software could deploy an army of commandeered computers - known as zombies - that simultaneously bombarded a target Web site with so many requests for pages that it would be impossible for others to gain access to the site.

And all for the sake of selling a few more sports jerseys.

The facts of the case, as given by law enforcement officials, may seem trivial: a small-time Internet merchant enlisting a fellow teenager, in exchange for some sneakers and a watch, to disable the sites of two rivals in the athletic jersey trade. But the method was far from rare.

Experts say hundreds of thousands of computers each week are being added to the ranks of zombies, infected with software that makes them susceptible to remote deployment for a variety of illicit purposes, from overwhelming a Web site with traffic - a so-called denial-of-service attack - to cracking complicated security codes. In most instances, the user of a zombie computer is never aware that it has been commandeered.

The networks of zombie computers are used for a variety of purposes, from attacking Web sites of companies and government agencies to generating huge batches of spam e-mail. In some cases, experts say, the spam messages are used by fraud artists, known as phishers, to try to trick computer users into giving confidential information, like bank-account passwords and Social Security numbers.

Officials at the F.B.I. and the Justice Department say their inquiries on the zombie networks are exposing serious vulnerabilities in the Internet that could be exploited more widely by saboteurs to bring down Web sites or online messaging systems. One case under investigation, officials say, may involve as many as 300,000 zombie computers.

While the use of zombie computers to launch attacks is not new, such episodes are on the rise, and investigators say they are devoting more resources to such cases. Many investigations remain confidential, they say, because companies are hesitant to acknowledge they have been targets, fearful of undermining their customers' confidence.

In one recent case, a small British online payment processing company, Protx, was shut down after being bombarded in a zombie attack and warned that problems would continue unless a $10,000 payment was made, the company said. It is not known whether the authorities ever arrested anyone in that case.

Zombie attacks have tried to block access to Web sites including those of Microsoft, Al Jazeera and the White House. In October 2002, a huge but ultimately unsuccessful attack was mounted against the domain-name servers that manage Internet traffic. The attackers were never caught.

Federal officials say the case involving the athletic jerseys was solved after some college computers in Massachusetts and Pennsylvania were found to be infected with software code traced to a user whose Internet name was pherk. That hacker, a high school student in New Jersey, told investigators that he was acting at the behest of a merchant - the owner of www.jerseydomain.com.

The merchant, an 18-year-old Michigan college student, could face trial later this year in a federal court in Newark. The case offers a rare glimpse both into the use of zombie computers and into the way that law enforcement officials are trying to combat the problem.

More than 170,000 computers every day are being added to the ranks of zombies, according to Dmitri Alperovitch, a research engineer at CipherTrust, a company based in Georgia that sells products to make e-mail and messaging safer.

"What this points out is that even though critical infrastructure is fairly well secured, the real vulnerability of the Internet are those home users that are individually vulnerable and don't have the knowledge to protect themselves," Mr. Alperovitch said. "They pose a threat to all the rest of us."

Mr. Alperovitch said that CipherTrust had detected a sharp rise in zombie computers in recent months, from a daily average of 143,000 newly commandeered computers in March to 157,000 in April to 172,000 last month.

He said that the increase was attributable to two trends: the rising number of computers in Asia, particularly China, which do not use software to protect against zombies and the worldwide proliferation of high-speed Internet connections.

Aside from the use of tools like CipherTrust's within businesses, experts say consumers can largely make their computers off limits to zombie activity by using up-to-date antivirus and antispam software.

Avoiding the Zombie Curse, or Worse

Zombie Computer GrowthOne factor helping those seeking to create zombie networks, known as botnets, is the increasing use of high-speed Internet connections in the home. Aside from being able to handle (and generate) more traffic, such households are more inclined to leave computers running - the computers recruited as zombies need to be on when called by the master.

Eric H. Jaso, an assistant United States attorney in Newark who is prosecuting the New Jersey case, said the zombie cases often wind up damaging more than just the target.

"The effects of these attacks on the Internet itself are far ranging and highly damaging to innocent parties," he said. "The ripple effect is that when one server is attacked, other servers are affected and damaged. Web sites crash. Backup systems become unavailable often to entities like hospitals and banks that are part of the critical infrastructure of the country."

The overall damage in the New Jersey case is estimated by the authorities at $2 million.

That investigation began last July 7, when an online sports-apparel merchant, Gary Chiacco, told federal authorities that traffic to his site, jersey-joe.com, had been disrupted for several days, at a cost of hundreds of thousands of dollars of lost sales. When customers tried to gain access to the site, they would be greeted with an error message.

The attacks continued through the fall of last year and became so severe that they affected service to other customers of the Web-site hosting company used by Jersey Joe.

The host company ultimately told Jersey Joe to go elsewhere, as did two other companies that it then tried to use and that suffered problems from the zombie attacks.

Federal and state investigators say the case was cracked through a combination of luck and sleuthing. While the F.B.I. continued to monitor the attacks on Jersey Joe, student computers at colleges in Massachusetts and Pennsylvania were found to be infected with the software that converted them into zombies.

Hackers "find computers on colleges to be particularly attractive because they have a larger bandwidth and are able to send more packets of data," said Kenneth R. Sharpe, a deputy attorney general in New Jersey involved in prosecuting the case.

A close examination of those computers disclosed the software had been trying to communicate with a user named pherk. Investigators traced the name and an Internet computer address to a 17-year-old high school student from Edison, N.J., named Jasmine Singh.

Confronted by law-enforcement authorities, Mr. Singh acknowledged his involvement and said it was at the behest of an 18-year-old businessman, Jason Arabo, whom he had met through a mutual friend. Mr. Arabo ran a sports jersey business from his home, selling online at www.customleader.com and www.jerseydomain.com.

Investigators determined that Mr. Singh had spread the rogue software through file-sharing networks like Kazaa, using the Jennifer Lopez come-on, and instructed the zombie computers to attack two of Mr. Arabo's competitors - Jersey Joe and another online shirt company, Distant Replays of Atlanta. His compensation, he said, was three pairs of sneakers and a watch.

The F.B.I. then set up a sting operation against Mr. Arabo. According to court papers, an undercover investigator held a series of instant-messaging chats with Mr. Arabo on America Online in December. Mr. Arabo told the undercover agent that he had previously recruited Mr. Singh and that those attacks had not done enough harm to keep his rivals offline, the court papers assert.

According to the court papers, Mr. Arabo asked the agent to mount denial-of-service attacks against rivals in exchange for sports apparel and watches. In later chats that month, he asked the agent to "take down" Jersey Joe's server and redirect its Internet traffic to a pornographic site, the court papers say, and repeatedly asked the agent to "hit them hard."

Mr. Arabo, a student at a community college in a Detroit suburb, was arrested in March and charged in a federal criminal complaint with conspiracy to use malicious programs to damage computers used in interstate commerce. He remains free on $50,000 bail and the condition that he stay off computers and the Internet. (The jerseydomain.com site now carries the notice "Under New Management.") He faces a maximum sentence of five years.

His lawyer, Stacey Biancamano, did not respond to several messages seeking comment.

For his part, Mr. Singh pleaded guilty last month in New Jersey Superior Court to charges of computer theft. Under a plea agreement, he faces a maximum sentence of five years at a youth correction center when he is sentenced in August, but the state prosecutor's office says it will not object to probation.

Mr. Sharpe, the New Jersey prosecutor in the case, said that Mr. Singh had boasted to his high school friends about his ability to create the zombie networks. "It was an ego thing," Mr. Sharpe said. "Hacking in its purest form is not about compensation or about wrecking a Web site. Hacking in its pure form is to show what you can do."

Regfree link :) (0)

Anonymous Coward | more than 8 years ago | (#12905251)

http://www.nytimes.com/2005/06/24/technology/24zom bie.html?ex=1277265600&en=c0038edb3d1a97cf&ei=5088 &partner=rssnyt&emc=rss [nytimes.com]

Courtesy of Technology Review (did you know ALL NYTimes stories can be read from tech review for free? :D

Re:Regfree link :) (1)

Hugh Lilly (600956) | more than 8 years ago | (#12905481)

Do you have a link to the techreview.com page you found that link on?

Re:Regfree link :) (0)

Anonymous Coward | more than 8 years ago | (#12905663)

Chu kaa-pika-pika chuuu pi-i Pika-pi pikachu pi-kaaa-chu pika pi piikaa-pi-i Kaaa Pi-i Pika-pi kaa Kachu pikachu. Chuu Kaa pika-chu Pi-i pipi-piikaa chu pii Pika-chu-pi Pi-i.Pika-chu.Kaa. pi-i pikapi-pika-pi. piii chu chuuuu chuuu Chu. (pipi Pika-chu: chuuu chuuu pipi pika-pika pi Chu pipi

From TFA... (4, Insightful)

andreMA (643885) | more than 8 years ago | (#12905263)

Officials at the F.B.I. and the Justice Department say their inquiries on the zombie networks are exposing serious vulnerabilities in the Internet that could be exploited more widely by saboteurs to bring down Web sites or online messaging systems.
Um, no. The vulnerabilities exposed are most often in Microsoft products, which allow the user to be owned. Someone needs to thwap the "Officials at the F.B.I. and the Justice Department" upside the head with a clue by four.

Good (1)

jpmkm (160526) | more than 8 years ago | (#12905264)

Could this open some eyes and increase interest in alternative (Linux, Mac) offerings?

You're right, it's opened my eyes (0)

Anonymous Coward | more than 8 years ago | (#12905354)

Indeed. I am very interested, I've heard a lot about Linux and I want to run it as an alternative to Windows to stop me becoming a zombie.

I'll just toddle off and download a distro. doodadoodadoo..

Oh my. What is this ? I have to fiddle around with a bootloader ? Compile the Kernel ? Configure X ? Download and install 20000 different extra files that are needed to install the thing I actually want? And what is this KDE thing ? Why isn't it part of the OS ? What is this slow Gnome thing and why is it so ugly ? Why does the background dissapear when I drag a window around ? Why have I got no hard disk space left...oh no I just found a giant log file that is 98 GB. Help what can I do ? Why doesn't my sound work ? Why can't I play CDs/DVD and have to go to /mount and then it tells me "Permission denied" ? Why is only half my memory being recognized ?

Oh blow this, I'd rather be a zombie and go back to Windows than waste my time with this. On the other hand that Mac thing looks quite cool.
bye bye

I, for one, welcome (0)

Anonymous Coward | more than 8 years ago | (#12905385)

our new zombie overlords

I'm not trying to be mean or anything... (2, Funny)

caudron (466327) | more than 8 years ago | (#12905387)

...but "Jasmine" is a dude? Really?

I'm sure it's a cultural thing, but seriously, when I was in school (cue old-timey phonograph and creaky rocking chair sound) he'd have been hating life if he had the balls to show up to school with a name like Jasmine!

The times they are a changin'. (That's a good thing, I think)

I can hack. (1)

DynaSoar (714234) | more than 8 years ago | (#12905467)

"Hacking in its pure form is to show what you can do."

May I please have a spammer and an axe? I'd like to show what I can do.

Yummy! (0)

Anonymous Coward | more than 8 years ago | (#12905678)

well they taste better than Soylent green!...
the downside though is some times after you go to the bathroom what you left comes back from the dead...

SS
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...