Did The BBC Break The Law By Exposing Botnets?

from the but-we-didn't-mean-any-harm dept

A TV show on the BBC is highlighting the ongoing problem of botnets -- by acquiring one of its own and using other people's computers in it to mount a DDOS attack on a security company's web site. The BBC says it had the security company's approval to do so, and that it didn't have any criminal intent, making its action legal. But some people aren't so sure, and say that intent doesn't offer a way out under British computer law. A tech lawyer says it's unlikely the broadcaster will face prosecution because there wasn't any real harm done, but those whose computers were used in the attack might disagree and view the methods used to make a point about computer security as a bit extreme.

Carlo Longino is an expert at the Insight Community. To get insight and analysis from Carlo Longino and other experts on challenges your company faces, click here.

24 Comments | Leave a Comment..

Washington Post Story Convinces Service Providers To Pull The Plug On Major Spam Enabler

from the but-where-do-they-go dept

We're seeing a bunch of folks pointing out that evidence collected by the Washington Post's computer security writer, Brian Krebs, is basically responsible for getting that company kicked off the internet. Krebs is a fantastic reporter, so I don't doubt the story -- but I'm always a little skeptical of stories claiming that a huge percentage of spammers have been knocked offline. We see such stories every few months, and it never seems to have any real impact on the amount of spam out there. Just last month there was a report claiming that the world's largest spam operation was shut down, but the actual amount of spam flowing across the network did not decrease.

This case is a little different, in that it didn't shut down the spammers themselves, but rather a hosting company that apparently many of the largest zombie botnets relied on. However, it seems quite likely that they'll find some other hosting company that will gladly take them on and everything will be up and running again. That's not to say it's bad that these guys get taken down -- but at some point people should realize this seems like a big game of whack-a-mole, and there may be better, more efficient ways to tackle the problem.

20 Comments | Leave a Comment..

Huge Spam Ring Shut Down... But Will It Make A Difference?

from the we'll-see dept

Every so often, we see a random news story about authorities somehow arresting or shutting down some huge spam ring, and every time the articles are peppered with quotes about just how big the operation is and how much spam they send out. And, yet, every time, it never seems to do very much to dent the amount of spam that's being sent. So, again, with this week's big spam bust, all the numbers and explanations sound impressive. 35,000 computers in a botnet. Able to send 10 billion (billion, with a b) spam messages per day. The leading source of spam online in January (what, only January?). These all sound impressive, but the real question should be whether or not this does anything to decrease spam. Or will others just as quickly jump in to fill the breach?

24 Comments | Leave a Comment..

Botnet vs. Botnet: Can A Good Botnet Block A Bad One?

from the battle-of-the-botnets dept

Last year we wrote about how rival online scammer gangs had their botnets fighting each other by disabling trojans of competing botnets on their computers -- but it appears that some researchers have a different idea for creating a "good" botnet to fight the "bad" botnets being used for denial of service attacks (found via Slashdot). This is quite different than some older proposals to create "good worms" that go about automatically patching infected machines (which are wide open to abuse). Instead, the idea is rather creative. It involves setting up a distributed system of computers that effectively act as a way station for connect requests -- which then wait for the actual server to request the inbound requests. This prevents the server from being overloaded (though, I would imagine it could slow down access somewhat). Either way, it's nice to see efforts under way to stop such zombie botnets. Hopefully someone isn't sitting on a patent for such an idea and waiting to sue, like we've seen with other security measures.

8 Comments | Leave a Comment..

Is It A Good Idea To Violate The Security Of Your Customers If They're Security Ignorant?

from the asking-for-serious-trouble dept

Rich Kulawiec writes in to point out that security expert Dan Geer is suggesting that merchants violate the security of customers they deem as security risks. His argument is, basically, that there are two types of users out there: those who respond "yes" to any request -- and therefore are likely to be infected by multiple types of malware doing all sorts of bad things -- and those who respond "no" to any request, who are more likely to be safe. Thus, Geer says merchants should ask users if they want to connect over an "extra special secure connection," and if they respond "yes," you assume that they respond yes to everything and therefore are probably unsafe. To deal with those people, Geer says, you should effectively hack their computer. It won't be hard, since they're clearly ignorant and open to vulnerabilities -- so you just install a rootkit and "0wn" their machine for the duration of the transaction.

As Kulawiec notes in submitting this: "Maybe he's just kidding, and the sarcasm went right over my (caffeine-starved) brain. I certainly hope so, because otherwise there are so many things wrong with this that I'm struggling to decide which to list first." Indeed. I'm not sure he's kidding either, but the unintended consequences of violating the security of someone's computer, just because you assume they've been violated previously are likely to make things a lot worse. This seems like a suggestion that could have the same sort of negative unintended consequences as the suggestion others have made about creating "good trojans" that go around automatically closing the security holes and stopping malware by using the same techniques employed by the malware. Both are based on the idea that people are too stupid to cure themselves, and somehow "white hat" hackers can help fix things. Now, obviously, plenty of people do get infected -- but using that as an excuse to infect them back, even for noble purposes, is only going to create more problems in the long run. Other vulnerabilities will be created and you're trusting these "good" hackers to do no harm on top of what's been done already, which is unlikely to always be the case. No, security will never be perfect and some people will always be more vulnerable -- but that shouldn't give you a right to violate their security, even if for a good reason.

26 Comments | Leave a Comment..

Do ISPs Ignore Security Researchers Who Point Out Zombied Machines?

from the not-such-a-good-thing dept

Over the last few years, we've all heard stories about how organized crime groups have taken to using botnets of "zombied" computers to run all sorts of scams and spam campaigns. ISPs have been somewhat slow to react. While they try to use fairly blunt instruments, like cutting off certain ports, many don't seem to have a very good process in place for tracking down and stopping customers whose machines have become unwitting members in a botnet. In fact, security researchers are growing frustrated that when they come across evidence of a hijacked computer, ISPs don't respond at all when told that a customer is causing trouble. There certainly are a few ISPs that are careful to help get rid of botnets, doing things like quarantining or cutting off certain users from their internet access until their machines are cleaned up, but most of the bigger ISPs don't appear to do very much at all. Of course, there is the other side of this story -- which is that when ISPs may be too proactive, it can often snag people whose machines aren't actually doing anything wrong. But, it certainly seems like completely ignoring reports with evidence of a botnet may be going to the opposite extreme.

8 Comments | Leave a Comment..