It's surprising how much publicity this is getting without making any arrests. I would've thought they'd have arrested people before publishing anything. I wonder if they've been able to identify the people, or if they were just able to undo the technical maliciousness?
If it's like the last half a dozen botnets that the FBI has taken down, it's being managed from China or Russia, and thus their chances of arresting anyone are close to nil.
The GFW is mostly a protectionist racket. By degrading the services of Western companies, the GFW gave their Chinese counterparts an opportunity to catch up to them, despite starting later (e.g. Google leaves China, creates opportunity for Baidu, etc.).
It's also an important censorship apparatus, but that just needs to be "good enough," and is more dependent on domestic companies (the same who benefited from the degradation of Western services) following regulations to remove content on their websites.
I don't really see from this explanation what prevents a new wave of infected machines from contacting the Tier 2 layer. It seems like they just cut off Tier 1 access of existing infections. Yes, they took over the cloud account, but I don't see what's really stopping the bad actors from starting over (with lessons learned probably as to what got them caught the first time).
Great article. Also I just gotta share this. The story, if transported back in time a few decades and written as a sci-fi book would make a great read. Truth is stranger than fiction.
You should read through the search warrant to see the lengths that they went through to get permission from the courts to do so.
Regardless I think it’s an interesting question as well but my position is that if these machines are already compromised I’d rather have them run the “uninstaller” than the victims continue to receive commands from the botnet controller and cause additional collateral damage.
The operation was performed in concert with other governments. See https://www.justice.gov/opa/pr/qakbot-malware-disrupted-inte.... I’ve worked with some of the partners involved on previous operations and they are top notch - while like I said I think this is a legitimate argument either way (should governments have the ability to actively disrupt malicious activity), I am on the side of taking action as has been done here.
So no problem if others break the law (in foreign countries, too), then?
"Top notch"? I wonder ifvthat would apply to the feds in other countries 'fixing' US computers.
Nb. Not having a dog inbthe fight, I doverr towards keeping anyone the fuck out of my pc. I could appreciate a pop-up though, explaingvwhatcwas going on and how to fix it.
In this case there is someone already “the fuck in your pc”. It’s just a group of cyber criminals looking to monetize said pc with mostly illicit activity. As the sibling pointed out, the pop up would require code execution so … they would necessarily be in your pc already.
That said, I would imagine the pop up would be where this is going over time.
If an autonomous driving car is taken over by a hacker, and starts running people over, how fast would you expect the police to block it/shoot its tires?
This is a poor analogy. Most of the infected computers that the FBI accessed aren’t even located in the US. The FBI has no jurisdiction in those countries.
They said they retrieved IP addresses and "routing information", doing fine grained geo ip lookups is impossible, but the accuracy of country of origin is very high, especially in the US
impossible is the wrong word here, its just unnecessary. The Feds can (and do) definitely contact domestic & international ISPs to perform near 100% accurate lookups.
Right the municipal police would be the authority to do that, not the FBI
do you have a better analogy thats not an appeal to authority? we’re not in grade school anymore and so not every authority is deputized for every thing
The FBI has broad authority from Congress to engage in cyberwarfare extraterritoriality , and they also got a broad warrant for anything that happened to be in the United States
You could probably challenge the warrant in court, fortunately that won’t reinstall the botnet but if you also feel this causes you damages, you can further aim to get paid for those damages
In my younger years I was very fascinated by malware, it's what got me into IT eventually. Back then I was active on some forums with marketplaces where one could easily buy and sell such services. I didn't do anything serious besides some slightly gray area stuff, but never sold or bought anything or compromised any unwilling victim. I did know some people who were later caught by the FBI and spent a long time in prison though.
In hindsight it's super crazy that this was a thing and probably still is.
About these operations, I honestly think they're not that spectacular even though they make it seem so. Anyone can buy a license for a random botnet for a couple of bucks and reverse engineer what's going on on compromised systems. I'm sure most of these botnets are hacked together pieces of junk code, which gathered a lot of installs through sheer luck and the fact that the FBI was looking away for a while.
The FBI took control of the botnet and re-purposed it to patch the vulnerable machines. This sounds like a novel practice addition to me?
I've done some limited consulting in this space in my career, and I agree that the code (and architecture) I've seen is pretty brittle junk. It's on par with the worst enterprise code I've seen. It's a numbers game for them. And, it's just a different work experience and skill tree that drives people to create "great code" (as it would be measured in professional software development circles.)
It’s not novel at all - security researchers have been doing the same thing for literally decades. Worms often have kill switches built into them, that if the researchers can figure out allow them to stop it globally.
I said it seemed like it might be a novel addition to their practice, not to the state of the art.
The question isn’t “is this possible and has anyone ever done it” - it was was “has the FBI ever used a botnet’s existing C&C patch all the infected hosts”?
It doesn’t seem like it, but I don’t track this stuff closely so I’m happy to be corrected.
200,000 Windows PCs in the US among the 600,000 total worldwide. Are there really that many Windows PCs still running vulnerable old OS versions, or were they zero-days in more modern OS versions? These articles never say much about the details.
If we estimate one Windows computer per person in the USA on average (~ 331.9 mil.), this means that more than 12 mil. computers run an unsupported Windows OS. (Or use your own estimate.)
I was using a browser earlier this week that didn't have ad block on (testing things). I was inundated with ads for a job at FBI. Weird coincidence but sure is a lot of FBI related marketing all of a sudden.
Due to some recently revealed corruption issues in the USA that the fbi was covering up, there’s more drama than usual regarding funding. Expect to see lots of fbi fluff pieces until their funding is secured.
