A botnet at its very basic elements is
comprised of computers that are infected by malware, that then issue
status updates and await commands from a command and control server
somewhere in cyberspace. These commands could range from forwarding
traffic for a hacker's anonymous browsing needs, to downloading more
malware and executing code to initiate denial of service attacks.
Microsoft took down two of the command
and control machines in the Zeus botnet on their own accord through their own personal federal filings and actions.
This article from Kelly Jackson Higginson DarkReading
explains that Law Enforcement Agencies, Tech firms, and other
Non-governmental organizations around the world work together and
work towards tracking and disabling botnets.
Law enforcement across the globe is in
outrage because of the lack of cooperation. Apparently Microsoft
took US Federal Court orders and made a move against the botnet
control computers by effectively killing off two IP addresses. The
concern is that Microsoft's actions have both harmed ongoing
investigations in locating the source of the botnet masters, and
damaged valuable trust among various entities involved in tracking
and disabling botnets around the world.
After the debacle, Microsoft was
coincidentally absent in a recent take-down of the Kelihos (Hlux.B,
Kelihos.B) botnet. Their method of take-down? 'Poisoning' the P2P
network with their own white-hat malicious code that essentially
points infected machines to listen to a dummy control center,
therefore sapping much of the power of the botnet.
“The Honeynet Project has led the
industry in helping define proper botnet take-down procedures. Botnet
take-downs are complicated and care must be taken not to overstep the
legal or other boundaries, according to Honeynet officials. “
The question remains, how should this
type of act legally be handled? Microsoft obviously has a
metaphorical gun pointed at their head for their flippant maneuvers,
but I believe that they could have been completely justified under
the right circumstances. Yes, I agree that harming years of research
and investigation is a fairly large mistake, however, if it were in
person would you be penalized? What I mean is, if you saw someone
who was a wanted criminal on the street (rapist, murderer,
kidnapper), would it be wrong to turn them in or make a snap decision
and attempt vigilante justice if it seemed like this was a once in a
lifetime chance to stop another crime?
No comments:
Post a Comment