Creators of Massive Botnet Arrested 243
DigitumDei writes "Dutch police has nabbed 3 men (aged 19,22, & 27) who alledgedly used the toxbot trojan to create a botnet of over 100000 machines. The trio conducted a DDOS attack against an unnamed US company in an extortion attempt, as well as using phishing tactics to hijack PayPal and eBay accounts.
From the article: 'Police seized computers, cash, a sports car, and bank accounts at the three men's residences, and additional arrests are expected. The three were to be taken before a magistrate in Breda, a city approximately 25 miles south of Rotterdam, on Friday.
The botnet was dismantled, prosecutors said, with help from the Dutch National High Tech Crime Center; GOVCERT.NL, the Netherlands' Computer Emergency Response Team; and several Internet service providers, including the Amsterdam-based XS4ALL.'"
Good! (Score:5, Insightful)
This will also give them pause when hiring former hackers. They might think "Is this guy going to give extortionists inside info?"
On the other hand, security folks may have a budget windfall thrown their way. Considering '"Each time the Trojan was stopped by anti-virus defenses, they made a new version," he said. "This was not just a one-off. The sheer number of variants shows this wasn't a crime they committed just once."' Those security people better get to it.
Re:If only i had my own 100k computer matrix... (Score:4, Insightful)
Sure, this will solve the problem... (Score:5, Insightful)
I wonder what it would take to convince the world that these unsecured machines are an actual security threat, rather than an annoyance?
What a great idea... (Score:5, Insightful)
The botnet was dismantled, prosecutors said, with help from...
Why didn't I think of that! That's 100,000 lusers that won't be getting infected again soon, unless they learn enough to reassemble their boxen, by which point...*sigh* What am I thinking? They'll probably just buy new systems and throw the piles of parts out. They'll be back on bot nets by this weekend.
What they need to do is dismantal the owners!
--MarkusQ
Re:Good, but... (Score:5, Insightful)
The government said themselves that making file sharing a criminal offence just turns a large portion of the population into criminals for no real benefit. This is similar to the drugs policy. From Wikipedia [wikipedia.org]:
So no, the government tends to go after real criminals, rather than waste time on teenagers with too much free time.Re:25 miles south of Rotterdam? (Score:5, Insightful)
Re:Let the punishment fit the crime (Score:3, Insightful)
Re:Environmental problem (Score:2, Insightful)
Onepoint
p.s. In thinking about this, I find that most likely it would be illegal
Re:glaring gramatical error (Score:2, Insightful)
That being said, you're probably right. The most common mistake people make in foreign languages is subject/verb agreement.
Re:Good! (Score:2, Insightful)
Each person doing that is unwittingly taking part in the DOS attack.
If you think slashdot effect is bad, think about the slashdot AND routers/yahoo/NYT/humble news sties all ganging up on one site.
This is how googlewent down recently, not because of the worms activity, but because of peoples curiosity.
Sure, the worm had an effect, but nowhere near as bad as the casual knock on effect of browsing.
How many times have you done the following:
Seen a story saying xyz.com is under attack.
Your action -
"is it still under attack?"
"Yep, its still down".
if thats similar to your actions, congrats, you are personally a bot
Re:Let the punishment fit the crime (Score:3, Insightful)
Like amputating a hand after stealing, very scary but does it actually make crime rates go down?
If one isn't afraid of getting caught the sentence doesn't matter.
Re:25 miles south of Rotterdam? (Score:1, Insightful)
Re:Good, but... (Score:2, Insightful)
Re:Extortion? (Score:3, Insightful)
Re:Extortion? (Score:5, Insightful)
You greatly underestimate the trouble an extremely large DDOS network can cause via sheer packet volume. It might make you reboot your server or pay more in bandwidth for the month? First off the targets of these things are using pretty substantial server farms, not your debian server you have your cat's pictures on. The servers may or may not crash but they certainly wont handle the load. And neither will your load balancers, database servers, routers, firewalls, IDS's, the list goes on and on. Not only that but your ISP won;t handle the load either, all of their stuff starts to break. And depending on how far down the food chain you are maybe your ISP's ISP. All the way up to the tier 1 who can handle it but certainly doesnt want to.
The short answer is is even if all of your technology works flawlessly and isn't crashing left and right (which it most certainly will be), you've never bought a pipe nearly big enough to handle the traffic you're getting so your real customer's traffic is taking forever or just getting dropped on the floor. After 6-24 hours of your DDOS problems impacting all their other customers, your ISP gets their providers to null route your IP space, putting you in the dead calm of the eye of the storm. Everything works again now, except your customers can't reach you. If you measure your earnings based on people connecting to your shop or services that is obviously a very big deal.
If you fight, the fight is going to be very tough. First you need a sympathetic ISP that will let you fight and help you fight - that probably isn't your existing ISP and ones that will are in short supply. Basically a tier 1 or major colos that are very undersold so they have the bandwidth to burn without taking out the rest of their customers. Next you need someone who understands what needs to be done and fast and will work around the clock to do it - realistically you're probably looking at maybe hundreds of people total in the US that have a very strong background in such things and would be available - and maybe dozens of people that have actual direct experience (on that scale). They will obviously cost money. So will building a completely brand new intelligent filtering network over night - in addition to the hardware costs of the new boxes and the connection costs for the new ISP - this isnt off the shelf software either, at least probably not.
Maybe you can start seeing why it's a bit more of a big deal than maybe rebooting your software - why people choose to pay - and that's why it's profitable.
Who is this XS4ALL? (Score:5, Insightful)
Phillip.
Re:Who is this XS4ALL? (Score:5, Insightful)
Strong ties with Bits for Freedom [www.bof.nl] (our version of the EFF), best Dutch ISP year after year, support for *nix systems, frequent new experimental services. Only pain is that they're also one of the more expensive ISP's. You get what you pay for, and with XS4ALL they give you the works.
(for the record, I'm a long-time customer so I am rather biased. But these guys aren't your average ISP)
Re:What a great idea... (Score:1, Insightful)
Everybody's an idiot, if you pick the right criteria. MarkusQ appears to think people who don't know to install security patches are idiots. You think that people who joke about "lusers" are idiots.
What about me? I'm often an idiot myself, but I think the most amusing idiots are people who lack a sense of humor and make ironic writing mistakes. You're free to disagree, of course.