We Know Who's Behind Storm Worm

jmason reminds us of a story from a few weeks back that got little attention, adding "This doesn't seem to be just bluster; as far as I can tell, everyone who knows the RBN now agrees that this seems likely." Brian Krebs's Security Fix blog at the Washington Post carried a story about the Storm worm containing some pretty staggering allegations. "Dmitri Alperovitch [of Secure Computing] said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that US authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside. In a recent investigative series on cyber crime featured on washingtonpost.com, St. Petersburg was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation — the Russian Business Network. Alperovitch blames the government of Russian President Vladimir Putin and the political influence of operatives within the Federal Security Service (the former Soviet KGB) for the protection he says is apparently afforded to cybercrime outfits such as RBN and the Storm worm gang. 'The right people now know who the Storm worm authors are,' Alperovitch said. 'It's incredibly hard because a lot of the FSB leadership and Putin himself originate from there, where there are a great deal of people with connections in high places.'"

It's official...

[Pig Hogger]

Now we know, it's official:

S are belogn to us!!!

Re:

[Anonymous Coward]

It's Russia !! What do you expect !! American ideals and values ?? It's full of wussies looking for their daily bread, and couldn't care less about anything but that !!

Funny, I thought those were American values and ideals. Although, to be fair, here in America we expect circuses with our bread.

Surely You Jest

[rshol]

Corrupt Russian Government officials in collusion with shady Russian underworld types? Who'd a thunk it?

Like the Russians Are the First....

[queenb**ch]

Seriously, how many of you see all kinds of stuff coming out of China, Korea, Nigeria, etc.?

NONE of them get prosecuted either....

2 cents,

QueenB

Re:

[orclevegam]

The reason this is news worthy is it appears to be more of a willful act to block prosecution, where as the ones over in Nigeria (although probably not China) are more a case of the local infrastructure and police not being capable of tracking these people. The other factor is one of organization and impact. Sure, a few Nigerians spam the hell out of people and manage to do some 419 scams, but all in all it's a few individuals doing it and they don't get all that many hits. The Russian group behind Storm on

Re:

[fishbowl]

"The reason this is news worthy is it appears to be more of a willful act to block prosecution, where as the ones over in Nigeria (although probably not China) are more a case of the local infrastructure and police not being capable of tracking these people."

You have a Cold War propaganda perspective on the functionality of the Russian government.

Re:

[orclevegam]

You have a Cold War propaganda perspective on the functionality of the Russian government.

Actually I have no perspective on the functionality of the Russian government. My statement was based on the article. The article speculates that the people responsible are known to reside in Russia, but that the Russian police are refusing to help with the investigation.
What I do have a perspective on is the relative difference in impact between Storm, and Nigerian scammers, and I stated as much in the second part of my post. Also having read articles in the past about how the scammers and police in Nige

Re:

[Danathar]

I thought the corrupt Russian Gov officials and the Russian underworld types were one and the same?

Re:

[Anonymous Coward]

Yeah because by saying "russian government officials corrupt" you deny any other country having corrupt governments. One does not exclude the other, you know.

Re:

[joeytmann]

Where is Jason Bourne when you need him?

Re:

[Eunuchswear]

Can't seem to remember.

cronyism

[wealthychef]

Shocking! You mean the criminal friends of powerful politicians don't get prosecuted in Russia? Good thing that never happens here!

Re:

[BosstonesOwn]

Around here , we have good guys like "dead eye" dick who take their "friends" hunting , and talk to them about their issues before they go for prosecution.

Re:

[c6gunner]

Shocking! You mean the criminal friends of powerful politicians don't get prosecuted in Russia? Good thing that never happens here!

Oh, where do you live? Tehran?

Re:

[frank_adrian314159]

Yeah! Instead we find them prosecute and find them guilty and then they get pardoned! Oh wait...

maybe i'm on drugs

[blhack]

To me, the internet looks like a big ecosystem. Things have become overpopulated, and as a result, the storm disease is keeping the population in check. It should kill off a chunk of the population, and then it will disappear.

Part of me doesn't WANT to see storm go away...maybe its just because i'm that big of a geek...the worm is actually really impressive and kind of cool to me.

Re:

[morgan_greywolf]

Uh, yes, actually, yes you are.

In the same way a T-Rex is cool

[emj]

It's very cool in a museum, but in real life it's not that fun to be stomped down by one. So yes worms and carnivores as massive as these are pretty cool, at a distance.

Re:maybe i'm on drugs

[moderatorrater]

You mean like this [xkcd.com]?

The problem with that thinking is that this ecosystem is entirely created by humans, and that there are no limits on population in the first place. The internet's not like an enclosed valley which can support 300 sheep no matter what. The limits on what the internet can handle are constantly expanding, and so far there's been little to no strain.

As for whether the worm is cool and impressive, well, that depends on what you think cool and impressive are. It's extremely well built, runs quite well and is hard to catch once it's entrenched. It's a lot like the mafia, and if you're like the rest of the US, that is cool. Also like the mafia, it's really only cool if you're the one running the show or you have little to no experience with it.

Re:maybe i'm on drugs

[Rogue Pat]

You mean like this [xkcd.com]?

Man, i need to get a life!! I start to recognize the xkcd cartoons by their number and smile before clicking on the link :/

Re:

[orclevegam]

To me, the internet looks like a big ecosystem. Things have become overpopulated, and as a result, the storm disease is keeping the population in check. It should kill off a chunk of the population, and then it will disappear.

Unfortunately it's not actually keeping the population in check as that would imply those infected with it are somehow killed off at some point which they aren't. Now, if ISPs started reacting to systems infected with storm by cutting their internet connection, then yes, it might function to keep the population in check. As it is, it's a bit more like the common cold, a major nuisance for those infected, but not really anything major otherwise, and serves very little purpose (except perhaps to encourage be

Re:

[Culture20]

It's not culling the population, it's making them disabled, and ruining the overall ecosystem. Instead of a smaller, more efficient internet, the Storm "Worm" brings us an Internet with the bandwidth of the "overpopulation" (the clueless masses who get infected), and _its_own_ bandwidth. Instead of I-CM, we have I+S. Even worse, Storm doesn't just live to propagate, it _does_ things... usually bad things.

INVADE

[Bastardchyld]

I say we invade...

U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia...

No seriously though. This is no suprise. We can pretend that the US and Russia are the best of friends but in reality these kinds of situations will continue to happen. What is the Russian Governments incentive to take care of this issue. Like it or not it is good for their economy.

Re:INVADE - Alternative

[Anonymous Coward]

1. Provide RBN with Windows Vista
2. RBN gets slowed down repeatedly clicking "Da, continusky"
3. Battle over.

Re:INVADE

[Quadraginta]

It's more complicated than that. There are actually pressures that the US could bring to bear on the Russians, but they've chosen not to deploy them in this case, and have chosen to merely rely on asking for cooperation, because it isn't that big a deal to the US economy or other national interests, either.

Personally, I don't think the solution lies in national-level action. It lies either in economics -- making the business unprofitable -- or if you really want to have James Bond fantasies, in using the very lawlessness of Russia against them. I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment. Certainly within the means of a large community of pissed-off Internet users. It would take an unusually bold person to organize such an...er...extralegal form of negative reinforcement of the meme, but if I saw one, I'd hit his PayPal button.

Re:

[Anonymous Coward]

I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.

Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.

Re:

[Anonymous Coward]

I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way for what by Western standards would be quite modest payment.

Actually, it's difficult, expensive, and extremely dangerous to get hitmen to take out other mobsters. The mob tends to retaliate big time.

Perhaps we just need a well trained group of Jihadist Engineers [slashdot.org].

Recuiter: Eugeene. You body may die, but because of your selfless act your soul will rise to heaven where it will find a d

Re:

[riseoftheindividual]

You body may die, but because of your selfless act your soul will rise to heaven where it will find a dedicated T1, and 74 well stocked BT peers.

You had me at "T1". *sniff*

Re:

[Quadraginta]

Sounds self-contradictory. Why would the mob invest in maintaining a group of scary retaliators unless they needed them on a regular basis? Perhaps you've been suckered by their FUD? If I were they, I'm sure I would promulgate the rumor -- anonymously, of course -- that our vengeance is too terrible to contemplate. Even cheaper than a stable of button men.

Say...maybe you work for them?

Don't be stupid

[Anonymous Coward]

If I were FSB and I knew the identities of the Storm botnet herders, there's little doubt that I would simply take over the botnet. Perhaps even employ the guys if they were not the staffers to begin with. Very large botnet is an EXTREMELY valuable data mining resource. It just makes zero sense to any intelligence agency, Russian or not, to shut the botnet down if you can take over it.

Re:

[Quadraginta]

Good grief, don't let's give the geeky profession airs. The FSB has a lot better resources than a few thousand compromised Windoze machines. They're going to spam somebody to death? Raise next year's black budget by running a few dozen phishing scams? Sheesh.

Besides, this kind of goofball techno stunt isn't the Russian style. They excel at the basic ancient human-centered form of espionage and security compromise. If you think they want to penetrate your bureaucracy, then don't waste your time changin

Re:Don't be stupid

[Hatta]

Apparently the Storm worm is the world's fastest supercomputer [news.com]. And even if it weren't, funneling whatever attacks the FSB might be likely to do through the Storm botnet would provide excellent plausible deniability.

Re:

[Viceroy Potatohead]

Instead, be cautious about that hot blonde at the gym who confessed a lifelong sexual weakness for balding guys trying to work off the desk paunch and who expresses a sweet naivete and engaging curiosity about how, precisely, you do your job.

Umm... ahh... Would you mind asking her if she has a sister?

international whac-a-mole

[damn_registrars]

Personally, I don't think the solution lies in national-level action. It lies either in economics

I agree with you on that one. Spam is an economic problem, and as I've said before [slashdot.org] it needs an economic solution. We can keep playing whack-a-mole with the spammers and their spam, or we can actually do something to get them out of the spamming business.

So far, whack-a-mole as been the much more popular option, based on the enormous number of spam filtering programs on the market right now.

be careful what you wish for.

[goga_russian]

"I don't doubt there are hitmen in St. Petersburg who could be hired to finish these folks off in a particularly gruesome way..." you are misinformed, there have been a few spammers beaten to death and some shot. look it up some made the news because of the amounts of blood and guts that were left all over the place. oh, welcome to Russia :)

Re:

[DrVomact]

It would take an unusually bold person to organize such an...er...extralegal form of negative reinforcement of the meme, but if I saw one, I'd hit his PayPal button.

Really? Have a taste for polonium, do you?

Naah, isolate instead

[gorbachev]

I've said this before, so excuse me for sounding like a broken record.

What needs to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

The reason why I'm advocating this is because what the Russian cybercriminals are doing is not just criminal, but more importantly threatening the Internet infr

Re:

[umghhh]

Besides the fact that blocking whole countries is a bit over the top how on earth are you going to convince anybody of power to do such a thing?
There are chances that USA may have to be acting alone. Even if all western countries kept together the whole world of internet is now much bigger than that. Considering the fact that Puttin or generally Russia is on a shopping spree and buy western politicians when it fails it blackmails them into submission. It does not even cost so much to buy say a german chance

Re:Naah, isolate instead

[Dogtanian]

What needs [my emphasis] to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

Really, do you actually think about the practicality or plausibility of implementing your ideas in the real world?

This not only *won't* happen (as you acknowledge) but *can't* heppen without locking down the US's (or whoever's) part of the Internet so much that the cure will be worse than the disease. Even if you stop direct links to the US net, you won't be able to stop every peering point between Russia and elsewhere. It's going to be impossible to stop indirect traffic. Criminals will just figure a way around your idea of blocking Russian traffic that hides their true location. Since they have access to lots of compromised PCs in numerous countries that's one obvious route. The other obvious solution is to cut a deal- "legal" or "illegal" by whatever measure- with a third party in a third country that isn't blocked. Good luck figuring which connections are legitimate and which are proxies for the criminals.

And even if you block all *those* countries, they'll do it in two hops via a fourth country- so unless you have a 100% agreement between "good countries" and they have a 100% watertight block against traffic from the "bad" countries, you can't do it.

I'll tell you now that (a) You won't get such an agreement and (b) If you did, you still wouldn't be able to make sure that those countries' defences were watertight to your standards. So the only way to get what you want is to block all non-US traffic (assuming you live in the US) to an incredible degree. And this still probably won't work.

Your naivety and the flaw in your argument can be summed up by this phrase:-

the responsible part of the Internet

As if the Internet can be obviously (and easily) partitioned off into "responsible" and "irresponsible" parts! Even if it could, so long as either "part" is too big too isolate completely from the other, you can't stop traffic flowing. Therefore, there's only *ONE* Internet.

And it's not like that; the whole thing is just shades of grey; the US part might be more "responsible" by your measure, but it's still far from perfect.

There just has to be a better way of protecting the network from bad actors who are hellbent on destroying it.

Yes, and your easier-to-come-up-with-on-Slashdot-than-it-is-to-actually-implement-it idea isn't one of them.

the next alternative is diplomatic isolation. They don't do something to curb the fastest growing criminal activity in the world, well, gee, Vladimir, you don't get to sit on the Security Council

Yeah, it's that simple when you're a tough-talking behind-the-keyboard would-be-diplomat/politician.

Bottom line, I'm not justifying what Russia is doing, or how they're behaving, but your solutions are naive and clumsy in the extreme. The West isn't going to isolate Russia further (which Putin would probably be quite happy with) and risk escalation of political and military tensions simply to stop some crime which- although admittedly serious and large-scale- still doesn't warrant anything like that risk.

ballrooms in Geneva and you can most certainly kiss that EU membership you so want goodbye forever. And don't even think of vacationing on those nice ski resorts on the Alps Russians are so fond of. Visa denied.

Oh noes!!!!!11111

And that's why you're neither a diplomat or a politician. You think that such petty retribution would work and Putin would say "You're right! I'll do exactly what you say". Not a bloody chance. This is just the Slashdot equivalent of some guy down the pub/bar saying how he'd put the world to rights.

Putin would set his face against the West further (wh

Re:

[gorbachev]

I'm fully aware nothing that I propose is ever going to happen (unless the Russians do something REALLY stupid). We will continue bleeding money to Russian criminals, who give some of that corrupt Russian politicians, who in term protect them from prosecution from the victims. I suppose everyone's just gonna be happy about us feeding the Russians.

However, I'm just gonna pick a few things to comment on from your response where I disagree.

I understand your points about the difficulty (impossibility) of cuttin

Re:Naah, isolate instead

[Dogtanian]

I'm fully aware nothing that I propose is ever going to happen

Sorry to break this to you, but whilst political apathy on this issue may be a problem, it's not the main reason your suggestion should (and would) be ignored. It's because it's badly thought out and unworkable.

You don't have to be 100% successful with cutting them off the net. Just enough so that it's going to be very inconvenient for Russians to access anything outside of Russia.

I don't believe that you'll be anywhere near 100% near successful; I believe that you'll just succeed in blocking everyday Russians, and the criminals will pay money to people to get them through.

Putin and the like will be quite happy to see ordinary Russians cut off from external sources of information; they've already tried to shut down as many dissenting voices as possible, but the Internet is harder to deal with. They'll also be able to paint it as Western aggression and mistreatment when they don't get things their way. Double whammy for them!

So even if you think that inconveniencing ordinary people in this way will indirectly pressure the Russian government, it won't. Quite the opposite.

At what point do we stop accepting their harboring of their criminals? There's gotta be a line somewhere.

As I said, you assume criticism of your solution == non-acknowledgement of problem. This is not the case.

My post was a criticism of a transparently bad idea, and I had the gut reaction that it would be taken (by you or someone else) as a rejection of the problem itself.

Simply going with a bad and workable "solution" simply for the sake of doing something in the absence of a better idea is A Very Bad Thing. As I already pointed out, your solution would be *worse* than the problem anyway.

I suspect that people have already come up with better ideas than yours, which they (having greater insight into the issues) nevertheless concluded were flawed.

Re:

[Kent Recal]

Yeah, right, let's cut off Russia. And when the bot operators move to china then let's cut off China. And when they move to the US, then let's cut off the US!
Amazing idea, very well thought out.

Oh wait, I have a different idea.
How about forcing Microsoft to finally secure their goddamn OS so that this worm-crap just can't spread like hellfire?

Re:

[shutdown -p now]

What needs to happen is cutting Russia completely off the net. Cut them off at every peering point they have, and if someone (China) still continues routing Russian network traffic, block the Russian network traffic where it's being passed onto the responsible part of the Internet.

So, you're essentially proposing for the USA to build the Great Russian Firewall from the outside, which is something the Russian government itself is still planning to do... why, thank you... there are very few trustable informa

Re:

[gorbachev]

"And they reroute through africa, europe, asia. You're going to cut all of them off? "

Well, no. If you had read what I wrote I said you cut Russian network traffic at those points.

"What billions of dollars?"

*sigh*

Re:

[jamie(really)]

Indeed. Because the US Government would never involve itself in any operation overseas where virtual property is lost or stolen. No, the US administration prefers to make sure *actual* property and *actual* human life is lost or stolen, and then give out contracts to its buddies to rebuild.

While you're worrying about your mom getting a virus, think about the parents in Iraq worrying that their kids will be catching one of the unexploded cluster bombs, or getting raped by some US soldiers.

What is the US's

Re:

[jamie(really)]

Ah yes, calling for an invasion in response to network attacks "seriously" is "Insightful", but pointing out that we're already doing much worse is "Troll".

You must be sick in your head ...

[YeeHaW_Jelte]

... to even suggest going to war with Russia over something this trivial.

As are the folks that moderated you insightful, I'm lost for words here.

Even killing these Russians for this, as one of the other ppl in this thread suggest is seriously f**ed up.

I hope it's only your age showing ...

You've heard of Germany, right?

[Infonaut]

Americans killed millions of Italians and Germans in World War II. Can't get much whiter than Germany.

Reminds me of the '20s in the US

[coolmoose25]

Except in this case the Federal Gov't doesn't send in Elliot Ness... It sends in... well... nobody.

Re:

[Anonymous Coward]

Ah, you know Snake's already been dropped in to take care the problem. Ocelot is probably slowing him down.

The CIA's been making some noises about 'cyberwar'

[KublaiKhan]

Does this count as 'cyberwar'? I see great potential for making lots of money^W^W^W^Wpatriotically serving the country by grafting in a Bureau of Cyberdefence into the Department of Homeland Security...

St. Petersburg...

[MiniMike]

According to Google maps, St. Petersburg is well within 220 miles of international waters...

If they can get exact coordinates, I can think of a (firing) solution [slashdot.org]

Don't forget though ..

[apankrat]

.. that you are in a firing range of nuclear missiles.

Re:

[Sta7ic]

Fun, but a projectile traveling at Mach 8 will take out the windows in most of St Petersburg, including any and all churches. It'd likely also take out three or four buildings before coming to a stop ... a little much collateral damage to whack someone running a botnet.

Re:

[shutdown -p now]

I would highly recommend against it for certain [wikipedia.org] good [wikipedia.org] reasons [wikipedia.org]. Russia is not a true superpower anymore, but it's certainly not (yet) a paper tiger, either.

Is this cyber warfare?

[RLiegh]

Seriously ...could the whole point of this -from the Russian perspective at least, be that they can use or hire their local blackhats to wreak economic and/or civil damage (eg what happened to estonia) pretty much at will?

I'm not saying that's what Russia is actively doing -but what incentive would Putin have to dismantle a tool that could be used so effectively against his -and russia's- enemies?

Re:Is this cyber warfare?

[moderatorrater]

I'm not saying that's what Russia is actively doing

Actually, I'd go ahead and take that step if I were you. Allofmp3 was shut down by the Russians for doing something that was borderline legal in Russia. We have hackers doing something that (I presume) is illegal in Russia not being shut down by the Russians. While it's possible that it just so happens that a group of hackers working for the Russian mafia just happened to create a worm with great strategic importance to the Russians, great enough to withstand pressure from the international community, I find it more likely that they actively supported it.

Re:

[YeeHaW_Jelte]

The 'attack' on estonia turned out to be by a 22 year old estonian which probably had no involvement whatsoever with the Russian government. Sorry no link read it in my local deadwood news source.

If they know where it is originating from...

[bagboy]

why not blackhole the source IP blocks?

Re:

[bastafidli]

I completely agree with this approach. Honestly how many websites there are in Russia majority of users in US us?. Unless they are Russian expats the number is very low. I think ISPs should provide this feature when by default certain high risk regions would be blacklisted by default. Users who are still interested in accessing nodes in these regions could opt-in an be placed on some kind of VPN isolated from other users of that ISP. By letting ISPs deal with this, US goverment can also wash their hands si

Re:

[genericpoweruser]

I'm assuming that when you say blackhole you mean block their IPs throughout the US. Actually I think that's a pretty decent idea--far better than killing people. However it's not that simple because the viruses have already spread, so we'd need to come up with a way to stop all of those, which can be done. The trouble is that we would also have to convince other countries to block them too or the attackers might use a proxy from them.

Re:

[EriDay]

At this point it's not about stopping existing malware, it's about getting the Russian government's attention. When Putin's mistress can't buy her bling on ebay. She won't be happy. When Putin's mistress isn't happy, nobody's happy. Multiply this by 10,000,000.

Re:

[witherstaff]

If only the FBI knew they could blackhole an IP with a click of a button [slashdot.org]

These sorts of stories...

[jd]

...are always a little suspicious. Either the person/gang is pretty obviously a very minor fish in a pond filled with Megalodon sharks, or the person/gang is conveniently impossible to reach. Not that this won't happen, but it's pretty much public knowledge that international gangs operate in the US and Europe with impunity. The odds that this one gang only exists in this one place doesn't fit what is known about Russian gangs or, indeed, what is known about cyber organizations of any kind. This sounds far too much like a call to inaction, a bid to avoid doing anything serious.

(Besides, if a minimum level of computer security was mandated, and critical machines were kept off public networks, cybercrime, worms and viruses would be reduced in quantity and effectiveness. The Government has a position open for Internet Czar - why is it not filled and why isn't it being used to push the importance of network security? Hell, I'd put in for the job if I thought I'd have a whelk's chance in a supernova of either getting it or getting heard afterwards.)

Re:These sorts of stories...

[PCM2]

They also have many of the earmarks of urban legends. "We know exactly who is responsible" -- OK, then, what are their names? Where are their photographs? Surely the Russian government wouldn't deny a simple request for criminal conviction records, if we asked nicely. If that's too much to ask, then what are the names of the agents at the FBI and other U.S. law enforcement and intelligence agencies who have information on the perpetrators? Are they unwilling to speak anonymously, even?

Just because a few people conspired to do something doesn't mean your explanation is not just another conspiracy theory.

Re:

[jd]

Which is why I said that it does indeed happen. It really does. Government activities, especially, tend to be highly secretive and Governments around the world have all been guilty of crimes. The British Government last year admitted to torturing and murdering German civilians in an undisclosed prison in London shortly after World War II. Notice the "after" bit. At least one political refugee in London has been killed by a poisoned needle on an umbrella. The South African Government provided a journalist's

Upcoming season of 24!

[ScentCone]

Now we know where Jack Bauer's headed next. Unfortunately, there's a lot of vodka available there. Hmmm. Dangerous! Just Jack's style.

Paranomocracy: Criminal Rule

[Doc Ruby]

"Paranomocracy" is rule by criminals, as first used by Russian Ouspensky [wikipedia.org] in a 1919 letter describing what he also called "kakourgocracy" the new Soviet rule by criminals.

But that could apply

[msimm]

to any government.

Yup

[bogie]

Russia is pretty much telling the US and everyone else to go F*** themselves these days. There was that slight glimmer of hope that things would work out not too long ago, but alas that didn't come to pass. Hey, but at least we both believe in having a strong President who wields unlimited power. That's a good thing, right?

Re:

[malkavian]

Actually, they're not telling anyone where to go.. Instead they're making sure they control as much of the energy supply as they can (a significant amount), and work with as great a versatility as they can. Think the US a hundred or so years ago. Large amounts of lawlessness, no real restrictions on doing things, people were trodden on in the path to making a fast buck.. Part of that shady history meant that people could copy ideas, and make them better, with no real downside (patents? Copyright? Pfft!)

Gee, imagine that

[WindBourne]

We have high level gov. officials who are corrupt. Welcome to America^h^h^h^h^h^h^h France^h^h^h^h^h^h China^h^h^h^h^h Russia.

Re:

[shutdown -p now]

We have a government consisting entirely of corrupt officials. You Americans and Frenchmen are so behind the times. :)

News flash 100 years from now

[Bryansix]

100 years in the future:

The Freedom of Information Act has finally made available the reason by the mysterious disappearence of the Storm Worm Botnet. We learned today that operatives from the CIA, the Navy Seals and Mossad took down the Russians responsible for the botnet; all without Russia ever knowing. How this feat was accomplished is even more amazing then the fact that it was. More at 11.

Re:News flash 100 years from now

[Teflon_Jeff]

In unrelated news, there are troubling reports of a new Storm Worm coming from mars. Random slashdot posts have appeared stating "In soviet Mars, The planet reddens YOU"

Agents are exploring a correlation. Slashdot has already modded them down as trolls.

in soviet russia

[circletimessquare]

your computer GIVES viruses!

Malware is not like drugs

[00_NOP]

I'm sure I read recently that most of the machines infected by the worm were in the US. So trying to cut off Russia isn't just stupid, it's not going to fix the problem.

But malware is not like drugs - no user of an infected machine is hooked or needs malware. So they have a direct incentive to fix the problem. Especially if their ISP started to get heavy with them. We can kill this off at source.

For sure, zero day exploits are another matter. But one thing at a time.

Knowledge over security?

[esocid]

It seems to me that the spread of these malicious worms is more due to a person falling into the trap of actually getting the worm or trojan installed in the first place. Far too many people are click-happy in their emails about whatever the catchy subject might be, and hey look there's an attachment too. I'm not saying I've never gotten something installed but it was due to my acknowledgment that where I was traveling could contain something malicious:warez. Security could help the problem but there will a

Wrong city?

[greg_barton]

Redmond was fingered as the host city for one of the Internet's most profligate and cyber-crime enabling operation...

Re:

[greg_barton]

Malkovich?

Russian Law?

[rueger]

Ok, I actually read TFA, and what's not mentioned is whether or not these actions are even illegal in Russia. Just because something is against the law in the U.S. does mean it's illegal everywhere in the world.

Re:

[rueger]

Damn! Preview THEN submit.....

Just because something is against the law in the U.S. doesn't mean it's illegal everywhere in the world.

Re:

[bjmoneyxxx]

my common sense filter must have been on, thats what I read when I saw the GP.

Re:

[russ1337]

Ok, I actually read TFA, and what's not mentioned is whether or not these actions are even illegal in Russia. Just because something is against the law in the U.S. does mean it's illegal everywhere in the world.

yet.

A horrible thought just occurred to me

[Conspiracy_Of_Doves]

If the US government took down the people controlling Storm, wouldn't the US government then be in control of Storm?

*gulp*

Isn't it Kuvayev and company?

[damn_registrars]

I had read through the Wikipedia [wikipedia.org] page on Leo Kuvayev [wikipedia.org] that he may be (one of the?) main guy(s) behind the storm worm botnet.

Here's the reference to Leo Kuvayev having a role with the storm botnet [securitypronews.com]. Considering the massive amounts of spam that is pumped out for domains that he purchases, it wouldn't surprise me in the least.

Though according to his Crooked [mouzz.com]Registrar [pacnames.com] Partners [todaynic.com], he apparently lives in Finland. Though I somehow doubt that he really owns an entire Finnish city, as his address would have you believe.

Re:

[damn_registrars]

He could be living in Finland, as it is near the Russian, but could you give other sources than Wikipedia?

I was trying to find a public WHOIS server to refer to, but that is easier said than done. The speculation of him living in Finland is based on the registration data that he provides to the registrars when he sets up a new domain for his software piracy / counterfeit drugs / replica watches / internet porn businesses.

For example, a couple of the domains he has registered recently are "nnowsoft.com" and "softfactorysale.com". You can check these yourself via a WHOIS service and you'll see what I am

What's it like...

[jotok]

What's it like being Russian or Chinese, and working at an ISP or in law enforcement?

What's it like having some of the worst spammers and for-crime hackers living in your country, not giving a shit, and having the world think you're a bunch of assholes?

In the States we have our own problems, mostly the fact that our society is so open that law enforcement is not able to go after everyone (for now, anyway). But you just know that the equivalent entities in China or Russia just don't care. Homegrown hackers

Re:What's it like...

[Shados]

and having the world think you're a bunch of assholes

Well, technically in America we're familiar with at least THAT one too...

This is not really news

[s_p_oneil]

I'm sure that the authorities have known who was behind it for a while now. It's not that hard to figure out. I mean, it takes time to reverse engineer it and/or gather the data at the various points needed to trace it back to the source, but this botnet has been around for quite a while. It would've been news if they still had no clue who was behind it. Heck, it would've been big enough news to prompt me to try to reverse engineer it myself.

The Wormsign!

[zaguar]

We all know who is behind the Worm

It is the Muad'Dib!

I know who it was

[jrothwell97]

Mrs White didit, with the candlestick, in the drawing room.

(Or perhaps it was Mr Putin, with the laptop computer, in the server room.

Intrinsic freedoms/crime problem

[mapkinase]

It seems that at the current level of the developed countries they achieved the balance between the level of organized crime and necessity for maintaining freedoms. In other words, you cannot more successfully fight crime without suspending some liberties.

Seems like it's at least tolerated

[The Second Horseman]

If not actually protected. There have been situations where sites critical of the Russian government have had some pretty major DoS attacks launched against them. Why have the government do it when a gang you're ignoring will do it for you with the merest hint from some official? They do seem to care about plausible undeniability, at least to spare the sensibilities of Western Europe.

Government

[Plugh]

There are only two differences between Government and any other armed gang of thugs:
1. Every few years, you get an insignificantly small fraction of a say as to which of the gang members assumes control of the organization
2. The "Government" gang is believed to be perfectly legitimate by most of the populace

Just release the info

[KevMar]

Just make the info public and we will see how long it lasts.

I bet we could create all kinds of nice thank you messages for them.

A complex pattern of incentives

[Budenny]

One imagines there may be a complex pattern of incentives. RBN for these purposes should be considered a deniable branch of the Russian state.

The incentive to do it is to try out net sabotage techniques for possible later use in a controlled and deniable way. You don't have the potential embarrassment of trying to do it clandestinely and getting caught. You do it openly but deniably.

The incentive for allowing it is the hope that practice in defense will be more valuable than practice in attack, and that the net will evolve more robust defense systems than if you adopted state measures to prevent it. If you could even find any.

However, what should be somewhat alarming here is that a regime most of whose officials came out of the Soviet equivalent of the Abwehr or the SS should now be in power and conducting a sort of guerrilla war on the West. Never forget, the organizations these guys came out of murdered several times the numbers the Nazis did and operated a camp network many times the size of the Nazi one.

They are not people like us.

Non-US country with nuclear ...

[RockDoctor]

... arsenal large enough to sterilise the land surface of the planet ... doesn't give a shit about what the American government or population think.

Film at eleven.

Best argument for nuclear proliferation I've heard so far.

Re:

[morgan_greywolf]

More like:

In Soviet Russia, the RBN owns the government!

Those Cagey Bees!

[Jeremiah Cornelius]

Don't they know America has tougher TLA's than they can hope for? The US will be able to beat em at this game forever!