McColo Briefly Returns, Hands Off Botnet Control 242
A week ago we discussed the takedown of McColo (and the morality of that action). McColo was reportedly the source of anywhere from 50% to 75% of the world's spam. On Saturday the malware network briefly returned to life in order to hand over command and control channels to a Russian network. "The rogue network provider regained connectivity for about 12 hours on Saturday by making use of a backup arrangement it had with Swedish internet service provider TeliaSonera. During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia, according to ... Trend Micro. The brief resurrection allowed miscreants who rely on McColo to update a portion of the massive botnets they use to push spam and malware. Researchers from FireEye saw PCs infected by the Rustock botnet being updated so they'd report to a new server located at abilena.podolsk-mo.ru for instructions. That means the sharp drop in spam levels reported immediately after McColo's demise isn't likely to last."
In Soviet Russia (Score:3, Funny)
Sesame seed bun is on two all spam patties, special sauce, lettuce, cheese, pickles and onions.
Re: (Score:2)
Let's turn TeliaSonera into a smoking crater next (Score:2, Informative)
they should have terminated their contract with these assholes immediately instead of letting them back up.
Re: (Score:2)
What, you mean TeliaSonera? [teliasonera.com]
By the way, no one click on that link.
Re: (Score:2)
Damn you! No, I didn't click on the link, but now thanks to you, I've got beans up my nose. [wikipedia.org]
Re:Let's turn TeliaSonera into a smoking crater ne (Score:5, Informative)
It's not the data, it's the cooperation. (Score:5, Interesting)
This pretty much shows how certain ISP's help spammers. Particularly since they did not IMMEDIATELY bring up their backup link. Instead they waited until the weekend.
Re: (Score:3, Interesting)
Well, the issue is that as long as the spam doesn't originate from the ISP or the spamvertised sites isn't hosted on the ISP, it can be really hard in certain countries to get rid of a malicious customer.
Sure, in this case there's no doubt the ISP was very much a part of the evil operation, but some ISPs find themselves between a rock and a hard place if their customers only host nameservers or what turns out to be C&C servers because they might not be able to terminate the hosting contract prematurely
Re:Let's turn TeliaSonera into a smoking crater ne (Score:5, Insightful)
Er, you can't communicate with a botnet with a harddrive, you know.
Re:Let's turn TeliaSonera into a smoking crater ne (Score:4, Insightful)
During that time, McColo was observed pushing as much as 15MB of data per second to servers located in Russia
The massive amounts of data they were talking about were being pushed to other servers, so they could have done that work with a hard drive. However, it also says that the botnet was updated. Assuming that the botnet couldn't have been updated from those same russian servers, they could have done any number of things, including any number of regular internet connections to buildings nearby or satellite/cellular internet service.
I doubt, however, that the data center was a single point of failure for them. The idea that the malware builders can build massive botnets with distributed architecture that elude understanding by security researchers, but they can't figure out how to make it so that they can run it from a backup data center, seems unlikely to me.
Re: (Score:3, Insightful)
ISPs at that level don't really work like your home DHCP setup, you know. They probably own their own IP blocks, and can route them through whatever provider they choose.
Re: (Score:2)
teliasonera are huge (according to wikipedia they are transit free but with paid peering, what I tend to reffer to as a wannabe tier 1 ) and afaict they pulled the plug on this as soon as they worked out it was mccolo on the other end. I very much doubt there will be any serious repercussions for them.
Re:Let's turn TeliaSonera into a smoking crater ne (Score:4, Funny)
Nuke them from orbit. It's the only way to be sure.
Sadly, it's true :(
Re:Let's turn TeliaSonera into a smoking crater ne (Score:5, Informative)
Apparently TeliaSonera shut down the link as soon as they realised what was happening - the contract was through a proxy company.
See the Register [theregister.co.uk] article for more details.
So we can't really blame TeliaSonera.
Why the spamming bastards didn't just courier a hard drive to Russia instead is a mystery, though.
Re:Let's turn TeliaSonera into a smoking crater ne (Score:5, Interesting)
The article said they had to update the command & control data for the botnets. The 'nets won't let just any computer control them, and this Russian server probably wasn't on the master list, so they needed to get back online with their old DNS hostname first.
Re: (Score:2)
I think you are exactly right.
The delay in bringing up the backup server was probably because they were waiting for the old IP to get flushed out of DNS server caches. They probably knew it wasn't going to last long before they got shut off, so they wanted to make sure every bot could find them while they were up.
Uncongested Relief! (Score:5, Informative)
Re: (Score:3, Insightful)
I wish I could have one pointed out and slap them up side the head
While we're having wild fantasies, I wish I had a time machine to go slap the idealistic hippies who originally designed the fledgeling network with practically no verification or security ON PURPOSE.
Re:Uncongested Relief! (Score:5, Insightful)
Speaking of wild fantasies about idealist notions... Ever wanted to be paid for work that wasn't asked for or justified at the time?
Re: (Score:3, Insightful)
> I almost forgot what life is SUPPOSED to be
> like without a clogged sinus of an Inbox. Damn
> spammers!
Why are you blaming the spammers?
Spammers will exist and profit until everyone on the Internet starts treating their e-mail addresses with the same privacy and regard that they extend to their home telephone numbers.
If you were to walk around town posting your phone number in every corner shop window with a demographic profile of yourself attached, would you then blame sales drones who called you
Re: (Score:2)
Alas... (Score:5, Insightful)
This is an example of the old saying "The Internet treats censorship as damage and routes around it".
Unfortunately, this is happening for the bad guys as well as us.
Re:Alas... (Score:5, Funny)
The Internet could route around McColo too, if say, it were burned to the ground in the middle of the night. Or barring that, some 'hard pipe-hittin' thugs' somehow gained access to the building and went on a smashing spree. Anyone want to set up a donation box to hire somee thugs?
After all, what's this doing for us? It sounds almost like..well..treason! A foreign power is accessing systems in the United States and is using those systems to infect/enslave other systems. I wouldn't shed a tear if a black ops detachment traced the stuff back to its source and C4ed the offending equipment/operators in Russia or wherever they're coming from.
This just in! (Score:5, Funny)
this is great news (Score:4, Funny)
My penis thanks them, my very very large penis which is located in a recently refinanced home, that is.
Now as soon as my good friend MR AUSTINE OWOH is able to complete the transfer of my long lost uncle's estate from probate in Nigeria to my onshore checking account, I will be perfect, perfect with a very very large penis, that is.
Final Solution: (Score:4, Insightful)
Re: (Score:2)
I'd settle for a Grand Slam-sized bomb casing filled with a fuel-air explosive or cluster bomblets.
Nice use of Godwin, there. ;-)
So who was the smart guy (Score:2)
Maybe is good news (Score:2)
Russian C&C is Actually Less Desirable (Score:5, Insightful)
C&C server blocked by ISPs? (Score:4, Informative)
It appears that the new C&C server listed in the article, 62.176.17.200, has been blackholed by my ISP's routers. I'm on a Qwest "business/office" ADSL line. Any similar reports from other ISP's?
Or is it actually down?
If most American ISPs are blocking it, Rustock is dead, or at least in a coma. TFA implied that the IP address was being distributed to the bot, not the domain name.
Re: (Score:2)
The traceroute shows the connection dying before it even hits the trans continental cable. If it was down it would at least get to russia. I think ISPs are blocking it, and rightly so. AT&T DSL btw.
Re: (Score:3, Informative)
Dies for me at my ISP's border router; I've never seen a traceroute die so fast. Only 2 hops before it goes dead. It makes me think that the global BGP tables are blackholing the subnet.
I checked a bunch of BGP looking glasses and they all report "Network not in table", as in there are no global routes for that IP address.
--Quentin
Which Federal Wirefraud Law Did McColo Just Break? (Score:2)
So, the dickheads at McColo went out of their way to reopen a link, just in time for their Russian Mafia buddies to rehost their shit. Thinking of research topics off the top of my head, I wonder if I could match the actions at McColo to 1) Wire Fraud, or 2) RICO. A conviction on either leads one straight to a Federal Pound-You-In-The-Ass prison, and no parole.
Re:Which Federal Wirefraud Law Did McColo Just Bre (Score:4, Interesting)
I realize that there are others who are already more than knowledgeable about McColo. I just wanted to add an observation from a look at McColo's "about" page archived on the wayback machine: the site designer links back to a Russian domain, and the corporate address is a drop box in Delaware. It wouldn't surprise me if the only US-based "employees" were a handful of independent contractors swapping equipment out at the San Jose data center.
A better solution is available (Score:2)
Shh, can you hear that strange noise? (Score:2)
(I was going to write "solutions" instead of software/hardware but they haven't actually solved anything, people are still and will forever be infected/bombarded)
Why was this allowed to happen?! (Score:2)
How did they get back online? Even if it was for just a short time, being able to re-activate their botnet this way?
I am rather "done" with the question about whether or not it is immoral to go vigilante on their asses. It is immoral to let things go on without doing anything about it and so you're damned if you do and damned if you don't... but if you do, at least a problem will have been fought and maybe some useful difference made.
McColo isn't a real ISP (Score:4, Informative)
McColo doesn't seem to have been a real ISP. Or even a real company. They don't have a valid corporate registration in California or New Jersey. They were apparently a front for the spam operation, buying services from Hurricane Electric.
Their web site was designed by Vane [www.vane.ru], in Russia. They still have some connection to McColo. Go to the Vane site (preferably not using IE on Windows) and look at the icons of the various companies with which they are affiliated. Go to the row of vertical bars at the center right, second row. Mouse over the blank area just above the bars. You'll get some Cyrillic with "McColo" in Latin text. Click on the hidden link. This will take you to an animation which brings up an image of the McColo site. Items within that animation are clickable. A bit of work will get you to the number of McColo's "sales manager". But there's no way to order hosting on line; they were never really selling ordinary hosting services.
Re:Epic Fail. (Score:5, Interesting)
Let's say you rent some space anf open a small convenience store. You work hard and make a modest living. Then your landlord rents out the shop next door to a crack dealer who's thriving business attracts a swarm of lowlifes who destroy the neighborhood. Are you going to be upset with the neighborhood watch when they make a fuss, or are you going to be upset with your landlord?
Re: (Score:2)
Re: (Score:2)
And when your drug-dealer neighbors are right over the border outside your PD's jurisdiction and the other PD has no interest in pursuing it?
To continue the analogy.
Re: (Score:2)
And if it's not against the law right over the border?
Also, I should point out you ran with the hypothetical instead of reverting to the car analogy.
Re: (Score:2)
...if that doesn't work I'll just transform into Optimus Prime...
Good telco, that.
Re:Epic Fail. (Score:5, Insightful)
And if the police do nothing?
Re: (Score:2)
Life doesn't work that way. Dope dealer after dealer would flock to the complaisant landlord--despite the busting of the previous dealer--just like spam/malware pushers would flock to the complaisant ISP after one got caught.
And spammers are harder than drug dealers to prove guilty beyond a reasonable doubt.
If an ISP facilitates trespass on my computer, then the ISP is WRONG and should be stopped. That's my story, and I'm sticking to it.
Re: (Score:2)
Re: (Score:2)
Re:Epic Fail. (Score:4, Funny)
Re:Epic Fail. (Score:5, Insightful)
What's to prevent them from doing this every few months and leaving a trail of dead service providers in the wake of our new definition of "justice" as the botnet owners simply hop from one provider to the next?
That's simple - ISPs that value their continued existence will enforce their anti-spam/botnet policies rather than look the other way and take money from anyone who can pay. This isn't vigilantism, it's the upstream ISP dropping connectivity for contract violations when informed of the situation at one of their downstreams.
Re:Epic Fail. (Score:5, Insightful)
Sigh
Way to ignore the obvious facts here.
The ISP had the option of blocking off the spammers.
They did not. Eventually, ISP who do not stop spam will be disconnected. The ISP that supported this botnet SHOULD be a shambles, they became that when they decided not to stop their clients spamming.
What will prevent them from going to new ISP is that ISP probably dont like being put out of business completely.
This should be a salutory lesson for the next ISP that is told they are sending spam.
I see no ethical issues, unless you are a spammer.
But I suspect troll is closer to the mark.
Re:Epic Fail. (Score:4, Interesting)
The facts do not support the conclusions here! Fundamentally, the argument that people keep siding with is "it's okay to nuke an ISP that harbors spammers." This argument is made on emotion -- the frustration we all share about receiving spam and it's negative impact. Those emotions don't consider the unintended consequences, which is that innocent people can be harmed when this course of action is taken. The legal system in this country is heavily slanted towards keeping the innocents out of the line of fire at whatever cost; An ethical principle I happen to agree with.
The ISPs need to be held legally accountable for harboring spammers, which means using legal methods to make the cost of doing so high enough that they comply. By going through the backdoor and shutting off their connections, this weakens the entire market and the infrastructure of the internet at large -- because we are implying then that our personal ethics are more important than our legal obligations. What we're saying here is that agents in the market of providing internet services are free to excercise their own judgement -- which also means now they are liable for things like copyright infringement, or people passing child porn through their network, etc. It opens the door to accusations of selective enforcement, discrimination, and worse.
And calling me a troll, or saying that I support spammers, or that I am a spammer... Is a cheap way of ducking an uncomfortable truth.
Re: (Score:2, Troll)
First and foremost, you are not a we. You do not speak for me or anyone other than yourself, so stop using we.
You keep forgetting that McColo had a contract with it's ISP which stated that it would not support spam and malware and that McColo completely ignored that part of the contract.
What about McColo's legal obligations? What about McColo's legal obligations to the upstream providers to uphold the contract between the upstream providers and McColo?
Do you want to know what our legal obligation is? It is
Re:Epic Fail. (Score:4, Insightful)
In the words of Wikipedia, cite please. Because you're talking out of your ass.
You then claim that people are legally obligated to report ISPs to their upstream providers. I'm laughing, now.
Again, cite please.
It is also not anyone but McColo and their immediate upstream provider and the civil court system to mediate contract disputes, not anyone else. In fact, there's a concept you might want to learn about, "tortious interference", relating to third parties interfering in contracts between a first and second party.
Re: (Score:2)
innocent people can be harmed when this course of action is taken.
So what? This always happens. If we stopped doing things every time it could harm an innocent, we wouldn't do anything.
we are implying then that our personal ethics are more important than our legal obligations.
What you mean we, paleface? Anyway, what of McColo's legal obligations to its upstream? Oh yeah, they blew them off and got turned off.
Re: (Score:2)
I must agree while it seems more difficult this is a problem that must be fought both at the source and the target. Its one thing to go after bot net operators but someone should be going after negligent individuals who allow devices they are responsible for to become bots. I think the network must be managed. I think internet access SHOULD BE LICENSED, we don't let you drive a car on our public road without one because the hazard it would pose to others persons and property. We should not let you on ou
Re:Epic Fail. (Score:5, Insightful)
The problem is, once you give the government jurisdiction to decide who can and cannot use the Internet, they will use that power to further their own interests rather than yours.
No politician will ever vote to decrease his own power.
Re: (Score:2, Insightful)
People want drugs.
No one wants spam.
Your comparison of the two doesn't make any sense.
Re: (Score:2)
Re:Epic Fail. (Score:4, Insightful)
That's why your comparison doesn't make any sense. Drugs are a demand driven problem; attacking supply centers simply leads to more supply popping up. Spam is a supply driven problem; attacking supply centers leads to less spam.
If you really think that ISPs will continue to operate with gray customers, I guess you might think this is wack-a-mole, but ISPs have plenty of legitimate business and will have no problem ceasing doing business with spammers. This ISP didn't do that and learned a hard lesson. They were not a good-actor here.
Re: (Score:2)
It's the same exact problem.
Even if I pull numbers out of my ass and say that small % of the human population want illegal drugs, there's also a small population that responds to spam, sadly, wanting cheap viagra, etc.
The difference next to nothing.
Re: (Score:3, Interesting)
> Drugs are a demand driven problem; attacking supply centers simply leads to more supply popping up.
But if there wasn't a supply in the first place, there wouldn't be a demand problem... or so goes the logic. Attacking supply centers leads to higher costs as supply has diminished. Because the price is now higher, there's now more incentive for an agent to enter the market who can produce at a lower price. There's a few extra steps in this that make calling it either a supply or a demand problem a meanin
Re: (Score:2)
Why do you think I eventually stopped beating my wife?
Re:Epic Fail. (Score:5, Insightful)
if spam wasn't profitable nobody would be doing it
Not necessarily. Spam may not be profitable, spamming may be. If you convince someone to pay you to spam for them, whether or not the spam itself generates any profit, you hustled them out of the money.
So what's YOUR solution? (Score:3, Interesting)
Just let the spammers, malware pushers, and con artists clog up the net?
The real question is, who's protecting these scumbags and why? Why has it taken so long to do anything about them?
Re: (Score:3, Funny)
As long as people keep opting-in to running botnet nodes, we'll have this problem. Don't like it? Stop participating in the botnet.
Re:So what's YOUR solution? (Score:5, Insightful)
1. I don't have a solution, I'm just considering the ethical aspect.
What is unethical about pointing out MASSIVE violation of terms of service by an ISP to their provider? The ISP has a duty to obey the terms they agreed to, and if it can't or won't it gets cut off. Just like you or I would get cut off by our upstream for violating whatever agreement we may have in place.
2. I'd rather deal with spam, malware, and con artists clogging the internet than vigilantes blowing holes in it.
Considering the sheer cost of cleaning up this bullshit, I doubt many share the same opinion. And the intenet was designed to route around holes in it. Theoretically at least.
3. As to who's protecting them -- it's not a question of who but what. In this case, economics.
No. There are definately quite a few "who"s in this mix. Like the greedy bastards who look the other way while their customers commit felonies. They are accessories to the crimes of their clients if they don't cut them off for their criminal bullshit.
4. It has taken this long because until now people were restrained by ethical considerations prevalent within the community. However, a certain moral flexibility seems to be developing now out of frustration. This can only end badly.
Are you kidding? People have been black-holed for decades on the internet for stuff like this.
WHERE IS THE ETHICAL ISSUE WITH TELLING A PROVIDER THAT THEIR CLIENTS ARE IN GROSS VIOLATION OF THEIR ACCEPTABLE USE POLICY????
Or worse.
Either they need to act on it when its pointed out or they will find themselves having to screen their traffic for content because of some cockamamy law passed because they were KNOWINGLY looking the other way while the sold space to kiddy-porn traders after numerous people pointed it out.
Re: (Score:2, Interesting)
> What is unethical about pointing out MASSIVE violation of terms of service by an ISP to their provider?
Nothing at all. The problem comes when the upstream provider violated their contract with the customers that may have been using the service in accordance with the TOS but lost their service due to being in the wrong place at the wrong time. Which, if you want to split hairs, is principally the fault of the provider and possibly to a lesser extent the person reporting the problem because they provided
Re: (Score:2, Insightful)
The upstream provider's customer was McColo, dumbshit. It was McColo is the one that had contracts with customers and it was McColo that broke the contracts by getting itself disconnected from it's ISPs. The people at fault are McColo's management and the spammers, malware hosters, and other evil, criminal fucks.
The solution is to report bad behavior that violates Terms of Se
Re:So what's YOUR solution? (Score:5, Insightful)
Canter and Siegel were kicked off their ISPs in decently short order 14 years ago (1994) after starting to spam. See:
https://secure.wikimedia.org/wikipedia/en/wiki/Canter_and_siegel
Anyone familiar with the history of spamfighting will be able to point to numerous examples every year since then, of escalating size and complexity.
Vigilantism is acting extrajudicially AND illegally as a community group to right a wrong or combat a criminal. It's an inappropriate model here - the response was entirely legal. It was done by people who, contrary to your assertion, were openly identified and stood and stand by their information.
If people were assassinating botnet operators or burning McColo datacenters down, THAT would be vigilantism. This is just community response.
Re:So what's YOUR solution? (Score:4, Insightful)
The problem comes when the upstream provider violated their contract with the customers
They haven't violated their contract to their customers, they violated their contract with thier upstream provider. Completely different things.
that may have been using the service in accordance with the TOS but lost their service due to being in the wrong place at the wrong time.
I can sympathize but if you want to be a customer of an ISP that behaves so poorly that its own providers tell it to go to hell than I can't have much sympathy. You do know that the offenders are limiting YOUR bandwidth too right?
Which, if you want to split hairs, is principally the fault of the provider and possibly to a lesser extent the person reporting the problem because they provided false information. I say possibly because I don't know what information was provided.
No, the fault is ENTIRELY that of the ISP failing to police its customers' behaviour. The upstream provider has ZERO blame for enforcing its terms of service, and the reporting party doesn't either. Everything done was entirely legal.
Reporting party: "Hey I've notice a crapton of SPAM, viruses and malware coming from your IP block"
Upstream provider: "Holy Crap! Yeah that is way outside acceptable use"
Upstream cuts of the offender for violating their agreement.
What's wrong with that?
I am glad, then, that the decision is not theirs to make. Besides, most people think they're above average drivers too...
Actually the decision IS mine to make in places where I manage the network. I have numerous blacklisted IP blocks of known hostile networks and SPAM/malware sites. I protect my clients at the level I am governing. Higher up the chain, other net admins will be doing the same whenever an ISP doesn't smack down its malicious users.
Incidently, infecting systems with botnet crap is a felony. Has been for years.
You can't say they shouldn't help RIAA enforce their copyright by booting you off your connection for P2P, then turn around and say they should police people for spam. They're common carriers; It means they're not responsible, nor should they be. If we start down this road, the internet as we know it ends.
1) I never mentioned P2P or any of that crap but if I violate my ISP's terms of use they are free to cut me off
2) ISPs are NOT common carriers, educate yourself
3) They ARE responsible insofar as their provider's acceptible use policy is concerned. Violate it and get cut off.
Citation needed.
Wow, how long HAVE you been on the internet anyway?
Look, the solution here is laws not vigilantism...
Law: Computer Fraud and Abuse Act (among others) makes infecting systems to be part of a botnet a felony. Also things like the CAN-SPAM Act have criminalized SPAM. There are laws, but getting anyone caught and prosecuted when the are sitting in the middle of the Ukraine is kindof difficult.
Because the simple truth is no matter how good you are sooner or later you're going to fuck it up.
Not if all you are doing is telling a provider to "look over there" and they check it out and only act on it if what you say true.
The law ensures that when this happens, there's recourse. A vigilante will just disappear into the night with the words "I'm sorry" on his/her lips. And not only that, but the entire tone of your response rather underscores the need to get emotion out of this situation and the justice system is far better suited to this than your "Let's get a posse together and ride" solution.
The law does no such thing when the perpetrators are outside its jurisdiction. And there are no vigilantes as everything was done within the bounds of the law. Your ignorance is astounding. The tone of my respons
Re:So what's YOUR solution? (Score:4, Insightful)
Look, the solution here is laws not vigilantism... Because the simple truth is no matter how good you are sooner or later you're going to fuck it up. The law ensures that when this happens, there's recourse. A vigilante will just disappear into the night with the words "I'm sorry" on his/her lips.
The problem is that you're confusing this with vigilantism. This wasn't a single vigilante passing judgment and then disappearing in to the night. These were individuals reporting the crime to the upstream host. The upstream host then took that evidence, reviewed it, and acted on it using a very legal mechanism - their contract with the ISP. Law is being upheld.
Re:So what's YOUR solution? (Score:5, Interesting)
Actually, its my PROFESSIONAL duty. Good luck suing me for pointing out that you are committing a felony to your provider. I have the feds computer crimes department on speed-dial.
If a shit-ton of malicious crap and SPAM/malware are coming into MY client's network (causing ME and MY CLIENTS a material loss), or if my client's systems have been infected with a botnet controlled from YOUR IP space(a felony), it is your responsibility to address that when I tell you about it. If you don't I'll talk to YOUR provider. Or would you rather I call the FBI and tell them you're systematically attacking my client?
I don't even have to be involved actually, I can just tell MY client's providers (some of which are backbone providers) what I see coming from YOUR network and they have entire departments to deal with that type of shit. So you can fight Level 3 and Verizon for all I care. Your customers are attacking their customers, they can cut you off just as easily.
Re: (Score:2)
1. No, you are not considering the ethical aspects. You dont' seem to have any concept of ethics or morals.
2. Vigilantes did not blow holes in the internet. That statement shows your complete lack of understanding of the internet. They reported abuse of service and violation of terms of service. And, the upstream providers exercised their legal rights.
3. It was McColo that was protecting the scammers and spammers. Ignorance is what protected McColo.
4. No, it has taken this long because no one brought McColo
Not vigilantism (Score:2)
2. I'd rather deal with spam, malware, and con artists clogging the internet than vigilantes blowing holes in it.
Girlintraining,
I don't mean to insult you, but you are commenting from a position of ignorance on this topic. There was no vigilantism here. Illegal activity was taking place that also violated contracts between corporations. Third-party complainants contacted both corporations to complain of the illegal activity and contract violations. The corporations chose to dissolve their contractual r
Re:Epic Fail. (Score:5, Insightful)
If you have "malware" on your computer, your private data is already being exposed. It could just as well be a bot net operator whose combing through your data. Who'd you rather have digging through your infected computer?
Besides, the guys used possibly ill-gotten information that was true to convince the upstream provider to shut down the ISP. The experts didn't run into the data center, pulling plugs in a rage...though that might make a neat comic book. In truth, you should blame the upstream providers. Seriously, this isn't Governments running around meting out justice. This is companies listening to private organizations.
Re: (Score:2)
You didn't answer the question. By you being careless/clueless enough to become infected, your data is already exposed for anyone who cares to pay. Who would you rather have digging through your data?
And, by your poorly chosen analogy, researchers studying the malware generated traffic of your data back to the operators are "robbing the store".
Just because they're in a store, doesn't mean they're stealing. Hell, they may be trying to stock up on TP. I know I would.
Anyways, you're new here. Welcome to /.
Re: (Score:2, Insightful)
I think you missed the point -- often times, a system can become infected without the user taking any action. It can't be the user's fault 100% of the time unless the technology is perfect, flawless, and that isn't true. Neither of which addresses the issue of whether it's okay for someone to enter my system just because they flashed a "researcher" badge.
Re:Epic Fail. (Score:5, Insightful)
What are you smoking? Or rather, are you someone arguing a point without a clue.
Whether they had any legit customers is suspect. If they did, I'm sure they would have come to light very quickly.
No, your ISP will be notified about spam originating from its networks and they'll either deal with the user who is undoubtedly violating their TOS or the ISP's IP range will be entered into mail blackhole lists. Nothing new there.
Unlikely, and sadly you probably won't get punted off the net like you should. Instead, your computer will continue to be abused for the purposes of these criminals.
Your efforts to compare this to the drug war are completely irrational, as their causes and symptoms are wildly different. On top of that, there was no government involvement here.
Re:Epic Fail (Score:3, Insightful)
Yes, yes you did epic fail.
"legitimate commercial enterprise"
If you are so keen on this "enterprise", post your email address and we will see how you feel about getting a thousand spam emails a day.
Frankly, it is time that Russia was pulled into line on this matter. An international incident might be just the thing to do this.
If you allow your PC to be infected by trojans, your privacy just went out the door anyway. Why would you care if researchers looked at your stuff when criminals already can????
ITT: Spammers BAAAAAWWWWING (Score:2)
I assume this is a troll. The takedown was hardcore and more or less triple-damage win. Props to the guy from the Post are what is in order.
Re:Epic Fail. (Score:5, Insightful)
Well, frankly, yes. An ISP that turns a blind eye to such activities as accused, is just as good as helping the bad guys. And guess what... this is a war where almost anyone is willing to take casualties to end it. Now the innocent bystanders know they were dealing with shit for an ISP and have a big sign in front of their face to move to someone more reputable. It is a win for everyone, except the nefarious spammers/botnet operators that were put out by it. There is no sympathy for these folks.
Re: (Score:2)
I believe the phrase is:
If you aren't part of a the solution, you're part of the problem.
Re: (Score:2)
If you aren't part of the solution, you're part of the precipitate.
Re: (Score:2)
The innocent bystanders with perfect knowledge of the situation defense... I can't believe you got a +5 for trying to tell people they should know better. "My car exploded because of defective fuel lines!" "Well you should have expected that since everybody knows the manufacturer was poor quality."
Re: (Score:2)
Funny that - you're willing to take ISP's to task for turning a blind eye to spammers... But I bet you'd be the first to foam at the mouth if they shut down a file sharer.
Almost anyone without scruples or morals, maybe. Those of us with both disagree. We actually care about the ri
Re:Epic Fail. (Score:4, Insightful)
Wait, are we talking about the same "legitimate commercial enterprise" mentioned in this story, the one that apparently came back from the dead just long enough to pass off control of a botnet? If anything, this followup story proves that McColo's death wasn't just justified, it was long overdue.
Re: (Score:3, Insightful)
I wonder how all those security researchers feel after destroying a legitimate commercial enterprise and affecting a lot of people who weren't spammers.
RTFA. They reported TOS violations to upstream providers. It's not like they firebombed the data center. Furthermore, the presence of legitimate clients isn't that great a defense - lots of criminal enterprises have "fronts" that do legit business to mask the illegal activities.
Re: (Score:2)
The Epic Fail is simply describable as "Government - always slow, expensive, stupid, and with perverse unintended consequences"
That may sound glib, but in a nutshell that's what economists like Milton Friedman [wikipedia.org] and Murray Rothbard [wikipedia.org] based their life's work upon.
Re: (Score:2, Insightful)
They obviously aren't a legitimate commercial enterprise, though - their actions in attempting to transfer control of the botnet on Saturday prove this.
To use your 'war on drugs' analogy, they are like a bunch of dealers operating under cover of a pizza delivery service.
They get shut down, and people like you whinge because you liked their pizza, even though you never bought their drugs.
Get over it and choose a different pizza joint.
Re: (Score:2)
I repeat, how do you get "vigilantes"
Re: (Score:3, Insightful)
Wow. And here I was going to say that this latest development (if the previous ones weren't enough) seemed to be rock-solid evidence that the people who run McColo knew exactly what they were hosting, and should go to prison for a long, long time.
Re: (Score:2)
Reinventing government? (Score:3, Insightful)
In order to govern the net (and to coin another useless buzzword) we need Government 2.0.
Reinventing government? Let me guess...
1) Without that pesky Bill of Rights.
2) Online (where malware authors can take it over).
Thanks but no thanks.
Re: (Score:2)
The solution is to have a free for all, whereby vaccine writers are free to play by the same rules as virus writers.
Can I test out the "solutions" first on the network you manage.
Re:The solution is anarchy (Score:4, Informative)
Do you remember just a few years ago the "MS Blaster" fiasco?
Do you remember "Welchia" I think it was called. It was just that it removed Blaster and then tried to spread itself the same way. In the end Welchia was a troublesome for network operators as "MS Blaster" itself. It was terrible.
Re:How to stop internet crime (Score:4)
Re: (Score:2)
you mean your phone doesn't have a "Mark as Telemarketing" button?
Re: (Score:2)
Check the article for the IP address. Reverse DNS still resolves to that name, but it's not clear to me that forward DNS ever resolved.
Re:Can they hear me now? (Score:5, Interesting)
Please, dont do this.
These servers were plugged off on early monday (local moscow time), as soon we got contact with podolsk-mo. The networks of bad guys were:
62.176.16.0/22 (they got from local ISP)
91.200.144.0/22 (client's network)