Kneber Botnet Strikes, Targets Gov't Agencies

Batblue writes "A botnet fingered for stealing a treasure trove of information last year has struck again, harvesting sensitive documents from dozens of government agencies and contractors, according to a pair of security experts. The botnet, dubbed 'Kneber' by Alex Cox, principal research analyst at NetWitness, was behind a campaign of fake Christmas e-mails waged two weeks ago against government workers. NetWitness deals in advanced threat detection technologies, and conducts post mortem network forensics for firms that have been hit with attacks or data breaches."

Ambiguous

[Monkeedude1212]

The botnet, dubbed "Kneber" by Alex Cox, principal research analyst at NetWitness, was behind a campaign of fake Christmas e-mails waged two weeks ago against government workers.

I'm pretty sure they are saying the Botnet was behind a campaign of fake Christmas emails waged two weeks ago, but when you feel the need to interject information twice with commas it gets confusing.

At first glance I thought they might be saying Alex Cox, the principal research analyst, was beind a campaign of fake Christmas emails. To which I thought "Well thats odd, why doesn't the summary say he's been arrested an charged then?"

Re:

[julesh]

I don't think it's actually ambiguous. I can't see a correct way of parsing it like you did (the only way I get to your interpretation results in an unterminated phrase that begins "the botnet, dubbed Kneber" but doesn't ever get a verb and is therefore invalid), but I can see how it can result in a backtrack, which is somewhat confusing.

The problem is, we use commas for two different syntactic purposes: to introduce a subordinate clause, and to introduce a parenthetical clause. It's use for both here. I

Re:

[blueg3]

Alternately:

The botnet, which was behind ..., was dubbed "Kneber" by Alan Cox, principal ...

The sentence used in the original isn't technically ambiguous, since there aren't two gramatically-correct readings, but it is confusing, because it's easy to misparse the sentence.

It'd be even better to split it into two sentences or drop the information about who named it "Kneber".

Re:

[Monkeedude1212]

This is probably a good reason to prefer parentheses over commas for parenthetical phrases, but for some reason I've never really understood this tends to be discouraged in formal writing. Rewriting the sentence using this punctuation style, it's perfectly clear:

The botnet (dubbed "Kneber" by Alex Cox, principal research analyst at NetWitness) was behind a campaign of fake Christmas e-mails waged two weeks ago against government workers.

Yes, exactly.

When you are talking to a programmer, and this site is literred with them, we eventually start to view the English language syntactically like we would any programming language.

Having a subordinate clause inside a parenthetical clause works fine when they don't use the same identifier. Otherwise they appear mismatched or unclosed.

Re:

[Farmer Tim]

...when you feel the need to interject information twice with commas it gets confusing.

This one sentence will make your head explode [austlii.edu.au].

Re:

[kdemetter]

...when you feel the need to interject information twice with commas it gets confusing.

This one sentence will make your head explode [austlii.edu.au].

Do something the Queen doesn't like and suffer the consequences ?

Re:

[Farmer Tim]

No, the "something" and consequences are quite specific, and it's not just Mrs Betty Windsor (if it helps, she doesn't like being called that, but I'm in no danger of being arrested for just typing it). The shortest summary I can think of is five words, or three and a number.

Re:

[Farmer Tim]

Only if you advocate use of force as a means of achieving it. Advocating it via legislative process is perfectly legal, and in fact Australia had a referendum on the matter in 1999 (the process was gamed by a monarchist prime minister, so we ended up with a proposed government model so odious not even the hard core republic supporters wanted to touch it).

The odd part about the monarchy in Australia is that the Queen is basically a rubber stamp, the duties are actually performed by the Governor General. Ther

Re:

[mcgrew]

Taco and batblue are nerds, not writers. Not that one can't be both...

Re:

[YrWrstNtmr]

The fact that you're proposing to run the world's business and decisions over the Internet, in reply to an article about people and computers on the Internet getting pwned via botnet, is especially funny.

Re:

[Anonymous Coward]

The article isn't about the Internet getting owned, it is about government agencies (controlled by politicians, managed by bureaucrats, maintained by hapless government workers and contractors) getting owned.

Politicians, bureaucrats, government workers, and government contractors are the problem, not just a random sideshow.

Re:

[YrWrstNtmr]

The article isn't about the Internet getting owned, it is about government agencies

I never said 'the internet getting owned', but rather people. The same people who would be involved in any decision made, be it in a city council office or over the internet. You know...regular people.

Too early to dupe

[Desler]

Isn't a bit early to already dupe [slashdot.org] this story? You're supposed to wait at least a week or two before duping something, Taco.

Re:Too early to dupe

[Monkeedude1212]

You're supposed to wait at least a week or two before duping something, Taco.

You know the site is going downhill when the editors can't even follow the proper rules for duping articles.

Re:

[dougisfunny]

What would be really amusing would be if someone else registered MichaelKristopeit360-399 and started arguing with MichaelKristopeit300-353, that you are in fact not MichaelKristopeit, and you are hiding behind his name. Cower some more/completely pathetic/completely offtopic/completely troll/etc etc.

Re:

[dougisfunny]

are you sure you're Michael Kristopeit, and MichaelKristopeit352 isn't?

Re:

[dougisfunny]

why do you cower? what are you afraid of?
Michael Kristopeit is stagnated.

Re:

[tibman]

Do you ever get phone calls from slashdotters?

Re:

[tibman]

I get that but if you are implying that anyone who sees your phone number and doesn't call it is a coward, that's crazy. I was just asking if anyone randomly calls you to discuss your comments?

Re:

[Monkeedude1212]

an intended act can never be random.

Why not?

I intended to flip this coin... is the outcome not random?

I believe tibman was asking if it ever seems out of the blue to you specifically, as in you were not expecting a phone call, but received one anyways, specifically from slashdotters.

If you don't want to answer the question, than just say you don't want to answer the question. Otherwise it comes off a bit... cowardly.

Re:

[tibman]

I called that number and you hung up on me, twice. So, i'm doubting it's really your number.

I wanted to discuss why you thought people are cowards for not calling you.

For anyone curious, it went like this:
Him: Hello?
Me: Hi, is this Michael from slashdot?
Him: I'm on a do not call list.
Me: Ok, but i'm just calling about your post on slashdot..
Him: bye *click*

Re:

[tibman]

My question to you was: Do you ever get phone calls from slashdotters?
Your answer: cowards tend to cower.
Then just incase there was a misunderstanding i re-asked: I get that but if you are implying that anyone who sees your phone number and doesn't call it is a coward, that's crazy. I was just asking if anyone randomly calls you to discuss your comments?
Your answer: an intended act can never be random. you're an idiot.

And i did say from slashdot to whoever is at that phone number.

You seem to only see the ne

Re:

[tibman]

Aww, cute. I do call back if someone just hangs up without saying bye. Random hangup is usually a d/c.

You do read a lot into my phone call, i'm glad it was memorable for you. If you want me to ever call back, you'll have to ask nicely though. Night.

Re:

[tibman]

Hah, you are borderline crazy man. I didn't demand identification from you, i asked the person on the other end of a number i've never called before if he was the person i thought he was. Ask != Demand

ID blocking is a basic feature that almost every phone has. Not everyone is so cavalier with their phone number as you. Feel free to do as you please. I do.

Anything else batshit insane you'd like to discuss? We could get back on topic and talk about botnets perhaps?

If you get lonely, you can post your pho

Re:

[Chapter80]

How do you moderate the story as -1 Redundant.

Maybe this one's not a dupe, the last one was a Precognition!

Re:

[mcgrew]

How do you moderate the story as -1 Redundant.

In the firehose.

This Just In!

[Lifyre]

This just in! The weakest link in the information security chain is the user! More at Eleven!

These are the people who run our government

[MoldySpore]

Yes, the same people that run our government are the same noobs who click fake eCards and run random .exe files attached to emails. Can ANYONE still wonder why our government is so screwed up, especially when it comes to technology and the laws/policies surrounding it?

Re:These are the people who run our government

[Anonymous Coward]

While I agree in part with your sentiment, the government employee pool is one and the same with the private sector pool. Target this attack to a private sector company and I'd bet similar results would occur.

Re:

[Nadaka]

I had a coworker that read an article on this and entered the example malicious url into her browser, a few minutes later IT came in and took her laptop away. She is the lead of our QC department. So yes, even smart and capable people do dumb things occasionally.

Re:

[Nadaka]

No, it is an example of dumb things. She is otherwise very good at her job.

Re:

[Sardaukar86]

yes, people who are capable of faltering on the side of trust have their fingers on the missile launch buttons that could destroy us all.

you'd rather some paranoid recluse who cowers behind a chosen pseudonym be given the responsibility?

cower some more feeb

...so said whilst cowering behind another ten sock-puppet accounts. In case it isn't obvious, this makes you the 'feeb'.

Oh, and as an aside, I always get a chuckle out of seeing your use of the word 'hypocrite'. It's almost as if the word was invented solely for your own personal, clueless use.

MichaelKristopeit's ignorance FTW!

Re:

[MoldySpore]

Agreed. But these are "government employees and contractors who work on cybersecurity matters." Meaning they are the ones who are supposed to be the ones stopping that stuff. Or, at least, they are in the IT industry. I'm a network engineer so I know what it takes to secure against this type of thing and it isn't hard. It's also not hard to KNOW, as an end user, what not to click on when it comes to spam and phishing attacks.

these are contractors and employees who work for the government on CYBER SECURITY a

Re:

[couchslug]

That's because our culture is bitterly anti-knowledge. Our masses enjoy shiny objects, but not being bothered with how they work.

Our government will remain fucked up because most of our people deserve that.

Re:

[John Hasler]

Yes, the same people that run our government are the same noobs who click fake eCards and run random .exe files attached to emails.

Yes, because the people that run our government are human. There exists no way to select superhumans to give power to nor any way to arrange for those who acquire power to become superhuman. People with political power suffer from all the failings and foibles of those without [1], which is why we should be wary of giving anyone power no matter how persuasive the argument for d

Re:

[yuna49]

The way to solve this problem is not to deliver infected emails in the first place. After all these years of development of systems for scanning email, no one should be getting infected attachments. I don't blame the endusers, but the IT staffs that fail to protect their users, and their organizations, from obvious threats.

Re:

[Sardaukar86]

People do not abuse political power because they are inhuman: quite the contrary.

Very well said.

It's interesting when an individual's humanity is questioned in response to their heinous actions.. such as a comment I heard spoken to a reporter who was garnering local feelings on the Egyptian Christian church bombing that happened recently.

The woman being interviewed said something to the effect that '[the terrorist bombers] aren't human, they're just animals'.

Although I wouldn't say our species is worthless, personally I find it a bit shameful that we (still) collectively consider oursel

Re:

[tibman]

A lot of people don't really know what they are talking about. In my organization everyone is required to take annual training about these things.. even if you aren't important. Here is the anti-fishing training: http://iase.disa.mil/eta/phishing/Phishing/launchPage.htm [disa.mil]

You have to complete that training and print a certificate annually or you lose access to the network. The government does take these things seriously. It's a small percentage of individuals who aren't paying attention to the training or

Why?

[present_arms]

I really have to ask this, but why the fuck do governments run any iteration of windows? seriously there are more secure OS's out there that than cope with anything the Gov needs, OSX, Linux, BSD. I've notice that in the world of operating systems, you get more the less u pay :D

Re:

[KillaGouge]

The same reasons companies still use Windows, vendor specific software that requires windows to run.

Re:

[erroneus]

Because Microsoft pays taxes... ...no? They don't? Oh. Then it's because Microsoft employs a lot of people who pay taxes... ...no? They send a lot of work overseas? Then it's because Microsoft uses lobbyists and other forms of influence peddling/meddling to keep government addicted to windows and microsoft products.

Re:

[MoldySpore]

Because in the end, it all comes down to $. Even though the product costs less (or is free in the case of Linux or something equally open-source) the man hours and cost of retraining an entire company, or the entire government in this case, would far outweigh the ease of just continuing the use Windows and getting to click on "OMGTHESEPICSOFYOUARESOFUNNY.EXE" every once in a while.

Re:

[Anonymous Coward]

A UID of less than a million....aren't you over karma whoring?

If you really are serious about what you said, you need to turn in your geek card

Re:

[mcgrew]

Bashing Microsoft is by no means karma whoring, and in fact may harm your karma. Hell, I've been modded troll and flamebait for daring to ask why anybody would buy anything from Sony after XCP and the linux removal gaffe, and Sony is far more evil than MS.

Lots of folks in Redmond get mod points. Bashing MS (or any company, sadly) is quite dangerous to your karma.

Re:

[present_arms]

yup all about the $$$ and back handers eh, oh well, I'm in the UK, I just know my private data in Government is safe (uh huh) and we all worry about FB and google, they have nothing compared to our relative Govs :P (our == UK, USA)

Re:

[tibman]

It doesn't just start with the gov though. You should also ask why universities teach mostly windows software and OSs. C# is taught over C++/Java/PHP/Python/whatever. Education is based on the windows platform.

Re:

[Theotherguy_1]

It doesn't just start with the gov though. You should also ask why universities teach mostly windows software and OSs. C# is taught over C++/Java/PHP/Python/whatever. Education is based on the windows platform.

Honestly, during my university education in computer science I haven't once been taught a Microsoft language. On the contrary, since my earliest intro classes I've been required to code in a Linux environment (my intro to C class even required me to code in either Vim or Emacs!). The languages I've been required to use are as follows: C, C++, Python, Java, SML, Perl, and Shell, all in a Linux environment.

In fact, the UNIX environment is emphasized so heavily at my university that in my free time I learned

Re:

[couchslug]

Government should run locked-down machines and give their users orders to conform to proper security standards.

We should remember that Federal employment is desirable, that anyone who has a job is fortunate, and that if they don't like their marching ORDERS they can get the fuck out.

The UCMJ provides for punishment for military personnel, and IMO we should run ALL Federal employees under a military-style chain of command and under military regulations. Don't like to serve the public as a professional?

We sho

Re:

[tsm_sf]

Your ideas sound like a great way to drive the truly competent government employees into the private sector.

You'll end up with a work force that matches the military population:

10% devastatingly clear-headed people
10% fantastically apathetic people
80% angry drunks

Re:

[couchslug]

If we get the same efficiency as the military, I'd gladly take the trade.

Re:

[AHuxley]

The US military lost track of ~2.3 trillion US $.
http://www.youtube.com/watch?v=OTwCRuwJc34 [youtube.com]
Now data is going too due to an addiction to MS via 75,000 computers.

Re:

[mcgrew]

We've had viruses and malware since *at least* the 16 bit days, and probably even longer than that.

If I remember a book I read about twenty years ago correctly (and I probably don't), the first virus was written on a mainframe sometime around 1970 as a programming exercise.

Malware makes the damn *headline story* on the BBC and CNN on a regular basis. You pretty much have to be willfully ignorant to not be aware that it exists.

People are ignorant and apathetic. That computer at work? Who cares, it's not my c

Security, lol

[MacGyver2210]

Further evidence that computer security is a myth.

Your ability to protect information from unauthorized consumption will always be inversely proportional to the desire of determined individuals to know that information.

If you really want to protect files, keep them unconnected to the internet. The only way to win is not to play.