Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Bitcoin Botnet Bug Crime EU

Police Reveal Tactics For Fighting Botnets (databreachtoday.com) 38

Botnet herders have sophisticated "disaster recovery" plans, according to speakers at a recent cybersecurity conference, with many splitting their botnets into smaller herds, making them more resilient. In addition, kierny writes: Researchers say these backup botnets are tough to detect, until gangs have already spooled them up and put them to use in major campaigns... "What we're seeing is the bad guys are starting to learn from this," said Steven Wilson, head of the European Cybercrime Center at Europol -- the EU's law enforcement agency...
Wilson said authorities are now gathering tremendous amounts of data by "sink-holing" -- forcibly redirecting the infected endpoints onto servers controlled by law enforcement. And he also reports that authorities have also successfully mined the blockchains of bitcoin transactions for information. Eamonn Keane, A detective from a cybercrime unit with the Scotland Police, added that authorities are also infiltrating dark net forums to bust bitcoin-using criminals. "Are law enforcement in there? Absolutely... We have a mandate to protect you in the real world; increasingly it's moving into the online environment."
This discussion has been archived. No new comments can be posted.

Police Reveal Tactics For Fighting Botnets

Comments Filter:
  • Now we can have long boisterous drawn-out laugh

  • Why So Hard? (Score:4, Interesting)

    by ytene ( 4376651 ) on Saturday May 14, 2016 @04:20PM (#52112667)
    Maybe I have misunderstood the practicalities of running a botnet, or perhaps there is something not quite "right" about what we're being told here.

    If you deploy a piece of malware that turns a PC into a zombie, that unit can only be useful after it has been programmed to do something for the botnet ringmaster. Typically, or so we're told, zombie's are used to send spam, maybe compute bitcoins, that sort of thing...

    But, since we know that in a large part of the western world [certainly in the UK] that ISPs are now required to keep extensive logs and copies of things like web searches, pages visited, emails received and so on, surely if law enforcement agencies are determined to stamp out botnets, then we should expect to see much greater successes than those reported...

    1. Flag any end-user PC that is originating SMTP port calls - workstations should be using IMAP or POP...
    2. Flag any end-user device that calls or polls known botnet "master" servers...
    3. Once a piece of malware is identified [for example emails with suspicious attachments] then work "out" from the point of detection - i.e. trace back to the originator of the email; look into any other emails sent with similarly sized attachments, etc, etc.


    We know, thanks to Snowden, that our governments easily have the capability to do all this and more. However, despite the fact that they certainly have plenty of evidence to know where all this criminal activity is coming from, nothing seems to be happening to crack down on it. I've always been a bit suspicious of the conspiracy theory that says the reason for the inaction is that had the authorities run round closing down gangs of cyber criminals quickly and easily, word would have gotten out about how powerful the security monitoring really was.

    But the curious thing is that we now know just how intrusive all the monitoring has become, yet we don't see any benefits from all the supposed safeguards being put into place. Maybe - just maybe - people would actually be less suspicious of authorities who made a demonstrable positive change in the on-line security of the general public...?
    • But, since we know that in a large part of the western world [certainly in the UK] that ISPs are now required to keep extensive logs and copies of things like web searches, pages visited, emails received and so on

      They may require it all they want, but as long as there is point-to-point encryption (as there with, for example, Google), ISPs can't see what your searches are or what you do on your encrypted web-mail servers. They can't record what they can't see.

      • by ytene ( 4376651 )
        You are quite right to point out the widespread use of encryption. However, SMTP is not encrypted by default, so ISPs would have the ability to grab unencrypted copies of email if they wanted to. Yes, there are solutions for secure email (S/MIME) but these are not yet widely implemented and (in my personal experience) are not implemented in an entirely transparent, consistent manner. In other words, S/MIME may not work if you're using a different email client to your mail counter-party... In other words,
  • Police doing actual police work is a Good Thing (TM). Listening-in on private communications has always been a crutch which only dulled down policing skills. Engaging with the community instead of trying to demonize people who make good locks is what police should be doing.
  • Have the Police considered prosecuting people for allowing their Microsoft Windows desktop computer being hijacked to be used in such botnets.

Don't get suckered in by the comments -- they can be terribly misleading. Debug only code. -- Dave Storer

Working...