America's 'Cyber Command' Is Trying to Disrupt the World's Largest Botnet (krebsonsecurity.com) 37
The Washington Post reports:
In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world's largest botnet — one used also to drop ransomware, which officials say is one of the top threats to the 2020 election.
U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity. But it is one way to distract them at least for a while as they seek to restore operations.
U.S. Cyber Command also "stuffed millions of bogus records about new victims into the Trickbot database — apparently to confuse or stymie the botnet's operators," reports security researcher Brian Krebs: Alex Holden, chief information security officer and president of Milwaukee-based Hold Security, has been monitoring Trickbot activity before and after the 10-day operation. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 million systems around the world. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets. "They are running normally and their ransomware operations are pretty much back in full swing," Holden said. "They are not slowing down because they still have a great deal of stolen data."
Holden added that since news of the disruption first broke a week ago, the Russian-speaking cybercriminals behind Trickbot have been discussing how to recoup their losses, and have been toying with the idea of massively increasing the amount of money demanded from future ransomware victims.
U.S. Cyber Command's campaign against the Trickbot botnet, an army of at least 1 million hijacked computers run by Russian-speaking criminals, is not expected to permanently dismantle the network, said four U.S. officials, who spoke on the condition of anonymity because of the matter's sensitivity. But it is one way to distract them at least for a while as they seek to restore operations.
U.S. Cyber Command also "stuffed millions of bogus records about new victims into the Trickbot database — apparently to confuse or stymie the botnet's operators," reports security researcher Brian Krebs: Alex Holden, chief information security officer and president of Milwaukee-based Hold Security, has been monitoring Trickbot activity before and after the 10-day operation. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 million systems around the world. Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets. "They are running normally and their ransomware operations are pretty much back in full swing," Holden said. "They are not slowing down because they still have a great deal of stolen data."
Holden added that since news of the disruption first broke a week ago, the Russian-speaking cybercriminals behind Trickbot have been discussing how to recoup their losses, and have been toying with the idea of massively increasing the amount of money demanded from future ransomware victims.
Botnets, eh? (Score:1)
You can say "Windows PC zombies", you know.
Re: (Score:3)
Don't underestimate the power of compromised IoT devices.
Re: (Score:3)
"Russian-speaking cybercriminals" (Score:2)
Re: "Russian-speaking cybercriminals" (Score:3)
... Or anyone who has access to Google translate and is smart enough to add some Russian text somewhere..
Re: (Score:2)
Sooner or later this is going to turn bloody (Score:1)
One of these days some criminal gang is going to hit a nation-state that won't think twice about tracking down the crooks and literally taking them out, either overtly or covertly.
Hey the anonymous coward button is back! Yeah!
Re: (Score:3)
The plausible concern about doing that against Russian organized crime in particular is that those organized criminals are probably well-connected to Putin and/or the rest of the Russian regime. It's a lot riskier to covertly assassinate someone if their buddies have nukes.
Re: (Score:2)
The thing about nukes is that they could ruin everyone's day.
Re: Sooner or later this is going to turn bloody (Score:2)
Only they can't track down the crooks, they could be anywhere behind any number of proxies. When the US says with confidence that a certain attack was North Korea, Russia, China, or Iran they are basing that on slim to no evidence. Maybe language hints in malware. Maybe time of day the botnet gets commands. Maybe not even that.
It's Saddam's weapons of mass distruction again.
Re: (Score:2)
You're not entirely wrong (Score:5, Interesting)
I'm in the field of cybersecurity. I've talked to the FBI agents who do this work and others in government, as well as the private sector. Your assessment isn't entirely wrong. Strongly worded, maybe over-the-top, but not wrong.
That said, communications and information is the new "battlefield". Just as at some point we needed an air force, because the air has become a battle ground, so too we now need to be able to do battle over fiber.
In the private sector, I try to help society in general be more secure; my primary responsibility is to my employer. My authority is limited to only my organization (other than the authority of persuasion and competence - you might decide to what I recommend because you think I know what I'm talking about). A government office can focus on broader security nationwide, and can have authority or influence more broadly than I can. So these government teams are needed even though most of them won't have the very best people. (Though the government DOES have a couple of very good teams).
You're right, though - from lowest-cost bidding and FOIA to the required public hearings and public comment periods required to make any changes, the US government is designed* to be fair, transparent, etc - not to be effective or efficient.
* Not that it's always fair or always transparent - it's run by power-hungry politicians. But the design of the system is intended to counteract sneaky politicians and bureaucrats, not to make them more effective.
Re: (Score:2)
Re: (Score:2)
You may have looked at tools to help find the "interesting" parts of logs. You may be using some. ALSO let me mention two related things. There is a research result that essentially says once the haystack becomes large enough, it's virtually impossible to find the needle. You're guaranteed far more false positives than true positives if you analyze too much data.
The way to deal with that is to analyze less data, less logs.
If you need to *store* or archive some log data in case you need to review it in the
Re: (Score:2)
With accuracy like that you should be a new reporter.
Re: (Score:2)
I see, I had misunderstood what you were referring to.
The problem I work on, which I thought you were referring to, is kinda the opposite. I have to find which of the 12 million files accesses on out network today might relate to malicious activity, if any.
Here are millions of records, every file anyone in the company accessed today. Find the hacker or malware.
Re: (Score:3)
It seems you're saying that the government cannot afford to pay the best IT recruits to defend the country against cyber attack because private industry pays them more (or perhaps because there are laws limiting the remuneration). The most basic function of government is to defend the realm. If they are unable to do this it's a national security issue. So they should pass laws that limit private industry's ability to outstrip government pay (maybe in certain critical sectors like space, cyber, military tech
Re: (Score:2)
Neverminding that none of that has a chance in hell of flying (and there are so many what could possibly go wrongs in there it isn't even funny), the problems go beyond that.
Many of the best in the field are, shall we say, much more "high spirited" than the military is likely to tolerate.
Re: (Score:2)
I agree, it's not going to happen. But I didn't say the military should hire these people: the government should and they should limit the ability of non-governmental actors to compete with them (in pay and hiring) in the interests of national security.
I don't see a difference between the government legally forbidding citizens from owning artillery pieces or nukes and the government legally limiting private companies/citizens from developing more powerful cyber weapons than the government has. It's much har
Re: (Score:2)
>But if that person can make 5-10 times more working for the government than any private company, I think they probably would do so.
See after a few years in private industry these guys often make more than senior officers and bureaucrats and we need lots of these guys. The egos of the bureaucratic elite would never permit a cubicle farm full of direct reports who each make more than they ever will.
Also they're unlikely to tolerate invasive lie detector tests where people get asked things like how often
Re: (Score:2)
The military used to have little problem recruiting people to work on projects like ENIAC and MULTICS. They had tons of direct commissioning programs, which still exist for 'cyber' as they have decided it will be called but they're not as big of a thing as they were.
Also there used to be a lot of similar programs for enlisted people to come in as e-5 if they had special technical skills, programming, electronics, etc. Now days most of these types of programs let you get e-3 after boot camp and then you
Your new law: All jobs must suck (Score:2)
Working for Washington sucks for a number of reasons, for hackers who are constantly thinking not just outside the box, but off the page. Government work is pretty nice if you're either stoned out of your mind, or have a personality reminiscient of someone stoned out of their mind, someone who wants to just veg out and watch the clock for eight hours a day.
Anyway, for super-innovative and creative people, government jobs suck. Your proposed solution is to make a law saying all jobs must suck just as much.
Re: (Score:2)
PS your proposal would not in fact cause me to work for the federal government, and I don't think many of my more qualified colleagues would either. Most likely, it would cause me to phone it in at work, while spending most of my day on side gig. It's also entirely possible I would just be doing another line of work, some generic programming that doesn't get the advantages of my particular skills. Why bother studying all weekend and late into the night to try to beat the world's best hackers when I could
Microsoft (Score:2)
"an army of at least 1 million hijacked computers" should read "an army of at least 1 million compromised Windows operating systems".
Re: (Score:1)
I thought they ARE the world's largest botnet! (Score:2)
I mean the whole point of a military hierarchy is that you obey without thinking for yourself. Organized S/M, so to speak. ;)
Re: (Score:3)
I mean the whole point of a military hierarchy is that you obey without thinking for yourself.
That's the opposite of the truth. If that's all we wanted we could switch to having a military that was mostly drones. They don't think for themselves, either, except to recognize targets. And even that isn't actually thinking, and they could easily get it wrong. We use humans because they can think, specifically because they can think that they shouldn't shoot something.
It's also illegal to follow an illegal order.
Re: (Score:2)
It's also illegal to follow an illegal order. [in the military]
Filed under "True but good luck winning your case."
The truth is that a person of almost any rank who tries to use that as a defense, regardless of the obviousness of illegality, is putting his career and his life at risk, with no reward-side value.
Re: (Score:2)
The truth is that a person of almost any rank who tries to use that as a defense, regardless of the obviousness of illegality, is putting his career and his life at risk, with no reward-side value.
They chose to take the job. Now they can do it right or be evil. If they didn't want to face that choice, they should have chosen a different career path. The fact is that joining a military has negative repercussions. The founders of this nation knew that a standing military was injurious to freedom, so they didn't create one. Then ol' "Town Killer" George Washington did so, and the rest is a long and bloody history of genocide and illegal war.
Re: (Score:2)
>It's also illegal to follow an illegal order.
This is mostly true but the average military person gets it drilled into their head that they don't know what they're talking about when it comes to military law. Which is true but often the superiors saying such things are even less knowledgeable being informed entirely by military myths, legends, and rumors.
If you refuse to follow a legitimate unlawful order you can expect to deal with a legal system that wants a low ranking fall guy (Abu Ghraib). At th
Can we block China already? (Score:1)
I run ssh on a non standard port and don't allow logins without a key. One address from China has been hammering away for weeks trying to login. 22,000 attempts and counting before I finally blocked it.