FBI Dismantles a Malware System That Took Millions in Ransom

The FBI said Tuesday that it has taken down a network of hacked devices responsible for extorting tens of millions of dollars from victims around the world. From a report: US officials described the network known as Qakbot as one of the most notorious "botnets" in the world, referring to computer networks that have been infected with malicious software so that they can be controlled remotely without the owner's knowledge -- often to send phishing emails. These emails can in turn be used to hack into victims' computer systems, which attackers will hold for ransom.

Qakbot was instrumental in enabling cyberattacks against businesses and critical services around the world, according to US officials, including hits on the San Bernardino County Sheriff's Department and hospitals run by Prospect Medical Group. The latter resulted in the closure of emergency rooms and medical facilities across the US. US officials estimated that, since its creation in 2008, Qakbot had infected around 200,000 computers in the US and 700,000 globally.

What about the people behind it?

[gweihir]

If they remain free, they can just build a new bot net. There are tons of Internet-connected devices out there with security that really sucks, starting with basically every Windows PC. Manufacturers need to do a lot better before this problem gets reduced to acceptable levels. Not that I am in any way opposed to these scum attackers spending some time behind bars and being financially ruined for life. But that is not enough.

Re:

[hdyoung]

If the FBI took the botnet down and publicly announced it, it’s cause they watched it for years, extracted as much intel they could from monitoring it, and concluded that they couldnt get any more useful stuff. They’ve already taken action against the people that they can reach.

Re:

[hey!]

Kind of hard to put these people behind bars when they're not in your country. They are likely to be in Russia or in other Eastern European countries where Russian speakers are common.

Re:

[gweihir]

A) Not necessarily.
B) With an international warrant they would need to be extremely careful while travelling.

My take is the FBI does not actually care and just wanted this press release.

Re:

[hey!]

There's an ICC arrest warrant out now for Putin. Sure he has to be careful traveling, but it's not likely ever to be served.

Re:

[ebunga]

Eh, they're using fully patched machines.

The real problem is that Critical Business Systems Shouldn't Be On The Internet, which also isn't feasible, because they require at least indirect access to the internet to receive patches. Then, these management idiots don't want to spend money for everyone to have a work machine, so they implement BYOD policies, so now your idiot horny cow-orker that went purnhob.com.ru and downloaded their age verification application which is required thanks to your state impleme

Re:

[sabt-pestnu]

A lot of patches are security patches. Which means: If your network is entirely off the internet, most of the patches aren't necessary.

But... as corporate IT is so very often remote, you're back on the internet again, the idiot cow-orker provides a bridge, and life sucks.

Re:

[Virtucon]

Actually, you don't need to be connected to the Internet to get patches and updates. Businesses need to review security updates and then apply them during their selected maintenance windows. This also means an inventory of each system and managing it as an asset with appropriate security and risk management around it. As an asset, there are tools and mechanisms for managing patches for air-gapped networks. Most of the time it's felt that it's a convenience to have corporate networks attached to the Internet

Re:

[TwistedGreen]

Businesses need to review security updates and then apply them during their selected maintenance windows.

LOL

Re:

[xack]

The fact that this got modded down probably hit a sore point in the Slashdot community. They claim to care about open source and its virtues but in reality they use Windows 7 and Internet Explorer. Enjoy funding North Korea and Russia.

Suplerative fail most likely

[laughingskeptic]

Love all the superlatives, but if history is any indication, "hindered" is probably more appropriate than "dismantled", "neutralized", etc. Not a single previous botnet take-down claim by the FBI has held up.