nanog mailing list archives
Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)
From: Kee Hinckley <nazgul () somewhere com>
Date: Wed, 12 Nov 2008 11:30:45 -0600
After reading this, and the (Washington Post I believe--I'm away from my laptop right now) article on this, two things are bothering me.
The article expressed a good deal of frustration with the (lack of) speed with which law enforcement has been tackling these issues. What wasn't clear was whether any attempt had been made to involve them prior to the shutdown. At the very least, it seems that this makes any prosecution more difficult. While it appears that folks did a great job of following the network connections--to nail the individuals involved you need to follow the money. Even worse, what if the FBI *was* investigating them already, and now their target has been shut down? Unless there was behind-the-scenes cooperation that hasn't been reported, someone (on either the technical or law enforcement side) was not behaving responsibly. This should have been a coordinated shutdown--simultaneously involving closing network connections and arresting individuals.
Secondly, aren't we still playing whack-a-mole here? The network controlled over a million compromised PCs. Those machines are still compromised. Since the individuals who controlled them are evidently still at large, I think it's safe to assume that the keys to those machines are still out there. If that's the case, then those machines will be up and spamming again inside of a week. The only thing that might delay that would be if the primary payment processors really were taken offline as well. I don't want to open the "counter-virus" can of worms. But how hard would it have been to identify the control sequences for those PCs and change them to random sequences? Shutting down a central control center is good news, but taking 1.5 million PCs permanently (at least until next infection) out of a botnet would be really impressive.
Maybe more information will prove me wrong, but right now this seems more like a lost opportunity than a great success. I was quite surprised to hear that so many operations were centralized in one place. I doubt that opportunity is going to come again.
Kee Hinckley CEO/CTO Somewhere, Inc.
Current thread:
- [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) Gadi Evron (Nov 11)
- Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) mike (Nov 11)
- Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) Brian Keefer (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) Kee Hinckley (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) Paul Ferguson (Nov 12)
- RE: [funsec] McColo: Major Source of Online Scams and Spams KnockedOffline (fwd) Nick Newman (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams and Spams KnockedOffline (fwd) Jason Ross (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams and Spams KnockedOffline (fwd) Jeff Shultz (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams and Spams KnockedOffline (fwd) Steven Fischer (Nov 12)
- RE: [funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd) Nick Newman (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd) Charles Wyble (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd) John Bambenek (Nov 13)
- Re: [funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd) Chris Lewis (Nov 13)
- Re: [funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd) Matthew Black (Nov 14)
- Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) Paul Ferguson (Nov 12)
- Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd) mike (Nov 11)