Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system (Einstein 3.0)

[Bruce Ediger <eballen1 () qwest net>]

On Tue, 7 Oct 2008, Miller Grey wrote:

> What?  I think I missed something here.
> On Tue, Oct 7, 2008 at 1:53 PM, Bruce Ediger <eballen1 () qwest net> wrote:
> > On Mon, 6 Oct 2008, Valdis.Kletnieks () vt edu wrote:
> > > Hint 2: If botnets in home computers were so easy to shut down, why are
> > > there so many miscreants still using them for nefarious purposes?

I'll try again, more verbosely.

Let's suppose that botnets are indeed very easy to shut down.  That was
Mr Kletnieks' premise.

Yet we have a reality where many, huge botnets exist and get used
for nefarious purposes by RBN, the Rock Phish Gang, etc etc.  That was
Mr Kletnieks' conclusion.

Why hasn't some country's law enforcement or military shut down
all these botnets?  If it's easy enough, why hasn't some semi-rogue
MAE engineer done it?  Why hasn't Symantec done it, or Gadi Evron?

Because the military/law enforcement/intelligence agencies don't want
them shut down.  Those same military/law enforcement/intelligence agencies
use them for their own purposes, alongside RBN and Rock Phish and
the CyberMungiki and the 419ers from Lagos.

It's a lot like having the CIA getting the DEA to turn a blind eye to
cocaine smuggling into the USA in the early 80s.  Or the USA and the
USSR allowing "miliray attaches'" into diplomatic staffs in each others
country.

Of course, I jest. Botnets are insanely hard, nearly impossible to shut down.
And the NSA and FSB don't use them for their own inscrutable purposes.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/