My 4/24/11 Missoulian column
Last week, I covered the take down of the Coreflood “botnet” by the U.S. Department of Justice and the FBI, in conjunction with an organization called the Internet Systems Consortium.
In the past, botnets in Europe had been dismantled by officials taking over control of the botnet servers. But this is a first in the U.S.
In this case, the botnet control servers were in the U.S., and so the Department of Justice was able to get a restraining order against all the “John Does” (the owners and controllers of the botnet) and take physical possession of the servers).
The judge who granted the injunctions determined that “allowing Coreflood to continue running on the infected computers will cause a continuing and substantial injury to the owners and users of the infected computers, exposing them to a loss of privacy and an increased risk of further computer intrusions.” See http://www.justice.gov/opa/pr/department-justice-takes-action-disable-international-botnet
The temporary restraining order is interesting reading in its rationale for and the mechanics of the takedown. http://www.scribd.com/doc/52952028/TemporaryRestrainingOrder
Along with the FBI and the Internet Systems Consortium using the botnet against itself and telling the malware to turn itself off, one of the next steps – and another first – is finding the owners of the infected PCs and notifying them.
The FBI and Internet Systems Consortium are working with different Internet service providers to determine the individual PCs that are compromised by Coreflood and to advise the owners. This is done by monitoring the specific Internet addresses of the PC when the malware “phones home” to the control servers, now under the jurisdiction of the government.
Microsoft is also involved, and they included in one of their monthly Windows updates last week an update to their malicious software removal tool that will disable Coreflood.
All this brings to mind a question: What are the limits and boundaries of the FBI’s actions with criminals when it comes to personal PCs?
The Electronic Frontier Foundation said that taking control of the botnet and controlling user’s PCs is “… an extremely sketchy action to take. It’s other people’s computers and you don’t know what’s going to happen for sure.”
The long comment threads to online articles offer people’s fears that the FBI can do anything they want. Some point to the FBI’s own use of spyware in the past. http://archive.wired.com/politics/law/news/2007/07/fbi_spyware
What are the legal and ethical limits to fighting malware? What do you think of the FBI reaching out to PCs in order to disable malware?
This week in Mac Q & A: Set a New Home Page in Safari