My 5/08/11 Missoulian column
Sometimes, it’s tough to find out anything. And I’ve been trying to find out more about the Coreflood “botnet” takedown that I wrote about a few weeks ago. But without much luck.
I’m interested because of the unprecedented nature of the Department of Justice’s action against the owners: The FBI took over the central computers that were once controlled by unknown criminals. The FBI replaced those servers with their own, with the help of the nonprofit Internet Systems Consortium, based in San Francisco. http://www.isc.org
Once that happened, the FBI and Internet Systems Consortium were able to turn off the malware on people’s PCs when those PCs contacted the central servers. And at the same time, the FBI has been able to determine very accurately which PCs were infected, via individual Internet protocol addresses.
In the past, the FBI has limited itself to what can be deemed defensive actions against malware and botnets; now, they are on the offensive.
But how far can – and should – the FBI go? What are the limits to what law enforcement should do?
My calls to the FBI and the Department of Justice were not very successful. I did hear from one public relations specialist, who said several times she couldn’t say anything.
Barry Greene, the president of Internet Systems Consortium , the nonprofit that is involved with the FBI in the Coreflood takedown was a bit more forthcoming after a few emails and calls, but careful in what he said via email:
“ISC is doing what we believe all private industry needs to do – aggressive collaboration with our peers in the industry to protect our mission, business, and organization (and) adding collaboration with Law Enforcement throughout the world. As such, we work with our peers in the industry and the FBI when ever we see threats to our mission. In this case, the public-private team working together on this case asked for our help. We were fortunately in a position to be of service.”
The public-private team he means is the National Cyber-Forensics & Training Alliance in Pittsburgh, whose website describes the organization as a “a joint partnership between law enforcement, academia, and industry.” http://www.ncfta.net
Greene referred me to a special agent at the National Cyber-Forensics & Training Alliance named Tom Grasso, a member of the FBI’s Cyber Division. But Grasso couldn’t comment and referred me to the same FBI public relations specialist, who once again couldn’t comment.
I suppose more will be said at some point about “aggressive collaboration with our peers.” But what? And when?
This week in Mac Q & A: Archive and Install with Snow Leopard