Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)

From: Kee Hinckley (no email)
Date: Wed Nov 12 2008 - 12:30:45 EST

  • Next message: n3td3v: "Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)"

    After reading this, and the (Washington Post I believe--I'm away from
    my laptop right now) article on this, two things are bothering me.

    The article expressed a good deal of frustration with the (lack of)
    speed with which law enforcement has been tackling these issues. What
    wasn't clear was whether any attempt had been made to involve them
    prior to the shutdown. At the very least, it seems that this makes any
    prosecution more difficult. While it appears that folks did a great
    job of following the network connections--to nail the individuals
    involved you need to follow the money. Even worse, what if the FBI
    *was* investigating them already, and now their target has been shut
    down? Unless there was behind-the-scenes cooperation that hasn't been
    reported, someone (on either the technical or law enforcement side)
    was not behaving responsibly. This should have been a coordinated
    shutdown--simultaneously involving closing network connections and
    arresting individuals.

    Secondly, aren't we still playing whack-a-mole here? The network
    controlled over a million compromised PCs. Those machines are still
    compromised. Since the individuals who controlled them are evidently
    still at large, I think it's safe to assume that the keys to those
    machines are still out there. If that's the case, then those machines
    will be up and spamming again inside of a week. The only thing that
    might delay that would be if the primary payment processors really
    were taken offline as well. I don't want to open the "counter-virus"
    can of worms. But how hard would it have been to identify the control
    sequences for those PCs and change them to random sequences? Shutting
    down a central control center is good news, but taking 1.5 million PCs
    permanently (at least until next infection) out of a botnet would be
    really impressive.

    Maybe more information will prove me wrong, but right now this seems
    more like a lost opportunity than a great success. I was quite
    surprised to hear that so many operations were centralized in one
    place. I doubt that opportunity is going to come again.

    Kee Hinckley
    CEO/CTO Somewhere, Inc.

  • Next message: n3td3v: "Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)"

    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs

    Powered By FreeBSD   Powered By FreeBSD