loading
I am currently looking for someone to help out with this blog. I didn't realize the scope that this blog would effect. Hits from countries in political strife and the like, people looking for a way to communicate outside of government control. If you would like to help please send me an email George dot Endrulat at Gmail dot Com.

Thursday, April 14, 2011

FBI Hijacks Botnet, With Court Order... Then Issues Kill Signal To Millions Of Computers

FBI Hijacks Botnet, With Court Order... Then Issues Kill Signal To Millions Of Computers: "For years there's been talk about the value of 'good samaritan' viruses or botnets, that would try to go out and try to delete or kill of 'bad' viruses or botnets. Lots of computing experts have, reasonably, warned that the unintended consequences of such an action could be large and dangerous. Apparently, the FBI figures why not test it out anyway. In a rather surprising move, the FBI was able to get a court order that allowed it to effectively hijack a large botnet, involving millions of computers, and send a 'stop' command to all of those PCs that would disable the malware (called Coreflood).



While there are obviously good intentions here, and it's definitely a good thing to see a large malicious botnet go dark, there still are really serious concerns about this move, the legality of the move, and the risk of unintended consequences. Do we really want to set a precedent where the FBI can send commands remotely to millions of computers? And how confident are people that the FBI's programming skills won't cause problems, if not this time, at some point in the future? In the filing requesting the right to do this, the FBI even pointed out that a newer version of Coreflood had been released that morning 'but that the FBI had tested the kill command against that variant and it had worked successfully.' Of course, testing in the lab and deploying to millions of machines in the real world is entirely different. There are also concerns that this effort is an ongoing effort, since Coreflood apparently reruns every time a machine is rebooted, meaning that the FBI will have to keep sending this kill signal. And while the FBI swears up and down 'that this would cause no harm to computers,' how confident are you that this is really the case?



Again, I recognize the importance of trying to stop botnets and take them down. Additionally, there don't appear to be any early reports of trouble or unintended consequences from this move. But... when dealing with something like this, where the FBI is sending execution commands to millions of PCs, you have to assume that sooner or later, something bad is going to happen. Does the FBI have a technical support helpdesk to help your grandparents when it kills their computer?

Permalink | Comments | Email This Story








"

1 comment:

  1. UnknownJuly 8, 2012 at 11:30 AM

    My wife went to the FBI recommended webpage to check and see if we had coreflood. We were green, but ever since going there our internet has been kinda off. Our router software isn't working anymore, so I can't change any settings.

    Whenever we turn on our browsers we get a notification that our router profile cannot be found. We still get net, but that lets me know my router has been tampered with - and worse, that I can't fix it since my router software which allows me to do so has been disabled.

    Very irritating.

    ReplyDelete

Subscribe to: Post Comments (Atom)