Botnet - To Crush Or Not?
Over at eWeek, I just read the May 5th issue in which a very interesting situation has developed. For years researches have been trying to deal with the botnet problem, wherein computers are taken over and used for devious spam spewing which makes all of us vulnerable. It was also thought that botnets were an almost unsurmountable problem and that researches were not making any head way, up until now. It appears that one botnet has been reversed engineered and some 400,000 computers around the world have been identified as having been compromised.
One would think that this is great news. Finally one the these nasty bugs has been identified and it would be easy to kill or divert it away from us. This is where the dilemma comes in. Wonder if on of the computer systems controls some type of critical function such as providing life support? What happens if this system is turned off?
The article also states:
Researchers seize control of one of the world’s largest spam-spewing botnets, but there is disagreement about what should happen next.Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of “cleaning” infected computers.
Cody Pierce and Pedram Amini, two high-profile software security researchers, cracked into the Trojan powering Kraken—a 400,000-strong botnet of infected computers—by reverse-engineering the encryption routines and figuring out the communication structure between the botnet owner and the hijacked computers.
So what do you think should be done? Should the botnet be destroyed or not?
Comments welcome.
Full article is here.
Tags: botnet, reversed engineered, crush, leave alone, researchers, cracked, trojan, hijacked, computers, mission critical,
Yes, it has to be stopped. IDEALLY, they should probably do a major media release to advise people of what is happening, make a decent attempt to notify the domain owners of the exploited machines if possible, wait a couple days then do anything possible to shut it down.
Of course it does bring to light the fact that there is no central mgmt of net resources who is responsible for dealing with distributed threats, and is acknowledged as “trusted” to protect the public interest. No doubt if someones production system is negatively affected, they will want blood in exchange for downtime, but in the end, everyone with a presence on the net has to swallow the fact that they themselves are responsible for their own vulnerabilities. If they’re not aware of them, it just means they havent spent the time or money necessary to be a safe participant in the net economy.
LOL, on the flip side, the security guys could have just dealt with this silently, as ethical hacker/security enforcers, working for the public good…even if some folks ended up with small damage/downtime, but for the greater good….
It is a pretty good dilemma, isnt it…but I say shut it down.