Mariposa Botnet Beheaded 177
northernboy and many other readers sent news of the beheading of the Mariposa botnet with three arrests in Spain. "Defense Intelligence of Ottawa working with ISPs and Spanish authorities have taken down yet another > 12M PC botnet, called Mariposa. The three top-level operators are in custody, but remain anonymous under Spanish law (how quaint: apparently in Spain, the accused have some right to privacy). AP is claiming that the botnet included systems in roughly half of the Fortune 1000 companies, scattered over 190 countries. Interesting details: none of the three principals has a prior criminal record. Although apparently hardworking, they are not uber-hackers, but rather had connections to the Spanish mafia, which apparently helped to equip them. At the time of arrest, they were not showing signs of their significant new income level. From the article: 'Chris Davis, CEO of Ottawa-based Defence Intelligence, said he noticed the infections when they appeared on networks of some of his firm's clients, including pharmaceutical companies and banks. It wasn't until several months later that he realized the infections were part of something much bigger. After seeing that some of the servers used to control computers in the botnet were located in Spain, Davis and researchers from the Georgia Tech Information Security Center joined with software firm Panda Security, which is headquartered in Bilbao, Spain. The investigators caught a few lucky breaks. For one, the suspects used Internet services that wound up cooperating with investigators. That isn't always the case.'"
Re:Another... (Score:1, Interesting)
Another one bites the dust...
Good for them, but I still don't see a noticeable reduction in my spam mail. Gotta keep working at it, guys.
Whenever I'm asked about spam emails and the products offered, I'm lightly hesitant to say that it's a scam because I'm afraid of lawsuits (*that I can't afford to defend myself against) from the one business that may be legitimate or close to a legitimate one. Now, I'm quite a bit more confident that all spam is a scam.
* Several years ago there was this online retailer that sold pet supplies - I can't find a reference - who sued anyone and everyone who said anything bad about him or his business. Many people settled out of court for thousands of dollars. The owner of said firm ended up stiffing his lawyers - Old Buddhist saying: "Opportunity knocks. Karma hunts you down." - talking about the lawyers who represented the owner.
Of course privately, one on one, when some asks, my response is that no legitimate business use spam email. Then I'll get the question occasionally "Well, my bank sends me emails and they're legitimate!" Then I have to go and explain notices of closings is one thing but also it could be a phishing expedition. Then you get the old people who get so afraid that they won't even use email for anything.
Re:Dumb Criminals (Score:1, Interesting)
Arrogance is pretty common among the set of criminals that get caught.
(As is stupidity, but it can be difficult to tell the two apart)
like apples and oranges (Score:2, Interesting)
Re:Different article/same topic (Score:5, Interesting)
"What gives these bloody do-gooders the authority to "take over" other people's servers?"
The same authority I have to "take over" someones car keys if I see them staggering out of a bar, and fumbling around to find the lock on their door while throwing up all over the hood. If you're acutely aware, and certain, that your non-action is allowing an illegal activity to take place then why not intervene? The problem today is that too many people just stand there like idiots doing nothing in the face of evil or criminal activity. The fact the servers these shitbags were using were probably compromised, or funded by illegal activities is neither here nor there.
Re:apparently in Spain, the accused have privacy (Score:4, Interesting)
Of course, we are talking about botnet script-kiddies after all, so whose to say these upstanding individuals aren't actually minors as well?
Do you seriously believe that today's bot nets have any resemblance with the irc-botnets of yesteryear? Bot nets are used primarily by organized criminals these days, trading in identities and performing phishing and scamming operations. The script kiddies were replaced by real crooks with guns a long time ago.
If ISPs helped... (Score:5, Interesting)
If ISP helped authorities on these things, there wouldn't be botnets, nor spam. Many attempts at preventing spam stop at their refusal to help. It would be nice to force them by lay to cooperate with spam fighting efforts. Sadly laws to force them to cooperate fighting "piracy" seem to pass easier..... =/
Re:apparently in Spain, the accused have privacy (Score:2, Interesting)
In both the USA and Canada, you're allowed to publish the names of the accused as long as they're adults.
Which is done, of course, with the understanding that these people are again innocent as they have not been proven otherwise. Since they are innocent, there is nothing for them to be embarrassed about, and no reason not to publish their names.
Also, the publication of names can have the effect of bringing forth witnesses.
Unfortunately, the court of public opinion has no presumption of innocence.
Pentalty for 12 million botnet = 6 years (Score:5, Interesting)
Here's one reason botnets thrive: In addition to the fact that the perpetrators are likely to get away with it, per one article [cbsnews.com], They face up to six years in prison if convicted of hacking charges..
6 years max? For hacking 12 million computers? Ignoring the intrusions, how much did it cost the victims in labor and downtime to fix it? Hundreds of millions? And add to that the damage they did with the botnet; I don't know what this one did, but it could be spam, DDoS attacks, stolen personal info, extortion, etc.
Also, I still don't understand why the U.S. government doesn't treat these wide-spread, expensive crimes as a priority. Given the scale of these crimes, there should be a large task force pursuing them. I get the sense they are looked on as computer problems, not crimes.
More info (Score:1, Interesting)
From a Spanish newspaper:
http://www.elpais.com/articulo/tecnologia/Cae/red/cibercriminal/Mariposa/controlaba/millones/ordenadores/zombis/190/paises/elpepusoc/20100302elpeputec_8/Tes
They controlled 13 million of IP's and personal data of 800,000 people, which they used to sell to third parties. To mask the money income, they engaged in online poker games where they lost intentionally, but they never paid.
They used a system to hide their IP's until one of them forgot to use it.
Their names are protected, but not their initials and alias:
Name.Surname1.Surname2. (age) "alias" (place)
F.C.R. (31 yo) "Netkairo" / "Hamlet1917" (Balmaseda, near Bilbao)
J. B. R. (25 yo) "Ostiator" (Santiago de Compostela, La Coruña)
J.P.R. (30 yo) "Johny Loleante" (Molina de Segura, Murcia)
Also they didn't make the botnet. They bought it.
Re:Pentalty for 12 million botnet = 6 years (Score:3, Interesting)
Here's why botnets and, more generally, spam continue to survive - people buy the products advertised!:
http://www.newscientist.com/article/mg20527491.500-spamdemic-tracking-the-plague-of-junk-mail.html [newscientist.com]
(From the text in the graphic) An analysis of just 1.5% of one botnet ("Storm") for one month in 2008 showed:
35 million spams sent
8.2 million passed filtering software
10,500 clicked on the link in the email
28 people actually bought the product
Although this represents only a 0.000008% conversion rate when scaled up it shows that "Storm" generated $3.5 million in sales in 2008.
Re:apparently in Spain, the accused have privacy (Score:3, Interesting)
I always loved the US idea of declaring someone to be a juvenile, yet trying them as an adult in order to get a harsher punishment.
Either someone is a juvenile or they aren't...and if you try a 16 year-old as an adult and they are acquitted, does that mean they can now drink and drive like an adult as well?
Re:Why is it so hard? (Score:3, Interesting)
This was-in a way-Blue Security's [wikipedia.org] model, and it worked exceptionally well. So well that one spammer fought back on a very large scale, causing much hate and discontent towards Blue Security.
The problem now is that businesses have learned their lessons and obfuscate their websites better, as well as adding CAPTCHAs to prevent automated scripts like Blue Frog from attacking them.
And I've encountered a few spams from legitimate businesses who had no clue that they'd hired a spammer to do their email advertising. The poor guy was scared to death when my brother-in-law told them what was happening, as they were a multi-million dollar New York real estate business dealing in properties in Montauk.
You don't ask prices for anything in Montauk, so this guy definitely did NOT need a spammer.