The guy takes all the time to put this together, write this up, and is perfectly ok with the outcome, but instead of going to a coffee shop and doing this himself, he spends a lengthy amount of time writing up instructions and giving the criminals a chance to fix their injection problems before someone can take down the botnet.
Baffling.
Not only that, but this guy seems to know what he's doing and instead of someone who knows what they're doing completing the task, he's willing to watch script kids bork the whole thing, or run the risk of russians (or others taking over the whole network and hardening it)
To prove a point- the current system of law is completely broken when it comes to dealing with malicious software. Law enforcement is a joke, to the point where reporting a botnet c&c located right in the US to the FBI will result in a six week run around before you finally get a phone call from someone in the right department, and this is assuming you've dealt with them enough to be on their quick list. Guess who moved their servers four weeks ago?
Actually taking matters into your own hands, as an individual or a company, opens you up to a ridiculous level of liability and is probably illegal in a number of cases. Hell, even analyzing malicious software itself has the potential to be illegal due to draconian copyright laws (fortunately most malware authors aren't willing to claim owner of their software, so this isn't an active issue). Even once all that is done, more malware will be written, and probably by the same people since it's not like taking the botnet down actually puts people behind bars.
This isn't to say the bad guys are winning- I may be a bit bias (I work for Malwarebytes, although this post is my own rambling mess), but a lot of technological strides are being made. There is still a fair bit of frustration out there with law enforcement though, as they continue to impose draconian and orwellian systems but haven't implemented the low hanging fruit in policy changes for actually dealing with this crap.
I apologize in advance for the tone, but as a Russian I have a question - are you racist?
Since Sergey Brin and Mila Yovovich are "russians", do you imply that Google and Hollywood are part of this botnet?
The most famous hacker is Kevin Mitnick [american] and most recent hackers charged/arrested by FBI are also american citizens.
Why don't you change "russians" to "americans"? Or may be "new_zealanders" [Kim dot com]? Or may be "brits" [UK kid, extradicted recently to US on copyright violation charges].
If you would change to "americans", I just wonder whether some people will feel offended and how many?
I agree that it is a prejudice and should be avoided, but it's not completely groundless:
According to industry analyses, Russia accounts for about 35 percent of
global cybercrime revenue, or between $2.5 and $3.7 billion. That’s wildly
out of proportion with the country’s share of the global information
technology market (which is around 1 percent).
"Why does every hacking and cyberscam story – real or fictional – seem to have a Russia connection?
In part, it is prejudice and laziness. The stereotype of the Russian hacker has become such a common media trope that it gets recycled again and again. It also offers a handy update for those looking for new ways to perpetuate the ‘Russian threat.’"
2. Following article line on FSB - anyone knows who hacked PCs of Iran nuke facility? If we judge on who had a reason - US - we shall assume that US have the same or even better hacker team than Russia [very clever OS hack that resulted in hardware malfunction at the nuke plant, thus significantly reducing its output - was covered in 2011].
3. I suspect that most of 'industry analysis' is funded by government agencies, directly or indirectly. So if the conclusion of 'industry analysis' would be that US accounts for 35 or 65 percent of global cybercrime revenue, then the next question would be - what the hell are the various government agencies doing and how effective do they spend government/taxpayers' money?
4. From the same article:
"However, a more basic answer is that a disproportionate number of Russians have worldclass math and computers skills, yet not the kind of jobs to use them legitimately. Although many firms in the industry are based in Russia, or else hire Russians, there is a pool of skilled but under-employed programmers who embrace the hacker world for fun, out of disillusion, or for profit."
Anyone can show me a skilled but under-employed programmer in Russia?
"Skilled but under-emplored programmer in Russia" is like Bigfoot [also known as sasquatch] - everyone heard about him/her, but noone saw. It is a legend...
But of course there are russians, americans, germans, brits, and other nations, which do quite some harm. I just do not think there is a legitimate way to define the winner.
Sorry for off-topic rambling, probably due to habit of enjoying fact-based debate, which resulted from my days in finance ;-))
While my comment was poorly worded, statistically the majority of large botnets like Coreflood, Storm, BredoLab, Rustock, Kelihos are of Russian origin. Even the botnet we are discussing was first seen in Russia.
To comment on a couple of your points
2 - With Stuxnet, I think everyone agrees that US/Israel is to blame. The Russian connection is made because aside from the Iranians, the Russians are the only ones that had access to the facility, and they built the place. A Russian spy is a more likely culprit than a US-Iranian scientist double-agent sabotaging his own facility with results that could kill all of his co-workers.
4- No-one is talking under-employed. These criminals make more money than they ever would at any other job selling access to their botnet, advertising, spamming, installing fake virus software, stealing credit cards, etc. etc.
This gives rise to entities like the Russian Business Network (RBN)
Anyway, I meant no offense, if only americans or brits were clever enough to create a similar profile or stereotype, but I think some script kids guessing passwords pales in comparison to outsmarting the worlds largest software vendors and security researchers.
You are correct on #4. I've heard some stories about hrackers storing piles of cash under the couch [this case was in Ukraine], made from cracking banks/ATMs. Definitely, black activities are much more profitable. But I do not think that [in real life] those that crack get most of the money, with few exceptions. Biggest pile usually goes to those who organize or cover (underworld Board/CEO equivalent).
However, the start-up fever, which started in Russia appr. 1-1.5 years ago, is getting traction, as well as tech industry. This provides more opportunities and better risk/reward ratio and shall result in that more and more people will be moving to bright side.
>"Skilled but under-emplored programmer in Russia" is like Bigfoot [also known as sasquatch] - everyone heard about him/her, but noone saw. It is a legend...
Well, Group-IB (a Russian computer security company) seems to disagree:
In Russia the situation is additionally worsen by a great amount of
technical universities graduates and by unstable home economy
situation as the result of which the mentioned specialists cannot
find highly paid legal income.
I don't know where they get the data from, though.
But of course there are russians, americans, germans, brits, and other nations, which do quite some harm. I just do not think there is a legitimate way to define the winner.
Sure, it's still a prejudice, I was just pointing out it's not completely irrational.
> "Skilled but under-emplored programmer in Russia" is like Bigfoot [also known as sasquatch] - everyone heard about him/her, but noone saw. It is a legend...
Pretty good observation. I think most people are operating on 10-12 year old data when they think that. They think "fall of the Soviet Union" with now hungry scientists slowly turning to the dark side to become less hungry mad scientists who will inflict pain and suffering upon us all.
Perceptions are funny thing [except when from yr boss]...
I recall that in 1997-1998, when I was helping Coca-Cola establish plant in Vladivostok (Far East near Japan, 0.5 mil population), some people were concerned to go there because of tigers and bears wandering in the streets...
Yes, when I was setting up a server I eventually had to apply a separate and more draconian set of firewall rules to IP addresses in Russia and China to avoid my logs just filling up with Junk, failed logins , attempts to access shady looking URLs which did not exist and HTTP requests filled with fragments of shell or SQL script.
To be fair I'm sure this only represents a minority of the people in these countries but perhaps it is just that it is more lucrative there.
I imagine it's quite hard to earn a decent living in the west just by breaking into a few servers and sending out a bit of spam, in Russia it probably looks like an attractive get rich quick for anyone with tech skills.
> in Russia it probably looks like an attractive get rich quick for anyone with tech skills.
It is attractive. But again this is about risk/reward ratio. With increase of risk/complexity and other, legal, opportunities more people shall switch... I think...
Based on that statistic it is significantly more likely that any particular cyber crime (or accurately dollar raised by cyber crime) is nothing to do with Russia than is and yet still this is a justification?
That article doesn't even provide enough information to say that if you had to pick a single country of origin then it's more likely to be Russia than anywhere else.
In terms of generalising based on that sort of thing though, would you similarly justify a suggestion that a drug deal was down to a young black male on the grounds that proportionately young black males in the USA are more likely to be convicted of such offences than young white males? Or would you see that as a sweeping and unhelpful generalisation that tars a whole group based on the activities of a minority?
Apparently you forgot to read the first line of my post. I'm not justifying anything, I'm explaining why the prejudice exists, and that it's not necessarily due to racism.
No. "Racism is the belief that inherent different traits in human racial groups justify discrimination".
If it's based on the current social or economical situation of Russia, it's prejudice, but not racism. Remember that Russians are "citizens of Russia", not a particular ethnic group.
I observe however that their is an emergent definition of 'racism' which is quite a bit more broad than yours.
Basically it is this "Assuming specific or stereotypical attributes about an an individual or group, based on that individual or group's membership in a definable group."
This removes the typical restriction that it involve 'race specific traits' so things like 'Bankers are greedy criminals' or 'Christians are fascists' get reflected back as variations on the 'racist' meme. When ever that group membership nominally includes race it's considered racist by people who share that racial attribute.
Even the discussion we're having (and as an operations guy I see a lot of bad actors whose IPs originate in countries that were former parts of the USSR) we have to be careful to disentangle accusations of people of a region being bad, and regions which host infrastructure which is available to everyone, being used for bad. The Internet does many things and one of those things is create 'telecommuting criminals' who may easily be living in New Hampshire but hosting their C&C servers at a friendly ISP or EC2 equivalent in the Ukraine.
I presume it is inherently and practically more difficult to investigate identity of someone renting servers in US vs Russia, Ukraine or China, in part because of language, legal system and political differences.
Race does refer geographic origin (among other things.) It does not include career or religion. I don't think that is related to what is being discussed at all.
Lots of racism emerges partially as a result of some statistical basis in current social or economic situations that for whatever reason correlate to an ethnic group or nation of origin. (And racism is not solely about ethnic groups, it's also about nations of origin -- ethnic groups are just one of the classifications of humans that are considered "race", geographic ancestry is another.)
It's not racism to recognize these statistical facts. Racism is when we have prejudice based on them. It's when we slander an entire ethnic group or nation of origin based on the actions of a few of them. This is not justified just because there is more cybercrime in Russia than elsewhere: there is cybercrime everywhere, and the vast majority of Russians are not cybercriminals.
It's racism to say we "run the risk of russians" when we mean we run the risk of malevolant cybercriminals. The two terms are not interchangeable. We don't say you "run the risk of blacks" when we mean you might get mugged in downtown LA even if we believe that more muggings in downtown LA come from blacks than other ethnic groups, nor do we say you "run the risk of whites" when we mean you might get killed by a serial killer as you're walking to your car in an empty garage at night, even if we think perpetrators of such crimes are more likely white than anything else.
I think it depends on what one attributes the statistical fact to; it's only racism if we consider it inherent to the group. If we consider that to be a result of a particular condition that happens to be affect certain group at this point in time, and that any other group would have the same problem if subject to the same condition, I don't see how is that racism.
I think your examples are clear prejudice (and no, I wouldn't say them), but they may or may not be racism.
I suppose I just don't see what would motivate someone to slander an entire group of people based on the actions of a few. If someone is worried about cybercrime, they should say so rather than substituting "Russian" as a synonym for cybercriminal. To me that implies that cybercrime is an inherently Russian activity. Perhaps I am too quick to read racism against Russians into such an inflammatory use of the word "Russian" due to the amount of racial discrimination I have seen against Russian users while working in the game industry, where it is not uncommon to dismiss Russian gamers as probably a pirate or probably a hacker and to refuse them a level of support that would be provided to a person with a different accent or last name.
"the term "racial discrimination" shall mean any distinction, exclusion, restriction, or preference based on race, colour, descent, or national or ethnic origin that has the purpose or effect of nullifying or impairing the recognition, enjoyment or exercise, on an equal footing, of human rights and fundamental freedoms in the political, economic, social, cultural or any other field of public life."
I don't know what the US legal definition is (though I'm guessing it's the similar) but in the UK discrimination based on country of origin would count as racism.
I think you're playing the race card and ignoring the facts. Which is pretty lame.
As a brit, I fully appreciate and understand why some people in the world hate all britons. We've done some bad things as a nation in recent years and people have a right to tar us all with the same brush. I understand why it would be unsafe for me to walk the streets of Kabul or Baghdad. If any brit has a problem with the way other people look at them, it's their job as a citizen in a democracy to affect the change they want to see in people's attitude towards this country and it's people.
Except when it's the French. There's no pleasing those cheese eating surrender monkeys.
> As a brit, I fully appreciate and understand why some people in the world hate all britons. We've done some bad things as a nation in recent years and people have a right to tar us all with the same brush.
Well that's cute, but I disagree. I'm Dutch, we've done some rather bad things in our colonial times, yet it is not okay for Indonesians or South Africans to hate all Dutch. Similarly it is NOT okay for Dutch people to hate all Germans just because they invaded us in 40-45 (WW2), because they took our bikes or because they tend to defeat us in international soccer games.
> If any brit has a problem with the way other people look at them, it's their job as a citizen in a democracy to affect the change they want to see in people's attitude towards this country and it's people.
I'd agree with you on that point if only you weren't highly overestimating the level of influence "any Brit" has on these matters, compared to how much "some Brits" have.
Same for any democracy. Even those mythical ones that work. I'm responsible for my own actions, not for those of some bigshot that claims to represent "me" (one individual in a group of several million of that claim).
If you feel that's not right or self-centred and I should do better, I'll try to take responsibility for my own actions extra hard, but I refuse to take on those of some idiot I hardly have any control over. Best I can do with my little vote is to not vote for Geert Wilders--but as you may or may not have noticed, it didn't help much. So am I to feel responsible for that turdmongler? Fuck no! Yet will I discreetly defecate in the kitchen or bathroom sink of anyone I encounter that appears to subscribe to Wilders' moronic ideas? You can count on it, and that's all the responsibility I will take.
> Except when it's the French. There's no pleasing those cheese eating surrender monkeys.
hur hur hur :-/
I'm all for a bit more humorous light-hearted poking on HN, but I'd rather do without crap like this. Made it real hard to read The Black Swan when Taleb continuously did the same, too.
I work in information security, and I can give you a rough breakdown on botnet sites we've run into over the last year. (rough numbers)
25% have been Chinese (or linked to Chinese hackers, but using distributed hosting of hijacked servers around the world)
5% have been US-based.
10% have been Indian.
10% have been "other", including Canada/Mexico/Latin America, Africa, and Western Europe (like the German(?) Conficker worm)
A full 50% have been linked to the Russian Federation (and other former Soviet countries).
Why is this? Everyone has their theories, but mine is the combination of
1. Russia (and Eastern Europe) is a huge area.
2. Russian mafia really ramped up their cybercrime efforts after 1991 when the Soviet Union was retired.
3. Enforcement of cybercrime laws in Russia is lacking in comparison to Western nations, for various reasons.
Many other countries, including the US, have their own hackers and cybercrime groups. China and Russia are much, much more effective, though, and it's fashionable to hate on "commies" in the Western media.
Another reason (4) is that quite a lot of people [majority] download audio/video content and install cracked software on their Windows! home PCs.
I agree that external environment provided much more fertile ground for criminal activities [incl tech] in former USSR.
The key words are "fashionable" and "Western media". We all can observe the influence of media on people's perceptions of events, countries, nationalities...
You forgot to mention that the level of technical educational in Russia is quite high. Combined with mediocre quality of Russian business managers it produces oversupply of tech specialists. That in turn fuels rapid development of botnet ecosystem.
It was clumsily worded but I think we all know he didn't mean to imply that all of Russia was running botnets; he was alluding to Russian organized crime.
Yeah, I was just not sure if you were using it on the whole comment or making a silly joke. And I think it's a word only, at least in a language I speak naturally. That is not English however.
To me it is clear that he meant Russian hackers (as it would have been if it had say Chinese) and I doubt anybody else is confused over this. Given that, writing hackers was redundant and should be dropped.
From the perspective of racism (which is the context here) it's perfectly valid.
The UN's definition of racial descrimination:
"the term "racial discrimination" shall mean any distinction, exclusion, restriction, or preference based on race, colour, descent, or national or ethnic origin that has the purpose or effect of nullifying or impairing the recognition, enjoyment or exercise, on an equal footing, of human rights and fundamental freedoms in the political, economic, social, cultural or any other field of public life."
I had a colleague who was from the Ukraine, and I once referred to him as Ukrainian, and he stiffly responded, "I am Russian." From that, I assumed that some people consider it an ethnic group independent of the nation.
A lot of people from Eastern Europe are very sensitive about that sort of thing; Russia's domination of the USSR and various brutalities are still fresh in memory, and besides, referring to any Eastern European as a Russian is akin to calling someone from Guatemala as a Mexican. Some people are more sensitive about it than others. (I was born in Russia, and don't particularly care, but I'm aware of other people's sensitivities.)
This happens in other parts of the world, too, of course. I once asked a girl in college if she was from India; she gave me a hateful death stare and coldly declared that she was from Bangladesh.
Which brings up another quirk of humanity, which is we tend to hate the ethnic group that is the most similar to our own. Simply, you hate your neighbor, you don't hate someone on the other side of the world you've never interacted with.
There certainly are many instances of people hating ethnicities very disimilar form them, but that happens after people from different parts of the world migrate close to each other.
Well, sure. Your neighbor is the one who waits an extra week to mow his lawn, which looks bad, and drags down everyone's property values. Your neighbor is the one whose dog pooped in your yard that one time.
I suspect that proximity has a great deal more to do with it than similarity. If your neighbor is actually significantly different than you (ugh, the weird smells from the strange food those people eat!) I would think it makes it even worse.
Russian refers to anything related to Russia, including:
* Russians (russkiye), an ethnic group of the East Slavic peoples, primarily living in Russia and neighboring countries (where they are also known as Ruthenians or by other names)
Only if the act itself were traceable to him. If he's the only one who knows how to do it, and it happens, then "of course" he did it. If everyone knows how to do it, who knows who might have been responsible?
I imagine if you do it from a coffee shop or similar public place, then there is a good chance of being caught on CCTV. Whether the authorities will go after someone to that degree, given what they have potentially done, is another matter.
Exactly. It seems to be a point that a lot of people forget. A lot of people don't fully trust the Internet security tools, such as TOR, for anonymity. So, they try to add a layer of what is essentially physical security by using an Internet connection that doesn't track back to them. However, a lot of times people don't fully consider that at that point you must now not only secure your Internet security but physical security as well. Ie. Not be seen.
I'm not saying it is a bad idea to want to add an extra layer of security/anonymity, but it actually has to be done right. If investigators trace it back to the coffee shop and see on the CCTV that you're the only one sitting there using a laptop for the entire time the attack took place you're screwed.
Interestingly enough, all the ways to actually add that layer of physical security are potentially illegal. (depending on local laws) Obviously, the laws can vary a lot, but in a lot of places the methods a person would use to hide themselves are considered unlawful access.
Take the coffee shop for example, instead of entering the coffee shop you sit outside it. If it doesn't have cameras outside, the businesses around it very well might have one that can see you, and then there are also the people that see you. (witnesses) Okay then, long range antenna, right? Wrong, still illegal in some places. Even though it is an unsecured wifi that is meant for people to connect to it, it is meant for customers. That means that you either have to go in and buy a coffee (which shows on camera that you were in the area) or to have previously asked permission to use it which means that someone in the coffee shop must know who you are to have given you permission. This caveat actually applies to the parking lot situation too and people really have been charged before for accessing a coffee shop's wifi from the parking lot without actually going in so this isn't just a thought exercise.
Generally, if you're doing something online illegal enough to be investigated that fully, illegally accessing some coffee shop's connection is the least of your problems. There are legitimate reasons to want total anonymity though, such as whistle-blowers or individuals living in certain countries. If you're going to try for that level of anonymity it is important to know the local laws and make sure that whatever you're trying to be anonymous about is worth potentially breaking that law if it exists.
I also don't understand how he expects that the botnet won't be taken over or hardened based on the results he published before it gets shut.
I did try to download the images linked in the post, not a single one is as I write replaced with his removal utility, so observing just these few links there's no evidence that somebody already decided to follow his recipe.
I'd really like to read some news writeup in a few days.
Baffling.
Not only that, but this guy seems to know what he's doing and instead of someone who knows what they're doing completing the task, he's willing to watch script kids bork the whole thing, or run the risk of russians (or others taking over the whole network and hardening it)