After reading this, and the (Washington Post I believe--I'm away from
my laptop right now) article on this, two things are bothering me.
The article expressed a good deal of frustration with the (lack of)
speed with which law enforcement has been tackling these issues. What
wasn't clear was whether any attempt had been made to involve them
prior to the shutdown. At the very least, it seems that this makes any
prosecution more difficult. While it appears that folks did a great
job of following the network connections--to nail the individuals
involved you need to follow the money. Even worse, what if the FBI
*was* investigating them already, and now their target has been shut
down? Unless there was behind-the-scenes cooperation that hasn't been
reported, someone (on either the technical or law enforcement side)
was not behaving responsibly. This should have been a coordinated
shutdown--simultaneously involving closing network connections and
arresting individuals.
Secondly, aren't we still playing whack-a-mole here? The network
controlled over a million compromised PCs. Those machines are still
compromised. Since the individuals who controlled them are evidently
still at large, I think it's safe to assume that the keys to those
machines are still out there. If that's the case, then those machines
will be up and spamming again inside of a week. The only thing that
might delay that would be if the primary payment processors really
were taken offline as well. I don't want to open the "counter-virus"
can of worms. But how hard would it have been to identify the control
sequences for those PCs and change them to random sequences? Shutting
down a central control center is good news, but taking 1.5 million PCs
permanently (at least until next infection) out of a botnet would be
really impressive.
Maybe more information will prove me wrong, but right now this seems
more like a lost opportunity than a great success. I was quite
surprised to hear that so many operations were centralized in one
place. I doubt that opportunity is going to come again.
Kee Hinckley
CEO/CTO Somewhere, Inc.
