homepage Welcome to WebmasterWorld Guest from 54.161.166.171
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Microsoft / Microsoft Corporate
Forum Library, Charter, Moderators: bill

Microsoft Corporate Forum

    
Microsoft and F.B.I. Shut Down Citadel Botnet
engine




msg:4581653
 1:42 pm on Jun 6, 2013 (gmt 0)

The FBI and Microsoft have broken up a huge network of hijacked home computers responsible for stealing more than $500m (323m) from bank accounts.

The Citadel network had remotely installed a keylogging program on about five million machines to steal data.

About 1,000 of the 1,400 or so networks that made up the Citadel botnet are believed to have been shut down.

Co-ordinated action in 80 countries by police forces, tech firms and banking bodies helped to disrupt the network.

"The bad guys will feel the punch in the gut," Richard Boscovich, a spokesman for Microsoft's digital crimes unit said.Microsoft and F.B.I. Shut Down Citadel Botnet [bbc.co.uk]
Despite the widespread action, which involved seizures of servers that co-ordinated the running of Citadel, the identity of the botnet's main controller is unknown.

 

JohnRoy




msg:4581828
 5:02 pm on Jun 6, 2013 (gmt 0)

* "The bad guys will feel the punch"
* "the identity of the botnet's main controller is unknown"

How do these two statements play together?

bill




msg:4581948
 3:56 am on Jun 7, 2013 (gmt 0)

Microsoft has known about these sorts of botnets for years. They've been very particular about how and when they deal with them. If they were any more proactive I think we'd see a huge outcry in the tech press.

How do these two statements play together?

Why would it make a difference if they knew the people coordinating this? Shutting down this network will certainly hurt the investment that was put into this system...that seems obvious.

[edited by: bill at 4:19 am (utc) on Jun 8, 2013]

diberry




msg:4582107
 3:24 pm on Jun 7, 2013 (gmt 0)


* "The bad guys will feel the punch"
* "the identity of the botnet's main controller is unknown"


LOL, somewhere in a private bunker, hidden behind privacy screens, Mr. Evil will scream "Noooooo!" as he sees his dastardly plans thwarted. He fears this more than prison!

In a strange twist, we'll learn the botnet controller is actually Penguin, and it's about ready to take over Skynet. ;)

swa66




msg:4582215
 9:23 pm on Jun 7, 2013 (gmt 0)

Shutting down this network will certainly hurt the investment that was put into this system...that seems obvious.

Let's see:
How much is it for renting a server in a low cost hosting company ?
Even if the criminals rent many the investment is low. And if they use the servers they'll pay for themselves each and every month multiple times.

bill




msg:4582271
 4:32 am on Jun 8, 2013 (gmt 0)

Let's see:
How much is it for renting a server in a low cost hosting company ?

You can't seriously think I was referring only to hosting costs.

They have to pay some serious money for a zero-day exploit that hasn't been and likely won't be patched. Then there's software development and maintenance...staff to go through gathered data... This is not some fly-by-night operation run on a shoestring budget. Sure the rate of return is going to be favorable, but it's not going to be inexpensive to run something like this.

swa66




msg:4582315
 1:06 pm on Jun 8, 2013 (gmt 0)

They have to pay some serious money for a zero-day exploit that hasn't been and likely won't be patched.


Serious money:
-------------
zero day exploits are offered for a few thousand on the black market.

The effort in weaponizing it and integrating it is not all that much in most cases I've looked at myself. It takes in elapsed time days at most. An most of these guys that do that are rather asocial, so let's assume it takes days at most for somebody with the right skillset.

Patching:
--------
- If the security bug is not made public and not massively exploited, it takes many months - I've seen up to well over a year between the first victim detecting it and Microsoft actually bothering enough to roll out a patch on Black Tuesday.
- It then takes months to many years before the victims the attackers are interested in actually deploy those patches.

So while it's true there's a limited shelf life to exploits, using them just below the radar of the mass press is enough to keep them good for many years to come - although they do deteriorate in value.


Taking away the command and control infrastructure of a botnet takes away 2 things (if done properly)
- the bots (now most botnet operators build in a lot of failsafe mechanisms these days in order to recuperate bots in the case of a command and control seizure)
- the control infrastructure itself
It does not take away in knowledge or code (and most likely also not any data that's considered valuable by the attackers (they'll store it in many places and retrieve it).

But taking that away is taking away things they "stole" from others, so even if they lost it, you cannot take back their initial investment in any way: they'll have gained orders of magnitudes more than they ever paid. And the most valuable resources can't be seized till you grab the culprits and put them behind bars (and even then ...)


To me rolling it up as a tool is valuable to protect the masses, but it's FAR from a blow to the bad guys.
They ROTFL with what MSFT's marketing and the press make of this for sure.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Microsoft / Microsoft Corporate
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved