Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Thursday, March 23, 2006

Crashing the Shadowserver party

I admit, my name wasn't down but I went in anyway. Intrigued by coverage of the latest Botnet hunting group, I decided to go one step beyond registering for all the cool stuff on their website and plunged into their IRC channel, to see some action.

I have to say, I'll be going back again sometime soon!

The atmosphere is currently electric (as electric as IRC gets, anyway), due to massive coverage from the likes of Slashdot. Indeed, while I was in there a whole bunch of people came from said website, just to see what all the "fuss was about". Of course, what makes it interesting is that you have to assume there are bad guys sitting in on the chats, too..along with the possibility of law enforcement types. I imagine there's a flurry of PM activity in there, closely followed by WTF HOWS IRC WORK THIS SUX!!!

After introductions, I found I'd hit the right day to come take a peek - they were about to run a "live" demonstration of what goes on inside a sample Botnet channel they had gained access to. Now, you have to understand two things here:

1) I was very, very tired and
2) I was on the phone, talking about stuff. Yeah, that's right - I talk about stuff.

I didn't think this would be a problem, as I had my IRC client set to record the action - imagine my dismay when I found out this morning that it didn't. However, I obtained the damn info anyway from a helpful Shadowserver chap so let's see what went down...

As one user said to me, it wasn't so much a demo as it was an example of piping - that is, feeding the info from the server to a channel we all had the good fortune to sit in on. From there, we could watch the action, and the Shadowserver guys (in this case, founder Nicholas Albright) could interject with funny "We pwn joo!" comments aimed at the Bot herder.

Joining a server where the Message of the Day is "Welcome to ******net, where your bandwidth just got owned!", we could see infected users hit the channel from Washington and Orlando, to Canada and Jamaica. Logged into the server with the username "Hi owner, Shadowserver!", we expected some fun and games from the rumbled Bot-dude. In case you don't know, extra spice was added in here as one of the owners was a guy named Witlog, a known entity in Botnet circles. He recently did an interview with Brian Krebs too - however, I can't actually link to it as his site is down due to exceeded bandwidth. Teh awesome powah of Botnet coverage!

Mind you, it's been Slashdotted about fifteen times now so I'm not surprised.

Anyway, back on target - the short demo quickly concluded when, after some back and forth banter...namely, Albright asking the (by this point) incredibly annoyed Bot owner what he used the network for...he used his mad leet Botnet skills and kicked him from the Server.

Bah.

Still, short and sweet and very entertaining.

As we saw not so long ago, Botnets are pretty nasty. It isn't just about a bunch of crappy Adware installs anymore - in fact, it never has been, though it's only (fairly) recently that major cases of financial fraud have come to the wider public's attention.

Consider the Botnet we found with the assistance of RinCe - hacking E-Commerce applications on a grand scale is pretty frightening. Still want to buy that random item from some online store you just found? Or are you suddenly twitchy that the third-party payment system sucks and you'll shortly be paying a visit to your bank about a ton of money going walkies?

Consider an online world where you suddenly don't want to spend any money in stores other than Amazon and Play.com - oh no, did all those other online retaliers just go bankrupt?

You bet.

Now, more than ever, Botnets (at least the serious ones) represent a reduction in the choice you're allowed as a consumer - these guys are narrowing your potential activites online and that sucks ass. The other day Sunbelt found a website selling hacked Paypal accounts - you can bet that's tied into a Keylogging Botnet of some description, too.

All of these people deserve to be dragged into the street and beaten with large sticks. I mean it. I came across a guy a while ago who lives in the middle of nowhere, with absolutely no chance whatsoever of any court convicting him, because he resides in the middle of a warzone. Put simply, he was running a big-old Botnet and nobody cared. We have to get things into perspective - no one likely would care about nailing him when you're more concerned with little things like, oh, not getting your head blown off.

That being said, he was still screw-jobbing people's computers and didn't give a damn, so I contacted him and threatened to post up a whole bunch of info on him on this here site of mine, unless he stopped immediately. He was furious, but filled his pants and agreed. He is still a valuable source of Intel to this day.

However, this begs the question - is that what it's come down to now? Threats and intimidation to get the job done?

Well, in some cases, it sure looks like it. The Shadowserver guys have expressed their frustration at the slow (if you're lucky) pace the legal-type guys will act on information presented to them...and I can see their point. Last time I checked, it didn't take an awful lot of effort to investigate your entire case being handed to you on a plate.

Still, most Governments seem more obsessed by catching some dork selling Cannabis from his online bring n' buys, than any of the mayhem going on above. It's pretty stupid, but there you go.

Projects like Shadowserver are definitely needed, and in an ideal world, the powers that be would grant them some sort of special powers (hopefully not X-Ray vision, that'd suck) and just let them get on with it, safe in the knowledge that they're probably better at hunting Botnets than they are.

However, I'm not living in Happyclap-spank land, so I'll just have to leave the last word to a wag from Slashdot:

Which network protocol supports the transmission of bullets?

posted by paperghost at 7:24 AM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.