It's surprising how much publicity this is getting without making any arrests. I would've thought they'd have arrested people before publishing anything. I wonder if they've been able to identify the people, or if they were just able to undo the technical maliciousness?
If it's like the last half a dozen botnets that the FBI has taken down, it's being managed from China or Russia, and thus their chances of arresting anyone are close to nil.
I don't really see from this explanation what prevents a new wave of infected machines from contacting the Tier 2 layer. It seems like they just cut off Tier 1 access of existing infections. Yes, they took over the cloud account, but I don't see what's really stopping the bad actors from starting over (with lessons learned probably as to what got them caught the first time).
Great article. Also I just gotta share this. The story, if transported back in time a few decades and written as a sci-fi book would make a great read. Truth is stranger than fiction.
You should read through the search warrant to see the lengths that they went through to get permission from the courts to do so.
Regardless I think it’s an interesting question as well but my position is that if these machines are already compromised I’d rather have them run the “uninstaller” than the victims continue to receive commands from the botnet controller and cause additional collateral damage.
If an autonomous driving car is taken over by a hacker, and starts running people over, how fast would you expect the police to block it/shoot its tires?
The FBI has broad authority from Congress to engage in cyberwarfare extraterritoriality , and they also got a broad warrant for anything that happened to be in the United States
You could probably challenge the warrant in court, fortunately that won’t reinstall the botnet but if you also feel this causes you damages, you can further aim to get paid for those damages
In my younger years I was very fascinated by malware, it's what got me into IT eventually. Back then I was active on some forums with marketplaces where one could easily buy and sell such services. I didn't do anything serious besides some slightly gray area stuff, but never sold or bought anything or compromised any unwilling victim. I did know some people who were later caught by the FBI and spent a long time in prison though.
In hindsight it's super crazy that this was a thing and probably still is.
About these operations, I honestly think they're not that spectacular even though they make it seem so. Anyone can buy a license for a random botnet for a couple of bucks and reverse engineer what's going on on compromised systems. I'm sure most of these botnets are hacked together pieces of junk code, which gathered a lot of installs through sheer luck and the fact that the FBI was looking away for a while.
The FBI took control of the botnet and re-purposed it to patch the vulnerable machines. This sounds like a novel practice addition to me?
I've done some limited consulting in this space in my career, and I agree that the code (and architecture) I've seen is pretty brittle junk. It's on par with the worst enterprise code I've seen. It's a numbers game for them. And, it's just a different work experience and skill tree that drives people to create "great code" (as it would be measured in professional software development circles.)
200,000 Windows PCs in the US among the 600,000 total worldwide. Are there really that many Windows PCs still running vulnerable old OS versions, or were they zero-days in more modern OS versions? These articles never say much about the details.
If we estimate one Windows computer per person in the USA on average (~ 331.9 mil.), this means that more than 12 mil. computers run an unsupported Windows OS. (Or use your own estimate.)
I was using a browser earlier this week that didn't have ad block on (testing things). I was inundated with ads for a job at FBI. Weird coincidence but sure is a lot of FBI related marketing all of a sudden.
Due to some recently revealed corruption issues in the USA that the fbi was covering up, there’s more drama than usual regarding funding. Expect to see lots of fbi fluff pieces until their funding is secured.
[+] [-] SeanAnderson|2 years ago|reply
[+] [-] dralley|2 years ago|reply
[+] [-] dang|2 years ago|reply
FBI, partners dismantle Qakbot infrastructure - https://news.ycombinator.com/item?id=37310772 - Aug 2023 (171 comments)
[+] [-] JohnMakin|2 years ago|reply
[+] [-] intrasight|2 years ago|reply
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] charcircuit|2 years ago|reply
[+] [-] ipython|2 years ago|reply
Regardless I think it’s an interesting question as well but my position is that if these machines are already compromised I’d rather have them run the “uninstaller” than the victims continue to receive commands from the botnet controller and cause additional collateral damage.
[+] [-] flextheruler|2 years ago|reply
[+] [-] shmatt|2 years ago|reply
If an autonomous driving car is taken over by a hacker, and starts running people over, how fast would you expect the police to block it/shoot its tires?
[+] [-] yieldcrv|2 years ago|reply
You could probably challenge the warrant in court, fortunately that won’t reinstall the botnet but if you also feel this causes you damages, you can further aim to get paid for those damages
Good luck with that if you were an operator
[+] [-] mavamaarten|2 years ago|reply
In hindsight it's super crazy that this was a thing and probably still is.
About these operations, I honestly think they're not that spectacular even though they make it seem so. Anyone can buy a license for a random botnet for a couple of bucks and reverse engineer what's going on on compromised systems. I'm sure most of these botnets are hacked together pieces of junk code, which gathered a lot of installs through sheer luck and the fact that the FBI was looking away for a while.
[+] [-] nahsra|2 years ago|reply
I've done some limited consulting in this space in my career, and I agree that the code (and architecture) I've seen is pretty brittle junk. It's on par with the worst enterprise code I've seen. It's a numbers game for them. And, it's just a different work experience and skill tree that drives people to create "great code" (as it would be measured in professional software development circles.)
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] gdcbe|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] coldcode|2 years ago|reply
[+] [-] Archelaos|2 years ago|reply
If we estimate one Windows computer per person in the USA on average (~ 331.9 mil.), this means that more than 12 mil. computers run an unsupported Windows OS. (Or use your own estimate.)
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] bigfryo|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] kunwon1|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] vuln|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] master_crab|2 years ago|reply
[+] [-] what-no-tests|2 years ago|reply
[deleted]
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] boredumb|2 years ago|reply
[+] [-] playday|2 years ago|reply