To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Going back several years, what did our community efforts achieve?
This text is a quick write-up summarizing some of my thoughts. It is not
an academic paper nor did I give it a second reading. It's what email is
for.
1996-1999 - the IRC networks where this was based got to cooperate, share
information, and eventually feed samples to AV vendors.
2000-2003 - advancement in the anti Trojan and anti spyware business.
2002-2004 - advancement on the anti spam front.
2000-2006 - the service providers started noticing, and later
in 2002-2003 cooperating in an amazing good-will/peer-pressure abuse
ticketing environment that works - NSP-SEC
2003-2004 - the virus front was broken from the hands of solely the anti
virus folks, and opened to the general world of security research vendors
- TH-research
2004-2006 - DA and MWP then brought cooperation between industries, AV,
AP, AS, ISPs, etc. It brought research and a broader view to changes,
what's going on. The birth of new communities ranging from shadowserver
(they do their own thing, cool folks), CastleCops PIRT (they do their own
things, cool folks), ratout AS based C&C reporting, etc. It kept vetting
to the best level possible, and let in people who were not "already
in". Eventually becoming a vetting ground for tighter groups.
2005-2006 - public shaming of ISPs hosting C&Cs begins, mostly on NANOG
(drone armies report).
2006 - meat-space meetings and conferences (we've had some other hush-hush
community meetings, some of which made special effort not to invite me
:) )
2006 - new communities such as shadowserver and PIRT taking shape. I've
done my best to protect them from us A-holes in the field who would feel
threatened. I remember how I was threatened in subtle or not ways when I
started and start new projects. They have done it all on their own and
have changed how we look at the problem, even if they still have much to
learn and to a level are still amateurish.
2006 - public community, [EMAIL PROTECTED], formed, to get information
public.
2006 - botnets are officially main-stream as a threat. Finally people
realize it is there due to vendors and the press starting to pick it up.
This is in no way a real history, nor accurate. It will suffice. It is
also biased from my view, and lacks a lot. My view is very biased as I
used to email about it to bugtraq when nobody would even recognize Trojan
horses as a threat.
See anything disturbing?
It is mostly good-will based or niche-based. It's masturbation.
Yes, we get things done. Yes, we make a difference.
After all these years, not enough, and not in a way that matters except
for pockets who jump on the wagon.
It is the equivalent of owning a gun to protect yourself when no one will
protect you. Only that you are shooting zombies who come back to
life. Sci-fi horror flic?
The Internet is often compared to the wild west. I'd say that's on some
levels accurate. On the socio-economic development, it is more similar to
the middle ages.
What needs to get done now, and probably won't for a while, is stronger
meat-space physical world work. We started that by getting us all together
in workshops, which also have outcomes as in projects, new relationships,
new information sharing and new approaches. I already heard of three new
projects and cooperative efforts since our last one.
That's not enough. The good guys compete over intelligence, tip their
hands, and the Bad Guys barely get damaged by what we do. What's needed
now is a move to the intelligence realm.
When I spoke of this to Nicholas Albright months ago when he thought of
closing shop over at shadowserver, he, as a smart person not yet biased by
traditions and taboos have done a lot on that front from a very limited
resource and perspective front. That is the way to go.
We are fast approaching the time where we, vigilantes (neighborhood
watch) will become the uglier sense of that word. We need to get
organized, funded, and start doing specifically for this purpose rather
than as an after thought.
Than, when organized and funded to deal with these threats to the Internet
rather than "the botnet problem" we need to start dealing with tomorrow's
trends. These trends are known for years, yet have not yet gotten to
public attention.
What I see today is more of the same. On research projects, LEO
investigations and our tools. We have fallen too far behind for this to go
on.
Botnets, finally not ignored, have been around for a while. Lost
laptops? Uh huh, millions of people lose their identities online every
day. So thousands from one lost laptop?
It's time to wake up and face the music.
Blue pill or red pill? Want to know what's really happening?
The Internet is not going to die tomorrow. I dislike people who say it
might. It can die tomorrow. It is extremely simple to kill it. Our
infrastructure is full of vulnerabilities.
Phishing is no longer about taking down sites. Routing is no longer just
about links.
We concentrate on botnets today because it's easy for us. We have to feel
like we are doing something, right?
In a recent defcon panel "Internet Wars", created for the purpose of
raising awareness, somebody asked me what makes me so arrogant to
do any of what I do, and asked a question. My answer was that if he will
allow me to not be arrogant for a second, I'd say he is right.
I am arrogant. I go and do. I see a need or a void, make sure the project
is self-sustained, and move on to what I think needs to be done next.
Some of us go and do. Most of you go on and whine when your quiet turfs
suddenly get attention and your comfy seats may crumble below you and
force you to run and try to catch up:
The anti virus world: Trojan horses, spyware, botnets rootkits.
NSP-SEC, Rob: research, LEO cooperation, better reporting, what-not.
I'd love to see more involvement and more projects show up rather than
people trying to kill them (over my dead body - I am still here). I'll be
as arrogant as I need to be in order to get things done, and I expect that
others should do their own thing instead of bitch about me. Come on, get
involved!
The Internet is where we live and where the world economy is based. All it
takes is some good people to make a change.
Compete with us. Show us what we have missed. We have done good, but we
were also smart enough not to relax and sit down enjoying our success for
20 years. In restrospect, we were pretty.. cool.
Now, let's all realize that it's all more of the same and go to the next
level.
Gadi.
_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
