Forgot your password?
typodupeerror

The New Face of Script Kiddiez 230

Posted by Zonk
from the some-of-them-are-actually-quite-old dept.
An anonymous reader writes "Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.'"
This discussion has been archived. No new comments can be posted.

The New Face of Script Kiddiez

Comments Filter:
  • New Face (Score:5, Insightful)

    by RedHatLinux (453603) on Thursday March 09, 2006 @03:12PM (#14884685) Homepage
    Would seem to imply a new genre of script kiddie, such as old people doing it, rather than a mere change in behavior. And if they can track and shutdown is bot network, why hasn't someone arrested this idiot?
    • Re:New Face (Score:5, Insightful)

      by kefkahax (915895) on Thursday March 09, 2006 @03:18PM (#14884736)
      Being that he goes by 'Witlog' either he's too young to disclose or they still don't know who he is. Either way, I'd like to point out that, though he may or may not cover his tracks well, "they break into thousands of PCs" is kind of inaccurate being that most of these DDoS bots automate the process of taking control of a machine. Most people that run these botnets don't know anything beyond compiling the bot and filling out a configuration file.

      And they certainly don't deserve recognition...neither would a defacer[political or not]. I swear, "hackers" or "crackers" whatever you may prefer to call them, used to have more taste, pre-2000. Even the defacements used to carry more meaning...now it just seems like IRC channel wars, just at a new level...IRC server wars. Pretty dumb when it gets down to it.
      • Re:New Face (Score:5, Informative)

        by msobkow (48369) on Thursday March 09, 2006 @03:41PM (#14884901) Homepage Journal

        Exactly. While the rootkits, virus kits, worm kits, and other attack examples have been out there since the early DARPA days, most people using them were exploring for security holes to exploit. Now we've got people who just use that work to take over unpatched or obsolete machines.

        They aren't hackers. They can't even claim to be crackers. They run a kit with as little thought to how it works as an Excel user thinks about the math and programming behind the interface. It's just a tool to them.

        What's really annoying is their persistent attempts to break a patched/maintained environment wastes bandwidth that has better uses.

        What's criminal is that their traffic interference can prevent you from using your connection to work or relax as you see fit. Legally, it should be comparable to theft of resources or vandalism preventing the use of resources. Following from that could be additional charges depending on the intended use of the victim's machines.

        • Re:New Face (Score:3, Funny)

          by winse (39597)
          They aren't hackers. They can't even claim to be crackers. They run a kit with as little thought to how it works as an Excel user thinks about the math and programming behind the interface. It's just a tool to them.

          I totally agree. Why back in our day we had WRITE our own exploits, some people just older than me had to WRITE their own compiler to compile their own hand written 'sploits, and that's only if they finished their other chores first. It was uphill both ways.

          The only real crime here is that cr
        • Re:New Face (Score:3, Interesting)

          by StikyPad (445176)
          Now we've got people who just use that work to take over unpatched or obsolete machines.

          Right.. hence the word "script" in "script kiddies." They don't program, they just use. That's nothing new. And really, it's no different than anything else. You don't need 100 people to invent the wheel. You share libraries without caring how they work as long as they do what you want them to do. Anyway, nobody's giving this kid a medal, they're just showing an example of how easy it is for anyone to do.

          Legally, i
    • Re:New Face (Score:3, Insightful)

      by plover (150551) *
      why hasn't someone arrested this idiot?

      Probably because the idiot is in Estonia, or some other place where the laws of the U.S. are not particularly respected. If all he's doing is installing adware on American PCs, you don't honestly think the local police are going to give a sh!t, do you?

      Actually, they probably would. They'd probably want a 25% cut.

      • Re:New Face (Score:5, Funny)

        by gEvil (beta) (945888) on Thursday March 09, 2006 @03:23PM (#14884765)
        ...or some other place where the laws of the U.S. are not particularly respected.

        I don't even know where to begin with a comment like that... : /
        • Re:New Face (Score:3, Informative)

          by PitaBred (632671)
          There are extradition treaties and things like that all over the place ;) If you break the law in the US, you can't necessarily just flee to Canada or Mexico or the UK, becuase they'll generally just send you back if the US asks, as the US does with other criminals. That's the "respect of US laws" that I think the GPP was talking about.
          • Re:New Face (Score:3, Insightful)

            by aclarke (307017)
            If you break an American law in the USA and then flee to another country with which the United States has an extradition treaty, then yes your comment is valid.

            However, if someone is breaking into American computers from his mom's basement in Estonia, and computer cracking is not a crime in Estonia (I'm sure it is), then the point of Estonia's extradition treaty with the United States is moot as the script kiddie has not broken the law.

            For instance, the legal drinking age here in Ontario, Canada is 19.

      • Re:New Face (Score:3, Insightful)

        ...or some other place where the laws of the U.S. are not particularly respected....

        This implies that there is someplace where the laws of the U.S. are particularly respected... including the U.S.

        If George W doesn't have to follow the law, why should I???

    • This morning WNBC News (Channel 4) in New York was touting an upcoming segment on identity theft. It turned out to be a jailhouse interview with a phisher who's doing hard time for grand larceny.
    • Re:New Face (Score:4, Insightful)

      by blast3r (911514) on Thursday March 09, 2006 @03:39PM (#14884887)
      When you chase these botnet conrollers down you may find the operator in a channel on the server but normally they hide their real IP address. There is only so much you can do if you don't have access to the actual system the IRC server is located on. And even then it could be difficult to actually find them because they could be proxying through another hacked machine.
      • Re:New Face (Score:4, Insightful)

        by madhitz (841706) on Thursday March 09, 2006 @05:07PM (#14885645)
        Yeah, right. Tracking these clowns down is easy....I believe you're giving them much more credit then they are due. Sure, proxy this, proxy that, IRC chats, etc, etc...however, somewhere along the line, they are screwing up, leaving a trail, or some link back to themselves..and you can get them there. Hell, worst case scenario, find them at the money source...that's what makes this go round.

        Unfortunately, no one wants to invest the token amount of time it takes to investigate this, so it doesn't happen. You can't possibly believe that a 15-year-old botnet-asswipe, sitting at home on mom and dad's computer, could possibly outwit a highly paid and experienced network or systems analyst. They, as was mentioned in an earlier post, simply use the tool without any comprehension of how it operates....keep digging, and you'll find them...shit always ends up at the bottom.
    • by this great guy (922511) on Thursday March 09, 2006 @04:01PM (#14885069)
      Would seem to imply a new genre of script kiddie, such as old people doing it,

      Like Script Daddiez.

    • Re:New Face (Score:5, Interesting)

      by Agelmar (205181) * on Thursday March 09, 2006 @04:15PM (#14885183)

      Given the text of the interview in the article, I'm guessing that he is not in this country, or at the very least that he's a non-native speaker.

      My logic: There is a line where the reporter is interviewing the 'kid'. He says the following:

      why i did it? i've read an article on yahoo or smth like this

      Aside from the obvious grammatical issues, the last word of the sentence is indicative of the fact that he may be a non-native speaker of English. A native speaker would likely use the word "that" instead of "this" when using the phrase "something like" in conjunction with an action taken in the past.

      There's also the fact that he said "I've read" rather than "I read". While the former is not incorrect (using the past participle, 'have'), a native speaker is more likely to use the simple past ("I read" rather than "I have read"). This is especially true of a younger native speaker.

      While it's obviously difficult to analyze the grammar of a script kiddy, if I had to bet I would say that he is a non-native speaker. Could easily be German, or east european given the language patterns.

    • Would seem to imply a new genre of script kiddie, such as old people doing it,

      So you're saying this guy's from Korea?

      In Soviet Korea, old people email YOU!
    • In Korea, (Score:2, Funny)

      by weierstrass (669421)
      ..only old people run botnets.
    • Re:New Face (Score:2, Interesting)

      by Illbay (700081)
      Your comment re "old people" is apt.

      In fact, I have noticed--and "experts" have noted--that "delayed adulthood" (a.k.a. "arrested development," "extended adolescence" [spiked-online.com]) has become common. My 28-years-old-going-on-16 son is a good example.

      I can see the sophistication of such "Skript kiddie" operations as indicating some "kid" in his late-20s or early-30s, still living at home, and with the moral compass of your common housecat.

  • by gEvil (beta) (945888) on Thursday March 09, 2006 @03:14PM (#14884698)
    ...these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.

    Great! Maybe he can reconcile my account balance while he's there.
  • lame (Score:5, Interesting)

    by panic911 (224370) * on Thursday March 09, 2006 @03:15PM (#14884703) Homepage
    i find it rather funny that all these bot-net owners are getting so much publicity right now. The washington post recently had another article [washingtonpost.com] about another botnet owner. this is nothing new. people have been exploiting various networks and running botnets for at least a decade (that I'm aware of). these new botnets aren't any larger than the ones back in the day, either. in fact exploiting systems back then was way easier since security wasn't nearly as important to many people and firewalls were pretty rare. either way, ITS LAME
  • 'New Face'? (Score:3, Insightful)

    by MECC (8478) * on Thursday March 09, 2006 @03:16PM (#14884714)
    Hasn't this been going to for awhile?
  • Better Toys (Score:5, Insightful)

    by Doc Ruby (173196) on Thursday March 09, 2006 @03:16PM (#14884715) Homepage Journal
    These kids should be the new face of P2P research and production. Kids care more about group recognition, new toys and testing/breaking limits than they do about money. If more effort were put into giving them constructive P2P toys to play with, they would spend much less of their own effort breaking stuff.

    Just stopping kids is a losing battle. The only way to win is to substitute something else into their idle hands. This has been proven over and again, most obviously with "Little League" which replaced gangs of window breakers with happy campers.
    • All this guy did was use some source code and change some settings. Nothing major. He's not the kind of guy who's going to make another Napster. He probably doesn't even know how he's doing what he's doing.
      • by khasim (1285) <brandioch.conner@gmail.com> on Thursday March 09, 2006 @03:30PM (#14884816)
        All this guy did was use some source code and change some settings. Nothing major. He's not the kind of guy who's going to make another Napster. He probably doesn't even know how he's doing what he's doing.
        I have to agree.

        The only reason this guy is having any success at this is because of the default security settings on Windows.

        No, this isn't an anti-Microsoft rant. But the fact is that without those open ports, his worm wouldn't be spreading. You cannot depend upon the end-users to correctly patch or firewall their systems.

        All it would take to stop this guy is for the next version of Windows to ship without any open ports by default. Ubuntu already does this, Apple already does this.

        Having a software firewall on the machine is a distant 2nd place option. If there is a flaw in the firewall software, he'll have the same opportunity he has now.
      • Re:Better Toys (Score:3, Insightful)

        by Doc Ruby (173196)
        So if someone gave him some other simple "P2P kit" to "hack" like that, which was constructive rather than destructive, he'd be doing something useful instead of harmful. I didn't even mention the idea of "blame", or how "bad" this guy is - I didn't even refer to this guy individually. Just because windows are breakable doesn't mean people have to break them. But with nothing else to do, I'm not surprised when kids break them.
    • Re:Better Toys (Score:3, Insightful)

      by NitsujTPU (19263)
      You seem to be under the impression that these kids know how to do something. They're not good hackers who went bad, they're bored kids who downloaded some source code somewhere.

      Meet one or two of them. Most of them do not write this software, and do not know how to either.
      • Re:Better Toys (Score:5, Interesting)

        by Doc Ruby (173196) on Thursday March 09, 2006 @03:44PM (#14884925) Homepage Journal
        I've met plenty of these kinds of kids, since I used to be among them myself when I got started. One difference between them and me was that I was given constructive toys, actual (simple) programming projects, while they just passed around hacks/cheats given them by someone else.

        They don't have to be hackers to cause harm. All they're doing is playing with toys. That's why less harmful toys in wider distribution will dilute the harm.
        • Re:Better Toys (Score:5, Interesting)

          by NitsujTPU (19263) on Thursday March 09, 2006 @03:53PM (#14884999)
          I've met a number of these kids, and chatted with plenty in my day. I have always been under the impression that those who wanted to learn something did. I remember listening to Brock Meeks speak ad DefCon, only to have questioners lay into him saying, "You don't have to be interested in programming to be a good hacker." Those kids don't want to learn anything, and they won't.

          I can name at least 3 of my friends from when I was 14 chatting on IRC who are off getting their PhDs now (and you can add me to that number in the Fall).

          The kids who wanted to download "bitchslap" and knock a computer or two offline did that and didn't do anything more interesting than that. They ran into #2600 and barked at all of the people in there "Am I 1337 now!?!" and told all of their friends how hardcore they were.

          All of that aside, most of the serious P2P research is simply outside of the reach of your standard issue coder, let alone some script kiddie who doesn't know what he's doing. Perhaps there's some simple, elegant technique out there that people haven't exploited yet. Heck, I have my own simple elegant technique that I think that everyone missed. The difference is that I'm writing a paper about it, not sitting in some IRC channel telling people how 1337 my misguided flood protocol is.

          And, also, exactly, they don't have to be hackers to cause harm. They can be script kiddies and be plenty destructive. A script kiddie is called a script kiddie because he doesn't have any 1337 sk1llz though, not because he's trying to change the world. I wanted to learn about computers once too. You know what I did? I programmed.
          • I didn't say these kids have to produce the research themselves, any more than they produce the crackware they play with. Most kids will play with any toy they get, especially if all the other kids are playing with it, too. That sounds like a great "beta test" pool for new P2P systems, especially the more interactive ones. So if the "serious" researchers give their betas to kids as toys, they will displace the more dangerous tools, and kids will do less harm - and more good.
            • Eh, but most of us never crank out a "beta." I have a simulator that runs a mathematical version of my protocol now that I have preliminary results from (I have my own version of MITs P2PSim that does a few things better that are necessary for my tests). The real version will be a program written just to carry out my test and deployed on a private university cluster, and probably also on PlanetLab. Most of the serious research isn't producing anything that these kids would want to play with.

              Even if it di
        • If they need toys why don't they go play corewar [corewar.info] or life [ibiblio.org]? Or just read some jargon [catb.org]?

          It's not like there's a lack of toys out there if you're willing to look a little... Of course, getting that initial spark going can be a little more difficult.
    • "Little League" which replaced gangs of window breakers with happy campers.

      The "Little League" has always co-existed with juvenille detention centers. The places where your toys get taken away. Jail, in plain English.

      Maybe the Geek ought to be spending a little more time introducing his juniors to some uncomfortable truths about the real world.

      • More effort getting kids into Little League, or some equivalent in a different activity, would reduce the demand for JD halls and jails. Before kids were organized into constructive play, they used to commit a lot more crime - distracted only by "child labor" and worse.

        Kids are different from adults because it's not too late for most of them to change. Teaching them with toys rather than threatening them with jail is a lot more productive way to make better citizens. Centuries of prioritizing jail hasn't do
  • Lucky Bastards (Score:5, Insightful)

    by Eightyford (893696) on Thursday March 09, 2006 @03:16PM (#14884723) Homepage
    The worst part of this is that when these people are caught they are often given lucrative jobs at security and antivirus companies. Making the front page of slashdot will probably even look good on the lucky bastard's resume.

    And what kind of name is witlog? It's like cunningpoop, or something.
  • by Anonymous Coward on Thursday March 09, 2006 @03:17PM (#14884729)
    that should be distinctive on this "new face" is that it's either:

    * Bruised and bloodied from the clue by four that's been applied; or

    * mouth wide open screaming as his cell mate takes a new "wife."

    • I think that for a first offense you just break all of his fingers. Then for a second offense you break all of his fingers with a ball peen hammer, then for a third offense he gets the prison sodomy. I'm amazed at the bleeding heart assholes who get so upset by the thought of punks like this getting punished. These are predatory, irresponsible little fucks. If sending a few of them off to a federal pound-me-in-the-ass penitentiary makes the rest of them think twice before installing botnets (you probably di
  • I guarantee half of those bots are a result of some rogue ActiveX installation that most moms didn't know enough to click "don't install". Do everyone a favor, and just shut off ActiveX entirely. -- Jim http://www.runfatboy.net/ [runfatboy.net]
    • just shut off ActiveX entirely

      I think you're missing some clues here. These certainly are not all "moms" computers. 40 of the machines that joined the botnet during the chat in TFA were State of Texas computers, sitting in some government office building somewhere.

      Big organizations (large corporations, governments) use ActiveX in their web "apps" all the time for various software functions. Shutting off ActiveX might mean turning off their ability to fill out their time sheets, or request vacation da

  • Spread a worm that:

    * Spreads itself to at least 2 other computers (for survival)
    * Downloads and installs ad-aware
    * Activates your windows firewall
    * Downloads appropriate patches from Microsoft
    * Prepares ad-aware to run on the next boot
    * Deletes itself from the system

    That'd be so beautiful *sniff* :')
    • That would be pure poetry.

      If only I could come up with a script to clean a machine reliably I'd save plenty of time. Just today I tried and failed to de-crapify a horribly compromised Win ME/kazaa-induced nightmare.

      I spent nearly an hour with ad-aware, hijackthis, and spybot s&d before realizing best case I'd end up with a limping Win ME system.

      Now it's happily running 2k, fully patched, and the ignorant user warned.

    • We've seen that. I think it was the "Cheese" worm that was trying to come around and patch systems infected by the "Lion" worm. (Yup, confirmed, Google is my evil friend.) Noel Davis summed it up well: "These systems may have much greater problems than the Lion worm -- many more problems than another worm, no matter how friendly, can hope to fix."
    • I'm pretty sure during, or shortly after the peak of, the Blaster worm period someone engineered a worm to reach systems vulnerable to the Blaster worm, rid them of it, and then seal the hole. It ended up causing more problems than the actual Blaster worm in some cases.
    • by MyNymWasTaken (879908) on Thursday March 09, 2006 @03:43PM (#14884916)
      Whitehat viruses do exist in the wild. However, they too can bring down networks in a DDoS style; even while cleansing the system.

      Computer virus infects Air Canada check-in system [usatoday.com]
      W32/Nachi.worm [nai.com]
      • However, they too can bring down networks in a DDoS style; even while cleansing the system.

        That's because the white worms are more or less engineered off of the previous one. I don't want to make the comparison to the topic of this post (since I respect their endeavor), but they're basically behaving like script kiddies.

        If it was properly done, the worm would automatically delete itself after x days or after receiving a ping from another white worm (with the newer worm taking over security of that netwo
        • If it was properly done, the worm would automatically delete itself after x days or after receiving a ping from another white worm

          It did delete itself like that according to the virus detail sheet, but it can still easily overwhelm a system.
          • It did delete itself like that according to the virus detail sheet, but it can still easily overwhelm a system.

            According to the links provided, it would delete itself on Jan 1, 2004. My suggestion was to add another subroutine that would account for multiple worms on the same network, which was not mentioned as far as I can tell.
      • Hell, even a non-virus can bring down a system. We had a system here with Symantec Corporate AV that was looking on the wrong subnet for it's update server. Not finding it, it just flooded the damn network with ARP requests. Took nearly everything offline, and since it was an obscure, nearly forgotten-about system, we didn't realize it was the one doing it. Figured out it's IP with ethereal, but that doesn't help as much if you don't know what machine has what IP. Oh well.
  • by digitaldc (879047) * on Thursday March 09, 2006 @03:27PM (#14884802)
    SecurityFix: so did you just download the source from some site and set it loose?
    Witlog: yes
    Witlog: changed settings, and started it
    Witlog: thats all
    Witlog: anyone could do that
    Witlog: you don't have to know many things to do a botnet like this


    Why can't Microsoft push out its security fixes like this???
  • Cut off the head (Score:5, Insightful)

    by Billosaur (927319) * <wgrother@@@optonline...net> on Thursday March 09, 2006 @03:28PM (#14884808) Journal
    Witlog: why i did it? i've read an article on yahoo or smth like this
    Witlog: so when i've read that article, i thought "why not to make my own"?
    SecurityFix: so did you just download the source from some site and set it loose?
    Witlog: yes
    Witlog: changed settings, and started it
    Witlog: thats all
    Witlog: anyone could do that
    Witlog: you don't have to know many things to do a botnet like this

    This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler. He finds a script or two somewhere, configures it, and lets it go. He has no moral compass, he doesn't care about other people's property, and he seems to think this is a hoot. He sounds too much like those college boys who are accused of setting those Alabama church fires [cnn.com].

    But as he says, anyone can do this. While it's nice that goups like Shadowserver.org are tracking down and shutting down these botnets, why isn't someone doing something about the supply source for these scripts? It's like leaving a loaded gun lying around -- some idiot may decide to use it, even though they don't know how. I say find the morons behind the botnet scripts and take them out. Stop wasting time on the small fry.

    • by Denyer (717613) on Thursday March 09, 2006 @03:39PM (#14884884)
      It's like leaving a loaded gun lying around -- some idiot may decide to use it

      It's really easy to make explosives. We can't ban the sale of ingredients. That's a slightly facile example -- there are legitimate uses for many things that could be used for malice, whilst fewer for exploit source code. However, prohibiting the availability of information about holes wouldn't improve the situation -- it'd mean more blackhats would have the information rather than people using that information to arrange protective measures.
      • One of the biggest defenses for allowing the sharing of exploit code is that security experts have to be able to share it and communicate about it in order to do what they do, either professionally or as hobbyists. There's no way to prohibit open sharing of exploit code without crippling security forums, newslists, et cetera.

        Of course, if the person sharing it is also encouraging its misuse, there's already a law for dealing with them.
    • This kid is not a "hacker" or "cracker" anymore than I'm a professional wrestler.

      D'OH, that's why the article title says "script kiddiez", not "hackers".
    • Re:Cut off the head (Score:2, Interesting)

      by Tweekster (949766)
      Because the source code is perfectly legal. Making the source code, distributing it, all perfectly legal activities. Compiling it is also legal. Using it is legal too....Using it on someone elses computer you dont have permission to, ILLEGAL... see how much you can do before you even come close to breaking the law.
  • Fucking editors (Score:3, Insightful)

    by caffeination (947825) on Thursday March 09, 2006 @03:31PM (#14884834)
    I know they do'n't spelcheck articlez, but this is rediculus!
  • Disclaimer: (Score:5, Insightful)

    by WhiteWolf666 (145211) <sherwin@amiran . u s> on Thursday March 09, 2006 @03:39PM (#14884883) Homepage Journal
    What he does is wrong. Don't get me wrong.

    At the same time, I couldn't give a rat's ass. Leave your car unlocked, get your radio stolen, see me cry 0 tears.

    Leave your house unlocked, and the fine china will walk out the front door.

    Leave your computer unprotected, and your data/bandwidth will be taken.

    We run OS X/Linux. Automatic security updates, 0 ports exposed, everything behind a NAT, no automatic execution of downloaded files, and nobody types in administrator password without calling me first, either because they don't know them, or they know to verify EVERYTHING with me. Did I mention that user desktops run few (no) services? CUPS, SMB, SSH. No remote or local root logins.

    Everyone here understands that ANY thing they download could potentially result in all their data being messed up. Period.

    The last piece of the puzzle for me would be to prevent people from "spoofing" OS X users using incorrect icons for executable mime-types. Then I'll be happy.

    Why should I care?
    • When he sends that 'net for a DDoS ride to your address.

      I have zero sympathy for idiots who can't secure their system. If they could only harm themselves, they could just as well go down in flames. Maybe it would work as a LART on them.

      But it doesn't. Those bots are supposed to be no damage to the infected machine, but instead use said machine to cause harm somewhere else. If it DID cause some damage on the infected machine, the infected person would probably care.

      So his attitude is just like yours: Why sho
    • Re:Disclaimer: (Score:4, Insightful)

      by Bob Cat - NYMPHS (313647) on Thursday March 09, 2006 @03:53PM (#14884992) Homepage
      see me cry 0 tears.
      Leave your house unlocked, and the fine china will walk out the front door.


      Speaking of which, that lock you have on your front door can be picked in a few seconds. Don't believe me? Tell me your address, and I'll report here what your Royal Doulton brought on eBay.

      Stealing is ALWAYS WRONG, even if the valuables are unsecured.
      • by khasim (1285) <brandioch.conner@gmail.com> on Thursday March 09, 2006 @04:14PM (#14885175)
        Speaking of which, that lock you have on your front door can be picked in a few seconds. Don't believe me? Tell me your address, and I'll report here what your Royal Doulton brought on eBay.
        Some people trust the locks on their houses because they do not know any better. That doesn't make them bad or wrong. Just "ignorant".

        Some people trust the system on their computers because they don't know any better. That doesn't make the bad or wrong. Just "ignorant".

        The only difference is that you have a physical limit to the houses you can break into. There is no such limit on computers.

        People have a much easier time understanding physical security because they can see it. They know when they've been robbed. They know when the neighbors are robbed.

        With a computer, they probably won't know, or even really care. Unless they lose money from their accounts.

        And fighting against ignorance is a long and difficult task. There are millions of individuals out there and each one has to be correctly educated.

        Personally, I'd recommend focusing on an easier target ("easier" being relative here). Get Microsoft to ship the next version of Windows without any open ports by default. Yeah, I know what you're going to say. But it's more likely to happen than educating the millions of individual users out there.
      • That has nothing to do with what he said. He didn't say the thief would be in the right. He said he'd be hard-put to feel sympathy for someone who didn't even take basic security measures.

        If someone walks through a bad area of town wearing jewelry in the middle of the night and gets mugged, I'll still think the criminal should be captured and convicted, but I won't shed any tears for the victim. If another person walked through the same area of town at 7 PM showing nothing valuable, and got mugged, I'd be m
    • At the same time, I couldn't give a rat's ass. Leave your car unlocked, get your radio stolen, see me cry 0 tears.

      I'm glad to see cynicism alive and well. So criminals can do no wrong, because it is WE who have failed to protect ourselves? I have, in fact, left my car unlocked and had my radio stolen from it. The idiot who did it is a punk who will receive a particularly bad beating if I ever find him. Could I have prevented the theft? Yes. Was I AT FAULT? No.

      Why should you care? I don't know... Maybe

  • "At least one machine that he showed me from his botnet was located inside of a major U.S. defense contractor."

    Ah, the irony...
  • The writers write code against systems that are easily broken into. The SKs that would create botnets, simply grab code that is on the net and use it. It was never about size. It is about the ease of getting systems.
  • by Animats (122034) on Thursday March 09, 2006 @03:52PM (#14884979) Homepage
    Specialham [specialham.com], the spammer hangout, usually has ads for botnets. Today, though, the spammers are discussing someone who got caught:

    Adam Vitale aka Batch1 arrested by Secret Service

    • From what I heard it was a guy named Sean Dunaway (spelled wrong I think). He used to work for AOL, sold out their huge 90+ million members dbase, got jail time, and apperently is working for the man now. This is a big case, pump and dump stock scams can hurt people to the tune of millions of dollars.
      M.
    • Yeah pump & dump would seem more like the Secret Service's department... the article just spoke of "promoting computer security software"... perhaps additional charges will be filed later... maybe this was just the SS's way to get him jailed and put pressure on him...
      Saw your other post too.. U r right, whoever isn't mailing compliant these days and is promoting illegal shit like pharm or stocks on top of it, is just asking for the feds to bust through their door...
      Hamster
    • From what i hear it wasnt about stocks or spamming, the security spam stuff was just a coverup. What the feds were really after was a botnet the guys were mailing from. Dont know the truth to this but i would not doubt it one bit, it would make sense why the SS was involved.
    • Just goes to show swank has ties with the antis look at this http://www.spamhaus.org/rokso/evidence.lasso?rokso _id=ROK4262 [spamhaus.org]
      I am not saying this guy didnt scam tons of people which is not right however if swank does not like you for whatever reason he will post you info on his anti friends websites so be very very carefull when dealing with swank and make sure your personal info is kept to you.. Personal revenge is the key to try and recover money that was scammed not whoring shit out to the anti's....
      P.S. swank you know I dont like fake people.. You guys get a kick of this one http://www.spamhaus.org/rokso/evidence.lasso?rokso _id=ROK4021 [spamhaus.org]
      Look half way down the message and you will see this
      "Swank"(Chris Brown) and "Batch1"(Adam Vitale) are in a tiff over a spam deal gone bad, and are in a flame-war on spamforum.biz.
      Swank has repeatedly posted "Batch1's contact info that was used in their spam dealings with each other.
      I think this is what I have been explaining all along about how swank has ties to the antis and posts peoples info if he doesnt like them and if you notice reading these articals the anti's really never say anything bad about swank HMMMM I wonder if he is friends with them.. Enjoy guys.....
    • Sean Dunaway is spelt correctly and he did not work for AOL and did not receive jail time. Soo sad that people are this missinformed.
    • Also the math makes no sense: Spammed 1.2 million AOL users with onbly 47,000 messages? Huh?
      ...
      1200000 / recipients_per_Email = 47,000 emails sent.
      hard to understand isnt it hamster ;)
      also if you've paid any attention to the forum, the informant (sean dunaway) is already notified and you've started a double thread because of your ignorance :P

    This is starting to sound like those Mafia wiretap transcripts that came out as the New York Mafia was coming unglued. Law enforcement was doing well enough that the crooks were more afraid than the good guys, and were desperately trying to figure out who was selling out.

    Spamming is starting to yield to straightforward police work.

  • ISP Blocking (Score:4, Interesting)

    by PhYrE2k2 (806396) on Thursday March 09, 2006 @03:52PM (#14884984)
    I should point out that ISP blocking makes these folks essentially useless, not to mention limiting upstream.

    However, I hate that my ISP is packet filtering for things like torrents (Rogers), one has to wonder why they fail to filter for the things that uselessly waste their network rather than the people who actually use it.

    -M
  • by BoRegardless (721219) on Thursday March 09, 2006 @04:00PM (#14885061)
    Like which System Admin of a large government contractor is not aware of network security in this day and age, which would allow compromised computers and connections to the outside world?
  • It seems that you've been living two lives. One life, you're Thomas A. Anderson, program writer for a respectable software company. You have a social security number, pay your taxes, and you... help your landlady carry out her garbage. The other life is lived in computers, where you go by the hacker alias "Neo" and are guilty of virtually every computer crime we have a law for. One of these lives has a future, and one of them does not.
    I'm sorry, I just watched matrix today again, so all my comments tod
  • Hmmm (Score:3, Funny)

    by CaffeineAddict2001 (518485) on Thursday March 09, 2006 @04:03PM (#14885084)
    Imagine if these bot nets did something more subtle... like.. turning a single random pixel black or slightly fudging the movement of the mouse. Warranty Havoc!! Gawd that would suck.
  • by Opportunist (166417) on Thursday March 09, 2006 @04:05PM (#14885102)
    Botnets ain't new. They're even past their prime, past the time of the huge 'net that grew, unhindered by user awareness or antivirus tools.

    Today's botnets are no longer standalone tools. They are used to spread secondary attacks. That's where the new threat comes in. That's how secondary threats like trojans and viri can spread via email. Or you can use the botnet to download and distribute updates for trojans.

    The possibilities are pretty much limitless. Just imagine you have a few 100 to a many 1000 computers at your hands that could be used however you like, and let your imagination run wild.
  • So we can all examine the EXIF fields, of course...
  • by Anonymous Coward on Thursday March 09, 2006 @04:49PM (#14885480)
    the activities of a kid named Witlog

    Man, what were his parents thinking?!

  • We all here know what a hacker is. We all know what a cracker is. We all know what a script kiddie is. That's what we know.

    The audience of the media don't know what a hacker is, or what a cracker is. They don't know that these botnets are not hackers or even crackers. They don't know what script kiddies are. The BBC calls these dudes hackers.

    We know why script kiddies do their worthless crap. They do it for the attention. They do it for their own ego. The money makes them extortionists and thus, criminals

I came, I saw, I deleted all your files.

Working...