Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

Return of the Web Mob 146

Posted by CmdrTaco
from the cement-shoes-for-everyone dept.
Parore writes "eWeek is running a story about the return of the web mob, highlighting all the similiarities between the online attacks and the real-world mafia. From the article: "Black hat hackers have set up e-commerce sites offering private exploits capable of evading anti-virus scanners. An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs. Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software."
This discussion has been archived. No new comments can be posted.

Return of the Web Mob

Comments Filter:
  • by liliafan (454080) * on Monday April 10, 2006 @10:42AM (#15099098) Homepage
    There is obviously a problem with botnets, virii, and trojans, part of the problem comes from a 'not my problem' attitude from law enforcement and ISP's.

    Dozens of times when networks I maintain have been attacked I have contacted ISP's with all the information they would need to trace the user performing the attack and notify them that their machine is infected, however, the response I usually recieve is, 'it is our policy not to blah blah blah', when I have had verified hack attempts on my systems and have notified the authorities about it, I have been transfered all over the place, put on hold, transfered a little more until I completely loose interest, when I do get to report something it never gets investigated.

    Until the people that can actually do something about these zombie machines and malicious users, get off their asses the problem will just keep getting bigger.
    • by Moby Cock (771358) on Monday April 10, 2006 @10:46AM (#15099133) Homepage
      The day will come when the owners of the infected computers will be responsible. This is of course insane, but it is an easy way to assign blame. The real culprit, of course, is too difficult to track.
      • by liliafan (454080) * on Monday April 10, 2006 @10:54AM (#15099182) Homepage
        We know the people responsible are mean vicious hacker types, my point is that an ISP has a responsbility to not just protect its users from the internet but to also protect the internet from the user, if an ISP recieves a report that one of their users is doing something wrong they should take the time to check this, the same goes for law enforcement.

        Users should take responsbility but you are right this will never happen, and a long as it is profitable the malicious users will continue to write their infections, the impact can be minimalised if ISPs take some responsibility for the users they allow to connect.
        • by LordOfTheNoobs (949080) on Monday April 10, 2006 @12:06PM (#15099604) Homepage

          Maybe some administrators need to do what they did when there was no enforcement in the American old west. Take justice into their own hands. So you have the IP of a vulnerable bot that is assaulting your network? Nuke the SOB. If you must be friendly, leave a happy little "Your machine has been hijacked and when asked, your ISP was too busy to tell you. So I have conveniently and remotely removed all network drivers from your system."

          Or, with a nod to the William Gibson, a little BLACK ICE to damage the foreign system beyond repair.

          This is unrealistic I'm sure, illegal almost definately ( proactive self defense ? ). But damn would it be nice.

        • my point is that an ISP has a responsbility to not just protect its users from the internet but to also protect the internet from the user


          IMO an ISP has no repsonsiblity to provide nothing more than bandwidth and uptime.
        • But it's much more cost effective for an ISP to just completely ignore the problem: They don't need to hire someone to monitor the junk / contact the customers, they don't lose their monthly $$ when they tell customers to fix their damn computers and the idiot customers just go to another ISP.
      • by gowen (141411) <gwowen@gmail.com> on Monday April 10, 2006 @11:03AM (#15099227) Homepage Journal
        The day will come when the owners of the infected computers will be responsible
        Presumably, this will be the same day that women in short skirts will be responsible for their own rapes?

        No matter how tempting a target I make myself, the responsibility for the crime will always remain with the criminal.
        • by giorgiofr (887762) on Monday April 10, 2006 @11:09AM (#15099251)
          the responsibility for the crime will always remain with the criminal

          and if, after being the victim, you start being the criminal, you will be held responsible for your crimes. for example: if you get HIV while being raped (btw... that's sad in so many ways I cannot count them) and you later go around merrily spreading it, you are certainly not responsible for being raped but you are for spreading the disease.
          • great analogy!
          • Actually, that is a marvelously apt analogy.

            It is something akin to the violation of privacy and destruction of rights of rape, to have ones personal computer invaded by a virus or other malicious code. (yes I know, the severity level is vastly different, but it's the same type). Afterwords, if this personal computer wanders around the Internet having unprotected HTTP with other servers, any who don't have the vaccination are going to pick up whatever it's got.
          • If you get HIV while being raped (btw... that's sad in so many ways I cannot count them) and you later go around merrily spreading it
            Throw the word "knowingly" in there, and I agree.
      • by giorgiofr (887762) on Monday April 10, 2006 @11:05AM (#15099233)
        I don't think it's as insane as you think. It's quite akin to hold passengers responsible for whatever some ill-intentioned guy put in their luggage without their knowledge. After all, it's your duty to know the dangers of the machine you're operating: people are responsible for the damage if they drive at 150 km/h into a building and lose control of the car, even if they "did not know" that it was dangerous to do so.
        Besides... responsible people are always the ones who have to pay for everyone else. If I keep my machine clean and safe, why do I have to suffer because you can't keep yours as mine? Is it my fault if you're stupid/misinformed/uninterested? Clearly it is not. On the contrary, I will think you are responsible for any damage (probably just some wasted bandwidth, but still) your machine is causing.
        • bad analogy (Score:2, Insightful)

          by 1800maxim (702377)
          Wow, what a bad analgy.

          Ignorance is different from negligence. And ignorance is not necessarily a negative term. It just highlights the fact that somebody does not know how stuff works in this example.

          Driving 150 km/h is already doing too much, knowingly. The problem is when people drive cars they believe to be secure, driving at speed limit, while not knowing that somebody came and slowly started loosening the bolts on the wheels. Until eventually the wheels come off, the person driving the car loses
        • According to your anaology, if someone hits you when your driving your car and obeying the speed limit, you are responsibkle for the accident. You said that "its your duty to know the dangers of the machine you are operating". Now you can compare apples and oranges, but it just doesn't make too much sense. I agree that you should know the dangers of the computer you are operating. But, should you be legally responsible to maintain and protect your computer from possible hackers?? I think the possible di
      • This is probably going to be considered flamebait, but I think people ought to feel when their computers are used for attacks, when it's relatively easy to keep them secure. ('Secure' in a relative sense: more secure than most people keep them.)
      • The real culprit, of course, is too difficult to track.

        Nah ! He is sitting there atop some 50 billion $s as the richest
        man in the world
        • The problem isn't Bill Gates. The problem are the people writing the malicious code. It is unfortunate that we live in a society where instead of being angry at the asshats writing malicious code we're mad at the people being targeted by the asshats.
          • I'm pretty much against the poster when it comes to gratuitous Bill-bashing. But your defense in this particular case is ill-founded; both Bill's company and the ISPs are at considerable fault in this case.

            It's called "an attractive nuisance", and that's what Bill's company has created in millions upon millions of homes and offices around the world.

            http://en.wikipedia.org/wiki/Attractive_nuisance [wikipedia.org]

            The description in Wikipedia is particularly apt in this case. Bill and the ISPs are the landowners -- "the con
      • The day will come when the owners of the infected computers will be responsible. This is of course insane


        I agree with you right up to the "this is of course insane" statement. I think the only solution is to hold the owners of the infected machines responsible, just like we make home owners responsible for shoveling the sidewalks in front of their houses.
        • That is unmitigated nonsense.

          Snow occurs natually. Your anology would have been more apt if you had said that homeowners are responsible for moving the snow put on their sidewalks by nefarious folks living up the street.
          • That is unmitigated nonsense.

            Snow occurs natually


            Perhaps I didn't use the best of analogies. My point was that the owners of the infected computers are not the (only) victims and should bear some of the responsiblilty for the damage done to third parties by their machines. It doesn't matter that snow occurs "naturally." I didn't cause it to land on my sidewalk, but I'll be sued if I don't take steps to remove it before the postman slips and falls.
      • by Opportunist (166417) on Monday April 10, 2006 @12:39PM (#15099774)
        Holding Joe Sixpack responsible for his computer's actions? Doubt it.

        Remember that he's the one that generates money for the ISPs. He's not downloading Terabytes of movies.
        He is the one that buys the crappy "download accelerators" and other useless programs.
        He is the one that uses online banking.
        He is the one that buys at Amazon.com and EBay.

        Let's face it, he is the one they shape the internet for! The 'net ain't our net anymore. Hasn't been for well over 10 years now.

        Now imagine he's held responsible for what happens out of his box. He doesn't know jack about his PC. He doesn't know he has a zillion dialers, trojans, adbots and whatnot, from klicking EVERYTHING presented to him. He only knows that "the net" somehow "did this" to his PC.

        What is he going to do? Learn how to use it? Or stop using it altogether?

        Which one is more likely? And would the industry like that reaction?

        So will he ever be held responsible?
    • Makes me feel good about the (small) ISP I worked for. We used to cut off service at the first sign of infection or trojan activity. Then we'd call the user up and tell them that they needed to clean their computer up before their service would be turned back on. The still had access to download some free tools, of course.

      It wasn't completely altruistic. The way our network was set up, an infected user could cause problems for a lot of other customer. So it was in our interest to nip that kind of thing in t
      • Telus, a large Canadian ISP, does this too. I got a message from my Mom one day saying that her internet had been turned off and she needed me to come fix her computer as soon as possible. I was glad that Telus was responsible enough to turn off the connection yet mad because my Mom hadn't been using the virus and spyware scanners that I had put on her computer. Now they are all set to autorun on a regular basis, and she hasn't had a problem since.
    • when I do get to report something it never gets investigated.

      I understand that it must be frustrating, but think of it like this.

      Who has the power to investigate a hack attack that comes from outside of your immediate area? A Federal Authority (the FBI for example), currently their top priority is making sure things don't get blown up. If the crime's result is a couple of hours of annoyance for some sysadmin, they can't be bothered.

      I believe that the FBI has a $4,000 threshhold of damage before they will e
      • Something like that.
        I had some twit in germany try to hack my server while I was sitting at it doing some work. I turned around and rooted his box, dropped a phone home trojan on it and proceeded to map to his printer. I then printed a message about what I thought of him 999 times. One print submission per page, spaced about 5 seconds apart, and only when he was on-line. The 1000'th page said I was done and reminded him to remove the trojan (with instructions).
        Never saw that box try to hack me again (ho
    • There is obviously a problem with botnets, virii [sic], and trojans

      Oh, do you mean viruses [wikipedia.org]?

      -b
    • Several times I have gotten the blah blah blah response. So I hit them where it hurts. For ISP's that is Money.

      The next time I had an attempt from someone on their networks. I sent them a form email, detailing all the information about the attack on my network. and that the next time this happened they would receive a bill for $1000 for each attempt on my network orignating from their network. and that unless they replied I would take it as their acceptance. This stopped all occurences from the offend
    • "I have contacted ISP's with all the information they would need to trace the user performing the attack and notify them that their machine is infected, however, the response I usually recieve is, 'it is our policy not to blah blah blah'"

      I don't know about that. I work for a company that handles the abuse department of an ISP. One complaint isn't enough to bother with, but if we get 3 or more we make an investigation and are pretty quick to get it resolved. If it's really bad and the source is not responsiv
    • We had people on the school network who were infected with MSBlast and did not seem to be in any rush to get machines cleaned up. I found an exploit on MajorExploits that allowed me to remotely access the infected machines. I then modified boot.ini so it would not boot and shut them down. They would turn machines back on and make a beeline for the tech department.

      This aproach is something like what people are describing here I guess. I have no regrets.

      In the interests of full disclosure, I did not get caugh
  • by khasim (1285) <brandioch.conner@gmail.com> on Monday April 10, 2006 @10:47AM (#15099144)
    What did anyone expect?

    The problem with anti-virus software is that it is 100% reactionary. The anti-virus companies don't release updates for viruses that they haven't seen yet.

    That's why I view viruses/worms as a failure of the security model of the system.

    Trojans are a different matter. But even with those there are ways to mitigate the effects. If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails. There will always be a few idiots.
    • If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails.

      No, it won't if their on their Dell. They'll get a dialogue asking for their password and they'll be stupid enough to put it in without a second thought.
    • If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails.

      If there is such an option, it would be pretty trite and
      the user would rather turn it off or blindly enter the password
      every other time an exe asks to be run. It defeats the whole
      purpose. Asking Qs for user affirmation each time an OS does
      something is not security.
      thats bad security model
    • Or you mean the antivirus companies that will be left behind. The "smarter" AV companies have been working at pro-active detection for a while now, through either virtual machine type heuristics (Eset, BitDefender's HIVE, Norman's Sandbox technology), or pro-active user/system intervention modules (Kaspersky in 6.0, McAfee's Entercept integration into VSE).
    • anti-virus software is that it is 100% reactionary.

      Thank the game companies for that. Isn't it just wonderful that anyone with kids has to give them admin rights just so the copy protection software can run on games?

      If MS wanted to solve the problem they could, but they have to fight EA, UBIsoft, etc to get it done. Games are the lifeblood of windows in the home. Take them away and there's little reason for people to not use another OS, whether it be linux or mac. So, without another solution, MS isn't
    • But even with those there are ways to mitigate the effects. If nothing else, requiring a password before installing an app will solve most of the "naked pictures of celebrity" emails. There will always be a few idiots.

      Rule Number One of Computer Security:
      People will install anything if it promises naked pictures.
    • The problem with anti-virus software is that it is 100% reactionary. The anti-virus companies don't release updates for viruses that they haven't seen yet.

      I have seen anti-virus software that does things like monitor the partition table, important system files, the boot sector, and stuff like that in an attempt to keep viruses from messing with them. Granted, it's not perfect, but keeping watch over things that viruses might try to attack or modify is a proactive move.
  • by gowen (141411) <gwowen@gmail.com> on Monday April 10, 2006 @10:48AM (#15099150) Homepage Journal
    Skilled hackers in Eastern Europe, Asia and Latin America are selling zero-day exploits on Internet forums where moderators even test the validity of the code against anti-virus software
    Phew, its a good job there are no malicious hackers in North America.

    Thank God for the calming, lawful influences Mom's Apple Pie, Truth, Justice and Barry Bonds' adrenal glands.
    • by Anonymous Coward
      Hey.
      You forgot Chuck Norris' roundhouse kick, with which he killed all the hackers!

      Odd that they don't mention any hacks in any part of the former british empire; the USA, Canada, Austrailia, India....

      Maybe it's all them poncy english stiff-upper lips....
    • More than likely I'm beginning to suspect that NA crackers are probably 'above' such things as botnets and such. Kind of a scary proposition.
      • This is personal opinion based only on speculation:

        I suspect that we're seeing these attacks come from places like Russia instead of places like America/Finland/etc. because mobsters in places like Russia find it easier to reach an under$tanding with the local authorities.
        • Bullshit (Score:2, Informative)

          by Alphager (957739)
          You see the attacks from such countries because it is damn convenient to proxy the traffic through those countries. Every good cracker in The US or Europe does that to have a layer of security between himself and the authorities.
    • Phew, its a good job there are no malicious hackers in North America.

      It's even more fortunate that there isn't some sort of international network of wires and cables that would let these foreigners attack our computers from overseas.

  • That $25 per 10,000 comps isn't bad....

    One could do a lot with say... $250 worth.
    • suppose someone took you up on your offer, how would you handle billing? What are the chances of someone not being good for their money in a situation like that? I know this is the least important aspect of this; but I cannot help but be curious.
    • Aand if, after paying your money, you get zilch. Who you gonna call?

      Ghostbusters?

      If you are the sort of person who considers signing up for this, I can introduce you to a prominent member of Nigeria's former government ...

  • by rueger (210566) on Monday April 10, 2006 @10:52AM (#15099173) Homepage
    Let's see, the ISPs and other "authorities" can't do anything to stop the "black hat" hackers and mafia, or even refuse to do so.

    Yet at the same time ATT is channelling massive amounts of customer traffic [slashdot.org] to the NSA for examination and interpretation.

    Perhaps someone needs to define Mafia=Terrorist?

    • Dude the "authorities" do not do crap to stop regular criminals. Hell Most speeding tickets are intentionally given to those that look like they will not fight it. Drug dealers in rich neighborhoods are left alone while the poor ones are always dragged in.

      Law enforcement in all aspects has been ineffective and selective for decades.
  • is that the email was sent including 27 of the most recent exploits and anyone included in the list is also included in a new undernet.

    I got one this morning and so far not&&^*%%£""£[NO CARRIER]
  • by Rob T Firefly (844560) on Monday April 10, 2006 @10:56AM (#15099191) Homepage Journal
    Cue yet another flood of FUD press on the evil "hackers who break into private and public systems, inserting viruses and exploit them to fulfill their own ends" while completely failing to mention the good guys on Bugtraq and such who have quietly been doing their thing for years.
  • How about using the same exploit to alert the affected users; track down the originator and infect him (if he has a real terminal); raise money and send some tough guys to beat the crap out of the hackers?
    • Alternatively, use the exploit to patch the hole and THEN alert the users. And, to get a start on that, spend $25 for a 10k machine botnet to start scanning for unpatched machines.

      No, it's not remotely legal; it's not even vaguely close to ethical. However, it might work. Consider it akin to giving software makers only FOO weeks before the exploit is disclosed; users get only FOO weeks to apply patches against remote exploits before Grey Hats shove the patch up their computer's ass...embly, whether the u

  • The web mob is back! We MUST stop them!
    - Quick, To the TuxCave! [nyud.net]
    • Ok, joke aside, I was wondering if these viruses wouldn't be spread so easily if we used Linux, but that's too much "slashdot thinking". After reading the story on Open Standards, I thought of something more interesting.

      Will Microsoft be able to widthstand this wave of exploits using their current software methodology? Or is Open Source programming the ONLY way?

      In other words: Is Microsoft losing the war against viruses?
      • by Cromac (610264)
        Ok, joke aside, I was wondering if these viruses wouldn't be spread so easily if we used Linux, but that's too much "slashdot thinking".

        Most likely, yes. "we" aren't the ones spreading virius and unknowingly joining botnets. It's the uneducated person who went to CompUSA or Dell and bought their PC. Those people wouldn't put up with the heightened security of a secure Linux box any more than they would with a secure Windows machien. They would still fall victem to the same trojans. Some virus and worms wo

  • Look at the Price! (Score:5, Interesting)

    by Spinlock_1977 (777598) <`Spinlock_1977' `at' `yahoo.com'> on Monday April 10, 2006 @11:06AM (#15099239) Journal
    $25 to infect 10,000 pc's sure is cheap. If this guy can get only 25 bucks per 10,000, he must have competitors (read: there's a lot of people doing this), and it must be easy to do. These, of course, are not good signs.

    However, it occurs to me that the best measure of Microsoft's success in security is the market price for 10,000 infections. For example, if Vista turns out to be an inpenatrible tank, we should see the price go up to 50 or 100 bucks, maybe more.

    At the end of the day, until we all stop using the same operating system, we're doomed to a continual barrage of large-scale infections (remember the Irish potato famine?)

    • ...remember the Irish potato famine?

      Interesting analogy. I guess the difference is that you can't patch a blighted potato.

      "Aye, son, just spray a fine mist o' Service Pack 2 o'er that field o' mashers."

    • by chadamir (665725)
      I feel as though I should give the 25 dollars and have the computers run folding@home for a day.
    • At the end of the day, until we all stop using the same operating system, we're doomed to a continual barrage of large-scale infections (remember the Irish potato famine?)

      Actually, Dr. Ford, a professor at Florida Institute of Technology, did some research into this. In order to have enough diversity to make a dent in it, we would need some ungodly number of different operating systems. You can read about it in the December 2003 issue of Virus Bulletin [virusbtn.com]. It's in PDF format, and you have to do a free regis

      • Thanks for the pointer - very interesting!

        I'd also like to agree with the point that a mass migration to any other operating system would be fruitless, since the virus writers would follow. However, if we could get ourselves spread out over 5 or six operating systems (check back in 15 years?), folks would have a choice about which classes of viruses they want to get ;-)

        OpenVMS on the desktop has been a long time coming, but hey, maybe it's time?

    • There are roughly298,488,666 [census.gov] people in the U.S.A. with 574/1000 [mapsofworld.com] people having a P.C. so thats around ( 298,488,666 * .57) 170138540 P.C.'s.

      At $25/10,000, that's $425,346.35 to own all the P.C.'s in the U.S.A.. Anyone want to pitch in?

      (Yes, there were a lot of assumptions made. So many, I will
      not list them)
  • I think the most mafiaesque thing I've seen on the old HTTP lately would be the DDoS and demand for ransom money on milliondollarhomepage.com Here's an article on it, the blog on the site itself also details how it went down. http://www.techshout.com/internet/2006/19/ransom-s eeking-hackers-attack-uk-students-million-dollar-w eb-site/ [techshout.com]
  • If it's good enough for SCO, Microsoft, and pretty much any other large computer industry player, then it's good enough for the black hats out there. I wonder if there's a yearly conference that all these folks go to? Oh yeah, it's called "ConCon". ;P
  • by SmallFurryCreature (593017) on Monday April 10, 2006 @11:10AM (#15099257) Journal
    No wonder Bill Gates doesn't believe in the 100 dollar laptop. He is supplying the world with PC's that cost you a fraction of a cent.

    Only kidding of course, well partially. How many botnets consist of linux or OS-X machines?

    It does however show just how hopeless windows security is. Even criminals have costs so if they can make a profit after paying their hosting and electricity and hardware and man power with just 25 dollar per 10 thousand machines then the cost and labour of infecting a windows machine must truly be trivial.

    Lets face it the mafia doesn't do it for penny profits. They are not supermarkets surviving on a 1 cent per sale profit. They want millions and they want them now.

    How many times $25 does it take to intrest a mobster?

    Frankly I don't think the problem is going to go away. The idea that MS is ever going to provide a secure OS is laughable and even if they did nothing helps against a dimwitted user who happily installs anything if it promises a nudie picture.

    They only two easy solutions I see is to install a serious watchdog on the net. One who can kick off ISP's that host the mob AND users who let their PC's get infected.

    Would that be workable? Even "respectable" western ISP's barely respond to complaints about attacks. We got a spam watchdog that already kicks of ISP off the email net when they misbehave and this just barely works. If the same was applied officially to the net as a whole entire parts of the world would be disconnected.

    Perhaps it is just something we got to live with. The real live mafia never went away. Why should the net be any different. As long as their is money to made people will attempt to get it.

    • biggest botnet found: 17 million infected PCs. that's the biggest one that they know about, mind.

      no, I don't have a reference, some man in the pub told me..
    • but you have to be careful listening to them.

      Hypothesis: the mob are the buyers of botnets, not the sellers, and the sellers are in a worse negotiating position.
      Hypothesis: supply of infected machines exceeds demand.

      Hard to tell which is correct.

      Zero-day exploit pricing is interesting too. I've seen numbers like $500 or $1000. If that reflects supply and demand then Windows machines are still pathetically vulnerable. In any event, that means that any stalker or divorce investigator could afford one.

      Anyone s
    • Lets face it the mafia doesn't do it for penny profits. They are not supermarkets surviving on a 1 cent per sale profit. They want millions and they want them now.

      Wrong. The mafia wants to steal what you won't notice that much. They only go after sure things. If I recall correctly the biggest heist in US history by the mob was of Lufstansa Airlines, for like $5 million in the early 80's. Everything else was usually skimming casinos, robbing shippers and reselling the goods on the street, protection rackets,
    • >Even criminals have costs so if they can make a profit after paying their hosting and electricity and hardware and man power with just 25 dollar per 10 thousand machines then the cost and labour of infecting a windows machine must truly be trivial.

      There is little to no relation between the investment and the number of captured machines; it is about the 'quality' of the exploit. A kid can do it from the attic using his dad's old computer and no hosting but what botnets and unverified credit card number

  • by trazom28 (134909) on Monday April 10, 2006 @11:10AM (#15099260)
    Most law enforcement I've worked with are great at their job.. if they can see it. Example - someone commits a crime, they can investigate and arrest. However I'd say about 1/2 of general law enforcement people do not grasp the concepts of the "virtual" world, through no fault of their own.

    While Opping on irc, I noted a person claiming to sell laptops at 1/2 retail cost.. new ones. I pretended interest, and got some contact info.. forwarded this on to law enforcement for his area... within a week, the detective emailed me to say they'd busted a fraud ring. It was tangible, they could deal with it :)

    Internet crimes still deal a lot in the virtual world, and if you haven't been trained on how to.. visualize and understand it, it's a tough concept. Not everyone gets it.

    As with a lot of things, the key would be training. You're probably not going to get a small town sheriff trained, however some of the larger sheriff's departments would be excellent centers for this.. keep it to county level, forward to state or federal if needed.
    • But some are trying (Score:4, Interesting)

      by BenEnglishAtHome (449670) on Monday April 10, 2006 @12:48PM (#15099826)
      I've installed and run investigative workstations for my employer. It ain't easy. Our methodology is to set up workstations that are as bulletproof as we can make them (considering the places we're going to visit, that's a given) and then let specialists try to develop leads. We have procedures to allow non-LEO personnel do the initial legwork; they surf and chat and poke around, extensively logging everything. When something interesting pops up, they're free to dig deeper. Eventually, when they think they have enough information to write up a report, they do so and turn it over for review. If it's picked up for serious investigation, either on the criminal or civil side, it passes from their hands and they never really know what becomes of it. That's fine with me; the initial lead development is what's fun, anyway. I'm one of the few people I know who can say he's spent a great deal of time being paid by Uncle Sam to surf porn (and other unsavory stuff).

      What bugs me are the amateurs. There's a certain nexus between the sleazy side of the porn world and financial crimes, so I've spent a bunch of time in places that, at first blush, might seem more titillating than profitable. You would not believe how many transparently fake attempts are made by local, often small-town cops to entice people into illegal behavior. By far, the most common problem is the "I'm a 12-year-old girl. Would you like to talk to me about sex?" thing. Yes, some of them are that crude. Apparently, there are a bunch of Barney Fifes out there who have convinced their bosses to set up an AOL account for them in a back room at the police station for the purpose of generating a few easy, cheap, and sensational arrests that'll get the name of the local DA in the paper before the next election.

      I used to wish they'd just go away, but afaik perhaps they already have. I haven't worked in lead generation for several years so I haven't been in any of those places in quite a while.

      Anybody have any recent experience with this? Are there still woefully clueless LEOs out there popping up at inappropriate places pretending to be hot-to-trot preteens? God, I hope not; they were a royal pain in the ass.

    • by AK Marc (707885) on Monday April 10, 2006 @01:00PM (#15099911)
      It was tangible, they could deal with it :)

      They are all tangible at some point. Someone uses a stolen credit card number to buy a widget. Sure, it takes 20 steps of "cyber crime" until the actual fraud is committed, but the crimes always come back to the physical. The problem is that the physical is too late to stop, in most cases.

      I called the FBI on two occassions and told them of people that were trying to defraud me. They asked, "did they already get any money from you?" when I told them I wasn't that stupid, they said they weren't intersted in the solicited fraud. They wouldn't investigate without actual loss, they are too busy to prevent crime or catch people that probably did successfully defraud others. They'd rather have the open case they can ignore when the next person doesn't know what a 419 is...
  • by erroneus (253617) on Monday April 10, 2006 @11:11AM (#15099272) Homepage
    This is exactly why any and all security information should be released to the public immediately.

    Public release will serve the following purposes:

    1. To inform the consumer of a problem/vulnerability so that action can be taken sooner.
    2. To kick the vendor in the ass and make him move on the issue.
    3. To prevent underground organizations from creating secret exploits that might otherwise go unnoticed or unidentified.
    3a. To prevent commercial gain by exploiting the knowledge of such secret/unknown security problems.
    • 1. To inform the consumer of a problem/vulnerability so that action can be taken sooner.

      You presume that Joe or Jane Consumer will necessarily:
      a) Hear
      b) Pay attention
      c) Understand
      d) Be able to do something
      e) Do something

      Color me skeptical.

      3. To prevent underground organizations from creating secret exploits that might otherwise go unnoticed or unidentified.

      No, this only means that when someone else finds the hole, you can check if their have been black hats using it. A few of the Black Hat grou

  • by John Hansen (652843) <.crayz9001. .at. .foobar.homelinux.net.> on Monday April 10, 2006 @11:11AM (#15099274) Homepage
    ... why other people can take advantage of their computers?
    I run a network in a medium-sized business. When I came in, there was no IT staff to speak of. All the workstations were Dell computers, mostly running the default installations of Windows XP. There was a Windows 2000 domain controller set up, but most of the computers were not set up for the domain, meaning that there were no default security policies. The E-mail server had an antivirus scanner installed but it wasn't updating its definitions.
    Since I came in, I've had to reformat & reinstall at least half of the workstations because they've been infected with spyware and viruses. This is because, despite having virus scanners, spybot scanners (Microsoft Anti-Spyware, Spybot, and Ad-Aware), and Firefox installed, the absence of IT staff meant that the company staff were ignoring spybot warnings, the antivirus was not up to date, and they were browsing the web with Internet Explorer.
    I'm still fighting the use of Internet Explorer, since we have no real reason to be using it -- most all of the websites we access are Firefox friendly. However, the momentum means that I can't just block out access to it in the domain policy. People need to migrate their bookmarks and preferences over, and that isn't done overnight. It's maddening.
    So who do I blame when I see headlines like this, or when I look at the company I work at and see a mess? My first point of blame lies with Microsoft for creating such a vulnerable infrastructure to begin with. And that's not because I'm an anti-MS or Linux zealot. It's true, I run Linux at home on every computer. It's also true that since coming in, I've set up a number of Linux servers and a Linux firewall. I know how to work with Microsoft products and lock them down to a reasonable state. It's just that it frustrates the hell out of me when a product built-in to the operating system has so many vulnerabilities, and it's a freaking product used to browse the web! Not something essential to the system like the kernel (which has problems too)... a web browser! Something that should have no system access!
    So yes, I lay most of the blame for this kind of travesty at Microsoft's feet. Had they actually thought their design through before they started coding, I can almost assure you that we would not be having this kind of problem to begin with. There would be viruses for Windows, yes. There would be worms for Windows, yes. But I find it unlikely that a properly-designed Windows would have made it possible for there to be millions of zombie PCs across the world, able to be bought by the highest bidder.
    The rest of the blame I lay on user education. Most people with computers are totally oblivious about what's on the Internet. They just click on the big 'e' and surf their favorite porn sites, check email for funny comments, et cetera. And then they wonder why they get hundreds of popups and their computer runs slow as frozen molasses. Some of this could be stopped if network admins took some effort to educate their users in a business environment (herculean but possible, and I know some organizations actually do so). Which leaves the home PC users. What do you do about them? Well, I think that's more Microsoft's responsibility, since they're the ones who created the product.
    In the meantime, I'm setting up Ubuntu for people who want it, or giving out CDs with it on them and directions. And most people I've switched have been quite happy with it, since their main needs are web browsing and Email and it covers those. So until Microsoft produces a product that I can actually recommend to my mother, I cannot recommend Windows.
    • here here.

      I totally agree. The folks over at Mozilla have no problem producing a secure web browser. It must not be too hard either, they give it out for free. You mean to tell me Microsoft can't (or won't) do that?
    • Sir, you are 100 percent correct. I agree completely.
      But, the fact is, people love eye candy and easy use. Mr. Bill knows this, so thats all he puts into Windows. Nothing more.
      This practice has gotten him enough money to feed all the starving nations in the world for a year or more, so he has no reason to change anything about his OS.
      Maybe one day the world will wake up and switch to a secure OS.
      Join the penguins of the computer revolution!
  • by qwp (694253) on Monday April 10, 2006 @11:12AM (#15099276) Homepage Journal
    So........
    When i went to purchase these 25,000 computers with my trusty Internet Explorer v4.0, I actually got A DEAL!. They tossed in a extra computer now I control 25,001. These guys are soo nice!.

  • So, if I gave these guys $25 to have 10,000 of their zombie computers all run SETI@Home, could I write it off as a tax deduction?
  • Let's say real-life mobs exploit people's addiction to narcotics to make money. In this instance, these virtual-mobs are using people's addiction to MS Windows to make money[1]. Hence Narcotics => Windows. As a result, this current item is relates nicely to this article on open standards [slashdot.org]?

    [1] Those zero day exploits wouldn't exist (or, wouldn't be useful even if they existed) if Windows code was open to see and modify. For example, the most severe security bug (sudo password saved in plain text) I saw in

  • Imagine never having to drive into work again!! Sit and home and make millions with proven black hat techniques! All you need are a few [amazon.com] hacking [amazon.com] books [amazon.com] from Amazon and a lack of morals! What could be easier!?

    /this is not a troll, it's sarcasm

  • by pmike_bauer (763028) on Monday April 10, 2006 @11:22AM (#15099344)
    Considering the topic, the quotation at the bottom of the page is appropriate:

    You can do more with a kind word and a gun than with just a kind word. -- Al Capone

    AV software is akin to a kind word when it comes to combating the net mafia.

    During the Wild West days when law enforcement was scarce, militias and posses were deputized to keep the peace. Today, police and government are stretched thin, so Congress should deputize 'white hats' to attack/track down virus writers. This has got to be better than the reactionary stuff we are legally permitted to use.

  • by romka1 (891990)
    "An e-mail advertisement intercepted by researchers contained an offer to infect computers for use in botnets at $25 per 10,000 hijacked PCs"

    Dear researches i would like to make you an even better offer recently my good friend the president of nigeria was killed and he had left me a huge amount of money but i need help getting it out of the country for pay the fee for all the legal paper work and transfers i will give you 20% of my 100 million inheretence
  • Damn, that is a cheap cluster. $25 per 10,000 machines. I wonder what kind of turnover you'd have if you used them for things unlikely to draw attention to yourself (that is, if you don't use them to DDOS IRC lamers)...
  • The internet is a wonderful thing, for it has no borders. Unfortunately, the real world does and that's the inherent problem of this all: Getting international police forces to work together takes a hell lot of time. If possible at all.

    The problem lies in the placement of the criminal. In a normal, tangible crime, the criminal has to go to the place of his crime. You want to steal my car, you have to go to my car and steal it. You want to break into my home, you have to come to me and crowbar my door. You w
  • Maybe I've seen too many movies, but these blackhats don't *sound* like the mob.

    I'd think the mafia would build enterprise-ready e-commerce sites and then "persuade" businesses to purchase hosting from them. You know, the old protection racket.

    None of this $25 a pop retail sales stuff. That's just monkey business.

  • web mob or webmob? (Score:2, Interesting)

    by Wolfspelz (783962)
    I thought webmobs are like flashmobs, but on the web as they write in the webmobs manifesto http://www.webmobs.de/manifesto.html [webmobs.de]. There seem to be 2 different meanings of the same word.
  • by argoff (142580) on Monday April 10, 2006 @03:00PM (#15100778)
    It is clear that the author of this article has absolutely no understanding of the real web "mob" (which isn't even called that BTW). This article is total BS and probably some kind of government set up.

    For people who want to understand the "real" "mob", they need to understand the Underground Economy (UE). What they need to understand is business and commerce. 90% of UE transactions is just regular business trying to aviod taxes and regulations. They have an elaborate offshore finance network that can transfer money arround the world faster than governments can track it. Most of the money is gained thru (some) female services, hotels, casinos, people smuggeling, and (some) drugs, and the biggest one - tax free duty free trade - and not thru online hacking nor thru draining peoples bank accounts or even defrauding people. In fact, they try to distance themselves from these activities because they want return customers built on a trust relationship. Most fortune 500 companies have regular dealings in the UE.

    It is highly factioned, and some people do try to blackmale, eg (give us money, or don't report us when we rob you or else such and such government will find out about your hidden transactions) - but this is mostly on a rogue individual level and not a large commercial level. In fact, when the FBI trackes these people down - it helps the UE, because it lowers their transaction costs and liabilities. Also, if they need access to secure systems, they don't need to hack into them. They have a lot of high level bank officers and government officials in their pockets. The real UE also hates terrorisim which in the last few years has increased their transaction costs several fold. The goal is to hide financial transactions from taxes, regulation, and rogue lawsuits, not to hide finances for terrorisim. Also most of the UE is split between drugs. Many try to distance themselves from the drug trade to avoid the higher costs of business, but the money is so big that it can't be ignored all together.

    Another thing that most people don't understand is that the war on drugs and the financial part of the war on terrorisim is really just an excuse to wage war on the UE. When corporate money associates the UE with drug lords and terrorisim, then they tend to keep their money at home more where their respective governments can tax the living daylights out of them. Given the costs of the war on terror, the big welfare states of most governments, and really really bad fundamentals of the US dollar lately - this has become a high proiroty for the US government in recent times.

    One more thing, the US dollar is in deep deep shit. The US economy can't pay off it's debts without watering down the dollar (or default which they can't do because it will cause a cascading chain of defaults), but they cant water down the dollar without sparking a stagflation spiral. When it spirals out of controll it will cause hell in the US and every country in the world. Anyone who doesn't have precious metals is either stupid, poor, or going to be poor. It used to be that the dollar was the currency of choice for the UE, then when the dollar devalued the currency of choice became the Euro, now the currency of choice has been moving quickly torard Gold.

Is your job running? You'd better go catch it!

Working...