June 01, 2011
Debate

Debate: The U.S. government was justified to take control of Coreflood bot servers.

FOR

Jeff Bardin chief security strategist, Treadstone 71

The FBI shutdown of Coreflood was the right move. They took risks in shutting down the botnet. They did touch personal computers of U.S. citizens. But there are exigent circumstances that must be considered. There was an imminent and serious threat to property. According to authorities, a company in Tennesseee lost $241,866 to Coreflood, and another in Michigan lost $115,770. Since February 2010, 2.33 million computers were infected by Coreflood – 1.85 million of which were located in the United States. There also was the imminent escape of suspects. Any overt communication of FBI counterintelligence-counterespionage activities would have tipped off the perpetrators. There was the imminent destruction of evidence. Cyber defenses stand in the ring bobbing and weaving trying to avoid the punches of not one cybercriminal but multiple. It is about time we exhibited active offensive cyber operations. Cybercriminals are not equipped to handle counter activities. It is not cost effective.

AGAINST

Chris Palmer technology director, Electronic Frontier Foundation

Everyone wants to get rid of botnets. The question is how – in a way that inflicts the least collateral damage to innocent networks. There also is a jurisdictional problem as botnets are global. The Internet Systems Consortium/FBI/Department of Justice action against Coreflood, while apparently effective, does not meet a basic standard of safety. For a state to disable command-and-control servers in its own jurisdiction is an excellent idea, as it is for Microsoft to remove the malware with an update or a new feature of its Malicious Software Removal Tool. But to execute attacker code as part of the action is foolhardy at best. Coreflood might do anything in response to the “stop” command – especially since it was updated the day before the action began. The safest path is to remove malware by legal and out-of-band means: Notify the system owners, unplug the network cable and get an operating system update. Invoking attacker code on somebody else's computer is never sane.

From the June 2011 Issue of SCMagazine »
Related Articles
Related Topics

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.