
Storm Worm botnet cracked wide open - nice1
http://www.heise-online.co.uk/security/Storm-Worm-botnet-cracked-wide-open--/news/112385
======
dhimes
This is excellent news indeed. I wonder if there can be a claim of eminent
domain (or similar <http://en.wikipedia.org/wiki/Eminent_domain> ) that would
allow a government to protect a group deploying this defense from legal
claims. It's interesting to me if the concept can be applied to a distributed
network.

~~~
geuis
The use of eminent domain in the realm of the digital space is interesting to
be sure. My first thought about killing the botnet is to do it asap. But we
easily start slipping into grey areas. If individuals do it, they are
potentially breaking laws that otherwise normally provide protections to us
against intrusion by corporate and government entities. If governments
authorize it under the idea of public safety or eminent domain, that provides
another legal gateway for governments to intrude on the privacy of your own
data. For example, India has laws that give their police the power to "police"
personal computers for pornography. We don't have that problem here in the US,
but imagine that at some point in the future a conservative Congress allows
the FCC to scan your computers and websites for porn like they regulate curse
words and imagery on TV. It's all for the public good, is the argument. While
most of us agree that botnets being run by criminals is bad, the traditional
methods of police protecting us from gangs don't easily map to the internet
and our personal data. We also run into problems because these botnets are
worldwide. If the US government authorizes an entity to break up botnets, what
about when some of the drone computers are property of foreign governments? If
France decided to "fix" computers run by the DoD because the dumb desk jockey
installed spyware on his work computer, there are a lot of people that would
consider that a foreign attack on US government computers. I think the best
way to handle this problem is via the OS vendors themselves. Because
Microsoft/Apple make their operating systems, all users worldwide are
basically agreeing to their EULAs when we turn the machines on. If the
companies team up with these reseachers, then I believe they are perfectly
within their rights to initiate this kind of operation. They are choosing to
do security updates to their products. This then can work worldwide and not
put us in danger of having government interference if our personal digital
spaces and data.

~~~
martey
_They are choosing to do security updates to their products._

The article notes that since the virus was added to the list of malware
removed by Microsoft's Malicious Software Removal Tool, the numbers of
computers infected by it have shrunk significantly. This suggests that the
computers will are still infected are those which are not choosing to apply
security updates.

Regardless of whether Microsoft would be "within its rights" to start
something like this, it would still be liable for any damage caused to
computers which became broken by the cleaning (see the next to last paragraph
of the article).

------
sdragon
The key question here is: why don't they release the code under open source,
or public domain, and let the internet take care of itself?

The only threat from this situation would be the botnet evolving in unforeseen
ways, thus rendering the code useless. However, the vulnerability described in
the article seems not a coded, but rather a conceptual one: even if storm
starts to use a new protocol, they -or somebody else using the insights in the
source- could repeat the disassembly process, and re-run the cleaning method.

------
ivankirigin
The need to break the law to stop a criminal is interesting. It seems like
that is well established in physical confrontations. The police can shoot
people threatening others, and you can kill someone in self defense.

Surely researchers fighting a botnet should be covered under the same logic.
The patch they force on 3rd parties should remove windows or force the use of
Firefox.

------
tokenadult
In a jurisdiction with Anglo-American legal principles, prosecutorial
discretion could let someone do the cleanup, but it's hard to know in advance
if prosecutorial discretion would be exercised that way. The continental legal
tradition in Germany makes a cleanup from Germany more risky.

------
zby
This is interesting. They claim they cannot unleash their cleaning program at
large - because it would change the infected machines in an unsolicited way.
The infected machines are used as a tool for criminal actions - isn't it an
obligation of anyone, capable of doing that, to stop them? Maybe they could
gather evidence from spam blockers and only clean the computers that were
reported as spam tools?

~~~
dhimes
That's what I was thinking when I made my "eminent domain" comment. At what
point can the government legally step in and say, "in the interest of the
public welfare, we're going to let this happen?"

~~~
newt0311
The government (most of them anyway) can do this almost immedeately as nearly
all of them have some clause allowing action in the event of known criminal
activity (whether they will after this goes through all the beaucracy is a
different matter). The question with the parent is would private citizens be
within their rights to do something like that. To that, the answer is, for the
most part, no. I do not know of any countries (except palestine) which condone
vigilantee justice.

------
rrhyne
Not sure why this article was published. Won't the bot net developers just
update their software now?

~~~
neilc
This is such a simple idea that it's hard to imagine it staying concealed for
very long...

~~~
gcv
Surely the botnet operators and the authors of the original infection program
knew about the risks of not using any authentication for communication between
clients and servers? If anything, they are probably surprised they got away
with that flaw for so long.

Maybe the people writing botnet apps have the same pressures as legitimate
companies, where the "bizdev" guys tells the techies to ship unfinished
garbage just to have the next version out the door, and the bugs and security
holes be damned. :)

