
Police hijack a botnet and remotely kill 850k malware infections - DoreenMichele
https://techcrunch.com/2019/09/01/police-botnet-takedown-infections/
======
zawerf
Previous submission:
[https://news.ycombinator.com/item?id=20827480](https://news.ycombinator.com/item?id=20827480)

------
icedchocolate
This headline is misleading. Avast did the work. The police just gave the
necessary legal approval.

~~~
chii
Irrelevant. If it is authorised by the police, then they did it, and while
Avast is the tech people behind it, attributing it to the police is more
correct (it could've been some other tech company, but only the police can
authorise such an attack).

~~~
vageli
> Irrelevant. If it is authorised by the police, then they did it, and while
> Avast is the tech people behind it, attributing it to the police is more
> correct (it could've been some other tech company, but only the police can
> authorise such an attack).

Doesn't the government have to authorize this kind of thing in order for it to
proceed, as a prerequisite? Do we also say the government IPO-ed when a
company IPOs? It can't happen without authorization. Just trying to understand
this rationale.

Seems weird to give credit for allowing something versus the actual doing of
the thing.

~~~
behringer
Well I don't know how France works but in the US, no the government doesn't
need to authorize this. The police are required to follow the law just like
everybody else. A judge could grant some sort of ex-parte legal judgement
making an action legal. The police here just said "yeah we don't care." The
article says the prosecutors gave the go ahead, my guess is that they said
"Yeah we got all the evidence we need, shut her down" and that's what
happened.

------
addedlovely
Is an interesting line to cross - that a company you have no relationship with
can make changes to your machine - admittedly in the name of good.

Imagine that flaw they found turned out to have been a trap and they bricked
850k devices.

~~~
meowface
That's why they do it with careful monitoring and approval from law
enforcement. If you tried to do this vigilante-style, no matter how good your
intentions, you're asking for trouble.

~~~
swiley
There was that one guy who intentionally bricked devices.

I feel like being too lazy to update probably means you don’t care anyway.

------
kim0
Loving the fact that Monero tries hard to stick to, one CPU one vote!

------
duxup
Microsoft has done the same in the past, takeover a botnet and the feds went
to a judge to get approval to disable it on the infected machines.

It sounds silly in a way but legally seems like a good process.

------
dmix
By the time the AV companies get police involved there always seems to be a
million infections. I guess they don’t have resources to do this often and
locations are disparate, often coming from off limits regions for western
police.

Still I often wonder what a well funded and legitimately defensive gov agency
could be capable of accomplishing if they wanted to seriously take on this
problem.

~~~
cj
> By the time police get involved there always seems to be a million
> infections. I guess they don’t have resources to do this often.

According to the article, the police didn't do much of the actual work -- the
police were only involved to give legal approvals necessary for Avast to avoid
legal trouble.

Edit: Added the original quoted comment text, OP has since edited

~~~
dmix
Yeah thanks I tried to clarify. That’s very relevant, that an AV company had
to tell them and do everything in the first place.

If they don’t have the advanced skill set needed to shut them down they can
always contract it until they develop their own in-house experts.

------
slovenlyrobot
Cool story, just a tiny nitpick..

> The malware also has wormable properties

Malware doesn't have wormable properties, the bug being exploited to implement
the worm is the thing that is 'wormable' in industry parlance. I think what
they mean here is that the malware is a worm

~~~
meowface
I think that's a little pedantic. The wormable properties are the
vulnerabilities the malware is exploiting. The vulnerability and malware could
both be considered to have wormable properties.

------
mruts
Is this, like, a good thing? What other kinds of exploits are governments
going to greenlight for the “good of the people?”

~~~
vageli
> Is this, like, a good thing? What other kinds of exploits are governments
> going to greenlight for the “good of the people?”

This is an exploit of the malware though, not some other third-party app that
just happened to be on the same box.

