×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Texas Man Pleads Guilty To Building Botnet-For-Hire

samzenpus posted more than 4 years ago | from the best-little-botnet-in-Texas dept.

Botnet 95

Julie188 writes "A Mesquite, Texas, man is set to plead guilty to training his 22,000-PC botnet on a local ISP — just to show off its firepower to a potential customer. David Anthony Edwards will plead guilty to charges that he and another man, Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer, according to court documents."

Sorry! There are no comments related to the filter you selected.

Counts (3, Funny)

LordLucless (582312) | more than 4 years ago | (#32026534)

I hope they get charged with 1 count per infected PC - and screw concurrent sentencing.

Re:Counts (3, Interesting)

slick7 (1703596) | more than 4 years ago | (#32026636)

They aught to drag in the clients also, just for good measure. Hope it wasn't Goldman-Sachs.

Re:Counts (1)

MartinSchou (1360093) | more than 4 years ago | (#32028272)

Why not Goldman-Sachs? If that can get the fuckers thrown in jail, I'm all for it!

Re:Counts (1)

Shark (78448) | more than 4 years ago | (#32030510)

Because being Goldman-Sachs guarantees a slap on the wrist? They have a nearly endless supply of lesser management pawns to absorb all blame and they make significantly more money being crooked than any fine might cost them.

It's like fining a a company 20 000 for dumping toxic waste that would have cost them 100 000 to get rid of legally.

Re:Counts (3, Interesting)

idontgno (624372) | more than 4 years ago | (#32032592)

They have a nearly endless supply of lesser management pawns to absorb all blame

Ooooh, that brings to mind a phrase which, if it hasn't been coined, should be.

"Ablative managment": The layers and layers of expendable mid-level cannon fodder with enough responsibility to absorb blame, enough purported independence to support plausible deniability for their superiors, and enough commodity interchangeable to be easily and cheaply ejected and replaced. Used to shield the precious core of Board Members, CxOs, Senior VPs from PR or legal flamage.

Re:Counts (1)

slick7 (1703596) | more than 4 years ago | (#32032994)

Sounds like the MAFIA to me.

Re:Counts (0)

Anonymous Coward | more than 4 years ago | (#32041900)

They have a nearly endless supply of lesser management pawns to absorb all blame

Ooooh, that brings to mind a phrase which, if it hasn't been coined, should be.

"Ablative managment": The layers and layers of expendable mid-level cannon fodder with enough responsibility to absorb blame, enough purported independence to support plausible deniability for their superiors, and enough commodity interchangeable to be easily and cheaply ejected and replaced. Used to shield the precious core of Board Members, CxOs, Senior VPs from PR or legal flamage.

Kick them in the nuts for good measure!

Re:Counts (1)

EvilBudMan (588716) | more than 4 years ago | (#32029048)

Yeah, this is interesting. I really haven't heard of it happening to many times but going after the clients at least those in the US is a great idea.

Re:Counts (2, Interesting)

Sb1 (930524) | more than 4 years ago | (#32026786)

"Both men face a maximum of five years in prison and a $250,000 fine on one count of conspiring to cause damage to a protected computer and to commit fraud."

To bad there weren't some PC's compromised in Maricopa County Arizona. If so they should be sent over to that Sheriff Joe Arpaio and be on the chain gang for the whole 5 years. Yes I know it's voluntary (last I heard), but have a special one for some offenders. Or better yet have other states grow a backbone and have chain gangs set up in northern cold states in the US patching pot holes!!

 

Re:Counts (4, Insightful)

LordLucless (582312) | more than 4 years ago | (#32026800)

So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.

Re:Counts (3, Interesting)

Anonymous Coward | more than 4 years ago | (#32026934)

It's actually a little ironic. I used to know some botnet herders (around 10-11 years ago) who didn't use their bots for malicious purposes at all, or very seldomly at least. They would actively scan PCs and patch holes - sometimes by downloading Windows updates - and remove competing botnets and viruses. A lot of it tended to be automated, but some of it was genuinely manual labor.

It wasn't their main attraction of course, but the net gain was (sometimes) an overall benefit. A few of the better trojans (Agobot?) took very little CPU time/memory usage, so the one running backdoor program likely affected their machines less than the AV or toolbars did.

I sort of attribute it to the cat hoarding mentality. It wasn't common, but these [very] few guys weren't in it to do damage or somehow profit, but (I suppose) for the imaginary power, boredom (most were 13-18 years old), or the programming challenge. Actually, strike out the last part; most of these people were the most terrible programmers you ever met.

(I am not attempting to justify their actions. It can't be justified. I just thought it was an amusing anecdote.)

Re:Counts (1)

flappinbooger (574405) | more than 4 years ago | (#32028770)

I've seen norton and mcafee break a computer's networking and radically slow down a powerful system just as much (and more-so) than the worst of the rogues and trojans. No doubt a grayhat (whitehat?) botnet would do some good. What frustrated computer tech hasn't wanted to put a benevolent botnet out there, to stave off the malevolent ones?

Re:Counts (2, Interesting)

TheLink (130905) | more than 4 years ago | (#32027484)

Hey if invading individual citizens PCs was a crime, someone should have been jailed for the Sony rootkit thing.

Re:Counts (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32027544)

Where are the nigger jokes? This discussion needs more nigger jokes.

Nigger joke:

Q: What's the easiest way to babysit a niglet?
A: Velcro the ceiling and toss 'im up!

Re:Counts (2, Insightful)

jimicus (737525) | more than 4 years ago | (#32027684)

So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.

I don't think it's as clear cut as that. It's much easier to get evidence of 5,000 infections from a handful of sysadmins saying "We spent X hours cleaning up Y PCs as a result of this particular piece of malware" than it is to get 5,000 individuals to.

Re:Counts (1)

Jurily (900488) | more than 4 years ago | (#32028134)

So the one count they're charged with is for invading a corporate computer . And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.

Which one is easier to gather evidence from?

Re:Counts (4, Informative)

LordLucless (582312) | more than 4 years ago | (#32028174)

It's not exactly rocket science for either of them. For the target, you need to look at logs. For the zombies, you need to look for the bot software. Hell, if they've cracked the control software for the bot network (which it sounds like they have), it's a hell of a lot easier to gather evidence for the zombies.

Re:Counts (1)

Smallpond (221300) | more than 4 years ago | (#32028138)

So the one count they're charged with is for invading a corporate computer. And the thousands of individual citizens' PCs they compromised are ignored. Somehow, I'm not surprised.

Umm. Because the home PC's could be anywhere on Earth and they don't have resources to them track down, contact the owners, get them to file complaints and pursue 22,000 individual minor hacking claims?

Re:Counts (1)

flyneye (84093) | more than 4 years ago | (#32028178)

I'm all for the chaingangs patching the roads. It takes 3 state/county supervisors to watch 5 state/ road crew workers screw off here. Nothing ever gets done. Private contractors work the city so only traffic watch them screw off. If we gotta feed and house these prisoners and it costs more in taxes all the time, then we need some work out of them.

Re:Counts (0)

Anonymous Coward | more than 4 years ago | (#32028514)

Abolish unions: first problem solved
Abolish no-bid contracts: second problem solved

Re:Counts (1)

flyneye (84093) | more than 4 years ago | (#32042678)

Good idea! Unions have raised the costs of goods and services for everyone more than any Democratic tax hike I can recall. Convict powered road repair could under bid them all. A fleet of shovels can cost less than 1 road grader to 0perate. It's a green solution too.

Re:Counts (3, Interesting)

cstacy (534252) | more than 4 years ago | (#32029740)

Or better yet have other states grow a backbone and have chain gangs set up in northern cold states in the US patching pot holes!!

Fairfax chain gangs fill gaps for cash-strapped DOT
By Derek Kravitz
Washington Post Staff Writer
Monday, April 26, 2010
The vest-wearing, lawn-mower-pushing members of Fairfax County's modern chain gang don't look like jail inmates. Well-disciplined landscapers, yes. Orderly weed-whackers, perhaps. But not convicts. There are no chains, no handcuffs, no black-and-white striped jumpsuits. Just a handful of suntanned men wearing uniforms.
But take a closer look, and you'll see the tell-tale signs that these aren't your normal grass cutters -- the faded gang tattoos, the jail-issued plastic ID bracelets, the armed sheriff's deputy patrolling nearby. Still, confusion is inevitable. "We get a lot of people asking us for business cards, and we have to point to our sheriff's office logo and say, 'Sorry,' " said Sheriff's Deputy Michael Pence, as he watched a handful of inmates mow grass on a recent Friday near a county office building in McLean.

Re:Counts (1)

Kleppy (1671116) | more than 4 years ago | (#32031858)

Send em here to Michigan, Our Road Commission can't fix roads properly either.

Hell just send them to Michigan to fend for themselves. It just might be as bad as a prison sentence.

Re:Counts (4, Interesting)

kcelery (410487) | more than 4 years ago | (#32027140)

22000 machines, if each one got the mission done. There will be 22000 infected machines. If the guy is sentenced
for 1 day each. He will be away for over 60 years.

Re:Counts (1)

BrokenHalo (565198) | more than 4 years ago | (#32027592)

If his 22,000 machines were only worth 15 cents each, that's a total of only $3,300 dollars. Makes you wonder why he bothered; you can probably make better money digging ditches.

Re:Counts (1)

wvmarle (1070040) | more than 4 years ago | (#32027656)

It apparently was a proof of concept only; limited (for whatever reason) to a single ISP. No reason why he shouldn't be able to scale up the operation to millions of infected computers.

Re:Counts (3, Informative)

Smallpond (221300) | more than 4 years ago | (#32028126)

You misunderstood. He used the botnet to attack one ISP, the PCs could be anywhere.

Re:Counts (0)

Anonymous Coward | more than 4 years ago | (#32029108)

If his 22,000 machines were only worth 15 cents each, that's a total of only $3,300 dollars.

Yeah, that's not very many cents cents in those dollars dollars.

Re:Counts (1)

BrokenHalo (565198) | more than 4 years ago | (#32041104)

Yeah, that's not very many cents cents in those dollars dollars.

OK, give me a break, I spotted the typo after I had hit the "submit" button... :-|

Re:Counts (0)

Anonymous Coward | more than 4 years ago | (#32032842)

22,000 X the total real damages (time lost, PCs repaired, new OSs, whatever) = well over any reason not to draw and quarter them and every other SOB that fucks with someone elses computer.

Re:Counts (2, Insightful)

couchslug (175151) | more than 4 years ago | (#32028794)

"screw concurrent sentencing."

Concurrent sentencing is actually "sentence nullification" and should be banned.

Re:Counts (2, Informative)

MikeBabcock (65886) | more than 4 years ago | (#32030774)

Concurrent sentencing prevents sending you to jail for 300 years for parking tickets.

Re:Counts (1)

petermgreen (876956) | more than 4 years ago | (#32031916)

I disagree, the number of individual crimes that proof can be found for IMO has little bearing on the appropriate sentance. Does it really matter whether the cops happen to find ten of a burglers burgulries or just a couple?

Plus there is the issue of where someone commits one act but that act happens to fit the definition of multiple crimes.

Plus it saves the system a lot of resources because the criminal is unlikely to appeal and will often ask for further crimes the police didn't know about to be taken into consideration.

It's only going to get worse. (0)

Anonymous Coward | more than 4 years ago | (#32026548)

With the script-kiddie-ization of viruses, I'm surprised we aren't hearing more about these small time thugs getting caught. Perhaps it just needs more time to catch on.

Re:It's only going to get worse. (1)

GameboyRMH (1153867) | more than 4 years ago | (#32030730)

It's hilarious to see how incompetent some of them are on the black hat forums.

"How to install? The instructions don't say." (standard-issue PHP web app that even has a handy "install wizard")

"OK I installed the botnet controller, now how do I infect PCs?"

"how do i use this to make many?"

$3300.00 (4, Funny)

ipquickly (1562169) | more than 4 years ago | (#32026578)

At just .15 per bot, this confirms that the economic downturn has affected the bot trade as well.

No stimulus package in sight. I'm holding on to my bots till the rebound.

Re:$3300.00 (3, Funny)

slick7 (1703596) | more than 4 years ago | (#32026622)

At just .15 per bot, this confirms that the economic downturn has affected the bot trade as well.

No stimulus package in sight. I'm holding on to my bots till the rebound.

My botsfrommumbi(trademark pending) are .0275 per bot. So don't hold your breath.

Re:$3300.00 (3, Interesting)

phantomfive (622387) | more than 4 years ago | (#32026782)

Either that or getting a botnet isn't very hard these days. Supply is driving down the cost curve......how hard can it be if this guy did it? He doesn't seem like the brightest guy on the block....

A $3000 transaction; for that he ran the risk of a $250,000 fine. Not worth it, find an honest way to make that money.

Re:$3300.00 (3, Informative)

Opportunist (166417) | more than 4 years ago | (#32026810)

It's fairly easy.

You need:
1. A controlling server. Preferably located in some country ending in -stan or some other country where law enforcement laughs at interpol when they ask for aid.
2. An infector and sheepifyer trojan. Trivial to code.
3. A few million sheep. For pointers, see facebook&twitter.

Additionally it is wise to create your trojan in such a way that you (and only you) can update it and redirect it to some other control server should yours get shut down for some odd reason. Make sure that you create a good enough challenge/response or be prepared for someone else to harvest your infections.

Re:$3300.00 (1)

pinkushun (1467193) | more than 4 years ago | (#32027216)

2.1 Something with flashing words, kittens or cows, and a link to 'send to my friends now!!!' spreads itself easy easy.

Hey let's write our own botnet, buddy :)

Re:$3300.00 (2, Insightful)

jibjibjib (889679) | more than 4 years ago | (#32027412)

If you're good you can make it a P2P network, like the Skype network or the BitTorrent DHT. Have all the commands cryptographically signed; it doesn't matter where a message is coming from as long as it has the right signature. Then it will be extremely difficult for attackers to find where the controlling server is. The commands to their computer will probably be forwarded to them from some other bot near them in the network, not directly from your control server, and they can't find out where the other bot gets its commands from. Once the botnet gets big enough and has a few semi-reliable hosts in it, you can dispense with DNS and centralised control altogether. Just like with Skype or BitTorrent, if you keep a list of addresses of semi-reliable hosts you can connect to one of them and discover its peers and connect to them and get onto the network without using DNS or a hardcoded central server. And then you can control your botnet from anywhere as long as you have the appropriate client program and private key, and it'll be hard to track you and impossible to shut you down.

Re:$3300.00 (1)

Opportunist (166417) | more than 4 years ago | (#32027876)

Already happening. It's still possible to track down the originating controller.

Shutting such a botnet down is somewhere between trivial and impossible. It all depends on whether you can break their key before they change it. Since the network accepts control commands from anywhere, you "only" need to crack open its key.

Re:$3300.00 (1)

GCsoftware (68281) | more than 4 years ago | (#32028418)

But if they've coded it sanely, the private key is never stored on the bots, and the public key is used merely for verifying the validity of the command. I guess this is the impossible end of your scale.

Re:$3300.00 (1)

petermgreen (876956) | more than 4 years ago | (#32032060)

Consider an architecture where bots act on any command they receive with an appropriate signature (assume decent quality public/private key crypto such that a crypto crack is not an option) and retransmit any command they see to all their peers.

How would you go about finding the original injection point of a command packet bearing in mind that most of the links won't be logging packet contents?

Re:$3300.00 (1)

Opportunist (166417) | more than 4 years ago | (#32033944)

All I can say is that it is possible, given time and the necessary infrastructure.

Re:$3300.00 (1)

tiptone (729456) | more than 4 years ago | (#32035200)

You can't just say "assume decent quality public/private key crypto such that a crypto crack is not an option". We're not talking about breaking the encryption on something that Bruce Schneier designed. See the article for the level of coder we're talking about. Attacking the encryption would be my starting point for all of these. If it can decrypt the incoming messages, chances are there's a flaw I can find that will lead me to that key.

Re:$3300.00 (1)

nacturation (646836) | more than 4 years ago | (#32028228)

Have all the commands cryptographically signed; it doesn't matter where a message is coming from as long as it has the right signature.

And have the cryptographically signed commands posted on Slashdot as AC postings. Have the bots scan the most recent Slashdot stories at -1 for their commands.

Re:$3300.00 (1)

russotto (537200) | more than 4 years ago | (#32034200)

And have the cryptographically signed commands posted on Slashdot as AC postings. Have the bots scan the most recent Slashdot stories at -1 for their commands.

MOD ME UP OR I PWN J00!

*(SJKHCI&^HSKJNSIU&S(QJSJSQ)NSQJBN

Re:$3300.00 (1)

arndawg (1468629) | more than 4 years ago | (#32027620)

As an alternative for number one i suggest you use public forums etc and post your GPG encrypted/signed commands there. Have the bots check these sites regularly.

Re:$3300.00 (1)

wvmarle (1070040) | more than 4 years ago | (#32027672)

And to make it even easier, I recall articles on /. that there are ready-to-use "diy" trojan kits on the market to make it even easier.

Re:$3300.00 (2, Insightful)

Opportunist (166417) | more than 4 years ago | (#32027886)

I don't really recommend using those kits. Few of them allow you to keep your precious bots all for yourself. ;)

Seriously, what do you expect? You're buying (closed source) software to install backdoors in someone else's computer from a ... well, let's say not too reputable company. Do you really expect them to let you keep the bots? Be honest!

Re:$3300.00 (1)

EvilBudMan (588716) | more than 4 years ago | (#32029102)

You sound like a man that knows how to do this from experience. Wooo......

Re:$3300.00 (1)

Opportunist (166417) | more than 4 years ago | (#32034030)

From the other side of the game, yes. But I guess I'm not giving away any secrets by telling that. I also don't know why it's Informative. It's pretty common knowledge when you have at least a passing interest in botnet. Besides, the setup outlined above is soooo '07...

Re:$3300.00 (1)

EvilBudMan (588716) | more than 4 years ago | (#32035090)

I don't know why it would be informative either maybe interesting would be better but then again Facebook and Twitter are so 2010.

I also think Facebook is going to be the #1 exploit of 2010. Do you know any good jokes about Facebook?

Re:$3300.00 (2, Insightful)

vidnet (580068) | more than 4 years ago | (#32026866)

A $3000 transaction; for that he ran the risk of a $250,000 fine

He could probably have sold it a hundred times to a hundred different buyers.

$0.15 Per? (3, Insightful)

grcumb (781340) | more than 4 years ago | (#32026610)

Thomas James Frederick Smith, built a custom botnet, called Nettick, which they then tried to sell to cybercriminals at the rate of US$0.15 per infected computer....

That's, like, US $3300 for the lot. He's not going to get much hookers and blow outta that.

If he did any programming at all to develop the exploit, then his wages are in the basement. (Probably right next to his 'office'.) Once you factor in the time it would have taken to propagate, test and market the botnet, this guy stood to earning the merest pittance.

Then again, he was stupid enough to turn the thing on his own ISP, so we shouldn't marvel too much over his lack of business acumen.

Re:$0.15 Per? (4, Interesting)

Xaositecte (897197) | more than 4 years ago | (#32026672)

What's to stop him from leasing use of the botnet to multiple cyber-criminals now that he's built it up? I mean, the initial sale is just a little bit, but suppose the market for the botnet is more than just one organization, or suppose he charges by the day?

I'm not really a professional botnet organizer, so I have no idea how plausible this is.

Re:$0.15 Per? (2, Interesting)

fake_name (245088) | more than 4 years ago | (#32026764)

Maybe the $0.15 was a loss leader to help build up a reputation in his desired market segment, then you can up prices once you have a reputation for a solid reliable product.

Re:$0.15 Per? (1)

flappinbooger (574405) | more than 4 years ago | (#32033924)

Seems to me he's not a rocket scientist, just a script kiddie. He's not likely to really know how to monetize and leverage something like that. Perhaps he was nervous and wanted to get out, but was too greedy to just hit delete.

Re:$0.15 Per? (0)

Anonymous Coward | more than 4 years ago | (#32027016)

I seriously doubt he programmed this bot himself. The ones who can do so, capable of DDoSing and mass-exploiting vulnerabilities, aren't (even usually approaching) this amount of stupid.

If it's anything like before, he downloaded one of the several latest-generation public (with limitations) bot sources, maybe fumbled together some small code related changes, edited the bot configuration to point to a stable server/IP, compiled it, and started infecting machines (probably starting from his own PC, like a true moron would).

22,000 is something you can sneeze at: a few days' effort for a new (but not widespread) vulnerability.

Obligatory (0)

Anonymous Coward | more than 4 years ago | (#32026624)

"Now witness the power of this fully armed and operational botnet."

Re:Obligatory (0)

Chris Tucker (302549) | more than 4 years ago | (#32026638)

In Odessa Texas you own botnet!

In Odessa (0)

Anonymous Coward | more than 4 years ago | (#32030130)

Ukraine botnet build YOU !

Yours In Astrakhan,
Kilgore T.

Re:Obligatory (2, Funny)

Sulphur (1548251) | more than 4 years ago | (#32027250)

Attack the Rebels' computers, Admiral Biet.

Re:Obligatory (0)

Anonymous Coward | more than 4 years ago | (#32030480)

Attack the Rebels' computers, Admiral Biet.

Piett, FFS. Piett!

Your geek card, please.

Ah they broke rule #1 of cybercrime (3, Insightful)

CrazyJim1 (809850) | more than 4 years ago | (#32026676)

Don't perform cybercrime in the borders of the USA.

Re:Ah they broke rule #1 of cybercrime (1)

Luke has no name (1423139) | more than 4 years ago | (#32026984)

Seems to be working pretty well for some [slashdot.org] .

Re:Ah they broke rule #1 of cybercrime (1)

noisyinstrument (1624451) | more than 4 years ago | (#32027866)

The US is where the bots are located, not (necessarily) the guy running them.

Re:Ah they broke rule #1 of cybercrime (0)

Anonymous Coward | more than 4 years ago | (#32029164)

I thought the #1 of cybercrime is that you don't talk about cybercrime?

Botnet vs Hack (2, Interesting)

carp3_noct3m (1185697) | more than 4 years ago | (#32026730)

It seems very interesting that they were able to do this, but limited the botnet to the local ISP. In TFA they also state they "attacked" a Planet hosted server but didn't say if it was a DDOS or what. (The Planet is one of the bigger north texas hosters/data centers, I got to have a personal tour there once while working on building a data center elsewhere, they are very professional) and TFA later states they comprimised another website. What confuses me is that most botnets are installed via some sort of social engineering, be it XSS, email spam, etc. But it seems that since they were able to build it in such a short time on such a targeted demographic, that it falls closer into the spectrum of a Storm style botnet, that uses DDOS as both attack and defense. But regarding that I also don't understand the compromises of the website via a large scale like that, usually a DDOS is just that, a denial of service, if there is a vulnerability what is the use of an entire botnet? Maybe used to brute force something, or obfuscate multiple scans of vulns, but overall it seems like this was someone who stood on the shoulders of other botnet writers (would be interesting to reverse engineer the code and see) in order to make a quick buck (which is easy to do on IRC's underbellies) Anyone who pays attention at all to botnet or other malicious writers knows that if attention is directed to your code, it's fairly easy to track you down. It is also notable that this happened in 2006, and so it took this long for law enforcement to build a good enough case against them. Anyway, interesting at least to me, as I've been training up on computer forensics so its interesting to look at things like this.

Re:Botnet vs Hack (1)

codepunk (167897) | more than 4 years ago | (#32026828)

Forgive me if I am less than impressed, 30 minutes with a compiler and a few lines of code. Not like they pulled of some amazing feat, what is impressive is that they got caught.

Re:Botnet vs Hack (0)

Anonymous Coward | more than 4 years ago | (#32027080)

He also used IRC. IRC used to be a decent botnet communications medium, but as time progresses, heuristics are able to be able to detect this type of stuff. From what I have seen, IRC has been replaced by custom protocols with more of the advanced botnets so it isn't as easy to detect by IDS appliances. I could be mistaken though.

The guy who pretended to see it made a grave error too. He should not have said a word about anything and that way, investigators would at least have to go and find his name to put on the persons of interest list, as opposed to saying "here I am" which would make him a possible suspect, or at least a target for detective work.

These are not real botnet writers. The real guys that we should be concerned about are either the ones who are separated between them and the compromised bot servers by at least good number of compromised machines, or the guys who don't touch the code at all and have their hired script writers do the business for them. Or it might be a government who writes the code for "research" purposes, then sells it to an organization for a cut of the revenue.

Re:Botnet vs Hack (0)

Anonymous Coward | more than 4 years ago | (#32027034)

But regarding that I also don't understand the compromises of the website via a large scale like that, usually a DDOS is just that, a denial of service, if there is a vulnerability what is the use of an entire botnet? Maybe used to brute force something, or obfuscate multiple scans of vulns, but overall it seems like this was someone who stood on the shoulders of other botnet writers (would be interesting to reverse engineer the code and see) in order to make a quick buck (which is easy to do on IRC's underbellies)

I think you guessed it. Likely he typed something like bots.start_random_ddos ip_range_low-ip_range_high in the bot IRC server without fully (or marginally) understanding what it is he was doing.

Hi (-1, Troll)

hailfawebbe (1800304) | more than 4 years ago | (#32027036)

No stimulus package in sight. I'm holding on to my bots till the rebound. Bol Apartments [bolcroatia.com]

Hate to burst yall's bubble (0, Offtopic)

painehope (580569) | more than 4 years ago | (#32027076)

I live in Texas. Right outside of Houston, to be specific.

Credentials established, let me state this for the record : Mesquite is one of those towns you go "I fucking slowed down for this?" while passing through.

The pieces now fall into place.

Re:Hate to burst yall's bubble (0)

Anonymous Coward | more than 4 years ago | (#32027642)

Credentials established, let me state this for the record : Mesquite is one of those towns you go "I fucking slowed down for this?" while passing through.

So it's one of the interesting, peaceful, outdoors, quiet and homely towns?

Or is it one of the backwater, racist, barren, boring, and falling-apart towns?

Re:Hate to burst yall's bubble (0)

Anonymous Coward | more than 4 years ago | (#32027676)

Credentials established, let me state this for the record : Mesquite is one of those towns you go "I fucking slowed down for this?" while passing through.

So it's one of the interesting, peaceful, outdoors, quiet and homely towns?

Or is it one of the backwater, racist, barren, boring, and falling-apart towns?

Mesquite is suburban, east side of Dallas, just outside the LBJ loop. It isn't some little backwater town just nothing really out of the ordinary.

Useless trivia:

I lived in Mesquite until I was four.
Wikipedia says it is the home of id Software which I did not know.
id Software was not around back then.

$0.15? (0, Troll)

DrScotsman (857078) | more than 4 years ago | (#32027082)

That's the same as 0.15 cents. That's cheap!

Re:$0.15? (2, Informative)

pookemon (909195) | more than 4 years ago | (#32027630)

$0.15 != 0.15 cents.

$0.15 == 15 cents.

You need to carry the one...

Verizon reference (2, Funny)

ub3r n3u7r4l1st (1388939) | more than 4 years ago | (#32030642)

http://www.youtube.com/watch?v=D2isSJKntbg [youtube.com]

According to Verizon rep, 0.002 dollar = 0.002 cent. So your parent is right.

Re:Verizon reference (1)

DrScotsman (857078) | more than 4 years ago | (#32041762)

I wish someone told me beforehand that you get troll moderation for making the joke and funny moderation for explaining the joke. I must be new here.

Heh (0)

Anonymous Coward | more than 4 years ago | (#32027908)

I was one of the ircers on kidindustries.net when we were most active back in 2005. I knew both Zook and Davus and had also read the Nettick source code. It was written in Visual Basic and integrated into software which served the purpose of altering Habbo Hotel and then downloaded and spread. I remember the T35 hack, there were some cc's in there. Questions?

Yeah, I have a question... (4, Funny)

Viol8 (599362) | more than 4 years ago | (#32027992)

Have you grown up yet?

Obligatory free software rant (1)

SpaghettiPattern (609814) | more than 4 years ago | (#32027940)

Obligatory free software rant: I bet he didn't even consider making his software free.... <Rant about proprietary software being evil.> and then <Cheap shot at him being imprisoned instead of free.>

Hi (-1, Troll)

silviasaint29 (1800600) | more than 4 years ago | (#32028536)

It apparently was a proof of concept only; limited (for whatever reason) to a single ISP. Bol Apartments [bolcroatia.com]

Re:Hi (0)

Anonymous Coward | more than 4 years ago | (#32029356)

I think this is a clever bot post. I saw another posting for this Bol Apartments in another thread and the text in the body is identical to http://it.slashdot.org/comments.pl?sid=1635012&cid=32027656 [slashdot.org] .

Looks like the captchas need to be updated.

Another clear example of why crime is WRONG (1)

redelm (54142) | more than 4 years ago | (#32028976)

The attempted sales price (U$0.15/machine, would presumably be negotiated down 0.10-0.12) is ~100x less than users would pay to not be infected, and about 1000x less than it will take to remove the malware. Any person who buys and uses the botnet will generate similar economics.

This is an obvious clear loss to humanity -- the crooks gain _very_ much less than the damage they cause. A negative sum game.

The same might be said of Goldman-Sachs: even without the front-running and counter-dealing, they mispriced risk for short-term gain. They and their ilk (GS was probably one of the least-bad) caused much damage (more to come) without net gain. Their deals were at best zero-sum minus their hefty fees but with huge amounts of hidden risk (which comes home to roost).

Re:Another clear example of why crime is WRONG (0)

Anonymous Coward | more than 4 years ago | (#32029462)

lol you fail HARD

Re:Another clear example of why crime is WRONG (0)

Anonymous Coward | more than 4 years ago | (#32041132)

Good point. Now we know: Cybercriminals should make their bot-owners pay them to disinfect their computer or at least not use it for harm. "If you go to the police, I'll email the porn on here to your girlfriend. Muahahaha!"

Nettick? Bad Name (0)

Anonymous Coward | more than 4 years ago | (#32029060)

He's from Texas, so Net-Hick would be more appropriate.

Re:Nettick? Bad Name (0)

Anonymous Coward | more than 4 years ago | (#32030162)

He might be a net.hick, but he also lives in a state where two thirds of the people who live there carry guns as a matter of course. Go tell him that to his face while I stand off to the side eating popcorn.

Fire up the barbie! (1)

A nonymous Coward (7548) | more than 4 years ago | (#32029728)

That should be the punishment -- fry, fry, fry. I know what the smoker should be.

That has to be a record of some sort (1)

Provocateur (133110) | more than 4 years ago | (#32031532)

I mean, like 3 first names.

Oh,wait...

Re:That has to be a record of some sort (1)

HTH NE1 (675604) | more than 4 years ago | (#32036634)

Man, using their full names like that? It's as if their crimes were equivalent to presidential assassination or serial killing.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?