cryptogon.com

news – analysis – conspiracies

• Home
• About
• Archives
• Contact
• Support Cryptogon
• Story Suggestions

FBI Hijacks ‘Coreflood’ Botnet

April 17th, 2011

Alternate headline: FBI Obtains Distributed Denial of Service Capability for Free.

Interestingly, in other recent news, the government is stepping up propaganda efforts on the National Strategy for Trusted Identities in Cyberspace scheme, which is ‘voluntary‘, of course…

Translation: They want you to use NSTIC. They want you to want to use it. There are a lot of ways to make you want to use it.

Via: Wired:

In an extraordinary intervention, the Justice Department has sought and won permission from a federal judge to seize control of a massive criminal botnet comprising millions of private computers, and deliver a command to those computers to disable the malicious software.

The request, filed Tuesday under seal in the U.S. District Court in Connecticut, sought a temporary restraining order to allow the nonprofit Internet Systems Consortium, or ISC, to swap out command-and-control servers that were communicating with machines infected with Coreflood — malicious software used by computer criminals to loot victims’ bank accounts.

According to the filing, ISC, under law enforcement supervision, planned to replace the servers with servers that it controlled, then collect the IP addresses of all infected machines communicating with the criminal servers, and send a remote “stop” command to infected machines to disable the Coreflood malware operating on them.

A Justice Department spokeswoman confirmed that the takeover occurred Tuesday evening, and the shutdown command was sent to infected computers based in the United States.

“Under the authority granted by the court in the TRO, we have responded to requests from infected computers in the United States with a command that temporarily stops the malware from running on the infected computers,” spokeswoman Laura Sweeney wrote in an e-mail.

A separate court filing Tuesday afternoon (.pdf) indicated that the FBI’s New Haven office is behind the operation. In that filing, authorities informed the court that a new variant of Coreflood had been released by criminals Tuesday morning, but that the FBI had tested the kill command against that variant and it had worked successfully.

According to the filing, Coreflood is designed to run whenever an infected computer is rebooted. Therefore the intervention software designed to disable Coreflood has to resend the disable command after every reboot, until the victim removes the malware from his system. The government assured the court, however, that this would cause no harm to computers.

“Based upon technical evaluation and testing, the Government assesses that the command sent to the Coreflood software to stop running will not cause any damage to the victim computers on which the Coreflood software is present, nor will it allow the Government to examine or copy the contents of the victim computers in any fashion,” the government wrote in its request.

Research Credit: DW

Sign in | Register

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events. If you are a legal copyright holder, or a designated agent for such, and you believe a post on this website falls outside the boundaries of "fair dealing," and legitimately infringes on your or your client's copyright, please contact Kevin Flaherty. Cryptogon contains both original material and material from external sources. Original material: Copyright Kevin Flaherty. Material from external sources: Copyright the respective owners / authors.

Design by Andreas Viklund | Ported by Matteo Turchetto