NEWS

Computing Now Exclusive Content — July 2011

News Archive

May 2012

Encryption System Flaw Threatens Internet Security

April 2012

For Business Intelligence, the Trend Is Location, Location, Location

Corpus Linguistics Keep Up-to-Date with Language

March 2012

Are Tomorrow's Firewalls Finally Here Today?

February 2012

Spatial Humanities Brings History to Life

December 2011

Could Hackers Take Your Car for a Ride?

November 2011

What to Do about Supercookies?

October 2011

Lights, Camera, Virtual Moviemaking

September 2011

Revolutionizing Wall Street with News Analytics

August 2011

Growing Network-Encryption Use Puts Systems at Risk

New Project Could Promote Semantic Web

July 2011

FBI Employs New Botnet Eradication Tactics

Google and Twitter "Like" Social Indexing

June 2011

Computing Commodities Market in the Cloud

May 2011

Intel Chips Step up to 3D

Apple Programming Error Raises Privacy Concerns

Thunderbolt Promises Lightning Speed

April 2011

Industrial Control Systems Face More Security Challenges

Microsoft Effort Takes Down Massive Botnet

March 2011

IP Addresses Getting Security Upgrade

February 2011

Studios Agree on DRM Infrastructure

January 2011

New Web Protocol Promises to Reduce Browser Latency

To Be or NAT to Be?

December 2010

Intel Gets inside the Helmet

Tuning Body-to-Body Networks with RF Modeling

November 2010

New Wi-Fi Spec Simplifies Connectivity

Expanded Top-Level Domains Could Spur Internet Real Estate Boom

October 2010

New Weapon in War on Botnets

September 2010

Content-Centered Internet Architecture Gets a Boost

Gesturing Going Mainstream

August 2010

Is Context-Aware Computing Ready for the Limelight?

Flexible Routing in the Cloud

Signal Congestion Rejuvenates Interest in Cell Paging-Channel Protocol

July 2010

New Protocol Improves Interaction among Networked Devices and Applications

Security for Domain Name System Takes a Big Step Forward

The ROADM to Smarter Optical Networking

Distributed Cache Goes Mainstream

June 2010

New Application Protects Mobile-Phone Passwords

WiGig Alliance Reveals Ultrafast Wireless Specification

Cognitive Radio Adds Intelligence to Wireless Technology

May 2010

New Product Uses Light Connections in Blade Server

April 2010

Browser Fingerprints Threaten Privacy

New Animation Technique Uses Motion Frequencies to Shake Trees

March 2010

Researchers Take Promising Approach to Chemical Computing

Screen-Capture Programming: What You See is What You Script

Research Project Sends Data Wirelessly at High Speeds via Light

February 2010

Faster Testing for Complex Software Systems

IEEE 802.1Qbg/h to Simplify Data Center Virtual LAN Management

Distributed Data-Analysis Approach Gains Popularity

Twitter Tweak Helps Haiti Relief Effort

January 2010

2010 Rings in Some Y2K-like Problems

Infrastructure Sensors Improve Home Monitoring

Internet Search Takes a Semantic Turn

December 2009

Phase-Change Memory Technology Moves toward Mass Production

IBM Crowdsources Translation Software

Digital Ants Promise New Security Paradigm

November 2009

Program Uses Mobile Technology to Help with Crises

More Cores Keep Power Down

White-Space Networking Goes Live

Mobile Web 2.0 Experiences Growing Pains

October 2009

More Spectrum Sought for Body Sensor Networks

Optics for Universal I/O and Speed

High-Performance Computing Adds Virtualization to the Mix

ICANN Accountability Goes Multinational

RFID Tags Chat Their Way to Energy Efficiency

September 2009

Delay-Tolerant Networks in Your Pocket

Flash Cookies Stir Privacy Concerns

Addressing the Challenge of Cloud-Computing Interoperability

Ephemeralizing the Web

August 2009

Bluetooth Speeds Up

Grids Get Closer

DCN Gets Ready for Production

The Sims Meet Science

Sexy Space Threat Comes to Mobile Phones

July 2009

WiGig Alliance Makes Push for HD Specification

New Dilemnas, Same Principles:
Changing Landscape Requires IT Ethics to Go Mainstream

Synthetic DNS Stirs Controversy:
Why Breaking Is a Good Thing

New Approach Fights Microchip Piracy

Technique Makes Strong Encryption Easier to Use

New Adobe Flash Streams Internet Directly to TVs

June 2009

Aging Satellites Spark GPS Concerns

The Changing World of Outsourcing

North American CS Enrollment Rises for First Time in Seven Years

Materials Breakthrough Could Eliminate Bootups

April 2009

Trusted Computing Shapes Self-Encrypting Drives

March 2009

Google, Publishers to Try New Advertising Methods

Siftables Offer New Interaction Model for Serious Games

Hulu Boxed In by Media Conglomerates

February 2009

Chips on Verge of Reaching 32 nm Nodes

Hathaway to Lead Cybersecurity Review

A Match Made in Heaven: Gaming Enters the Cloud

January 2009

Government Support Could Spell Big Year for Open Source

25 Reasons For Better Programming

Web Guide Turns Playstation 3 Consoles into Supercomputing Cluster

Flagbearers for Technology: Contemporary Techniques Showcase US Artifact and European Treasures

December 2008

.Tel TLD Debuts As New Way to Network

Science Exchange

November 2008

The Future is Reconfigurable

FBI Employs New Botnet Eradication Tactics

by George Lawton

The US government has taken a novel approach to fighting botnets that it hopes will be a model for combating these security threats in the future. As part of Operation Adeona, the US Justice Department and the Federal Bureau of Investigation (FBI) obtained a restraining order and seized the servers hackers used to run the Coreflood botnet, which at one time consisted of 2.3 million infected computers.

During the operation, the FBI redirected afflicted computers to a substitute command and control (C&C) server, which directed computers infected in the US to uninstall the Coreflood software. "These actions to mitigate the threat posed by the Coreflood botnet are the first of their kind in the United States and reflect our commitment to being creative and proactive in making the Internet more secure," said Shawn Henry, executive assistant director of the FBI's Criminal, Cyber, Response, and Services branch in a statement. 

This is the first time a US law enforcement agency has used this tactic. Microsoft employed similar tactics in taking down Rustock, and Dutch authorities used it in taking down Bredolab. 

"In this case, law enforcement disrupted the botnet without affecting other services in a surgically beautiful way with the backing of the court," said Eugene Schultz, CTO of  Emagined Security, a security solutions vendor.

A Long History

Coreflood was first detected in 2002. The basic software opens a door on the host computer for various malware packages, such as key logging software designed to steal banking credentials. The Coreflood malware was programmed to receive updates from the C&C servers on a regular basis. New versions of the botnet software have been regularly released to stay ahead of anti-virus software updates.

"The full extent of the financial loss caused by the Coreflood botnet is not known, due in part to the large number of infected computers and the quantity of stolen data," wrote US FBI special agent Kenneth Keller in an affidavit to the court. However, the botnet was responsible for significant financial losses in numerous cases, such as a real estate company in Michigan that lost $115,771 and a law firm in South Carolina that lost $78,421.

On 13 April, the US Justice Department filed civil complaints against 13 unidentified defendants and received a temporary restraining order allowing it to take control of the domain names, replace the C&C servers with substitutes, and issue Coreflood uninstall commands to infected computers.

The FBI also worked with Microsoft and antivirus vendors to ensure detection of the last known variant of Coreflood, released between 1 and 12 April. Microsoft added  Win32/Afcore (Coreflood) detection to its Malicious Software Removal Tool. More than 20 antivirus vendors were able to recognize the latest version of Coreflood.

During the course of the offensive, the FBI seized 29 domain names that pointed to several C&C servers used by hackers to infect computers. During the takedown, the FBI redirected all 29 domain names to a single C&C server, which it used to  issue uninstall commands to computers in the US until the servers were turned off 16 June.

"The FBI has issued approximately 19,000  uninstall commands to infected computers of approximately 24  Identifiable Victims, none of whom have reported any adverse or  unintended consequences from the uninstall commands," wrote  Keller.

FBI monitoring indicates that Coreflood botnet activity has dropped 95 percent from its peak levels before the takedown. "While the Coreflood software will continue to run on still-infected computers once the substitute server is taken out of operation," Keller wrote, "the seizure of the Coreflood Domains will continue reasonably to prevent  the Defendants from obtaining access to those computers or to data stolen from those computers."

Securing the Future

As the government begins taking a more active role in eradicating  malware, there are some concerns about the abuses these practices might promote in the future. "There is some question about how far law enforcement should be allowed to go in stopping security threats," Schultz said. "The FBI has gained new power without a court challenge. Where will they stop now? They have been emboldened in a new way."

In the long run, Schultz believes that more international law enforcement authorities must cooperate more as cyber crime techniques evolve. Future botnets could become more distributed, making them harder to take out from within a single country. Law enforcement agencies might then have to consider measures such as rerouting traffic around crime syndicates or launching distributed denial of service attacks on known criminal sources in a true information warfare manner, which could blur the line between fighting cyber crime and cyber warfare.

George Lawton is a freelance journalist based in Guerneville, CA. Contact him at glawton@glawton.com.