Russian Gang Hijacking PCs in Vast Scheme

Source: NY Times

A criminal gang is using software tools normally reserved for computer network administrators to infect thousands of PCs in corporate and government networks with programs that steal passwords and other information, a security researcher has found.

The new form of attack indicates that little progress has been made in defusing the threat of botnets, networks of infected computers that criminals use to send spam, steal passwords and do other forms of damage, according to computer security investigators.

Several security experts say that although attacks against network administrators are not new, the systematic use of administrative software to spread malicious software has not been widely seen until now.

The gang was identified publicly in May by Joe Stewart, director of malware research at SecureWorks, a computer security firm in Atlanta. Mr. Stewart, who has determined that the gang is based in Russia, was able to locate a central program controlling as many as 100,000 infected computers across the Internet. The program was running at a commercial Internet hosting computer center in Wisconsin.

-----

One of the unique aspects of the malicious software is that it captures screen information in addition to passwords, according to Mark Seiden, a veteran computer security engineer. That makes it possible for gang members to see information like bank balances without having to log in to stolen accounts.



Read more: http://www.nytimes.com/2008/08/06/technology/06hack.html?hp

http://www.infowars.com/?p=3753

I know it's infowars, but Lessig is a stanford professor and definitely not a crackpot.

Most of the PATRIOT act simply gave legal cover to technologies and techniques that were already in daily use.

Read that again, in case it didn't sink in.

An e-9/11 event (and resulting legislation) would make the technology *in use right now* admissible in a court of law, and provide legal cover for those practicing in the field.

Deep packet content inspection? In use. Per user content sniffing? In use. Warrantless gathering and investigation of "private" internet traffic? In use. Government cyber-war equipment and attacks? In use. Per-user behavioral monitoring? In use. Geo-location of user traffic? In use.

Arresting and imprisoning US internet users for having websites the government didn't like? Already happening. Warrantless data-tapping used in courts? Already happening. Entire machines and networks being blocked/eliminated from the 'net in real-time? Already happening.

The biggest change would be that people would know what their government (and private agencies, at the government's request) had been doing for years... and then, like the PARIOT act, they'd shrug, and say simply say "it hasn't hurt me yet" (unless, of course, they're already in jail for being a "terrorist", or whatever).

As you say, these days a warrant is something that makes evidence admissible in court, it's not something that protects you from from eavesdropping.

I almost didn't have to click the link to guess it was more Markoff pablum. The epithet Markoff is usually referenced with is left as an exercise for the reader, but a few things about this article stand out:

1. Using shared/distributed root/administrator accounts and network tools to take over networks is, indeed, a "new" problem, if we happen to be still living in the 1970's.
2. Botnets are old (1980's technology), boring, and huge. They're a massive headache, but until Microsoft makes a serious effort about the security of their operating systems, they're a fact of life. Yet again, nothing new.
3. This is basically a puff-piece to pimp out a black-hat presentation, a presentation that will likely be scoffed at by any serious computer researcher. Maybe techno-illiterate journalists or newspaper readers, or script-kiddies might be impressed, but this is just plain shoddy journalism.