The Right Way To Dismantle A Ring Of Hackers

By Niraj Chokshi

Earlier this week, Spanish police and the FBI shut down one of the largest networks of hacked computers ever discovered.

The authorities were assisted by private companies and experts, proving a point I made last week: that companies can and should work with authorities rather than trying to stop such networks on their own through other, sometimes dubious, means.

The authorities this week arrested three people for running the "Mariposa" botnet, a network of 12.7 million infected and remotely controlled computers that the operators used to collect information on over 800,000 people. The botnet included computers at over half of the Fortune 1,000 companies and more than 40 banks. Last week, Microsoft secured a restraining order against the owners of 277 domain names linked to the Waledac botnet. The order enabled the company to strip them of their domains, an odd tactic that I argued gave the company too much power and may have caused some collateral damage by possibly dismantling legitimate domains.

The Spanish arrest proves that there is a viable alternative. The Register explains how Defence Intelligence, the private security firm which discovered the botnet last May, teamed up with the FBI and Spanish police, as well as antivirus firm Panda Security, to kill the network.

To control the Mariposa (Spanish for butterfly) botnet, the operators used a virtual private network, a means of securely connecting computers over the Internet. The VPN made it difficult for the authorities to track the botnet's operators, but they were still able to shut it down on December 23, 2009. According to The Register, when that happened:

The gang's leader, alias Netkairo, panicked in his efforts to regain control of the botnet. Netkairo made the fatal error of connecting directly from his home computer instead of using the VPN, leaving a trail of digital fingerprints that led to a series of arrests two months later.

Microsoft and other big companies take note: collaboration with authorities and a little patience is all you need to take down a botnet.

This article available online at:

http://www.theatlantic.com/business/archive/2010/03/the-right-way-to-dismantle-a-ring-of-hackers/37098/