Avalanche botnet takedown

Ronald F. Guilmette rfg at tristatelogic.com
Thu Dec 1 20:38:03 UTC 2016


In message <20161201173426.2861.qmail at ary.lan>, 
"John Levine" <johnl at iecc.com> wrote:

>More info here:
>
>https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation

I'm always happy when even a small handful of miscreants are captured
and taken off the Internet, but...

The press release itself says that this botnet had been running since
2009.  So, you know, are we supposed to break out the champaign and
start celebrating because it "only" took LE *seven years* to take down
this one botnet and capture a grand total of five cybercriminals?

Like I say, I'm happy that this one botnet was killed, but to my way
of thinking, the fact that it took seven years to do so is a testament
*not* to the spectacular 21st century capabilities of modern law
enforcement, but rather to the ever widening gap between the time
scales of law enforcment processes, typically measured in months or
years, and the time scales of malicious packets flying around the
Internet, usually measured in miliseconds.

The Internet, viewed as an organism, quite clearly has, at present,
numerous autoimmune diseases.  It is attacking itself.  And its immune
system, such as it is, clearly ain't working.  There's going to come
a day of reckoning when it will no longer be possible to paper over
this sad and self-evident fact.  (And no, I'm *not* talking about
the fabled "Digital Pearl Harbor".  I'm talking instead about the
Internet equivalent of the meteor that wiped out the dinosaurs.)


Regards,
rfg


P.S.  WTF is "double fast flux[tm]"?  Is that anything like "double secret
probation" from Animal House?

P.P.S.  I love this part of the press release, because it is so telling:

     "The successful takedown of this server infrastructure was supported
     by ... Registrar of Last Resort, ICANN..."

Hahahahaha!  Yea.  Translation, for those of you who do not speak
diplomacy-speak:  "It isn't hardly just you unofficial anti-spammers and
anti-cybercrime volunteers and private security companies that can't
manage to get many domain registrars and somtimes even domain registries
to lift a finger to help.  Even some of us international law enforcement
guys, who have badges and everything, were also told to go pound sand by
several of the world's worst and most unhelpful registrars and registries.
In fact, they were soooooooo colossally unhelpful that in the end, we
finally had to go and plead our case all the way up to ICANN, just in
order to get anything done."


More information about the NANOG mailing list