Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Kraken Botnet Infiltration Triggers Ethics Debate

    Written by

    Ryan Naraine
    Published May 1, 2008
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Researchers at TippingPoint Technologies’ Digital Vaccine Laboratories have found a way to infiltrate and seize control of one of the world’s largest spam-spewing botnets, a breakthrough that has ignited an intense debate over the ethics of “cleaning” infected computers.

      Cody Pierce and Pedram Amini, two high-profile software security researchers, cracked into the Trojan powering Kraken-a 400,000-strong botnet of infected computers-by reverse-engineering the encryption routines and figuring out the communication structure between the botnet owner and the hijacked computers.

      Once they got a clear understanding of the inner workings of Kraken, the duo found that the infected computers were trying to connect to a master C&C (command and control) server by systematically generating subdomains from various dynamic DNS (Domain Name System) resolver services.

      This meant the researchers could predict where the bots would be connecting upon reboot, Pierce said in an interview. “We basically have the ability to create a fake Kraken server capable of overtaking a redirected zombie,” Pierce said.

      Does the emergence of botnet-fighting startups mean current anti-virus products don’t cut it? Click here to read more.

      “By reverse-engineering the list of names and successfully registering some of the subdomains Kraken is looking for, we can emulate a server and begin to infiltrate the network zombie by zombie. Stated simply, Kraken-infected systems worldwide start to connect to a server we control,” Amini said in a document explaining the reverse engineering process.

      The TippingPoint DVLabs team monitored Kraken connections for seven days and during that time the fake Kraken server received more than 1.8 million requests from infected systems worldwide, mostly from home broadband users in the United States, the United Kingdom, Spain and Central America.

      The Good Samaritans Dilemma

      The ability to infiltrate and seize control of Kraken’s C&C mechanism left the company with an ethical dilemma that has prompted a discussion of whether infected computers used in denial-of-service attacks and spam runs should be cleansed without the owners’ consent.

      “On the technical side, we have proven that it can be done. From our proof-of-concept, it would have been one more click of a button to shut down the communication between the people sending commands to these [infected] computers,” Pierce said.

      Essentially, the infected system would be connecting to TippingPoint’s fake Kraken server and receive a command to kill the target process handing the communication.

      “We never hear from the infected system again and neither can the actual botnet owner’s command-and-control servers,” Amini said, arguing that cleansing should be used to help slow the botnet epidemic. “We have the ability to successfully redirect infected systems. We have the ability to provide an ‘update’ through the existing Kraken protocol that can simply remove the Kraken zombie.”

      Pierce agreed. “If you have a wild person driving on the street, putting everyone else at risk, you don’t just turn the other way,” he said, calling for industrywide discussion about a more proactive, vigilante-type approach to fighting botnets.

      David Endler, director of security research at TippingPoint, is on the other side of the fence. “The reality is that you really don’t know what you’re modifying,” Endler said in an interview. “It’s a very tricky situation. What if that end-user system is performing a critical function? What if that target system is responsible for someone’s life support? Who is to say what is more beneficial? It really is a moral and a legal quandary.”

      He cited liability issues as one of the key reasons TippingPoint opted to leave the compromised computers untouched within the Kraken botnet.

      “There could be life-threatening repercussions [so] you have to walk away and err on the side of caution,” Endler said. “If you see someone breaking a window to go into someone’s house, that really doesn’t give you the right to break another window and go in after them.”

      Pierce said he sees it another way: “If you see someone mugging someone across the street, you just don’t watch and walk away.”

      Andrew Hay, product manager at Q1 Labs, a network security management company, said the concept of tampering with a user’s machine without consent, even if it’s to remove malicious software, is “ethically questionable.”

      “I couldn’t in good conscience send any command to a machine without the user’s knowledge and approval,” Hay said. “Ethically speaking, we just can’t make that decision regardless of if it’s right or whether it’s the best thing to do for the good of the Internet.”

      Ryan Naraine
      Ryan Naraine

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×