LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 07-21-2017, 11:45 AM   #1
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,383
Blog Entries: 16

Rep: Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156
On Trial for Botnetting


This happens far too seldom.

https://www.thelocal.de/20170721/bri...n-german-homes

Excerpt:

Quote:
The defendant, who was not named, was arrested in February at London's Luton airport on a European arrest warrant for attempted computer sabotage and extradited to Germany.

German police said the goal was to infect users' computers with a "botnet" - a network of web-connected machines that can be manipulated with malware and used to attack other online targets.


The Briton told the court he was paid $10,000 (about 8,500) by a Liberian telecom company which wanted to use the botnet to damage a rival company.
 
Old 07-21-2017, 08:36 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,697

Rep: Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456Reputation: 2456
Gosh, for 10 grand I might start doing it. I could retire and just travel the world.
 
Old 07-21-2017, 08:46 PM   #3
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,383
Blog Entries: 16

Original Poster
Rep: Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156
A word of advice from my old boss who was stationed in Germany when he was in the U. S. Army: Don't mess with the polizei.
 
Old 07-22-2017, 02:35 AM   #4
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: Debian, Crux, LFS, AntiX, NuTyX
Posts: 1,211

Rep: Reputation: 561Reputation: 561Reputation: 561Reputation: 561Reputation: 561Reputation: 561
What I found weird about the story was that he seemed to have so few qualifications:
Quote:
He said he had taught himself IT skills and attended a few programming courses
If companies like Deutsche Telekom can really be cracked so easily, what hope for the rest of us?
 
Old 07-22-2017, 09:33 PM   #5
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,383
Blog Entries: 16

Original Poster
Rep: Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156Reputation: 3156
Quote:
What I found weird about the story was that he seemed to have so few qualifications:
Likely why he got caught.
 
Old 07-23-2017, 03:18 AM   #6
Trihexagonal
Member
 
Registered: Jul 2017
Location: Over the hills and far away
Distribution: FreeBSD and OpenBSD
Posts: 64

Rep: Reputation: Disabled
Quote:
Originally Posted by hazel View Post
What I found weird about the story was that he seemed to have so few qualifications

"He said he had taught himself IT skills and attended a few programming courses"
What's so strange about that? I am completely self-taught.

My first time using a computer was an Apple II at a place I worked in '93. I had never touched one and taught myself to use it. When I bought my own PC the only thing I knew how to do was press the power button. I've never taken a computer course other than self-taught courses online and mostly learned from the school of hard knocks by trial and error over the years.

I keep 3 BSD laptops running at all times, one in front of me and one on each side. I know my way around a keyboard, am at home with the command line and will leave it at that.
 
Old 07-24-2017, 02:40 PM   #7
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,330
Blog Entries: 4

Rep: Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843
I think it remains to be seen what actually happens in this case, should it ever go to trial.
 
Old 07-24-2017, 02:50 PM   #8
justmy2cents
Member
 
Registered: May 2017
Location: U.S.
Distribution: Un*x
Posts: 213
Blog Entries: 1

Rep: Reputation: Disabled
Some statistics I have:
  • 32% of IT professionals ignore security alerts because of many false postitives
  • 60% of enterprise information security budgets is allocated for rapid detection and response approaches, however their endpoint security game is not so hot, as 70% of all data beaches are due to malicious attacks on these endpoints.. This is because of the policies they have in place in regards to the handling BYOD, which as a result brings in stealth IT...
  • There are over 1400 cloud services in use in any given enterprise network.. Which may be legitimate though not necessarily approved or supported applications.
  • Many enterprise security and network teams do not block outbound traffic at the firewall, because of the complexities that it introduces to the network...

And even companies with good security practices has weak points, their employees home networks.. Also a lot programmers who write important applications that other programs rely on (e.g. other packages who use their program as a dependency), don't use the best practices when writing their code (e.g. not programming defensively), or securing their accounts on Github by not using a complicated password.. So a compromise on such popular software packages can have serious consequences, because if that program is used in other projects as a dependency, then the exploit can trickle down to all of them..

Last edited by justmy2cents; 07-24-2017 at 03:19 PM.
 
Old 07-24-2017, 03:15 PM   #9
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Arch
Posts: 3,155

Rep: Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362
Quote:
Originally Posted by sundialsvcs View Post
I think it remains to be seen what actually happens in this case, should it ever go to trial.
Quote:
Originally Posted by the article
The Briton told the court he was paid $10,000 (about 8,500) by a Liberian telecom company which wanted to use the botnet to damage a rival company.

He said he had taught himself IT skills and attended a few programming courses, testifying with the help of a translator.

The verdict was expected on Friday, July 28th. If found guilty, he faces up to ten years' jail in Germany.
Though I'm not sure why they're saying "if found guilty" since it sounds like he's already pleading guilty...
 
Old 07-25-2017, 07:50 AM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,330
Blog Entries: 4

Rep: Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843
My question would be: did he succeed? And, was he in Germany when the alleged crime was committed, such that Germany has proper jurisdiction? Remember that he is a Briton, and that Britain is no longer part of the European Union.

Were the computers that he allegedly attacked also in Germany? What culpability might the attacked party have in not taking proper defenses against potential attacks? And, will putting someone away for up to 10 years of his life, actually do anything to protect the company – say, from retaliatory attacks spawned by anonymous public reaction to the handing-down of a draconian prison sentence?

Last edited by sundialsvcs; 07-25-2017 at 07:52 AM.
 
Old 07-25-2017, 08:19 AM   #11
Pastychomper
Member
 
Registered: Sep 2011
Location: Scotland
Distribution: Debian
Posts: 70

Rep: Reputation: 92
Quote:
Originally Posted by sundialsvcs View Post
My question would be: did he succeed? ... Remember that he is a Briton, and that Britain is no longer part of the European Union.
Not (yet) true. Negotiating exit details, yes; officially planning to leave, yes; but still a full member for now, and subject to all the rules for some time to come.
 
Old 07-25-2017, 08:34 AM   #12
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Arch
Posts: 3,155

Rep: Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362Reputation: 1362
Quote:
Originally Posted by sundialsvcs View Post
My question would be: did he succeed?
My question is: are you just throwing out comments without even reading the article? I find this quite rude.
 
Old 07-25-2017, 09:09 AM   #13
Habitual
LQ Addict
 
Registered: Jan 2011
Posts: 8,497
Blog Entries: 13

Rep: Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387Reputation: 2387
Glad AT&T and I have an agreement.
 
Old 07-25-2017, 06:24 PM   #14
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,330
Blog Entries: 4

Rep: Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843Reputation: 2843
Quote:
Originally Posted by ntubski View Post
My question is: are you just throwing out comments without even reading the article? I find this quite rude.
Of course. So, let me put the emphasis on a different word: "did he succeed?" This appears to me to be a fairly routine attack. and putting this bloke away for ten years even though it might feel good won't do a damn thing to keep it from happening again.
 
Old 07-26-2017, 02:14 PM   #15
lazydog
Member
 
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 988
Blog Entries: 3

Rep: Reputation: 171Reputation: 171
Quote:
Originally Posted by sundialsvcs View Post
Of course. So, let me put the emphasis on a different word: "did he succeed?" This appears to me to be a fairly routine attack. and putting this bloke away for ten years even though it might feel good won't do a damn thing to keep it from happening again.
And there in lies the problem. Nothing is going to change and these devices will not be updated or replaced to ensure it doesn't happen again.
 
  


Reply

Tags
botnet, hacking


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Samsung Asks for JMOL, or New Trial and Remittitur - Says Apple v. Samsung Trial Was Not Fair LXer Syndicated Linux News 1 09-23-2012 06:10 AM
[SOLVED] trial sattulinux Programming 4 12-21-2010 01:04 AM
Cedega Trial Daejavu Linux - Games 1 12-19-2005 08:52 AM
Re: RHEL Trial? dsschanze Linux - Enterprise 10 04-03-2005 08:51 PM
just a trial runawayww Linux - Newbie 2 12-01-2004 09:08 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 05:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration