Crashing the Mega-D Botnet
Paraphrasing Bruce Sterling, this took down an eastern European economy with it.
Quoting at length from PCWorld:
The bots receive marching orders from online command and control (C&C) servers, but those servers are the botnet’s Achilles’ heel: Isolate them, and the undirected bots will sit idle. Mega-D’s controllers used a far-flung array of C&C servers, however, and every bot in its army had been assigned a list of additional destinations to try if it couldn’t reach its primary command server. So taking down Mega-D would require a carefully coordinated attack.
Mushtaq’s team first contacted Internet service providers that unwittingly hosted Mega-D control servers; his research showed that most of the servers were based in the United States, with one in Turkey and another in Israel.
The FireEye group received positive responses except from the overseas ISPs. The domestic C&C servers went down.
Next, Mushtaq and company contacted domain-name registrars holding records for the domain names that Mega-D used for its control servers. The registrars collaborated with FireEye to point Mega-D’s existing domain names to no where. By cutting off the botnet’s pool of domain names, the antibotnet operatives ensured that bots could not reach Mega-D-affiliated servers that the overseas ISPs had declined to take down.
Finally, FireEye and the registrars worked to claim spare domain names that Mega-D’s controllers listed in the bots’ programming. The controllers intended to register and use one or more of the spare do mains if the existing domains went down–so FireEye picked them up and pointed them to “sinkholes” (servers it had set up to sit quietly and log efforts by Mega-D bots to check in for orders). Using those logs, FireEye estimated that the botnet consisted of about 250,000 Mega-D-infected computers.
Next step is the botnet with 250,000 C+C servers. 😉
Craig ‘Lazie’ Lynch = Social Media Rockstar
A real social media guru. Escaped from a prison in England, and has made a real dent in the social media sphere (think LonelyGirl15 only real).
Here’s the story.
Note the persistent social engagement through a variety of profiles to maintain a presence despite the best efforts of both social networks and law enforcement.
Deploying Our Own Screeners
Its an idea I’ve been throwing around since ’04. Deploying our own security screeners using assets already in place – RSO’s.
Instead of concentrating on embassies, get these guys to apply those same stringent methodologies to the air transportation system.
Of course, that would involve ignoring the Soviet style hierarchy we call the DHS/TSA. (Hey, it’s what the terrorists do right?)
Idea: TSA Focused Flashmob
So, because you can’t stand up and have to have your lap clear for the last hour of flights, you need something to do. May as well generate a flashmob.
Option One. Coordinate with a wide variety of people traveling all over the country. Have everyone piss their seats 10 minutes before landing – in thirty airpots, on thirty flights. (Would be better if done without their knowledge – through free drinks before a flight etc.)
Option Two. Really any coordinated activity on the plane itself. Goal? Force the TSA to ban some sort of absurd, asinine behavior. IE. Groups speaking in LOST-style whispering tongues; or bursting into song, or turning your sweatshirts inside out. OR… pointing at the wing and saying ” Oh my god, there’s a man on the wing!” 😉