Security pundits and professionals love to extol the badness of how botnets can be used to perpetrate crime. They unhesitatingly point out how operators allow these botnets to exist unintended, taking up resources, bandwidth, server time, and contagion. For the computers infected with the bots, no sympathy. They are core to the evil of the botnet – to be black holed, removed from the network, and “taken care of.”
The brilant chaos of ISOI 3 was a typical expression of this view that bots = badness. Here we have some of the best forensic white hat security people in the industry, all passionately discussing how to be a dent in the botnet based cybercrime. Their passion over flowed when they vent and their Service Provider colleagues “we can give you the data, why can’t you take out these bots?” The SPs in their turn respond, “you cannot just remove customers from the network.” “But we have the data!” “A botted computer is not evediance that their terms and conditions have been violated!” “Bot = clueless users – they are a threat to the net – black hole them!” “Again, you cannot just black hole customers. There are laws, regulation, contratual terms, and common sense fairness.” etc. etc The result dialog demonstrated how two parts of the dialog – those collecting data on the Botnet problem trying to effectively interact with those who build and provide IP based telecommunications services.
This impasse is a illustration of why we need to rethink the problem. The BOTNET problem as currently expressed by security pundits is a philosophy naive view of the chain of crime. Botnet based Crime which starts when the botnet herder violates the integrity of the home, victimizes the residents, trespasses on the property, and launches criminal enterprise with jeopardize safety.
Our BOTNET conversations must change from a dialog of criminals – to a dialog of how we will help the initial victims of a BOTNET’s chain of crime.
People have talked about targeting the criminals building and using the botnets (crime edge 1) and the SP’s infrastructure and services (crime edge 2). It is time to focus on the third criminal edge – the victims whose computers are used to build these botnets.
Comments welcomed – plus more details will be listed on the Wiki – Protecting and Supporting the BOTNET’s Victims – Quarantine, Walled Garden, and other Victim Support Techniques