NEWS FROM THE LAB - Thursday, April 14, 2011

Poll: Should law enforcement "hijack" botnets? Posted by Sean @ 11:34 GMT

The New Haven office of the Federal Bureau of Investigation (FBI) hijacked and "killed" the Coreflood botnet this week. You can read more about it from Kim Zetter at Wired.com. Zetter's article references similar action which was taken by Dutch authorities against the Bredolab botnet. We blogged about it last October.

Shutting down a botnet isn't technically difficult. Bots often include instructions to uninstall themselves. But sending instructions for a bot to do so is legally considered "unauthorized use", and so antivirus companies don't do this. This has sometimes been an issue of debate on this very blog, see the comments of this post, for an example.

It is always been our assertion that only governments and their law enforcement agencies could authorize a botnet shutdown. And even then it is a tricky issue… should the FBI be allowed to kill a bot installed on a non-USA (e.g. Canadian) computer? Are they restricting themselves to US based IP addresses?

What are your thoughts?

Poll: Should law enforcement agencies seek to "hijack" and shutdown botnets?

Poll: Hijacking Botnets

Updated to add: The FBI is seeking written approval before uninstalling Coreflood from infected machines according to this article by Gregg Keizer at Computer World.