Just for your thought ---------- Forwarded message ---------- From: Robert Lock <[email protected]> Date: Thu, Apr 8, 2010 at 6:53 AM Subject: [Public Shadowserver] Where are the "other" Botnets To: [email protected]
Hi all, as an interested layman (and NOT a wannabe security expert), I am surprised at the demographics of Botnet and general Malware information. Some observations: 1. Almost all information concerning such nasty stuff seems to emanate from the US and Canada with a small scattering of analyses from Europe. Perhaps not surprising since most AV vendors are resident in those parts of the world? 2. The terms “Cyberwar” and “WWW Conflict zone” among others are being increasingly used to describe a state of low level international sparring, but with the caveat that this state may escalate into much more serious levels of real conflict which could result in a shut down of a power generating utility for example. A runaway nuclear plant or the disabling of a stock exchange or two ranks a little higher on the “Oh Shit” factor. 3. There seems to be inordinate focus on what is currently newsworthy such as the “ghostnet” exposure and the newer “shadow” exploit. So some questions… Despite trawling the www, newsgroups etc, I have found velatively few sources of (broadly speaking), Internet security / analysis sites outside of the US and Canada. Are they in fact less common or am I just an inept searcher? If they ARE less common, is this purely a result of financial muscle on the part of the US based vendors and research groups or is there some other reason that escapes me? Given the high amplitude of the Cyberwar threat, I have to ask some questions about the politics of these activities. If I summarise the information I have found recently (last 12 months or so), about major politically or crime based intrusions / Botnets / Trojans / etc it would seem that the entire world is at siege from the Sichuan Province in China with a few lesser entities hanging on to its digital coattails. I am perhaps naively excluding incidents of rampant stupidity where a memory stick with pension data is left on a counter top in a shop in London… Is this apparently one – sided situation really the case? Is the “West” in some kind of digital bunker where the likes of Glacier and Sunwear, strut their stuff outside the walls looking for small imperfections in the brickwork to bring the entire wall down? Back to my heading of this mail – Given the immense financial resources of the US and the EU as well as good old OZ and NZ, where are the counter Botnets and rogue sniffing / interception networks set up by these so called “good guys”? Aren’t these countries supposed to host the Echelon and Carnivore all encompassing watchdogs of every digital activity their citizens choose to exercise? I Live in South Africa btw so I am assuming certain facts which may not be true. Basic warfare techniques dictate that you don’t show your hand, so I fully understand why any US based security company would not publish such lavish data against its own kind such as exposing the US equivalent of Ghostnet for example, but the total press absence of the existence of any such counter surveillance bodies prompts my question. Is there any activity on the part of the West in the broadest sense of the word, to engage in active techniques of interception and encouraging of involuntary information leakage etc? I am led to believe the NSA has been allocated a supernatural sum of money to be dedicated to information warfare but much of their efforts seem to be either directed inwards towards excessive surveillance of their own people or simply misdirected toward “Star Wars” projects which don’t seem to have much sense of reality. Is this a reasonable conclusion? Given the potential magnitude of cybercrime as evidenced in the Ghostnet and Shadow analyses, I would think that aggressive counter surveillance and compromising of strategic assets would have been a top priority for the Western Governments but there seems to be nothing happening on that front. Where is the “Western” equivalent of Ghostnet”? Why are almost all major cybercrime events reported to be of Chinese origin against Western entities? Can it be that the mighty Western Bloc is passive in this onslaught or don’t we know what to do? I sense that a disinformation campaign may be at work here. WW 2 radio reports were highly selective of the content of their air time and I suspect that we have a similar situation in the trenches of our newest and most ephemeral battlefield which is the space between the mouseclick and the entire world. Is there really nothing going on from the West? If I were fluent in Mandarin, Hindi, Tamil or Russian dialects, would I be asking this question or looking at Cyrillic websites in a vain attempt to harden my PC against the latest NSA Trojan or the newest version of the Obama Botnet? Some of this was tongue in cheek but only some – comments and responses would be welcome. Rob _______________________________________________ THIS IS A PUBLIC EMAIL LIST. DO NOT POST ANYTHING SENSITIVE ON THE LIST. IF YOU HAVE QUESTIONS ON ANYTHING SENSITIVE SEND DIRECTLY TO [email protected] INSTEAD. _______________________________________________ Public mailing list [email protected] https://mail.shadowserver.org/mailman/listinfo/public _______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
