Information Warfare: The FBI is Under Attack


May 26, 2009: On May 21st, FBI and U.S. Marshalls Service networks were hit with a particularly aggressive computer virus. Both agencies shut down their external (connected to the Internet, which was how the virus got in) networks down, and began looking into what the virus was up to, and where it came from. Both agencies are targets for hackers working for criminal gangs and foreign intelligence agencies. The U.S. Marshalls Service runs the Witness Protection program, and many gangsters, and foreign intel agencies, would pay big money to know where people who had testified against them, were being hidden. The FBI has even more enemies. Actually, the FBI is hated by the entire criminal hacker community. That's because the FBI has been increasingly successful at revealing and disrupting hacker operations, as well as finding, arresting and prosecuting a growing number of hackers.

For example, two years ago, the FBI announced that Operation Bot Roast had identified over a million compromised PCs, in scores of botnets. The FBI tried to get in touch with as many of these computer users as possible, and direct them to organizations and companies that can help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do).

Most owners of zombiefied computers didn't even realize their PCs had been taken over. Some with heavily infected machines, do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don't know how to reformat a hard drive, or even get someone to do it for them.

Operation Bot Roast only collected the IP (Internet Protocol) addresses of the compromised PCs. The IP address is the "mailing address" every PC must have when it is connected to the Internet. These addresses are distributed to ISPs (Internet Service Providers), who assign them to PCs that they connect to the Internet. Anyone can go to a site like to find out which ISP controls which IP address. The FBI contacted the ISPs, and asked them to contact their customers, preferably via the mail, who were using the infected IP addresses at the time the FBI discovered that IP address to be operating from a zombie PC.

The FBI also identified the operators of many botnet (networks of zombie PCs) operators, arrested some, and is still pursuing many others. To avoid the FBI, many botherders (those who operate botnets) are overseas, often in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area, and, in the case of China, so are government Cyber War operations. But even China has been hit by the hackers, and recently enacted laws against computer crimes.

The FBI did not comment on any Cyber War aspects of Operation Bot Roast, but they must have been substantial, and something the FBI and CIA are busy exploiting. The botherders know the FBI, and dozens of other police organizations, are looking for them, and hide behind multiple layers of electronic, and real world, deception. But given the amount of damage all these botnets can do, there is apparently a bit of urgency in taking them down, and quickly.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close