Posted on Thursday, June 14th, 2007 | Bookmark on del.icio.us

Who Ya Gonna Call? **Updated**

by Danny McPherson

It seems the text cited below has been updated on the FBI’s release, with the “You should contact your Internet service provider” bit removed, and replaced with “Ways to Protect Your Computer“.

See, they indeed do listen! Now I have no complaints about Operation: Bot Roast — though that does remind me, it’s getting time for lunch.

——

Today the U.S. Department of Justice and FBI announced some results of Operation: Bot Roast, “a national initiative to disrupt and dismantle botherders and elevate the public’s cyber security awareness of botnets”. In cooperation with the CERT Coordination Center at Carnegie Mellon University, over one million owners of computers that have been recruited into botnets or employed for botnet-like behavior will be notified. Furthermore, as a result of the investigations the FBI has charged numerous folks around the nation with cyber crimes.

I commend the FBI, DoJ, Microsoft and many other organizations that have been working on this joint effort, there’s a great deal of interest and energy from all the parties involved.

That said, there is one snafu, methinks… In this release, they say:

First, if you believe your computer has been compromised, do not call the FBI directly. You should contact your Internet service provider. They can help you determine if your computer has been infected, and what steps to take to restore it. We are not in a position to provide technical assistance.

Now, apparently, no one thought to vet this recommendation with ISPs. ISPs, and in particular those that cater largely to residential markets, invest a considerable amount into minimizing help desk and support-related calls in order to optimize profitability and ROI for traditionally lower margin services. Increases in call volume typically indicate decreases in profitability and often correspond to customer dissatisfaction, and at times negatively impact subscriber churn as well.

So, while many ISPs are complaining, others are, as a colleague of mine put it, likely “licking their chops” in anticipation of a new services revenues and perhaps even enhanced incumbent regulation.

The other interesting thing is that the FBI did have the prudence to state “do not call the FBI directly“, bold annotations preserved.

Many ISPs do offer support services of this nature today, but usually for a fee. For example, AT&T provides Support+ Service Packages for residential customers, with per incident and prepaid support models. Verizon also provides Premium Technical Support, as do many others, I suspect. Then there’s the likes of Geek Squad, TechPro, and firedog, and of course, Microsoft or your other OS vendors.

Then, there’s me. Not Arbor, just me. You could always call me if you’re really in a bind, though it’d probably be way cheaper to just call [insert supplier here] and get a new machine, and you might even be better off calling the FBI :-)

You should certainly do what you can to protect yourself and the recommendations provided in the FBI references above are pretty much best current practices today. I suspect many more ISPs will be enabling or partnering for consumer support services if they don’t already, and if it’s not the OS vendor that subscribers are calling, it’s usually the ISP anyway.

So, who ya gonna call?

This entry was posted on Thursday, June 14th, 2007 at 12:12 am and is filed under Arbor Networks, Botnets, Critical Infrastructure, Legal. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses | Add your own



Comment Post by: Beware of BotNet Attack » SELaplana — June 14th, 2007 @ 7:14 am EST  Reply

[...] SecurityFocus and Digital Daily Save to del.icio.us • Stumble It! • Submit To Netscape • Digg This! Enter your email address toSubscribe: [...]

Comment Post by: Paul — June 14th, 2007 @ 2:45 pm EST  Reply

Danny-
I notice you didn’t include your phone number :-)
-paul

Comment Post by: chris — June 14th, 2007 @ 6:45 pm EST  Reply

Social Engineering DDoS on ISP Helpdesks Launched by FBI!, news @ 11 ;)

Comment Post by: R. Kerns — June 18th, 2007 @ 3:07 pm EST  Reply

When they talk about this endeavor (BTW Operation Bot Roast is a terrible name because its too funny!) I have to wonder what exactly is supposed to happen upon notification that your box is a zombie? Articles are discussing that each Bot-owned box is its own miniature crime scene and can provide evidence to help catch the criminals behind them. But realistically how many people are going to allow their system to be inspected to gather any kind of evidence?

Not to float the Arbot boat here but it seems more realistic to run honeynets and monitor/investigate bot activity that way. If you want to start to notify users that their machines are owned then thats all nice and well, but as stated when these users ask, “How the hell do I fix it?” they are not going to be satisfied when the FBI basically says “Well we dont provide support we just do notification…” Seems like a waste of time to me. Instead why not create some govt sponsored security apps that we can provide to the non-technical user community for free?

Maybe I’m just being negative but Bot Roast sounds like a waste of time and money to me. (Also what happens when they incorrectly inform ppl that their systems are owned?)

Comment Post by: Security Tips » FBI, DOJ Reveal Operation Bot Roast — July 9th, 2007 @ 12:47 pm EST  Reply

[...] Citizens can also refrain from calling the FBI in the event their computer is infected. Instead, the government agency suggests that they inform their ISPs. Danny McPherson pointed out, “Now, apparently, no one thought to vet this recommendation with ISPs. ISPs, and in particular those that cater largely to residential markets, invest a considerable amount into minimizing help desk and support-related calls in order to optimize profitability and ROI for traditionally lower margin services.” [...]

Leave a Comment