Monday, February 20, 2006

Brian Krebs Botmaster Interview

I highly recommend reading Brian Krebs' latest article Invasion of the Computer Snatchers. Here are a few of my favorite quotes:

"Most days, I just sit at home and chat online while I make money," 0x80 says. "I get one check like every 15 days in the mail for a few hundred bucks, and a buncha others I get from banks in Canada every 30 days." He says his work earns him an average of $6,800 per month, although he's made as much as $10,000. Not bad money for a high school dropout.

That's great -- what a role model.

The young hacker doesn't have much sympathy for his victims. "All those people in my botnet, right, if I don't use them, they're just gonna eventually get caught up in someone else's net, so it might as well be mine," 0x80 says. "I mean, most of these people I infect are so stupid they really ain't got no business being on [the Internet] in the first place."

I'm glad to see this genius is so smart that he let the Washington Post provide identifiable information for the whole world to see.

0x80 has also found credentials for thousands of e-mail accounts, including dozens at ".mil" and ".gov" (U.S. military and government) addresses.

Ding ding -- Feds at the door.

Asked whether he worries about getting caught, 0x80 stuffs his hands into his jeans pockets, shrugs his shoulders and looks down at his shoes. "To tell the truth, man, I'm sorta surprised they haven't caught me yet." He claims he doesn't care but then confesses that he dedicates quite a bit of time to covering his tracks. "I do stay up very late each night trying to make sure nobody is going to kick in my front door . . . If I do [get caught], I'm not all that worried. I've got enough money. I can always get a good lawyer."

Time to find that lawyer, idiot.

[H]e's begun to talk about quitting the criminal hacking scene to join the Army, which, he reasons, will offer not only discipline and the motivation to earn his GED but also potentially a free ride to college. From there, he can imagine a more respectable future working on information technology projects for the military.

Sure, like the Army is going to trust this loser.

I can't wait to see the report that "0x80" is being indicted for his many crimes. I applaud Brian Krebs' reporting, since it gives a wonderful look into the mind of these threats. At the same time, I am disgusted by predators who steal the identities, property, and trust of innocent computer users. If any law enforcement types reading this blog need help analyzing these sorts of crimes, please feel free to contact me.

8 comments:

exceed said...

Ancheta, illwill,... i'm almost sure the feds will trace the 0x80. Sooner or later the big fishes are always caught. 0x80, enjoy your 5 minutes of fame... you're BUSTED!

Anonymous said...

This is quite a story! I think my favorite quote is:

"I'll be honest, as someone who loves technology, I've not done a great job with this computer," White says. He eventually opted to buy a new PC rather than spend the time and money to repair the infected one. "It just made more sense for me to get a new $300 Dell that came with a free monitor that was better than the one I had," he says."

- Ryan

Anonymous said...

i think you all are blowing this out of proportion. this guy isn't killing people. he is in essence installing a little app that creates popup's on your screen. you make it sound like he is selling your underage kids smokes or something. he's not. there are a lot worse people doing a lot worse things in the world, for which prison punishment is much more appropriate.

i see it as a social problem. if this guy had a half decent chance at a decent job, perhaps he wouldn't do what he does. but he does seem to be doing what any one of us would do. you find an opportunity to make some money and you take advantage of it for as long as you can. it sure beats pumping gas
in the cold or working the shelves in a grocery store.

and don't forget, if the computer user did basic maintenance in their machine (install patches, update AV) this guy wouldn't be able to add hosts to his botnet that easily and would probably not bother with the effort.

Anonymous said...

To the previous commenter, he is doing a lot more than just installing popup ads.

The computer worm that powers the botnet also gathers far more sensitive data from the victim's machine, including passwords, e-mail addresses, Social Security numbers and credit card data.

That includes .gov and .mil systems.

0x80 says he is not using that information, but do you trust him? Do you trust that he keeps the information to himself even if he does not personally use it? The argument that there are people that are doing worse is idiotic because that does not excuse what he is doing or excuse him from responsibility. There is always someone that has done worse. Are we supposed to relieve responsibility from every other person on the planet because someone has done worse?

Joe said...

Social problem? Come on now!

This kid is breaking many laws and taunting law enforcement. He is begging to be made an example of. He's headed straight to prison. I recommend he NEVER be allowed to use a computer either.

What he is doing is malicious. It's not a curiosity or a hobby. He is making a business out of crime and his example encourages others. Preying upon vulnerable PCs may not be as bad as other crimes, but the principle here is the lack of morals and disrespect for the law and property of others.

Also. PC users should not have to do maintenance on their PCs. Most people cannot handle that. You shouldn't have to be a sysadmin to use a PC. PC/OS manufacturers are at fault here.

gimley said...

These people *do* kill. They do steal your aunty's money and your dad's pension. They destroy your thesis and have the feds knock on YOUR door for crimes they committed. Worse still, these are just the kids.

I'd love to see an interview with the Russian Mob and their operations.

Regardless, Brian did a good job, like always.

Gadi Evron.

Anonymous said...

Good afternoon fellas,

I dont see where putting 0x80 in jail is going to solve the 'worlds' problems. Likly his botnet will be taken over/past on, what have you. Is he commiting a crime? Yes sir he is.

The vast majority of ident theft is offline. A good friend of mine went off to iraq, while he was in iraq his father 'stole' his ident and charged up his sons credit and got a loan for a gambling problem. His father who i met several times, did the hunt & peck method of typing...

I invite all of you who work in an office environment to open up your mailbox (maybe wait a day or two) and look at the joke emails/chain letters. Have you looked at all the email addresses? i found two glaring examples where an email had been sent to both enlisted and officers personel in the US armed forces. Does having Private Pile's email address really matter? The US military has both classified data networks and non-classified.. Theres a bit of access control to get onto the classified.

The vast majority of dot gov email addresses is publically available. Use a bit of google-fu and you can find a ton of info, non of which touches the realm of national security.

We live in a community which does not value security. We would rather have the ability to just click twice and gaince access to a website, rather then typing in our "3 charector passwords". #$^* people make fun of me because the amount of passwords which i keep and remember.

Rather than focus on one tiny spec in information security (a skilled young man), why not focus on how better to educate our public? I co-started a local security group in NEO we are planning community awareness events. Its easy to point out problems, and yell shame, its a bit different to try and come up with a solution and do it. Jail time does nothing but gives us a sense of false security .

While your sitting here typing a reply on weather or not to jail this young man who could be a valuable asset to the community given the right morals im going to go finish prepping for tonights presentation.

Do i fear my ident will be stolen? No because i have a poor credit rating ;) lol

Robert Wright aka Deek

Anonymous said...
This comment has been removed by a blog administrator.