These Go To Eleven: When the Law Goes Too Far

Fifth Amendment

"No person shall...be deprived of life, liberty, or property, without due process of law..."

Michael “theprez98” Schearer

Why you should be skeptical

(Y)

Part One

LEGAL ASPECTS OF BOTNET TAKEDOWNS

Knock, knock, Neo.

Video: http://www.youtube.com/watch?v=BZdLl6yw pW0

Botnet Takedowns: The Players
• Project MARS (Microsoft Active Response for Security)
– – – – Microsoft Digital Crimes Unit Microsoft Malware Protection Center Customer Support Services Trustworthy Computing

• Ex Parte Temporary Restraining Order (FRCP Rule 65)
“extraordinary remedy”

Botnet Takedowns: The Themes
• • • • • • • • Notice Opportunity to be Heard Jurisdiction Effectiveness Public Relations Impact/Compromise Investigations Role of the Private Actor Microsoft vs. less experienced company

Botnet Takedowns
Mar 2010: Waledac Mar 2011: Rustock Sep 2011: Kelihos (.b/.c) Sep 2012: Nitol Mar 2012: Zeus (partial) Feb 2013: Bamital

Waledac

via Brian Krebs

Source: Palo Alto Networks

Rustock
How effective are Microsoft’s tactics?

Source: Composite Blocking List

Kelihos
How effective are Microsoft’s tactics? Waledac 2.0? Kelihos.a (9/11) Kelihos.b (3/12) Kelihos.c Kelihos.d?

Source: Microsoft complaint

Nitol
• Started as investigation of counterfeit versions of Windows • Discovered infections through Chinese supply chain

Source: Geek.com

Zeus
What is the role of the private actor? How does that impact private research or law enforcement investigations?

Bamital

How far is too far?
What is the legality of using the botnet own communications infrastructure to warn customers that they were infected?

Part Two

DOMAIN SEIZURES

Domain Takedowns: The Players

Domain Seizures: The Themes
• • • • • Notice Opportunity to be Heard Jurisdiction (.com/.net/.org) Effectiveness Public Relations

Megaupload
• Criminal summons never served • Non-infringing content seized (Kyle Goodwin) • USG recommended 25 PB of data be deleted

RojaDirecta

• Legal activities under Spanish law • Extra-territorial application of copyright law?

JotForm
• Seized by Secret Service with no notice • Entire domain seized for few violations? • Never notified of reasons for seizure

Dajaz1.com
• Seized for content submitted by artists • Court order sealed • Forfeiture extension papers sealed • Domain returned after one year

Part Three

FUTURE CONSIDERATIONS

Future Considerations
• Other companies (and other courts) trying their hand • Novel becomes regular; extraordinary becomes ordinary • Slippery slope?

These Go To Eleven: When the Law Goes Too Far

Sign up to vote on this title
UsefulNot useful