Skip to main content
SpringerLink
Log in
Book cover

International Conference on Financial Cryptography and Data Security

FC 2010: Financial Cryptography and Data Security pp 216–230Cite as

A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6054))

Abstract

It is becoming more common for researchers to find themselves in a position of being able to take over control of a malicious botnet. If this happens, should they use this knowledge to clean up all the infected hosts? How would this affect not only the owners and operators of the zombie computers, but also other researchers, law enforcement agents serving justice, or even the criminals themselves? What dire circumstances would change the calculus about what is or is not appropriate action to take? We review two case studies of long-lived malicious botnets that present serious challenges to researchers and responders and use them to illuminate many ethical issues regarding aggressive mitigation. We make no judgments about the questions raised, instead laying out the pros and cons of possible choices and allowing workshop attendees to consider how and where they would draw lines. By this, we hope to expose where there is clear community consensus as well as where controversy or uncertainty exists.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 45 CFR 46, http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htm

  2. Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks (May 2007), http://www.smh.com.au/news/Technology/Estonia-urges-firm-EU-NATO-response-to-new-form-of-warfarecyberattacks/2007/05/16/1178995207414.html

  3. On-demand detection of malicious software. Technical Report No. 23, Anti-Virus Comparative (August 2009)

    Google Scholar 

  4. Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178–197. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Chiang, K., Lloyd, L.: A case study of the rustock rootkit and spam bot. In: HotBots 2007: Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets (2007)

    Google Scholar 

  6. N. R. C. Committee on Guidelines for Human Embryonic Stem Cell Research. Guidelines for Human Embryonic Stem Cell Research. The National Academies Press, Washington (2005)

    Google Scholar 

  7. Criscuolo, P.J.: Distributed denial of service. Technical report, Department of Energy, Computer Incident Advisory Capability (CIAC) (February 2000)

    Google Scholar 

  8. Danchev, D.: Legal concerns stop researchers from disrupting the storm worm botnet (January 2009), http://blogs.zdnet.com/security/?p=2397

  9. Deibert, R., Manchanda, A., Rohozinski, R., Villeneuve, N., Walton, G.: Tracking GhostNet: Investigating a cyber espionage network (March 2009), http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network

  10. Denning, D.E.: The ethics of cyber conflict. In: The Handbook of Information and Computer Ethics, ch. 17 (June 2008)

    Google Scholar 

  11. Dittrich, D.: Second Agora workshop on Active Defense (Sponsored by Cisco Systems, Inc.) (September 2003), http://staff.washington.edu/dittrich/arc/AD-workshop-091203.pdf

  12. Dittrich, D., Bailey, M., Dietrich, S.: Have we Crossed the Line? The Growing Ethical Debate in Modern Computer Security Research. Poster to be presented at the 16th ACM Conference on Computer and Communication Security (November 2009)

    Google Scholar 

  13. Dittrich, D., Bailey, M., Dietrich, S.: Towards Community Standards for Ethical Behavior in Computer Security Research. Technical Report CS 2009-01, Stevens Institute of Technology (April 2009)

    Google Scholar 

  14. Dittrich, D., Dietrich, S.: P2P as botnet command and control: a deeper insight. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software (Malware 2008), pp. 46–63 (October 2008)

    Google Scholar 

  15. Dittrich, D., Himma, K.E.: Active Response to Computer Intrusions. In: Handbook of Information Security, ch. 182, vol. III (2005), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=790585

  16. Douceur, J.R.: The sybil attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  17. Enright, B., Voelker, G., Savage, S., Kanich, C., Levchenko, K.: Storm: When researchers collide. In: USENIX; login, vol. 33(4) (August 2008)

    Google Scholar 

  18. Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. Technical Report TR-2008-006, Department for Mathematics and Computer Science, University of Mannheim (December 2008)

    Google Scholar 

  19. Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Reihe Informatik (2008)

    Google Scholar 

  20. Holz, T., Steiner, M., Dahl, F., Biersack, E.W., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET 2008: First USENIX Workshop on Large-Scale Exploits and Emergent Threats (April 2008)

    Google Scholar 

  21. John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying Spamming Botnets Using Botlab. In: Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2009) (April 2009)

    Google Scholar 

  22. Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: an empirical analysis of spam marketing conversion. In: CCS 2008: Proceedings of the 15th ACM conference on Computer and communications security, pp. 3–14 (2008)

    Google Scholar 

  23. Kelly, S.: BBC team exposes cyber crime risk (March 2009), http://news.bbc.co.uk/2/hi/programmes/click_online/7932816.stm

  24. Leder, F., Werner, T.: Know Your Enemy: Containing Conficker (April 2009), https://www.honeynet.org/papers/conficker/

  25. Leder, F., Werner, T., Martini, P.: Proactive Botnet Countermeasures – An Offensive Approach. In: Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia (March 2009)

    Google Scholar 

  26. Leyden, J.: DDoS protection racket targets online bookies (November 2001), http://www.theregister.co.uk/2001/11/26/ddos_protection_racket_targets_online/

  27. Markham, A.: Method as ethic, ethic as method. Journal of Information Ethics 15(2), 37–55 (2006)

    Article  Google Scholar 

  28. Naraine, R.: Kraken botnet infiltration triggers ethics debate (May 2008), http://www.eweek.com/c/a/Security/Kraken-Botnet-Infiltration-Triggers-Ethics-Debate/

  29. Department of Justice. Criminal Complaint: United States of America v. Paul G. Ashley, Jonathan David Hall, Joshua James Schichtel, Richard Roby and Lee Graham Walker (2004), http://www.reverse.net/operationcyberslam.pdf

  30. Office for Human Research Protections (OHRP). Guidance on Certificates of Confidentiality (February 2003), http://www.hhs.gov/ohrp/humansubjects/guidance/certconf.htm

  31. Oudot, L.: Fighting Internet Worms With Honeypots (October 2003), http://www.securityfocus.com/infocus/1740

  32. Phong, H.: Korean agency accuses BKIS of violating local and int’l. law (July 2007), http://english.vietnamnet.vn/reports/2009/07/859068/

  33. Porras, P., Saidi, H., Yegneswaran, V.: Conficker C P2P Protocol and Implementation (September 2009)

    Google Scholar 

  34. Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging (April 2007)

    Google Scholar 

  35. Shachtman, N.: Porn purveyors getting squeezed (July 2003), http://www.wired.com/news/print/0,1294,59574,00.html

  36. Spafford, E.H.: Are computer hacker break-ins ethical. In: Johnson, D.G., Nissenbaum, H. (eds.) Computers, Ethics & Social Values, pp. 125–135. Oxford University Press, Oxford (1992)

    Google Scholar 

  37. Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX Security Symposium, August 2002, pp. 149–170 (2002)

    Google Scholar 

  38. Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is My Botnet: Analysis of a Botnet Takeover. Technical report, University of California (May 2009)

    Google Scholar 

  39. Symantec. The Downadup Codex: A comprehensive guide to the threat’s mechanics Edition 2.0 (June 2009), http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_downadup_codex_ed2.pdf

Download references

Author information

Authors and Affiliations

  1. University of Washington, Seattle, WA, 98195, USA

    David Dittrich

  2. Institute of Computer Science IV, University of Bonn, Germany

    Felix Leder & Tillmann Werner

Authors
  1. David Dittrich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Felix Leder
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tillmann Werner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, Stony Brook University, 11794, Stony Brook, NY, USA

    Radu Sion

  2. Department of Computer Science, New Jersey Institute of Technology, 218 Central Ave, 07102, Newark, NJ, USA

    Reza Curtmola

  3. Computer Science Department, Castle Point on Hudson, Stevens Institute of Technology, 07030, Hoboken, NJ, USA

    Sven Dietrich

  4. Computer Science and Engineering, University of Connecticut,, 372 Fairfield Way, 06269, Storrs, CT, USA

    Aggelos Kiayias

  5. Departamento de Matemáticas, Universidad de Lleida, Jaume II, 69, 25001, Lleida, Spain

    Josep M. Miret

  6. NEC Central Research Labs, 1753 Shimonumabe, Nakahara, 211-8666, Kawasaki, Japan

    Kazue Sako

  7. Departamento de Matemáticas, Dept. of Computer Engineering and Universidad de Lleida, Jaume II, 69, 25001, Lleida, Spain

    Francesc Sebé

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Dittrich, D., Leder, F., Werner, T. (2010). A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets. In: Sion, R., et al. Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6054. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14992-4_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14992-4_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14991-7

  • Online ISBN: 978-3-642-14992-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation