How To Avoid Collateral Damage In Cybercrime Takedowns

  /     /     /  
Publicated : 22/11/2024   Category : security


How To Avoid Collateral Damage In Cybercrime Takedowns


Internet pioneer and DNS expert Paul Vixie says passive DNS is way to shut down malicious servers and infrastructure without affecting innocent users.



Botnet and bad-actor IP hosting service takedowns by law enforcement and industry contingents have been all the rage for the past few years as the good guys have taken a more aggressive tack against the bad guys.
These efforts typically serve as an effective yet short-term disruption for the most determined cybercriminal operations, but they also sometimes inadvertently harm innocent users and providers, a problem Internet pioneer and DNS expert Paul Vixie says can be solved by employing a more targeted takedown method.
Vixie, CEO of FarSight Security, which detects potentially malicious new domain names and other DNS malicious traffic trends, says using a passive DNS approach would reduce or even eliminate the chance of collateral damage when cybercriminal infrastructure is wrested from the attackers control. Vixie will drill down on this topic during
his presentation at Black Hat USA in August
.
Takedowns typically include seizing domains, sinkholing IPs, and sometimes physically removing equipment, to derail a botnet or other malicious operation.
Perhaps the most infamous case of collateral damage from a takedown was Microsofts Digital Crimes Units takeover of 22 dynamic DNS domains from provider No-IP a year ago. The move did some damage to Syrian Electronic Army and cybercrime groups, but innocent users were also knocked offline. Microsoft said a technical error led to the legitimate No-IP users losing their service as well, and No-IP maintained that millions of its users were affected.
The issue was eventually resolved, but not after some posturing in
hearings on Capitol Hill
, and debate over whether Microsoft was getting too heavy-handed in its takedown operations.
Vixie says the key to ensuring innocent users and organizations dont get swept up in the law enforcement cyber-sweep is get a more accurate picture of just what is attached to and relying on the infrastructure in question. There is a tool that you can use to find out [whether] the Net infrastructure belongs to bad guys so you dont target anything else that shares that infrastructure and is not malicious, Vixie says.
Passive DNS is a way to do that, says Vixie. With passive DNS, DNS messages among DNS servers are captured by sensors and then analyzed. While Vixies company does run a Passive DNS database, he says hes advocating that investigators and task forces doing botnet or domain takedowns use any passive DNS tool or service.
Vixie says the two-part challenge in takedowns to date has been ensuring law enforcement got it all while not inadvertently cutting off innocent users and operations in the process.
Passive DNS not only can help spot critical DNS name servers, popular websites, shared hosting environments, and other legit operations so they arent hit in a takedown operation, he says, but it can also help spot related malicious domains that might otherwise get missed. That helps investigators drill down to the malicious tentacles of the operation, according to Vixie.
Vixie in his talk at Black Hat also plans to lobby for researchers and service providers to contribute data to passive DNS efforts.
Meanwhile, its unclear what long-term effects takedowns have had on the cybercrime underground. Im involved in the same [volume] of [takedown] cases than I ever was. The trend of bad guys is on an upward swing, Vixie says.

Last News

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
How To Avoid Collateral Damage In Cybercrime Takedowns