Sie sind auf Seite 1von 27

These Go To Eleven: When the Law Goes Too Far

Fifth Amendment

"No person shall...be deprived of life, liberty, or property, without due process of law..."

Michael theprez98 Schearer

Why you should be skeptical

(Y)

Part One

LEGAL ASPECTS OF BOTNET TAKEDOWNS

Knock, knock, Neo.

Video: http://www.youtube.com/watch?v=BZdLl6yw pW0

Botnet Takedowns: The Players


Project MARS (Microsoft Active Response for Security)
Microsoft Digital Crimes Unit Microsoft Malware Protection Center Customer Support Services Trustworthy Computing

Ex Parte Temporary Restraining Order (FRCP Rule 65)


extraordinary remedy

Botnet Takedowns: The Themes


Notice Opportunity to be Heard Jurisdiction Effectiveness Public Relations Impact/Compromise Investigations Role of the Private Actor Microsoft vs. less experienced company

Botnet Takedowns
Mar 2010: Waledac Mar 2011: Rustock Sep 2011: Kelihos (.b/.c) Sep 2012: Nitol Mar 2012: Zeus (partial) Feb 2013: Bamital

Waledac

via Brian Krebs

Source: Palo Alto Networks

Rustock
How effective are Microsofts tactics?

Source: Composite Blocking List

Kelihos
How effective are Microsofts tactics? Waledac 2.0? Kelihos.a (9/11) Kelihos.b (3/12) Kelihos.c Kelihos.d?

Source: Microsoft complaint

Nitol
Started as investigation of counterfeit versions of Windows Discovered infections through Chinese supply chain

Source: Geek.com

Zeus
What is the role of the private actor? How does that impact private research or law enforcement investigations?

Bamital

How far is too far?


What is the legality of using the botnet own communications infrastructure to warn customers that they were infected?

Part Two

DOMAIN SEIZURES

Domain Takedowns: The Players

Domain Seizures: The Themes


Notice Opportunity to be Heard Jurisdiction (.com/.net/.org) Effectiveness Public Relations

Megaupload
Criminal summons never served Non-infringing content seized (Kyle Goodwin) USG recommended 25 PB of data be deleted

RojaDirecta

Legal activities under Spanish law Extra-territorial application of copyright law?

JotForm
Seized by Secret Service with no notice Entire domain seized for few violations? Never notified of reasons for seizure

Dajaz1.com
Seized for content submitted by artists Court order sealed Forfeiture extension papers sealed Domain returned after one year

Part Three

FUTURE CONSIDERATIONS

Future Considerations
Other companies (and other courts) trying their hand Novel becomes regular; extraordinary becomes ordinary Slippery slope?

These Go To Eleven: When the Law Goes Too Far