back to article FBI boss says China 'burned down' 260,000-device botnet when confronted by Feds

China-backed spies are said to have tore down their own 260,000-device botnet after the FBI and its international pals went after them. The botnet was controlled by the somewhat misnamed Integrity Technology Group, a Chinese business whose chairman has admitted that for years his company has "collected intelligence and …

  1. PhilipN Silver badge

    They found that one!

    Fire up the others.

  2. VicMortimer Silver badge

    Make paying ransom a crime.

    It's absolutely insane that the FBI is allowed to participate in paying ransom.

    It's time to stop the ransomware and criminalize the payments. You can't arrest a botnet operator in China, but you can arrest a CEO whose company paid. Stop the payments, end the profits, and you stop the ransomware.

    And to those idiots who like to whine "it's more complicated than that" - No, it isn't. Ransomware is about money. Stop the money, make paying a crime, and the problem WILL go away. It IS that simple.

    1. Pascal Monett Silver badge

      Re: Make paying ransom a crime.

      Just like kidnapping.

      It was made a crime to pay a kidnappers ransom, result : no more kidnappings for ransom in the US.

      Do the same with ransomware. When there is no more money to be made, the only attacks left will be those of state actors who have other interests in mind (my how that sounds better <shudder>).

    2. druck Silver badge

      Re: Make paying ransom a crime.

      It's time to stop the ransomware and criminalize the payments. You can't arrest a botnet operator in China, but you can arrest a CEO whose company paid. Stop the payments, end the profits, and you stop the ransomware.

      If you ban crypto, you have stopped the payments.

      1. Casca Silver badge

        Re: Make paying ransom a crime.

        At least it makes it harder. Back to leave a sack with money in a trashcan at the park

        1. lglethal Silver badge
          Stop

          Re: Make paying ransom a crime.

          Hard for the Russian/Chinese Hackers to come and collect that... And not hard for the cops to nab the stupid money mule who tries to collect it for them...

          1. MiguelC Silver badge

            Re: Make paying ransom a crime.

            Nowadays it would be probably an unfortunate Glovo or Doordash guy with instructions to pick an item in place A and drop it in place B, with baddies watching if he's picked up by the police. Make enough transfers like that and the money bag would be swapped mid-travel by an insider. Or have I seen too many movies :)

            1. Brad Ackerman

              Re: Make paying ransom a crime.

              Halting State, Charles Stross; but that was straight espionage, not financial crimes. On the gripping hand, the two categories should be harder to tell apart.

  3. StrangerHereMyself Silver badge

    Lax

    We're pretty lax on the myriad of Chinese companies who dump insecure and unsupported devices onto our markets. You could even argue that they're doing this on purpose to facilitate hacking by the Chinese government.

    Linux isn't that hard to secure if you know what you're doing. The fact that these companies are unwilling to make the effort and we're not doing enough to punish them leads to the situation we're in now.

    1. Yorick Hunt Silver badge

      Re: Lax

      "The fact that these companies are unwilling to make the effort and we're not doing enough to punish them..."

      But that's just the way Cisco's business model works; until people stop buying their leaky equipment, they have no incentive to make it more secure.

      1. Alan Brown Silver badge

        Re: Lax

        As we saw, when people started buying other kit (ironically: Chinese) the USG intervened and forced the pointer back to Cisco

    2. martinusher Silver badge

      Re: Lax

      If you work in this type of business you'll know that the priority of marketing -- management, in other words -- is adding new features. We all know as users that we'd far rather have fewer features and more testing to improve reliability and harden against bugs and threats but advocating this falls on deaf ears. There's nothing to suggest that a Chinese company is no different from an American one so I'd guess that rather than they working to some carefully thought out Machiavellian plan to subvert the universe they're just like us -- a rough and tumble environment where the priority is always getting 'the latest' out as quickly and cheaply as possible.

      I've been at the center of this on more than one occasion at more than one company. There's never any resources for fixing legacy code so the pressure is just to slap the same old IP stack in that we've always used, the one that 'mostly' works 'most' of the time. It doesn't help that maintenance is seen as a low caste job, something that's relegated to second line workers and juniors while the superstars are busy creating new stuff (and invariably leaving a trail of 'not quite finished' code in their wake).

      1. StrangerHereMyself Silver badge

        Re: Lax

        Our government is at fault too for not punishing these companies for releasing blatantly insecure software on their devices. My advice would be to ban such companies from selling their wares for 5 years on our markets (NAFTA, EU).

        And it's not about features either. There's a minimal and I would say almost trivial amount of work you need to put in to secure these devices. These companies willingly refuse to do so.

  4. Anonymous Coward
    Anonymous Coward

    FBI

    Where are Epstein's customer list? why have you done NOTHING. Hunter, Ruby, Yearick

    1. Anonymous Coward
      Anonymous Coward

      Re: FBI, Where are Epstein's customer list?

      In their Chief's top draw of their desk. They have most of Hollywood by the balls now. And all the other srich sickos too.

    2. MiguelC Silver badge

      Re: FBI

      ... Trump?

  5. Kev99 Silver badge

    When will these goofs learn the internet is not safe, secure or impregnable.

  6. Vader

    block all Chinese public IP's from accessing anything in the US.

    1. IGotOut Silver badge

      Congratulations. You've just bankrupted the USA.

      1. Brad Ackerman
        Boffin

        It's just pointless because they can just use botnets located somewhere else, which wouldn't inconvenience MSS and 3PLA at all but would greatly inconvenience legitimate actors.

  7. bombastic bob Silver badge
    Mushroom

    This is what happens

    This is what happens \when a COMMUNIST country is building all of those devices with SLAVE LABOR and have intimate knowledge of their inner workings... and a pattern of EXACTLY this kind of nefarious behavior, from violation of I.P. to outright criminal activity (like THIS).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like