A case study in ethical decision making regarding remote mitigation of botnets

Authors:
David Dittrich;Felix Leder;Tillmann Werner
Affiliations:
University of Washington, Seattle, WA;Institute of Computer Science IV, University of Bonn, Germany;Institute of Computer Science IV, University of Bonn, Germany
Venue:
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Year:
2010

Citing 7
Cited 3

The Sybil Attack

IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
How to Own the Internet in Your Spare Time

Proceedings of the 11th USENIX Security Symposium
A case study of the rustock rootkit and spam bot

HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Spamalytics: an empirical analysis of spam marketing conversion

Proceedings of the 15th ACM conference on Computer and communications security
Studying spamming botnets using Botlab

NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Automated classification and analysis of internet malware

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection

Input generation via decomposition and re-stitching: finding bugs in Malware

Proceedings of the 17th ACM conference on Computer and communications security
So you want to take over a botnet

LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
Ethical dilemmas in take-down research

FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

It is becoming more common for researchers to find themselves in a position of being able to take over control of a malicious botnet. If this happens, should they use this knowledge to clean up all the infected hosts? How would this affect not only the owners and operators of the zombie computers, but also other researchers, law enforcement agents serving justice, or even the criminals themselves? What dire circumstances would change the calculus about what is or is not appropriate action to take? We review two case studies of long-lived malicious bot-nets that present serious challenges to researchers and responders and use them to illuminate many ethical issues regarding aggressive mitigation. We make no judgments about the questions raised, instead laying out the pros and cons of possible choices and allowing workshop attendees to consider how and where they would draw lines. By this, we hope to expose where there is clear community consensus as well as where controversy or uncertainty exists.