these go to eleven: when the law goes too far

7/29/2019 These Go To Eleven: When the Law Goes Too Far

1/27

These Go To Eleven:

When the Law Goes Too Far


2/27

Fifth Amendment

"No person shall...bedeprived of life, liberty,

or property, without due

process of law..."


3/27

Michael theprez98 Schearer


4/27

Why you should be skeptical

(Y)


5/27

LEGAL ASPECTS OF BOTNETTAKEDOWNS

Part One


6/27


7/27

Knock, knock, Neo.


8/27

Video:

http://www.youtube.com/watch?v=BZdLl6yw

pW0
http://www.youtube.com/watch?v=BZdLl6ywpW0http://www.youtube.com/watch?v=BZdLl6ywpW0http://www.youtube.com/watch?v=BZdLl6ywpW0http://www.youtube.com/watch?v=BZdLl6ywpW0


9/27

Botnet Takedowns:

The Players

Project MARS (Microsoft Active Response for

Security)

Microsoft Digital Crimes Unit Microsoft Malware Protection Center

Customer Support Services

Trustworthy Computing

Ex Parte Temporary RestrainingOrder (FRCP Rule 65)extraordinary remedy


10/27

Botnet Takedowns:

The Themes

Notice

Opportunity to be Heard

Jurisdiction Effectiveness

Public Relations

Impact/Compromise Investigations

Role of the Private Actor

Microsoft vs. less experienced company


11/27

Botnet Takedowns

Mar 2010: Waledac

Mar 2011: Rustock

Sep 2011: Kelihos (.b/.c)Sep 2012: Nitol

Mar 2012: Zeus (partial)

Feb 2013: Bamital


12/27

Waledac

via Brian Krebs

Source: Palo Alto Networks


13/27

Rustock

How effective are Microsofts tactics?

Source: Composite Blocking List


14/27

Kelihos

How effective are

Microsofts tactics?

Waledac 2.0?

Kelihos.a (9/11)

Kelihos.b (3/12)

Kelihos.c

Kelihos.d? Source: Microsoft complaint


15/27

Nitol

Started as

investigation of

counterfeit versions of

Windows

Discovered infections

through Chinesesupply chain

Source: Geek.com


16/27

Zeus

What is the role of the

private actor?

How does that impact

private research or law

enforcementinvestigations?


17/27

Bamital

How far is too far?

What is the legality of using the

botnet own communications

infrastructure to warn customers

that they were infected?


18/27

DOMAIN SEIZURES

Part Two


19/27

Domain Takedowns:

The Players


20/27

Domain Seizures:

The Themes

Notice

Opportunity to be Heard

Jurisdiction (.com/.net/.org) Effectiveness

Public Relations


21/27

Megaupload

Criminal summonsnever served

Non-infringing contentseized (KyleGoodwin)

USG recommended

25 PB of data bedeleted


22/27

RojaDirecta

Legal activities under

Spanish law

Extra-territorial

application of

copyright law?


23/27

JotForm

Seized by Secret

Service with no notice Entire domain seized

for few violations?

Never notified of

reasons for seizure


24/27

Dajaz1.com

Seized for contentsubmitted by artists

Court order sealed

Forfeiture extensionpapers sealed

Domain returned afterone year


25/27

FUTURE CONSIDERATIONS

Part Three


26/27

Future Considerations

Other companies (and other courts) trying

their hand

Novel becomes regular; extraordinary

becomes ordinary

Slippery slope?

Th G T El


27/27

These Go To Eleven:

When the Law Goes Too Far

these go to eleven: when the law goes too far

Documents