Home page logo

nanog logo nanog mailing list archives

Re: Over three million computers 0wned?
From: Etaoin Shrdlu <shrdlu () deaddrop org>
Date: Sat, 28 Jun 2003 19:04:25 -0700

Sean Donelan wrote:


Trustcorps claims it has scientific and anecdotal resaerch supporting its
conclusion that over three million computers are "owned" by malicious

Well, it isn't as if that article really had many of the details that were
meaningful. I decided to go right to the source (www.trustcorps.com) and
see what they had to say. Beyond seeing that they were yet another web site
that looks great iff you are using IE, I found almost NO substance. I
visited the "Press Room," and the "News" items, and even the archives
thereof. Nothing there (at least not those claims).

Ok, so maybe they haven't put it on their web site yet. Still, I suppose
someone made those claims, and I think they deserve a little examination.

On the other hand, Information Risk Management questioned how any one
person could "own" hundreds of computers at any one time.  And systems are
often not "owned" by a single group, but exploited by multiple groups

Well, no one here is truly defining what "owned" implies. I know what a
ruckus it kicked up here on NANOG when the first truly distributed denial
of service hit eBAy (or was it Yahoo???). No matter. That was no where near
three million computers, but it certainly didn't require a lot of control
to qualify as "control," or a lot of ownership to qualify as "owned." I'm
amused at the thought that so-called hacker groups are in any way
coordinated, or working together, other than a few here and there (and more
for monetary gain than fame and glory).

Three million? Sure, I believe, if you stretch the definition thin enough,
that three million is quite believable. Organized in any way? Nonsense.
Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous
amount of software out there that makes it EASY to take over machines (and
I include every single default install of every single OS that enables
anything more than port 22), if it weren't for the stunning array of folk
who think that expediency is valuable, and ethics malleable, if it weren't
for the vast populace that just wants pabulum, and padded cells, none of
this would be possible.

Trust me. The only bad guys that are organized are the ones who are after
$$$, and they have absolutely no need to control three million computers.
One or two is plenty, and for just long enough. The idea that there is a
vast underground of pimply-faced teenagers just waiting to control the
world would be laughable, were it not for the continued commercial assaults
that insist it is so.
Unfortunately this computer crime doesn't fit the FBI crime reporting
statistics well.  Vandalism of Property?  Is the cracking of computers
happening more or less often than car theft?

Car theft is clear. Someone takes your car, and then you don't have it.
When someone compromises your computer(s), what do you lose? What do they
gain? It's a very unclear question.

I apologize; I take it all back. MS Exchange is RFC-compliant.
   See RFC 1925, point three.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]