Cisco Logo


With each passing day, security reports – including Cisco’s – describe accounts of computers that are used in botnet attacks. Each computer, unwittingly, is infected with malware and controlled by remote unseen hands, foreign or domestic, and with little to no care for the computer’s owner. Simply put, the computer is no longer exclusively under the owner’s control; nor is the data or the privacy of the owner. Unchecked, botnets grow in variety, frequency, complexity, and capability.

Traditionally, dynamic teams, composed of private citizens and law enforcement, devise ways to contain the effects of a botnet and, if possible, shut it down in some way, such as:

In nearly each circumstance, new approaches are developed to keep the botnet variants from succeeding.

Add another creative approach to the mix based in the rule of law.

The US Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) sought and received legal authority to replace the known Command and Control servers for the Coreflood botnet with computers that would ‘act’ like the real Command and Control servers. Now, the Coreflood-infected computers in the US would receive instructions from the FBI instead, and in fact, only one instruction: ‘stop.’

I’ve heard quite a debate if this somehow crosses a line on our privacy. As a staunch privacy advocate, I believe that the infected computer owner’s privacy had been already violated by the malware and the botnet operators. In the ‘protect and serve’ aspect of their mission, my view is that the FBI sought to back the US citizen’s privacy and protect the affected individual – based on my instinct that the infected computers were now controlled by the good guys, and the good guys were only allowed to respond to communications requests and tell the computers to stop running the malware. I also take to heart that if something was done incorrectly, the FBI could have caused one or more computers to work improperly. I am confident that the DOJ and FBI knew this all too well, and similar to anti-virus vendors, software vendors who issue patches, and updates from security vendors, the FBI rigorously tested their abilities beforehand.

This story could be very different: one in which authorities are overstepped, privacy invaded, or computers damaged. But this situation was all handled through the US Judicial system and these concerns all seem addressed by the limits in what the FBI was authorized to do. I tip my hat to the DOJ, FBI, Judge Vanessa Bryant for her decision, and the combined efforts that helped disrupt another botnet from continuing to steal private information and setting the stage for future, nefarious operations.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 90 days. Please visit the Cisco Blogs hub page for the latest content.


  1. John S. Whitford

    This equates to hostage rescue IMHO


  1. Return to Countries/Regions
  2. Return to Home
  1. All Security
  2. All Security
  3. Return to Home