Barney's Blog

Blog archive

Microsoft Tosses Cold Water on Father of Gods

The Zeus botnet was full of fire just a few short weeks ago. This group of dirt bags managed to purloin almost a half a billion dollars in its decade-plus of operation. Microsoft, working with law enforcement, took down two sites that supported the Zeus malware operations.

The news is good in that these sites spread that malware that stole money. The bad news? These are remote sites, a lot like offshore bank accounts. The jerks that stole all this money were not exactly running the data centers.

I am torn here. I am big on personal freedom, but I am just as big on doing (nearly) whatever it takes to nail these creeps.

Help me with this conundrum oh wise Redmond Report reader. How many of our liberties should we sacrifice in the name of Internet and financial security? Your calculations welcome at

Posted by Doug Barney on 03/28/2012 at 1:19 PM

comments powered by Disqus

Reader Comments:

Thu, Mar 29, 2012 Rick Waldorf, MD

I think that once it is determined that the bad guys are outside of our borders, then all privacy bets should be off. We are inevitably heading to this position anyway with the increase of international attacks on our infrastructure.

Thu, Mar 29, 2012 Dan Iowa

What liberties do we sacrifice in the name of personal freedom? Don't confuse privacy with freedom. Freedom is the ability to do what you want, when you want, according to your own choices; as long as it does not infringe upon the freedom of other individuals. Privacy is the ability to do all of that without anyone else knowing about it. The carry part about privacy is you have to trust that no one else is trying to screw you over using their privacy to cloak their activities.

Wed, Mar 28, 2012 David Yoder Washington, DC

I think the internet is growing faster than we can keep up with it. I think people as a whole put too much faith into the internet based products and services they consume. I think most people use the internet like many others drive their vehicles; it is a necessary convenience that tends to be abused and misunderstood up until a life is radically changed. Then we wake up to the problems with our ab/use of the system the whole time. The internet is not a secure place, and nothing you do on it is private. The security measures currently in place are like extravagant vaulted locking mechanisms on a sliding glass door – they do an excellent job at keeping out honest men and someone that requires a lockpick set; but anyone with unconventional tools, like a hammer, can just barge right in (like firesheep). Also, I hope everyone understands that, aside from script kiddies, most hacker groups and individuals are only able to continue doing what they do because they are far more intelligent than you are (not you Doug – I mean 'you' the reader). The malware that makes the news isn't the stuff we should be too worried about – most well adjusted technically savvy people can pretty easily avoid such nuisances – it's the malware that's on your machine right now quietly sending out small payloads a few times a year that we should be worried about. I'll agree that most internet based services are a necessity these days – things like email, social networking, and online banking are almost essential. Malware and exploits of these systems are just the big red flags that everyone walks past to consume such services. Just like vultures circle above a dead animal, malware and exploits swarm around broken software and protocols. But the real problem with email, social networking, and online banking isn't their existence – its their implementation (ie: most Microsoft Windows applications, Facebook, Google+, Twitter, SSL, and most EULA and privacy statements that no one ever reads). As for where you, Doug, are torn – I personally would never sacrifice personal freedom in favor of the 'greater' security. I would advocate for the rewrite of broken applications and protocols. To those doing the rewriting, I would like to remind you of Occam's razor – for instance: IPv6 is not a suitable alternative to IPv4; IPv4.1, however, is.

Wed, Mar 28, 2012 John Canberra Australia

Before we get into that, how about the losses we have suffered from operating systems and applications distributed with anything from major holes in security (which can at best be described as gross negligence) to blatant data piracy from undisclosed data mining of your device (which can only be described as theft)? Whilst we are looking at laws and processes that “nail these creeps” using the Zeus botnet or similar, why don’t we look at laws and processes that “nail these creeps” developing software that steals (or by negligence allows to be stolen) equally as much but in the guise of commercial (and sometimes free) products? Just because they sit in an expensive office and pay their taxes doesn’t mean they are acting morally and ethically. Many (most?) corporations are sociopathic in nature. We need laws to protect us from them just as much as we need protection from the “criminals”.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.