> The team’s roughly 30 members, who communicate mostly through Slack and weekly video calls, include staffers from... cloud service providers... online gaming companies... security researchers, academics... FBI agents and federal prosecutors.
Do security professionals, including government agents, really use Slack to communicate sensitive information about investigations? Do they ever give any thought to the fact that they're delegating storage and retrieval of their communications to a third party SaaS company? I still can't believe most startups use Slack, nevermind the FBI. Surely a group of professionals could setup a self hosted Mattermost or Matrix instance, and avoid the risk of compromise by Salesforce.
> Despite their constant communication, the members of Big Pipes and the FBI are careful to note that the internet services with staff members in the group don’t share their users’ private information without going through the usual legal processes of subpoenas and search warrants. Nor does the FBI share private data with Big Pipes, or blindly arrest or search people based on the group’s leads, Peterson says; the FBI investigates the defendants from scratch, treating information from Big Pipes as it would tips from any source.
If I were a defendant on trial for running a DDoS service, I would ask my lawyer to subpoena Slack for those messages. Now that they've bragged about their parallel construction, it seems fair game to open up their Slack channel to discovery, just to make sure that the FBI really is following the "usual legal process."
>If I were a defendant on trial for running a DDoS service, I would ask my lawyer to subpoena Slack for those messages. Now that they've bragged about their parallel construction, it seems fair game to open up their Slack channel to discovery, just to make sure that the FBI really is following the "usual legal process."
Richard Clayton is a legend in the anti-abuse world. I’m not at liberty to say much in detail, other than to acknowledge that he’s a bit like Gandalf, swooping in whenever the crew needs his help. Without his dedicated efforts, the world would be far less secure.
I'm also quite surprised that "operators start as customers"
Is it because operators are script kiddies that are "renting" someone elses software, or in effect, operators are just resellers?
This assumption is based on that, if you are someone technical that can create spftware to develop a botnet in the first place, you arent likely to buy it from someone else unless its really not worth your time.
And if indeed script kiddies are resellers of anothers software , what are the costs to rent/buy the malware? And why does the FBI not go after them?
Folks sometimes start as consumers of ddos services and at some point realize they can run their own service and make money, buy API access into other booters to begin (reselling but the customer doesn't know) and then they figure out how to build their own infra (dedicated servers, front end, payments etc.).
Your assumption that you need to develop or even use malware to commit these attacks is incorrect. As the article eludes to, most "script kiddies" would be using simple reflection attacks like those utilized by anonymous. This would equate to changing a few lines in a TCP or UDP packet and mass spamming 3rd party site to elicit a flood of responses. This is pretty simple for any 13+ year old with visual basic and some time. Large bot nets rented out for attacks are clearly more dangerous and I would assume (hope) the FBI does target the malware creators and distributors.
