> To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file. This uninstaller—created to remove the Qakbot malware—untethered infected computers from the botnet and prevented the installation of any additional malware.
So the FBI used unauthorized access to the computers to uninstall the malware? Scary if you think about it. I'm sure they could have used that access any way they wanted.
Say I left my car unlocked and it starts spewing smoke – is it scary if the fire department break in to put it out? Or if my abandoned building is housing rats, is it okay for the city to break in and deal with them?
The FBI is far from perfect but this is the kind of thing they _should_ be doing, using their unique privileges to help with public menaces. Anyone on the internet could compromise them, too, so I’d prefer a public cleanup.
The problem may be we'll within the FBI domain but their resolution crosses some boundaries that are meant to be protected. To pull this off the FBI would need to use a general warrant rather than a specific warrant as required by law.
In your examples none of them invole solving problems that you would not be unaware of, in ways that you're not aware of without telling you they were there and oh btw they had to rifle through your undwrware drawer to fix it.
> In your examples none of them invole solving problems that you would not be unaware of, in ways that you're not aware of without telling you they were there and oh btw they had to rifle through your undwrware drawer to fix it.
It’s pretty common for there to be problems the owner can’t be reached for - people travel, get hospitalized, die, etc. - but that doesn’t prevent action. What it can do is limit what they’re allowed to bring charges for – in your example, if they said they were pursuing reports of squatters in your house they couldn’t search inside your dresser since that’s not in plain sight.
In this case, I would expect that courts would give the FBI considerable leeway for neutralizing a system which is being actively used to commit crimes but not to check your private data to see if you were cheating on your taxes.
It's context dependent. If I'm filming a movie and want to get a scene where a car is spewing smoke, and the FD runs up while I'm filming to put it out, that is troublesome to me.
It seems like this might be the case here where some minuscule portion of the botnet base is security research firms / etc. who have a reason to have the botnet software installed and don't want it deleted; in fact, it may even affect their livelihood to delete it.
We have to call the local FD if we want to do a controlled burn of a field or fence row. If we don't, nobody is surprised when they show up to put out the fire.
I have to imagine this is similar. If your livelihood relies on a botnet, and you don't at least let authorities know, my guess is you're not a researcher. . .
Your example doesn't make sense though given the context. You can't just light a car on fire for filming purposes. You're going to need to at the very least petition the local government, get a permit, and follow safety protocols that will likely include the presence of the fire department.
This reminds me of frivolous lawsuits. A doctor sees someone needing medical attention. The doctor performs CPR, break some ribs in the process, but ultimately saves their life. The person who would have otherwise died, sues the doctor for breaking their ribs while completely ignoring the good will that saved them from certain death.
It's Also why people normally get a permit or at least contact officials to tell them that they're going to do staging a scene that looks exactly like an accident/crime scene.
It isn't a strike against emergency responders for responding to a situation that someone has staged to look as close to the real thing as possible.
> It seems like this might be the case here where some minuscule portion of the botnet base is security research firms / etc. who have a reason to have the botnet software installed and don't want it deleted; in fact, it may even affect their livelihood to delete it.
This doesn’t make any sense to me: no ethical security firm is going to allow their resources to be used to attack other people, or complain if the FBI shut down the people attacking their clients.
Most of the time they had to have explicit "Bomb Squad" presence, and did things explicitly at bomb ranges.
One time they still managed to damage something outside of the vast location (an abandoned airport I believe) they were working within, and were banned from that location.
> So the FBI used unauthorized access to the computers to uninstall the malware? Scary if you think about it. I'm sure they could have used that access any way they wanted.
The access was always possible. Not just by the FBI. In fact, it was already being accessed by the botnet operators. The issue here is _permission_ and _precedent_. The government gave itself permission to go into these computers and cleanup the botnet. What explicit permission did they grant themselves and what precedent does that set?
I'm pretty hesitant/paranoid about the U.S. government and the powers we (citizens) grant them. But this one surprisingly sits right with me. It looks thoughtfully applied and constrained - a very tactical operation to go in and cleanup a botnet without accessing any unnecessary data in the process.
The access was possible but not legal but they gave themselves legal access. It's a slippy slope. They have placed an unknown file as well on your computer.
There are many situations where law enforcement is authorized (by law) to do something that would normally be illegal. For example here is some language from
18 U.S. Code § 1030 - Fraud and related activity in connection with computers:
> This section does not prohibit any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States, a State, or a political subdivision of a State, or of an intelligence agency of the United States.
I'm not sure if this is the relevant code for this Qakbot incident, I'm just trying to clarify that the law generally accepts that law enforcement officials get special dispensation from the regular requirements of the law in order to carry out their function or to protect the public.
Police have huge amounts of leeway to wreck stuff and kill people, which do not appear to have happened in this case compared to the mere possibility of abuse.
This was clearly a large-scale coordinated effort spanning multiple countries, multiple organizations within the US including DOJ lawyers, named and unnamed industry partners, etc. This is not a context in which a single group could do unethical clandestine things without the knowledge and buy-in of other parties, nor would it be something the FBI team working this case would have any incentive to do. They were tasked with dismantling this botnet and removing the malware from victim machines, and that is what they did.
So the FBI used unauthorized access to the computers to uninstall the malware? Scary if you think about it. I'm sure they could have used that access any way they wanted.