A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets

It is becoming more common for researchers to find themselves in a position of being able to take over control of a malicious botnet. If this happens, should they use this knowledge to clean up all the infected hosts? How would this affect not only the owners and operators of the zombie computers, but also other researchers, law enforcement agents serving justice, or even the criminals themselves? What dire circumstances would change the calculus about what is or is not appropriate action to take? We review two case studies of long-lived malicious bot-nets that present serious challenges to researchers and responders and use them to illuminate many ethical issues regarding aggressive mitigation. We make no judgments about the questions raised, instead laying out the pros and cons of possible choices and allowing workshop attendees to consider how and where they would draw lines. By this, we hope to expose where there is clear community consensus as well as where controversy or uncertainty exists.

[1]  M. Bailey,et al.  Towards Community Standards for Ethical Behavior in Computer Security Research , 2009 .

[2]  Sven Dietrich,et al.  P2P as botnet command and control: A deeper insight , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[3]  Richard O Hynes,et al.  Guidelines for human embryonic stem cell research , 2005, Nature Biotechnology.

[4]  Tillmann Werner,et al.  Proactive Botnet Countermeasures An Offensive Approach , 2009 .

[5]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[6]  Deborah G. Johnson,et al.  Computers, ethics & social values , 1995 .

[7]  Ken Chiang,et al.  A Case Study of the Rustock Rootkit and Spam Bot , 2007, HotBots.

[8]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2008, CCS.

[9]  D. Dittrich,et al.  Active Response to Computer Intrusions , 2005 .

[10]  D. Denning The Ethics of Cyber Conflict , 2009 .

[11]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[12]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[13]  R. Stephenson A and V , 1962, The British journal of ophthalmology.

[14]  Arvind Krishnamurthy,et al.  Studying Spamming Botnets Using Botlab , 2009, NSDI.

[15]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[16]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[17]  Peter Druschel,et al.  Peer-to-peer systems , 2010, Commun. ACM.

[18]  Chris Kanich,et al.  Storm: When Researchers Collide , 2008, login Usenix Mag..

[19]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[20]  Eugene H. Spafford,et al.  Are computer hacker break-ins ethical? , 1992, J. Syst. Softw..

[21]  Annette N. Markham Ethic as Method, Method as Ethic: A Case for Reflexivity in Qualitative ICT Research , 2006 .

[22]  Zhuoqing Morley Mao,et al.  Automated Classification and Analysis of Internet Malware , 2007, RAID.

[23]  Sven Dietrich,et al.  Have we Crossed the Line? The Growing Ethical Debate in Modern Computer Security Research , 2009 .