Law Enforcement
If you choose, you can report a botnet to either the FBI or the Secret Service.
Reporting a botnet to the IC3 (www.IC3.gov) lets the IC3 determine the
agency with jurisdiction, but does not give you the option of following progress
on the case. If you need to be able to report the outcome, they will need to
report it to the FBI or the Secret Service.The Secret Service is usually respon-
sible for cases involving credit cards and some other financial crimes.The FTC
can also be involved in cases of phishing or identity theft.
Use law enforcement to identify and track the botherder for prosecution
or civil suits.You can ask your prosecuting attorney’s office to issue a sub-
poena to obtain customer information or connection information.
Sometimes, an ISP will require a court order for connection information.To
gain access to content, it is usually necessary for law enforcement to obtain a
warrant for search or seizure of any local infected host. Onsite, the target host
should be disconnected from the network. Image the host’s hard drive using
tools capable of making a forensically sound image. Ask the system adminis-
trators to assist in obtaining information about the following:
■
The botnet channel and its moderator (identity information; when
the user account, if there is one, was created). Note that IRC does
not require the user to have an account on the system.
■
Other channels the botherder moderated or used.
■
When the channel(s) were created.
■
Whether the botherder connects locally or remotely, and if remotely,
using which IP addresses.
■
Any useful system logs or other file traces associated with the attack.
You may need to repeat this process for systems the botherder used to access
your system.You should try to confirm that the system had no Remote Access
Trojan (RAT) through which the botherder could have entered.The ISP for
this system may have valuable logs about the activities of the botherder that can
alert you that this next system may be the actual botherder’s system.
The law enforcement and judicial system interface is another place for
improvements. With spam in the millions and botnets of multi-thousand
computers spread across the globe, the current process of having to speak to
and gain permission from a person in the court system is no longer viable. A
Do'stlaringiz bilan baham: