Archive - Apr 16, 2011
It might seem like this hypothetical question is coming from some cheesy 1950s science fiction movie, but actually, it is based on some recent news:
Let’s imagine an evil mastermind sneaks robots into millions of American households. Government agents figure out the plot and raid the evil mastermind’s control center. They are now faced with a dilemma: Do they simply turn off the control center, leaving millions of robots waiting idly for the next command from the control center? Or, do they send out a special command from the control center that disables all of the robots.
This is actually a question that legal scholars, privacy advocates and others are currently discussing. Recently, Federal Agents took down the Coreflood botnet. A botnet is a network of robot like programs that get snuck onto people’s computers. They check in with a control center that tells them what to do, record users keystrokes, send out spam, or other nasty things.
When a previous botnet was taken down, the control center was shutdown and the bots remained on people’s computers trying to contact the control center, but with no control center to command them, they simply remain idle. Of course, if someone creates a new control center, they might be able to reactivate the bots. This time, the Federal agents received permission from the courts to take over the control center, send out messages tell the bots to disable themselves, and recording the addresses of the computers so people could follow up and make sure the bots were removed.
What are some of the issues? Well should the government be allowed to disable programs on your computer? If the programs are malicious? What if you want to keep the malicious program to investigate how to turn it around and use it for good? Can we trust the government not to misuse any other information they get from the botnet? Are there other unexpected and unintended consequences to this?
If you’re interested in more discussions on this, check out Feds ‘Reverse Hack’ Millions of Infected Computers and The Coreflood takedown: building a better, broader botnet response.