> Unlike conventional botnets, the Glupteba botnet does not rely solely on predetermined domains to ensure its survival.
> Instead, when the botnet’s C2 server is interrupted, Glupteba malware is hard-coded to “search” the public Bitcoin blockchain for transactions involving three specific Bitcoin addresses that are controlled by the Glupteba Enterprise.
>From time to time, the Glupteba Enterprise executes transactions in those addresses, and as part of those transactions, the Glupteba Enterprise leaves in the blockchain the location of the domain for a back- up C2 Server.
Nice, the faster people start treating public blockchains as pay-to-write-once, read-for-free, databases and the native cryptocurrency more like fuel for writing, the quicker this “currency” debate ends for something more intelligent and aligned with reality and the market behaviors.
In before “they could have used a permissioned database”, I really can’t think of something more reliable and cheaper with assurances of availability like this
> I really can’t think of something more reliable and cheaper with assurances of availability like this
Assurances that they only need because they're breaking the law. It is well established that blockchains are good to facilitating illegal behavior. This is just a novel way of using them for that purpose
It is clearly breaking the law, but think of this example:
What if a corrupted government was also blocking access to freedom of speech and querying some harder-to-block public, immutable database on a blockchain was effectively circumventing this block?
Yeah, it's technically still breaking the law and it could be blocked too (albeit much harder), though it's for a good cause.
You're technically correct, but what's the point of this statement? Is the next reply supposed to be "then the bitcoin billionaires will just put up 100s of satellites"?
This reads a bit like when, as a child, we'd discuss who would win in a fight, Goku or Superman.
Sure, but we're not talking about Super Heroes, but existing entities like China, who only just six months ago shut down all Bitcoin mining inside it's borders in less than a month's time (and who also has anti-satellite capabilities).
I doubt bitcoin 'billionaires' would put more up, because liquidating that much bitcoin would crash their market (considering >70% of trades on exchanges are wash trades) and require them to go against tragedy of the commons.
I'm sure you'd agree that saying that "China did something" absolutely does not imply that any other country on the planet is able to do pull off the same thing.
No, I don't agree, because other developed nations have anti-satellite capabilities as well.
You've either missed the point or are intentionally ignoring the context, because "China did something" is actually "China successfully shut down bitcoin mining inside it's borders and has the capabilities to shut down these satellites if it chose to do so".
That's not debating super heroes or even saying other countries will do it. If China saw these as a problem, they will likely deal with them.
It's probably politically easier to have agents drive around neighborhoods looking for suspicious antennas and disappearing people who have them or know how to build them. But still that is much more difficult than blocking access at the ISP level.
Yup, government controls ISPs, but as Bitcoin (or any decentralized tech) gets wider adoption more players will provide gateways to the network.
Let's say (company names are just examples, I don't necessarily think those particular companies will do it) government-controlled ISPs blocked access to the core protocol. Google (over SSL + Secure /Encrypted DNS) might provide a gateway. GitHub can. Microsoft can. Apple can. AWS can. Facebook can. What can the government do then? Blocking those is effectively blocking the whole Internet. Eventually governments will realize that it can't be practically blocked.
...so they'll cut the cord and now no one has internet, or, they'll throw their hands up in the air in despair realizing "we the government lost, the people won, let's just give everyone access to everything and start trusting that our people will do the right thing with their newfound information".
One of those things seem more likely than the other.
authoritarians can remain irrational far longer than their economies can remain functional.
there's a reason why Orwell said a boot stamping a human face forever instead of a boot stamping a human face until it became economically disadvantageous to do so.
China went that route way long ago, and is in a unique position in terms of producing many, many goods that they can export. Compared to many other nations, they can handle it much better. And even on China you can access blockchains anyway even if they were blocked.
Starlink requires hardware on the ground that cannot easily be hidden, which enables corrupt governments to tear that hardware down or put pressure on the maintainers of that hardware in other ways.
That's true, P2P networks like Tor or Torrent don't exist and are just a figment of my imagination. Building a VPN on a similar infrastructure is by definition impossible.
Something being illegal doesn't necessarily mean that it is wrong.
If instead of a C2 Server the above approach was used for SciHub or other servers regularly censored by one government or another, I guess many people here would approve.
it once was like this already. You can spin up your site anytime. You can use tor hidden services to make yourself uncensorable. No need for crypto, pay in knowledge only. And that's why web 1.0 was superior.
edit, ok, tor appeared with web2.0, but still it is more of a web 1.3.
there likely will be a day where there is nobody left who knows how to use dominant blockchains and rely on a few company controlled platforms to do everything for them, so there is nobody left to communicate with when using the public utilities in the most raw form.
For now, that's not the case and education is expanding. Not as fast as the uneducated users of blockchains, but some of them dive deeper too.
>> I really can’t think of something more reliable and cheaper with assurances of availability like this
> Assurances that they only need because they're breaking the law. It is well established that blockchains are good to facilitating illegal behavior. This is just a novel way of using them for that purpose
I don't think that describing the mechanisms as facilitating illegal behavior is entirely fair. A better term would be something like "extralegal", which includes illegal behavior as a significant subcategory.
This isn't just sophistry. A significant fraction of the world's population live in places where "rule of law" is at best a polite fiction, or where the legal system is largely captured by a kleptocratic oligarchy[0].
It would be nice if trustless distributed ledgers were actually being used to do things like establish property rights and facilitate transactions in places that don't have, for example, a functioning land registry or the equivalent, or at least be shown to be useful to bootstrap that sort of thing into existence (collectible NFTs and virtual real estate are only baby steps in that direction), but it is true that the 'good' edge cases of establishing immutable ground truths that cannot be erased by fiat/regime change/interregnum are legitimate though largely theoretical[1].
Meanwhile, we're left with the definition of "facilitating behaviors that a court can be convinced to disallow, which are mostly, though not entirely, behaviors that are (and most citizens would agree should be) illegal". I can't think of a better concise term than "extralegal" to capture that nuance.
[0] I personally don't subscribe to the belief that this describes most of the industrialized world, whatever some cryptocurrency boosters think, but that's a political matter. Everybody draws the line somewhere, and agrees that some chunks of the world exist on the other side of it.
[1] Cryptocurrencies can also facilitate otherwise legal transactions that are being hindered by extralegal means, such as donations to WikiLeaks during the global payment processor blockade (December 2010 to July 2012).
That's quite interesting, but it's not the only decentralized network that can be used like this.
You could also either create nonstandard clients for the bittorrent DHT, that just use it to find each other, or maybe just have a torrent of a list of domains that you prepared beforehand, but you only provide the next chunk of data with the next items in the list once your old ones are burned.
Yes, there are more ways, what we used to do, and still in use in some communities, is to put all the other domains in the whois records on a couple website’s subdomains
So we would be using DNS as the distributed storage, its in the name lol
And there are also snapshots of whois record states all over the place if the records change or are hijacked. But this makes it hard to get new ones if the records cannot be updated and theyre all hijacked
Writes to a blockchain are still some benefits like simply not being a domain name.
> Instead, when the botnet’s C2 server is interrupted, Glupteba malware is hard-coded to “search” the public Bitcoin blockchain for transactions involving three specific Bitcoin addresses that are controlled by the Glupteba Enterprise
> Write the messages onchain to an address your users know
Ah yes, for those fans who are literally too lazy/disinterested to leave YouTube for long enough to tap your name into Google but are motivated enough to grep the blockchain.
Deplatforming has never stopped fans from finding content.
UI makes it easier, count at least you as being surprised how much messages are posted onchain and then spread across Crypto Telegram, Crypto Twitter, and then to broader news sources
I understand they want to set some sort of precedent, but good luck collecting a damages in a civil action judgment from a bunch of people who don't show up to contest a US court case, who are Russian citizens, remain domestically in Russia, and don't travel internationally (unless they're dumb).
While it is true that they will likely not see any money, it does mean that they have effectively banished these people from the US.
Perhaps it's not as life altering as jail or fines, but still: no holidays in Florida or Hawaii. No meeting peers at a congres in the US. Not even using flights from American carriers to go to South America, as they will likely pass via a US hub.
Worse. If they ignore the whole thing, at some point they will get condemned of contempt of court. That's a criminal offense. That means you can try and get interpol involved. Once you have an interpol Red Notice to your name, international travel to any civilized country becomes complicated.
> it does mean that they have effectively banished these people from the US.
This is quite irrelevant to the vast majority of Earth's population. I know some Americans consider the US to be the center of the world, but I doubt that sentiment is prevalent in Russia of all places.
> Perhaps it's not as life altering as jail or fines, but still: no holidays in Florida or Hawaii. No meeting peers at a congres in the US. Not even using flights from American carriers to go to South America, as they will likely pass via a US hub.
This is both telling, and curious. The kind of mental model of the world required to foster this as a concern for most people, is interesting.
Russian cyber criminals and other rich people often vacation globally. I didn’t check the defendant’s facebooks but I would be surprised if they have never visited the US.
Florida? Putting Florida and Hawaii in the same sentence, is funny at best. There are plenty of countries these guys can travel to, if they have enough money, they can get a passport with a different name, etc. People don't care about the US as much as Americans think. Maybe OPs is from some 3rd world country where going to America is the dream of a lifetime.
Or wait until the house of cards that is fiat money turns into real money with no counterparty risk.
Look at the risks involved in having central banks as the final counterparty for all our government's fiat monies: [0]. This is why increasingly companies, banks, pension and insurance funds, and governments are turning to it a a pristine global digital collateral with no counterparty risk.
“The key question facing Bitcoin nearing the onset of 2022 is whether it’s peaking or simply a consolidating bull market,” wrote a recent Blomberg Intelligence report[1]. “We believe it’s the latter, and see the benchmark crypto well on its way to becoming global digital collateral in a world going that way.”
Exactly. Even if you could find the defendants in the first place and somehow subpoena all the evidence and conduct the depositions you would be faced with the even steeper struggle of collecting the damages.
(and as an exercise in why PACER sucks so much, I had to pay twice to download them all because even though I opened all the PDFs in my browser my session timed out and when I hit download I just got an error and not the PDF)
"However, the operators of Glupteba are likely to attempt to regain control of the botnet using a backup command and control mechanism that uses data encoded on the Bitcoin blockchain."
I don't see the legal aspect going anywhere. I don't know the technicalities of suing someone in another country, but to get the discovery they need they'll need subpoenas. How do you serve a subpoena in Russia? Is there any treaty which gives a U.S. subpoena any legal power in Russia? I guess there must be something behind it or Google would not have wasted their legal resources to file it.
If Google establishes that the venue they're suing in has jurisdiction (which seems pretty clearly established, since it's where a substantial amount of the damage has happened), then the judge is going to let the case proceed. If at that point the defendants don't bother to show up and don't respond to subpoenas Google will eventually win a default judgement. If the defendants don't comply with the default judgement (why would they?) the judge might hold them in contempt, and then they won't be able to travel internationally to anywhere willing to extradite them or keep assets anywhere that will seize them on behalf of the US government, which is most of the world.
From the complaint, it looks like there are some Delaware corporations that are connected to the botnet that might have some assets that could be raided. So while the defendants probably don't have a lot of exposed skin, they do have some skin in the US that they are at risk of losing.
I've just downloaded the whole case file from PACER, I'll upload it somewhere in a minute. They served the defendants by FedEx a few days after filing the case. Then somehow Google immediately managed to get a Temporary Restraining Order (TRO) in record time to enjoin the defendants from their tomfoolery. Not sure at this stage how the TRO will be enforced.
Contempt is a criminal offense, so in theory, yes, you could be extradited.
This is how courts in the USA turn civil matters into criminal matters all the time. For instance, non-payment of child support: you can't legally be imprisoned for your debts, but if you fail to pay after the judge orders you to pay then you are in contempt and you are going to jail.
I don't know which jurisdiction you're referring to, but certainly in Illinois state courts it's an unlimited offense. I don't think there are any statutory restraints on it. I've seen people be sentenced to 20 years for refusing to testify as the sole witness to a murder.
The Complaint lacks a case number and says it was filed under seal, but here are the details from PACER:
Google LLC v. Dmitry Starovikov, et al.
1:2021cv10260
New York Southern District Court
12/02/2021
They served the defendants already via FedEx. What weight that will carry I don't know. The court might enter a default judgment in a few weeks when the defendants fail to appear.
This is the text from a letter from Google to the judge yesterday:
First, with respect to Thursday’s hearing, in light of Defendants’ failure to oppose
Google’s motion, Google intends to rely on the declarations of Shane Huntley and
Elizabeth Bisbee, which fully support the proposed Preliminary Injunction. Should the
Court prefer to receive live testimony from one or both of Google’s declarants, Google
respectfully requests that they be permitted to appear virtually, as each would be
required to travel from out of state (from the West Coast, in Mr. Huntley’s case) to appear
in person.
Second, as anticipated, following the disruption efforts pursuant to the TRO,
Defendants have attempted to reconstitute the botnet by using the Bitcoin blockchain to
direct the infected devices to new command-and-control (“C2”) servers and migrated the
storefronts used in service of the Enterprise to new name servers. See ECF 5 (Compl.)
¶¶ 47-50, 54-65. Google’s disruption efforts already have identified several new C2
servers, and Google is working with the relevant web-hosting providers to disable them.
Case 1:21-cv-10260-DLC Document 14 Filed 12/14/21 Page 1 of 2
December 14, 2021
Page 2
While the TRO provides that Google may move to modify the Order in the event it
identifies new domains, see ECF 8 (TRO) at 11 16, Defendants are generating new
domains nearly every day in an effort to evade the TRO. Rather than submit repeated
requests to the Court to add new domains and IP addresses as they are identified, Google
respectfully requests broader injunctive language to cover, for example, any C2 servers
identified in blockchain transactions initiated by Defendants and/or the Enterprise, any
domains used to host storefronts used in connection with Defendants’ criminal schemes,
and any domains identified by Google as hardcoded in the malware or otherwise used to
distribute the malware. A proposed Preliminary Injunction Order is attached at Exhibit
1.
Finally, the TRO provides that “Google shall post bond in the amount of $75,000
to be paid into the Court registry.” ECF 8 (TRO) at 16. The Clerk has requested that
Google instead submit the required bond to the Clerk and seek a modified order directing
the Clerk to accept the bond. Accordingly, to accommodate the Clerk’s request, Google
respectfully requests that the Court so-order that Google’s submission of the $75,000 to
the Clerk satisfies the TRO’s bond requirement. Google’s Proposed Order at Exhibit 1
incorporates this modification.
This is a myth. Russia is just normal authoritorian country and unless you're literally working for local 3 letter agencies you can get arrested and put in prison. And since it's not Israel and there are no rules this can also apply to someone working for regime too like it's recently happen to owner of local cybersecurity company Group-IB.
Of course if you're to stay anonymous then you obviously have better chances to stay off radar in Russia than in US, but again that's only work until someone bribe local authorities to find you.
Might be he was working with FBI or he wasn't, but it doesnt change the fact that he was very much pro-Putin regime and had connections in local agencies. And he isnt a first one to get imprisoned just higher profile one. So even if you're literally part of their system someone can always come for you and eat you whole.
The only "The Untouchable Russian Hackers" who exist are ones who officially work for government, but they are not any different than NSA.
Can anyone link to an article that goes into goes into detail on how the botnet uses blockchain to recover the botnet after they disrupt the c2. This seems interesting.
They are hard coded to watch certain wallets for transactions on the chain if their normal c2 servers are offline. The transactions contain their new servers/other instructions.
It takes about 10 minutes to add a node to the Bitcoin Blockchain. As soon as it is added, everyone can see it. So DNS servers could ban the new domain almost immediately after it is added. It is a race, of course, as there will be windows in which the bots could successfully phone home.
They need to show their advertisers that they are doing something - anything - to combat all the click-fraud that is sucking dollars from their customers. It's theatre.
It's difficult to summarize the Complaint, but it contains a fair bit of evidence showing how the botnet works and each of the individual scams that are perpetrated by its operators. It also looks like the operators left a very small fingerprint in a couple of places which has exposed their real identities which Google is using to attach them to the claims.
> Instead, when the botnet’s C2 server is interrupted, Glupteba malware is hard-coded to “search” the public Bitcoin blockchain for transactions involving three specific Bitcoin addresses that are controlled by the Glupteba Enterprise.
>From time to time, the Glupteba Enterprise executes transactions in those addresses, and as part of those transactions, the Glupteba Enterprise leaves in the blockchain the location of the domain for a back- up C2 Server.
Nice, the faster people start treating public blockchains as pay-to-write-once, read-for-free, databases and the native cryptocurrency more like fuel for writing, the quicker this “currency” debate ends for something more intelligent and aligned with reality and the market behaviors.
In before “they could have used a permissioned database”, I really can’t think of something more reliable and cheaper with assurances of availability like this