The DCWG Debriefing - How the FBI Grabbed a Bot and Saved the Internet

Presented at DEF CON 20 (2012), July 28, 2012, 5 p.m. (50 minutes)

In November of 2011 a multinational force of feds and wizards took down Rove Digital's on-line infrastructure including the DNS Changer name servers. Under contract to the FBI, employees of Internet Systems Consortium (ISC) installed "clean" replacement DNS servers to take care of a half million DNS Changer victims. On July 9 2012 the last court order expired and we turned these name servers off, having had only mixed success in getting the malware cleaned up. Andrew Fried and Paul Vixie of ISC will present the whole story and talk about some of the hard lessons to be learned.

Presenters:

• Paul Vixie - Chairman and Founder, Internet Systems Consortium
  Dr. Paul Vixie is Chairman and Founder of Internet Systems Consortium. He served as President of MAPS, PAIX and MIBH, as CTO of Abovenet/MFN, and on the board of several for-profit and non-profit companies. He has served on the ARIN Board of Trustees since 2005, where he served as Chairman in 2008 and 2009, and is a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). Vixie has been contributing to Internet protocols and UNIX systems as a protocol designer and software architect since 1980. He is considered the primary author and technical architect of BIND 8, and he hired many of the people who wrote BIND 9 and the people now working on BIND 10. He has authored or co-authored a dozen or so RFCs, mostly on DNS and related topics, and of Sendmail: Theory and Practice (Digital Press, 1994). He earned his Ph.D. from Keio University for work related to the Internet Domain Name System (DNS and DNSSEC).
• Andrew Fried - Senior Consultant, Cutter Consortium's Business Technology Strategies and Government & Public Sector Practices
  Andrew Fried is a Senior Consultant with Cutter Consortium's Business Technology Strategies and Government & Public Sector practices. His unique skill set has earned him a worldwide reputation; his background includes working as a uniformed police officer, a computer programmer and security analyst, and a Senior Special Agent with the US Department of the Treasury, a post he retired from after a 20-year career. Mr. Fried's extensive knowledge allows him to identify large data sources that are seemingly unrelated and combine them to produce findings that would not be otherwise identified. His passion and tenacity for identifying and stopping Internet criminal activity has earned him the respect of leading industry experts. During his last two years at the US Treasury, Mr. Fried was credited with identifying and mitigating over 3,000 fraudulent online schemes. He currently works as a security researcher for a nonprofit organization involved in identifying organized criminal enterprises responsible for fraudulent schemes, denial-of-service attacks, malware propagation, and large-scale botnets. Mr. Fried's work routinely involves data mining and analysis of data sets that contain hundreds of millions of records.

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Vixie
• https://www.youtube.com/watch?v=E9n2dQ7Fv6A

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks
• DEF CON 18 (2010) / SIE Passive DNS and the ISC DNS Database
• Black Hat USA 2010 / SIE Passive DNS and the ISC DNS Database