A critical look at the major takedown of BredoLab by the Dutch High Tech Crime Unit: More International Cybercrime laws needed!

26/10/2010
G DATA Blog

Yesterday, 25 October 2010, The Dutch High Tech Crime Unit of the KLPD announced a major takedown of a large botnet, known as Bredolab.

Bredolab is a big family of polymorphic Trojans and has been thought to install parts of the Cutwail botnet in the past. The botnet has spread through drive-by-downloads and email. Bredolab is known to send out large email spam campaigns and the installation of fake security products. The Dutch company LeaseWeb was hosting this botnet, without their knowledge. After the company was informed about this fact, they gave full cooperation to the authorities to take the botnet down.


Even though this was the largest operation against cyber crime in the Netherlands so far, it was not unique. It has been done in serveral other countries before, like the US, Spain and even in the Netherlands. The striking point is how things will be handled from here. The High Tech Crime unit will use the existing botnet infrastructure to send a program to all infected machines, showing them a warning : "Users of computers with viruses from this network will receive a notice at the time of next login with information on the degree of infection." This screen is shown in a video. Click the following direct link to see it: http://teamhightechcrime.nationale-recherche.nl/nl_infected.php

This tactic is not new to the High Tech Crime Unit: they have done the same thing a couple of years ago during their action and takedown of another botnet in August 2008. The problem lies in the (un)reliability of this system. What if cyber criminals use the same screen in the future to convince people to install fake security software?


Another problem is the legal issue. Running code on another person's computer might be seen as "unauthorized use". This might make it illegal in several countries, even though the intentions are obviously good. I think we need much more international coordination and clear international laws concerning these kinds of problems. Only then can we start to effectively battle cybercrime.

The KLPD report: http://www.om.nl/actueel/nieuws-_en/@154338/dutch_national_crime/