Re: [gnso-rap-dt] counter-attack idea

[George Kirikos <icann+rap@xxxxxxxx>]

Hello,

On Wed, Apr 1, 2009 at 12:14 PM, Mike O'Connor <mike@xxxxxxxxxx> wrote:
> this is just an idea to heave into the pile.
>
> let's say that we find a person abusing the domain-name system to power
> their botnet.  let's further presume that (like the Conficker case) we know
> the domain names.   what if we didn't take those names down, but instead
> made it possible to use those names to wrest the botnet away from the
> bad-guys?  what policy would we need to craft in order to allow good-guys to
> do that in a safe and orderly way?

I've not researched this in detail, but I'd assume any modern botnet
would use strong encryption for its communications to make it
difficult to wrest control away. But, suppose the NSA has a magic box
(perhaps quantum computers that can break codes very quickly), or
researchers discover the "private key" needed to issue authorized
commands/updates, I would think they would need to go through a
special channel, maybe something involving the Security and Stability
Advisory Committee in cooperation with law enforcement.

Ultimately it becomes a legal question, just because you can take
control over a botnet, should you? Normal civilians would still not
have the authority of the computer owner (i.e. residential home
computers) to run programs, etc. (unless you're Microsoft and can
issue a mandatory "Windows Update"), especially given those computers
can cross national boundaries. But, if you take scenarios out of the
TV show "24" and there's some imminent threat, one would probably want
a mechanism for Jack Bauer to save the day easily -- the "Jack Bauer"
policy! :)

Sincerely,

George Kirikos
http://ww.leap.com/