this post was submitted on 12 Sep 2023
122 points (94.9% liked)

Technology

58303 readers
6 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

FBI, Federal Judge Agree Fighting Botnets Means Allowing The FBI To Remotely Install Software On People’s Computers::The ends aren't always supposed to justify the means. And a federal agency that already raised the hackles of defense lawyers around the nation during a CSAM investigation probably shouldn't be in this much of hurry to start sending out unsolicited software to unknowing recipients. But that's the way things work now. As a result…

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago (2 children)

It's not overblown, they are modifying people's systems without their knowledge or consent, a warrant to do so should never have been granted. Whether their intent was good or not is irrelevant.

This smells of a case where they are looking to broaden their reach through precedence. They now can modify peoples systems if a judge feels it's "good" to do so.

[–] [email protected] 13 points 1 year ago (2 children)

They uninstalled a malicious bot-net from people's machines that they never consented to either. The bot-net posed a serious and persistent threat to essentially everyone on the internet.

While having law enforcement writing code to run on people's machines unwittingly is definitely extreme and absolutely should be heavily scrutinized, leaving the bot-net active is not a better option. And in this case law enforcement has been public about their actions so there's plenty of opportunity for what happened to be reviewed.

[–] [email protected] 2 points 1 year ago (1 children)

It doesn't matter if what they did had good intentions or that they made their actions public after they modified people's systems. The precedent this sets is that anything that a judge feels is "bad" can be removed from your system.

[–] [email protected] 0 points 1 year ago (1 children)

The intentions and the specifics of the granted warrant does matter. It's like someone placed a bunch of remotely controlled booby-traps in homes across the city. Law enforcement discovers the booby-traps and knows all the homes involved, and that the threat is real and imminent. Granting a warrant allowing law enforcement to remove the traps before someone is injured is not unreasonable.

The scope of the warrant is very specific... they can enter the property to remove the threat, and for no other purpose. That would not be unreasonable and nobody is going to complain that LE wasn't acting in everyone's best interest, even if residents didn't consent to having the booby-trap removed. Nobody wants it and it poses a continuous threat while present. Removing it asap is the right thing to do.

[–] [email protected] 1 points 1 year ago

My turn for a straw man, it's like the FBI adding local dns entries to your system so you can't go to porn sites because one judge thinks porn is bad for everyone and stopping people from watching porn is good.

[–] [email protected] 2 points 1 year ago (1 children)

Yeah, this is a weird one in my opinion. I don't like either option, but I guess if they told the malware to effectively self destruct, then IMO that's okay, with the caveat that the FBI leaves some indicator behind that allows users to know that this happened on their machine.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

Communicating what happened and how they would do that is an interesting problem. Knowing which machines are infected is simple because they were contacting the control servers regularly. Knowing where the machines are and who they belong to is not. I suspect it would a lot of work and expense to discover the physical addresses of all the machines to communicate officially outside of leaving something on their computer, and writing software to leave some kind of official "calling card" behind that would inform the user what happened is neither trivial and would likely also be upsetting to people. Most would assume the message itself is some kind of scam or mal-ware itself. I'd personally still want to know, especially since I might have the actual mal-ware on backups or other infected machines that are offline, but I'm not altogether surprised if they chose not to inform the users at all.