Can Cops Use a Botnet for Good?

holding bitcoin in hands by hacker. people doing cyber crimes by electronic devices.
By Christopher Coble, Esq. on September 05, 2019 9:04 AM

You might not know exactly what a bot is, much less a botnet. But you probably know from context that they ain't good. The FBI once described botnets as "armies of personal computers taken over by cyber criminals and used on the sly to commit all kinds of mischief, from identity theft to denial of service attacks to massive spam campaigns."

But if the bad guys can use armies of computers to do bad guy stuff, can the good guys use armies of computers to do good guy stuff? French police may have just proved it's possible.

Malicious Intent

Malware, short for "malicious software," can do all kinds of damaging things to a computer, server, or network -- everything from running simple pranks or disrupting internet service to holding computer systems or files for ransom or stealing personal information like bank account, credit card, or Social Security numbers. One type of malware commandeers personal computers to mine bitcoin, offloading the time and energy cost to unsuspecting victims.

A specific worm, called Retadup, had infected some 850,000 computers with bitcoin-mining malware since last spring. But rather than contacting all of those victims and cleaning their computers one by one, French police went to the source. With the help of Czech cybersecurity firm Avast, France's National Gendarmerie Cybercrime Fighting Center (C3N, somehow) was able to take control of a server used to spread the worm, then remotely wiped the malware from the infected botnet of computers.

"In accordance with our recommendations, C3N dismantled a malicious command and control (C&C) server and replaced it with a disinfection server," Avast reported. "The disinfection server responded to incoming bot requests with a specific response that caused connected pieces of the malware to self-destruct. At the time of publishing this article, the collaboration has neutralized over 850,000 unique infections of Retadup."

White Hat Hackers

That sure sounds better than disinfecting 850,000 computers one at a time. But now that the cops have shown they can un-infect computers, can they use similar technology to just upload anti-virus software to thousands or millions of computers at a time, unbeknownst to the owners?

In the United States, probably not. The federal Computer Fraud and Abuse Act (CFAA) prohibits "unauthorized access" to another's computer or network, regardless of your intent once you've gained access. And warrants permitting computer access normally aren't granted when the police want to protect the data on your computer.

Related Resources: