If you've got root RCE can't you use it to "close" the implant and make sure noone gets hurt like some have been doing to counteract IoT botnets? How is leaving a gaping hole better?
EDIT: To those saying it would be a legal liability risk, isn't it a criminal offense in your jurisdiction if you know about a danger to someone else, not to do something about it if only warn them? (non-assistance à personne en danger, in french law) Or couldn't you partner with a security research lab with better legal counsel?
That's illegal. You can't break into someones house to kick out a burglar. The people that have counteracted and kicked out bots from botnets broke laws in several countries (fed crime in US), which is why they don't publicize their identity (even if they did, prosecutors may not come after them). You need the consent of the system owner to help them with the intrusion, otherwise anyone can hack into someone else's computer and say they were there to get rid of some malware.
> isn't it a criminal offense in your jurisdiction if you know about a danger to someone else, not to do something about it if only warn them?
In America where the NSA is located? I’ve never written “lol” on this site, but this time called for it.
Since you’re in France I’ll now explain nicely. Not even our cops have any legal requirement to intervene: both when there’s an active crime or even if they see another cop committing a crime in the line of duty (e.g. excessive force).
And civilians (in the American press both military and “deputized” police are called non-civilian) will frequently ignore all manner of crimes, from shootouts to a person overdosing on drugs.
US LEO here. This is not exactly correct. At least this bit: "both when there’s an active crime or even if they see another cop committing a crime in the line of duty (e.g. excessive force)."
Cops generally have no duty to protect anybody. That's not their job, no matter what the decals on the squad say. But if you're on duty, and you witness a crime being committed right in front of you, especially if it's something as serious as a violent felony, and literally ignore it, and anybody finds out, you'll at least probably be fired. Depending on the jurisdiction and totality of circumstances, it may also be a crime.
There's a case working its way through the courts where LEOs disarmed someone at the behest of some thugs and then watched him get beat to death by said thugs.
The LEOs are arguing that they had no duty and that they're not responsible for the consequences of said disarming.
The nature of "anyone finds out" is relative to departmental corruption, yes. But that doesn't change the actual rules. And it should be noted that most people's understanding of law enforcement procedure comes from tv fiction or the news. The unreliability of the former should be obvious, and the latter.. well the only things that make the news are things that are newsworthy and out of the ordinary. Which is probably not a good basis for making sweeping judgements about all LEOs and agencies everywhere.
The point of mentioning the court case is that case and statutory law are NOT a slam dunk for "LEOs are required to act." in even cases where "the rest of us" would expect. The last I heard, the LEOs in that case were prevailing....
Doesn't work like that in Seattle. Police actively ignore drug use in the (clean) parks, even with complaining witness. Police point and laugh at homeless fighting each other. Source: my eyes.
I know where it comes from. And regardless of management, my observations are counter to the parent comment, claiming an LEO would be fired for ignoring violent crime.
Off topic, but I’ve been curious about moving from tech to working in LEO (cyber, fraud, etc) but the FBI/SS requirements around mobility are untenable for me. I’d be interested to hear your experience and any advice around opportunities (in Texas) that are compatible with family life.
I don't know much about Texas specifically, but I work for a state level agency. Federal requirements can be onerous for sure, and the work I do (cyber) is still interesting. Life-balance wise it's basically a normal 9-5 with a moderate amount of travel, but rarely away from home for longer than a day or two. And even that's only a few times a year.
But the victims have already been compromised by one of the most malicious organizations on the planet. Being further compromised would probably be more likely to help than hurt, as it would make it more likely that whatever the NSA is doing is discovered or disrupted.
So you notify the victims so they can do something about it. I mean you yourself just said how sophisticated the threat was, shouldn't they know an implant accessed sensitive data and may have tampered with the integrity if data as well? Cutting off access is just containment, not eradication. Any operator worth his salt would have multiple ways back in for when the primary implant is burned. A proper incident response involves the consent and participation if the victim,the implant/malware is not the problem, what was and might be done using it is.
EDIT: To those saying it would be a legal liability risk, isn't it a criminal offense in your jurisdiction if you know about a danger to someone else, not to do something about it if only warn them? (non-assistance à personne en danger, in french law) Or couldn't you partner with a security research lab with better legal counsel?