Bruce Schneier just posted about the FBI taking control of botnets and disabling the infections remotely, and being giddy with excitement that I was one of the first to read it, I left a comment :D. I need a blue collared shirt.
Earlier this month, the FBI seized control of the Coreflood botnet and shut it down.
This is a big deal; it’s the first time the FBI has done something like this. My guess is that we’re going to see a lot more of this sort of thing in the future; it’s the obvious solution for botnets.
Leaving Coreflood in place could blow up some important machine. And leaving Coreflood in place not only puts the infected computers at risk; it puts the whole Internet at risk. Minimizing the collateral damage is important, but this feels like a place where the interest of the Internet as a whole trumps the interest of those affected by shutting down Coreflood.
The problem as I see it is the slippery slope. Because next, the RIAA is going to want to remotely disable computers they feel are engaged in illegal file sharing. And the FBI is going to want to remotely disable computers they feel are encouraging terrorism. And so on. It’s important to have serious legal controls on this counterattack sort of defense.
I share concerns about outsiders being able to remotely execute code on machines, but in this case if the targets are already infected with botnet software they're effectively already out of their owner's control and can't be trusted anyway. This is in contrast to the RIAA who's argument rests on the owner being complicit in the alleged crime(s).
That said, I agree with Bruce insofar as there must be strict legal rules about when such disabling can be executed. The first step may be to more specifically define what constitutes a botnet, given law enforcement and politicians barely even understand file sharing let alone Borg-esque hives of machines.
I also believe the argument that compromised machines affecting us all is a convincing one for Microsoft to allow patches of pirated copies of Windows.