US will map and disrupt North Korean botnet
It will warn Joanap victims that they've been compromised.
The US government plans to turn the tables on North Korea-linked hackers trying to compromise key infrastructure. The Justice Department has unveiled an initiative to map the Joanap botnet and "further disrupt" it by alerting victims. The FBI and the Air Force Office of Special Investigations are running servers imitating peers on the botnet, giving them a peek at both technical and "limited" identifying info for other infected PCs. From there, they can map the botnet and send notifications through internet providers and foreign governments -- they'll even send personal notifications to people who don't have a router or firewall protecting their systems.
DOJ officials stress that they received approval for the campaign through both a court order and a search warrant.
Joanap and the worm that helps detect vulnerable systems, Brambul, have been around since 2009. However, it wasn't until recently that American officials directly blamed the North Korean government for the attacks, which have targeted the aerospace industry, finance and critical infrastructure. As the DOJ explained, the botnet a threat to national security -- there's a strong incentive to take it down.
