Revisiting Takedowns: Lessons Learned from the Trenches

Recently, we have witnessed a sharp increase in actions from both the private and public sectors as they fight to take down botnets. Unfortunately, only a hand full of these actions can be objectively evaluated and collectively deemed as an operational success. While the popular press has exalted much of the short-term gains, the operational community has often been left to deal with the aftermath of failed botnet takedown operations. In this session we will examine the lessons learned from recent takedown efforts. Together with participants from the operational community, we will explore questions pertaining to the lack of strategic planning in our actions against miscreants and solicit input on what such planning should entail. Several questions abound, including (but not limited to) whether better strategic planning could avoid "blue-on-blue" violence and minimize collateral damage; what forms of information sharing can better facilitate such planning? how should we prioritize actions against threats? how can we assist judges who must objectively validate the abuse data presented to them?