On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator.
For the past 18 months, The Shadowserver Foundation has been quietly working to support international Law Enforcement agencies in the coordinated take down of the criminal operated Avalanche malware delivery platform.
As we had previously stated, we are moving. Or I should say we have moved. It was a huge amount of effort by many of the team members. A big thanks goes out to them all for the work, long hours, and back breaking exercise that no geek enjoys.
Well, as many of you know, we have always been kind of the underground heroes of the Internet. We have scraped by with used gear, volunteers, and parts that fail often. We have told stories about our failures and the tribulations of being a non-profit. While none of that has really changed, we have finally gotten something nice.
After many years in our current datacenter, we've outgrown the space. We have found a new datacenter space nearby and have slowly been moving into it. We've reached a point where we have to shut everything down for a week to finish the migration.
As many of you are aware, we scan the Internet on a daily basis for many different protocols. We have added several new ones over time mostly depending on our own time available to engineer a scan for that protocol. Occasionally, we add one that is more topical and addresses a recent vulnerability or issue that needs to be focused on sooner rather than later. ISAKMP falls into that category.
As most of you may know The Shadowserver Foundation is a non-profit organization in both the US and in the EU. We survive through donations, sponsorships, as well as project work to expand out what we are able to do. We share our data for no cost with the direct network owners. From our last few posts you can get an idea of how many drives we go through and the possible cost to maintain all the work that we have been doing. We do not ask for credit, only the occasional support.
July of last year we had a little problem. We had a lot of drives to dispose of and did so as inexpensively as possible via a drill press, a lot of time, and a lot of flying metal as we slowly destroyed stacks of drives one at a time. Moving forward in time to today, we realized that our bins were once again full of drives, almost 1500 this time. This adds up to almost three petabytes of storage in disks. Knowing that it would take us days of drilling we sought out a faster solution, and here it is.
At 3:37PM PST, we had a power blip in one of our datacenters. In those two seconds, over 1,000 systems blinked offline. As a non-profit, we don't have all of those niceties such as hot-hot datacenters or those new fangled UPSes. Instead, we do it the old fashioned way, which means we are susceptible to power failures within the building our core systems reside.
On 15 September 2015, FireEye published information about potentially compromised Cisco routers under the name SYNful Knock. As soon as Shadowserver became aware of these potential compromises, Shadowserver and Cisco worked together and cooperated to scan the internet to detect these affected routers to allow a more accurate notification of the affected end-users.
Shadowserver uses cookies to gather analytics. This allows us to measure how the site is used and improve the experience for our users. For more information about cookies and how Shadowserver uses them, see our privacy policy. We need your consent to use cookies in this way on your device.