DNS - Neustar's Rodney Joffe Briefs the Nation on Mariposa Botnet Arrests

Once again, the cyber-security field is turning to Rodney Joffe, senior vice president and senior technologist, Neustar, Inc. He appeared as a featured guest on Federal News Radio to discuss the recent arrests involving botnets. He is an authority on many DNS-related security topics.

Joffe helped to set up the Mariposa Working Group. That public/private group investigated the Mariposa botnet. That’s the malicious program that stole passwords for websites and financial institutions. The FBI says the program stole computer users' credit card and bank account information, launched denial of service attacks, and spread viruses in as many as 12 million computers. The FBI credits the arrests of several suspects to the work of the Mariposa Working Group.

 During the radio interview, Joffe explained that a botnet is a collection of computers have been compromised, often by a criminal. The malicious software comes from a Trojan, worm or virus – and is directed at home or office machines, sometimes even at routers.

“All of these machines, without really the knowledge or awareness of the people who physically own them, are actually controlled by a central system and behind the central system, of course, is typically a criminal,” Joffe said.

About five months ago, three Spanish computer criminals were arrested for using what has become known as the buttefly botnet. Their arrest came as a result of an investigation by the FBI and Spanish national police. They were not the authors of the malicious software.

“The mastermind behind the software was arrested in Slovenia,” Joffe said. “He actually sold and customized different versions of the software for end-users.”

Joffe led the Mariposa Working Group, whose research gave investigators sufficient evidence to arrest the Spanish criminals as well as the author of the malicious software. Joffe said the Mariposa Working Group was based on the Conficker Working Group, the public-private partnership, which was the first of its kind to fight a malware threat.

In a recent interview with The Register, Joffe declined to answer questions about the Mariposa investigation beyond saying that two or three other groups who used the Butterfly botnet kit are of potential interest to international police investigating the case. He added that its use "The Spanish group were very successful in getting the Butterfly botnet kit, but its use was fairly widespread."

Joffe’s responsibilities at Neustar include defining and guiding the technical direction of the company's Internet Infrastructure Services Group, as well as heading the company’s cybersecurity initiatives.

Joffe is frequently called upon to assist federal authorities with regards to investigating and protecting against cyber-crime and cyber-terrorist activities where he is a recognized expert.  Joffe regularly briefs the White House and U.S. House/Senate groups on the subject, and has testified before Congress as an expert. Rodney is also a founder and currently chairs the Conficker Working Group, acknowledged as a “BCP” model for public/private partnerships for APT (News - Alert) mitigation. He has also provided guidance to and sits on four similar Threat Focus Cells geared towards other APTs.