This is a bit of a quick rant. I heard about this last week but didn’t get around to commenting. Apparently last week at RSAC CrowdStrike decided to throw ethics aside for showmanship by bringing down the Kelihos botnet on stage in front of a crowd.
Why? How long were they siting on this just so they could do in front of a bunch of people and press?
While I applaud the work they did do, I wonder about the people who got their creds stolen and bank accounts raided between when they knew how to take it down and when they actually did on stage. This seems completely irresponsible and shaming to see what some folks in the InfoSec industry are headed to.
Read more about the take down at Threatpost.