Federal Bureau of Investigation

Biography

For approximately four years, the special agent has been assigned to the FBI field office in New Haven, Connecticut.  He is responsible for investigating computer crimes, including criminal and national security computer intrusions; Internet fraud; and Internet crimes against children. He served as the Case Agent responsible for the April, 2011 disruption of the Coreflood Botnet.  Prior to his career as an FBI Agent, he was employed by Sprint Corporation as a Software Engineer.

Presentation: Coordinating International Law Enforcement Operations Case Study: The Coreflood Botnet

In April 2011, the FBI commenced Operation Adeona, the first takedown of a botnet by U.S. law enforcement authorities.  After seizing Coreflood's command-and-control servers, the FBI established a substitute server that, pursuant to a court order, issued "exit" commands to the Coreflood malware on hundreds of thousands of computers. This prevented Coreflood from updating itself, rendering it vulnerable to anti-virus software.  Microsoft, in particular, issued two targeted releases of its Malicious Software Removal Tool over the course of the operation.  The substitute server also issued "uninstall" commands to cause Coreflood to delete itself from a number of computers.  During the nine-week operation, the size of the botnet was reduced by more than 95%.  The presentation will describe Operation Adeona, including technical aspects of the takedown, the public- and private-sector cooperation involved, and the legal framework underpinning the operation.