Policing the virus writers: Good news?
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 1
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
They're being caught, but they're also getting smarter
By Scott Mace | San Francisco | Wednesday, 9 March, 2005
A recent spate of high-profile arrests of malware writers is no cause for comfort, say computer crime experts.
While law enforcement authorities have recently arrested numerous virus writers and hackers, these arrests, and the stiff prison sentences that may follow, are likely to discourage only the most casual malware writers, say experts, and will probably have minimal impact on hardened criminals, particularly those overseas.
"Common sense would say it would deter some people," says Mark Greisiger, president of Net Diligence, a Philadelphia-based cybersecurity auditing firm. "Kids out there who might want to take on the challenge of breaking into a Web site and defacing it, they might be deterred by thinking 'my pranks can put me in jail.' But then again, a lot of these people are youths and they might not think twice about it."
Authorities have arrested some young virus writers. Take 19-year-old Jeffrey Lee Parson, who pleaded guilty to creating a variant of the Blaster worm. Police arrested him in 2003, and earlier this year, a judge sentenced him to 18 months in jail. Similarly, authorities last May arrested an 18-year-old German man for creating the Sasser worm. Similarly, police arrested a 16-year-old from Canada and charged him with distributing the Randex computer worm.
"Any arrest of a malware developer or someone perpetrating an attack is a good thing," says Paul Kurtz, Executive Director of the Cyber Security Industry Alliance. He adds, however, that "the threat, I believe, is migrating. In other words, we've gone from script kiddies to hackers to what I've seen now: organised crime getting involved in this area. This means we'll have much more sophisticated and stealthy criminal activities."
He describes the threat as "a trend where it's getting stealthier, [the criminals] have more money, and they want to cover their tracks."
"What ultimately happens to the money they steal is also worrisome," he says.
Virus writers aren't the only ones getting caught: Last fall, the US Secret Service announced the arrest of 28 people from eight states and six countries who were allegedly involved in a global organised cybercrime ring. Charges filed ranged from identity theft to computer fraud.
Prosecutions from this investigation continue, says US Secret Service Director Ralph Basham, speaking at the recent RSA 2005 conference in San Francisco. Earlier this year, the Secret Service assisted in arresting a man in Scotland in connection with a worldwide series of distributed denial-of-service attacks.
Still, while some virus writers are caught and their prison sentences make headlines, most malware authors escape detection. For every Blaster variant where authorities arrest a suspect, there's another Witty and Sober worm, where they never find the culprit.
"The vast majority of malware authors have not been identified, let alone arrested," says Bruce Schneier, CTO of Counterpane Internet Security. "Basically, unless the author is stupid and brags, he's not going to get caught."
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
