http://www.theinquirer.net/default.aspx?article=39948 By Paul Hales in Luton 30 May 2007 Comment Ever catch a phisherman? WHAT MIGHT HAPPEN, we wonder, if the MPAA was put in charge of seeking out spammers? Would, perchance, these 21st century wide boys awaken to find demands for $20,000 in their in-boxes. "Pay-up or go to court, charged with clogging up the Interweb," the missive might read. "We are the virtual cops. Cough up or face disgrace. Resistance is futile." What might happen if the real Plod were interested in catching malware writers? Would doors be battered down at dawn? Would armed officers pursue suspected crackers through the London Tube? "He looks like a hacker, Sarge!" "Yeah, that openly-sourced T-shirt's a dead give-away. Shoot to kill." Bang. Bang, bang, bang, bang, bang. "Well, we were close Sarge. A lot of phishermen are South American, apparently. Some must be Brazillian." A little while ago I wrote a bit of a daft piece about Microsoft. Sat down with a couple of Volish security experts I asked them what the worse was that could happen if your corporate network was hacked into. And I wanted to know how many hackers, crackers or malware writers the firm had helped apprehend. Spookily enough, within half an hour of that piece appearing on the pages of the INQ a further Micromissive appeared in my mailbox. "Through a combination of teamwork, training, and technology, Microsoft works to identify, prosecute, and ultimately stop the developers and distributors of malicious code," it read. The firm, it acknowledged, is "well situated" to fight threats like spyware "which undercuts trust in the online environment and can cause harm to individual users." So what does Microsoft do about Spyware and the like? "Microsoft has experienced attorneys, investigators, technical and forensic experts, technologies, and other resources to help fight cybercrime and bring those who use it to perpetrate crimes to justice," it says. So how many spyware authors, malware writers, virus builders has Microsoft helped to apprehend in the thirty-odd years of its existence. Well, directly? One, it seems. Some bloke in India sent a death threat to the president. Microsoft helped out, it said proudly, by tracking the bloke down through the Hotmail account he used to send the message. Cool, huh? Microsoft says it has been involed (sic) in various initiatives to fight cybercrime. It has organised International Botnet Conferences. It got involved in the Child Exploitation and Online Protection (CEOP) thingy which seems to have helped tracked down Gary Glitter, and it has helped sponsor training courses for online coppers. Details of the arrests all these efforts have spawned is not forthcoming. Not many seems to be the answer. While the Vole may certainly have helped catch our irate Indian who threatened a politician, its role in the arrest of Gary Glitter is rather more circumspect. It joined the organisation before the arrest was made, so obviously shares in the collective glory. Of course, it's not really Microsoft's job to police the Interweb. It's not really the MPAA's or the RIAA's either. But these organisations represent the interests of their members and if they don't get a couple of bob every time someone plays a song in their home, their executives may run out of champagne and coke. Whose interests are really threatened by cybercrime? Well, certainly not the software makers, the chip makers, the hard disk makers, the mouse makers, and least of all the virus busters and security firms which daily release news of the latest "vulnerabilities" plaguing the web. No, the victims are the poor users. Not that they're likely to have their identity stolen or their bank account plundered or their data erased by some malicious bot or other. The chances of that happening are millions to one. No, what they are forced to do is continually fork out for spam-busting protection, for "secure" operating systems, for funky firewalls, malware detectors or phish-sniffing software. All this junk clogs up their spanking new PC so that they continually have to upgrade to newer chippery clever enough to have a processing core dedicated to each of the bloatsome security routines keeping them safe while they surf. It's a con, gentlemen. A big fat con. No one has a business interest in catching identity thieves or malware writers. There's no money in it, so no-one's bothered. Ponder this when your machine takes half an hour to download the latest virus patch or it takes hour to switch off since the Vole has plugged a bunch of its holes. Or you find yourself in PC World forking out a grand to replace your aging PC with a new one which will probably be as slow as our old one within a week or two. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 30 2007 - 22:19:40 PDT