Tuesday, November 08, 2005

Congratulations to Feds

I'd like to congratulate the United States Attorney's Office, Central District of California for indicting a bot net controller. According to the press release and the indictment (.pdf), up to 400,000 victims were compromised. You can track the progress of this case through the Post Indictment Arraignment Calendar.

This is exactly the sort of work that needs to be done. Security professionals cannot win against intruders if only the "vulnerability" variable of the risk equation is addressed. We need law enforcement to reduce the "threat" variable as well. The suspect in this case is a 20-year-old living in California. This is the sort of perpetrator who can be deterred, unlike a foreign intelligence agent or member of organized crime. The more bot net operators who are put in jail, the fewer lower-end threats we will need to stop.

3 comments:

John Ward said...

True enough. Now comes the second part, being consistent enough to make a lasting impression. The problem is last time I can remember a conviction is Kevin Mitnick. And before that, M.O.D. This demonstrates that hard convictions are few and far between to really be effective. The govt. needs to step up the pace.

Anonymous said...

Stop your crying. If you're stupid enough to let yourself become vulnerable to a trojan, a phishing attack, or a scam, then that's your fault.

J. Webster said...

So to follow your analogy - if you are dumb enough to be hit by an uninsured driver then it is your fault? The victims in these cases did nothing more than operate a system in accordance with the manufacturers instructions. If any bears additional liability it should be the ISP and the software vendors - not the victims. You must work in a tort reform office.