Policing the Virus Writers: Good News?

A recent spate of high-profile arrests of malware writers is no cause for comfort, say computer crime experts.

While law enforcement authorities have recently arrested numerous virus writers and hackers, these arrests--and the stiff prison sentences that may follow--are likely to discourage only the most casual malware writers, say experts, and will probably have minimal impact on hardened criminals, particularly those overseas.

"Common sense would say it [the arrests] would deter some people," says Mark Greisiger, president of Net Diligence, a Philadelphia-based cybersecurity auditing firm. "Kids out there who might want to take on the challenge of breaking into a Web site and defacing it, they might be deterred by thinking 'my pranks can put me in jail.' But then again, a lot of these people are youths and they might not think twice about it."

Authorities have arrested some young virus writers. Take 19-year-old Jeffrey Lee Parson, who pleaded guilty to creating a variant of the Blaster worm. Police arrested him in 2003, and earlier this year, a judge sentenced him to 18 months in jail. Similarly, authorities last May arrested an 18-year-old German man for creating the Sasser worm. Similarly, police arrested a 16-year-old from Canada and charged him with distributing the Randex computer worm.

Link to Organized Crime

"Any arrest of a malware developer or someone perpetrating an attack is a good thing," says Paul Kurtz, Executive Director of the Cyber Security Industry Alliance. He adds, however, that "the threat, I believe, is migrating. In other words, we've gone from script kiddies to hackers to what I've seen now: organized crime getting involved in this area. This means we'll have much more sophisticated and stealthy criminal activities."

He describes the threat as "a trend where it's getting stealthier, [the criminals] have more money, and they want to cover their tracks."

"What ultimately happens to the money they steal is also worrisome," he says.

Virus writers aren't the only ones getting caught: Last fall, the U.S. Secret Service announced the arrest of 28 people from eight states and six countries who were allegedly involved in a global organized cybercrime ring. Charges filed ranged from identity theft to computer fraud.

Prosecutions from this investigation continue, says U.S. Secret Service Director Ralph Basham, speaking at the recent RSA 2005 conference in San Francisco. Earlier this year, the Secret Service assisted in arresting a man in Scotland in connection with a worldwide series of distributed denial-of-service attacks.

Still, while some virus writers are caught and their prison sentences make headlines, most malware authors escape detection. For every Blaster variant where authorities arrest a suspect, there's another Witty and Sober worm, where they never find the culprit.

"The vast majority of malware authors have not been identified, let alone arrested," says Bruce Schneier, CTO of Counterpane Internet Security. "Basically, unless the author is stupid and brags, he's not going to get caught."

Subscribe to the Security Watch Newsletter

Comments