Tuesday, November 20, 2007

Who guards the guard and evolution of the hackers?

Yet another aargh.

Computerworld reports a former security researcher, John Schiefer, has admitted hijacking a quarter of a million PCs, using spyware to steal bank and PayPal account information, and making money by installing adware on the massive botnet. Mr. Schiefer could get up to 60 years in prison and faces a fine of $1.75 million; sentencing is scheduled early in December.

Great. Simply great. Who guards the guards?

In analyzing this case and trends in cybercrime, Rich Mogull claims Amrit Williams has “missed the main point” in his blog. Williams says that cybercrooks are becoming “more organized, more sophisticated, and much harder to detect with traditional security measures.” Rich says Mike Rothman is more on target, when he says that it’s not about the level of penalty, it’s simply about the matter of getting caught…which, says Mike, most hackers obviously don’t want to happen.

Rich argues for increased enforcement of laws already on the books, saying that penalties are fine, but as long as you have rules that aren’t enforced, the bad guys will continue to act with a blatant disregard for those laws.

It seems to me that they’re all touching upon the same fundamental point, but from different angles. Amrit’s "I shall be more careful and more sophisticated” actually complements and leads to Mike’s “I don't think I will be caught” perspective. Seems Darwinian, interestingly enough: The lesser hackers will become extinct as stronger ones evolve. As long as there is money to be made, I think we will see evolution.

No comments: