Cybercrime Fighters Adopt Community Tactics
With the Federal Bureau of Investigation (FBI) asking for information online about the world's most-wanted hackers and Symantec Corp. (Nasdaq: SYMC) asking users to log intrusions in order to track down cybercriminals, we can see the beginnings of a Netizen-based "Cyber Corps."
With its new Norton Internet Security release, Symantec is asking customers to opt in to a program that will collect data about attempted computer intrusions and then forward the information to authorities. Symantec will also begin posting the FBI's top 10 hackers and their schemes on the part of its Website where customers go for software updates. Next year, the company will start paying cash bounties for information leading to an arrest, using a similar ploy attempted earlier this year when Microsoft Corp. (Nasdaq: MSFT) called for greater industry coordination and offered a $250,000 reward for a conviction of those responsible for the Conficker worm.
Anything that raises awareness about the worst of the known cybercriminals can only be a good thing. The open-source security community has used this sort of cooperation and communication for some time, and it's led to the takedowns of Atrivo, McColo, and Estdomains late last year, and more recently, of Real Host. Spamhaus has its own version of a most-wanted list and displays the top 10 worst spammers on its Website. It looks like the commercial security industry is at last embracing these successful open-source tactics.
Another interesting facet to be seen as a change of approach, commitment, and perception to countering cybercriminals can be found in a program advertised by the U.S. Department of Justice to recruit students for a federal cyber corps by offering scholarships in computer security intrusion issues and creating degree-level programs.
In just a few years the government could have its own band of well-trained cyber warriors ready to take on the might of organized cybercrime. The FBI is keen to display its efforts against "computer intrusion," and invites citizens to help catch suspects wanted in computer intrusion cases as an introduction to the agency's own most-wanted page.
Although this is an interesting and welcome development for the U.S., it should have a positive impact for the Internet as a whole. A few fundamental questions still remain such as what can be done on an international level via the United Nations, for example. Likewise as seen with the recent indictment of Albert Gonzalez in the Heartland Payment Systems hack, the other defendants are unlikely to be apprehended. As reported here, even after several years and an admission of guilt, the British hacker of NASA and other U.S. governmental systems, Gary McKinnon, still has not been extradited.
It's not the end of Internet security problems, but collectively, these initiatives demonstrate a sea change with regard to community involvement. Rather than something that's viewed as nice but not necessary, communities can be rightly viewed as an essential component to better security all across the Internet.