Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Worm Writers Stay Free

Posted by CmdrTaco on from the future-of-the-net dept.

savaget writes "There is an interesting Wired article explaining why worm writers are getting scott free despite their destructive deeds." Nothing really new: overworked law officials, bragging worm writers, you do the math ;) I still find it amazing. The bandwidth wasted by a successful worm is gigantic. To say nothing of time and disk space.

11 of 373 comments (clear)

  1. Hilarious part by ergo98 · · Score: 5, Funny

    SirCam contains this text in its code: "SirCam Version 1.0 Copyright 2001 2rP Made in / Hecho en - Cuitzeo, Michoacan Mexico."
    Smith has a hunch that the author of SirCam is or was in Cuitzeo, and is probably a student. Cuitzeo is located 16 miles from Morelia City, which boasts a large university.

    Talk about a blinding flash of the glaringly obvious...

  2. Why do worm writers stay free? by Hatechall · · Score: 5, Funny

    Because all the spare law enforcement officials are giving me traffic tickets.

    Rolling stop my ass.

    1. Re:Why do worm writers stay free? by JWhitlock · · Score: 5, Funny
      Because all the spare law enforcement officials are giving me traffic tickets.

      Yeah, cause that will get ya out of a ticket...

      "Hey Barney, why aren't you on the Internet stopping the real criminals! Boy, I'm glad I buy from Amazon, or else my sales tax would pay for your salary!"

  3. No money in catching them. by saint10 · · Score: 5, Insightful

    A multi-billion dollar industry was created by writers of malware; anti-virus, tripwire, IDSes. Why would any large security company want malware authors to be caught?

    1. Re:No money in catching them. by ackthpt · · Score: 5, Interesting

      Ages ago, there was something of a scandal in the news when a prominent anti-virus company CEO warned of a doomsday of a new virus or worm making the rounds. Of course, sheep bought the software, but nothing much materialized and the CEO resigned in disgrace after being accused of trying to create a market by scaring people, some people went so far as to suggest the particular company was actually the orgin of virii and worms. Wish I could remember who that was, maybe this is article alludes to it (the Michelangelo virus)

      --

      A feeling of having made the same mistake before: Deja Foobar
  4. Re:They aren't terrorists! by geophile · · Score: 5, Insightful

    Your posting says that virus writers aren't terrorists because what they do doesn't compare to killing 3000+ people. Then your sig compares Bill Gates to Hitler.

  5. Re:They aren't terrorists! by dillon_rinker · · Score: 5, Insightful

    Terrorism doesn't necessarily imply killing people. The classical terrorist (ie, the one that exists mainly in poli-sci courses) blows up generators, water plants, radio towers, etc in an effort to destroy the public's trust in the government's ability to protect them. Someone who targets civilian infrastructure meets the threshold for being a terrorists. There's obviously a gradation; those who target large numbers of civilians are also terrorists (duh) but that doesn't mean that someone who blows up an empty building isn't a terrorist.

    Furthermore, I would argue that you don't need to have political objectives to be classified as a terrorist. If I blew up a generator station because I think it'd be cool to see, I think it would be valid to classify me as a terrorist. This gets kind of tricky, because it'd be easy to categorize an arsonist as a terrorist, or a vandal, but I digress.

    Anyway, the obvious analogy is that someone who targets information infrastructure (ie worm writers targeting email servers) is a terrorist. And don't argue that the analogy doesn't hold simply because there's no no permanent damage simply because it can be repaired. That's like arguing pulverizing every cubic inch of a building isn't permanent damage because it can be rebuilt. Don't argue that there's no real costs associated with worm attacks - do you think net admins work for free? (If so, I've got a job for you :) I'll grant that most costs are overrated.

    Counterpoint - if blowing up a building is terrorism, why not burning it down? Should arson be considered terrorism? What about insurance fraud - if I burn down my old barn for the insurance money am I a terrorist? What about vandals? There's a continuum of crimes against property, as well as crimes against people; where do we put "terrorism" on that continuum? We must be cautious in verbiage used to define "terrorism"
    in the law, lest the crime be placed further down the continuum than we want.

    Counter-counter-point - arsonists rarely burn down every building on the internet; worm-writers at the very least have in their minds the idea that they could take out every email server on the internet (basically a DOS attack) or every workstation with the targeted OS(s) by wiping their drives after re-launching.

    C

  6. Riddler? by Monkey-Man · · Score: 5, Funny

    "Cyber criminals are like idiot Hansel and Gretels, scattering electronic breadcrumbs that lead straight to them," said retired New York City detective Pete Angonasta. "You just don't see this sort of behavior in other criminals. I've never seen a burglar leaving cute notes crediting the crime to himself. "

    This detective must have never watched the old Batman shows.

  7. Re:They aren't terrorists! by ConceptJunkie · · Score: 5, Interesting
    OK, I'll bite, Troll.

    A criminal is, by definition, someone who commits a crime. Speeding is a crime. It doesn't compare to murder in severity.

    Actions have consequences. We can (and should) blame Microsoft all day for their flippant disregard of security, but that doesn't mean these script kiddies aren't commiting serious crimes. What if a teenager broke into a factory and managed to shut it down for several hours. Would we be sitting around saying, "Oh, well, he's just a kid with too much time on his hands!" or would we be considering the fact that he cost the company thousands or millions of dollars. Well, Internet servers have reached the point where they can have as much impact on a business as the physical property and machinery.

    We need to recall that consequences (and punishment) should fit the crime, not the criminal. A relatively harmless crime needs a small punishment (or possibly even just a warning), whereas a larger crime requires a larger punishment. Otherwise you end up with anarchy.

    I don't want to see young kids pulling years of hard time for youthful indiscretions aided by bad security measures, but if there's no threat of punishment, then there will be no deterrent.

    I wish it were possible to focus a little less on fuzzy IP issues (which are important, but the government is listening too much to the money and not enough to its own law, precedent, and common sense) and a little more on the fact that the entire global computer network is being bogged down by the actions of a small number of penny-ante vandals.

    --
    You are in a maze of twisty little passages, all alike.
  8. Re:They aren't terrorists! by alcmena · · Score: 5, Interesting

    An interesting conversation I had with my dad went on similar lines. Consider this:
    You are in a car accident, your fault. The other guy was wearing a seat belt and suffers minor injuries. You are charged with failure to control. You pay a minor fine and maybe do some community service.

    Now consider your same action:
    You are in a car accident, your fault. The other guy was not wearing a seat belt and dies. You are charged with vehicular homiside. You spend a few years in jail.

    Your same actions caused two different events based solely on someone else's choice. Is it truly fair that you should be punished more severely for the second result than the first? The same situation exists in your example. You wrote some stupid virus that spreads, but doesn't do much more. Clearly, you're not a saint. However, because some putz in charge of the airport control system left out the patch, your "innocent" virus spread through the airport control system, and unfortunately DOSed it offline. This brought down planes.

    Should you really be charged with terrorism when the intent was not there? Where is the responsibility for the other person who allowed this to happen?

  9. Illegal software by CaptainSuperBoy · · Score: 5, Interesting

    I am of the belief that there is practically no piece of software that should be illegal. This includes viruses, worms, spamware and other software with no redeeming qualities. It's one of those slippery slope problems where you're banning certain types of speech, but it could easily get murky as to what was a worm or a virus. Some security software has just as much legitimate use as it has potential for misuse.

    The only rational solution, as is the case with other "banning the tool vs. banning the act" problems, is to ban the act of dissemminating virii or worms maliciously. Banning certain types of software is an ill-conceived notion, just like banning certain guns.

    Those who believe that software (in the US at least) is constitutionally protected speech may want to think twice if they believe virus writers should be prosecuted. Judging software based on its purpose is probably impossible - is deCSS a tool for piracy or for interoperability? Depending on who you ask, you will get 2 different answers. Is back orifice a security tool or a hacking tool? Is it a virus? Should the writers be prosecuted?

    Virus/worm software does have redeeming educational value, however little.. it's useful for exposing vulnerabilities, even if it only shows that the end user is stupid.

    So even though virii, worms, spamware etc. are a pain in the ass, I do support your right to create any type of software you like. The other alternative, banning classes of software, is actually more dangerous.

    Note this has nothing to do with my view on copyright. Of course if you infringe someone else's copyright in your software you are breaking the law.