Slashdot Mirror
Microsoft Reward Leads to Arrest of Sasser Suspect
tritone writes "According to this article on CNET, it was a reward from Microsoft that led to the arrest of the perpertrator of the Sasser Windows Worm. This is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses."
... Microsoft should have used the money to audit their code or something ...
Good. All anti-MS "They should have written more secure software" comments aside, I am glad they were able to catch this guy if it is him. I am glad the reward worked. In the end there is one person that is really, truly responsible for the virus and that is the virus writer. Now I wonder how much of the $5m pot the informer(s) will get.
Great ideas often receive violent opposition from mediocre minds. - Albert Einstein
...that MS would hand out those rewards to those who turned in people that used pirated versions of their software. Not that i care about Microsoft piracy at all, but I know a few assholes, and I could need the money.
this is probably the most boring sig in the world
I suppose throwing money at the problem is proactive, but hardly clever.
In this complex and often terrifying world, it's nice to know that some things never change.
Faster! Faster! Faster would be better!
Don't go bragging about your next virus release.
Sheesh, evil *and* a jerk. -- Jade
While I do agree that they need to do better (not more) auditing of code, I also think it is admirable that they are taking responsibility for the damage in some way. Props to Microsoft.
Suggestion, instead of suing security companies who find and point out vulnerabilities they should implement rewards there. For example, if xyz security found a vulnerability they could either
A: release it to the news/public and risk MS ire
or
B: Submit it confidentially to the MS bug track for a hefty reward
Yes, that lacks disclosure but it is a healthier system than now exists.
I wonder what kind of deals are being offered right now for him to turn in friends and information? I wonder what is on his computer? All it takes is one informant for the police to get warrents to search all his friends and known acquaintances computers, so I am thinking there will be a bigger fallout than just one guy. I just hope they don't let the big fish off the hook to get 10 smaller fish.
I wonder if this will be the start of the dominos falling. He turns in his friends, who in return turn in their friends. Then next thing you know the FBI is knocking on your door asking to look at your computer. In some ways, I welcome that. It gets to be exhausting fixing computers from all the viruses and spyware and crap.
I am just glad that with him in jail there will be more security. One less bad guy to worry about.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
This is the first success for Microsoft's Antivirus Award Program, a $5 million fund to reward people for coming forward with information about those who release major worms and viruses."
Reward Money: $5,000,000.00
Perps Pay: $5,000,000.00
Psychological Effect: Priceless!
-1 Uncomfortable Truth
The $5 Million reward is only payable in Vouchers for Microsoft Software.
How much money does Microsoft have to spend making their operating system, and how perfect and secure does it have to be?
Maybe if it was not for the virus writers, the cost of Windows would be cheaper. Maybe beacuse of the virus writers Microsoft has to spend more money?
I think it is horrible for someone to defend a criminal because the criminal had oppertunity to commit a crime.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Specifically: You can buy anything.
i think this is utter tosh. microsoft tried to make out the blaster worm was coded by some 17 year old last time.
they want us think 'oh all these viruses are caused by nieve kids with something to prove';
which is less scary than the truth that worms are coded to order by people with maths degrees for criminal gangs who want to use your pc as a conduit for illegal material.
i'm trying to give up sigs.
1. Write worm
2. Find someone in severe financial trouble
3. Have that person release the worm from home computer
4. Turn that person in and collect the reward
5. Place 75% in a high interest foreign account and keep the rest
6. After the guy gets out of jail, send him a key to a safety deposit with all the information he needs to start a new life
7. Profit
Sdelat' Ameriku velikoy Snova!
MS pays to bust Virus writters and FOSS can't afford such a reward system... so MS hires (under the table) virus writers to attack Linux...
But FOSS doesn't pay me to turn in a virus writer.... so why should I...???
greed..... its been a constant in teh computer industry... no doubt about it.
Thank you for outsourcing my debugging job to Germany.
I ran a benchmark on my quantum computer, now I can't find it anywhere!
1) They can show he had the ability to write it.
2) They might have people who he told he wrote it.
3) There might be evidance on his computer.
4) They can look at how it spread, and what he had access to.
5) They might have been tracking his internet activities, seeing where he was and what he was doing (they had probably cause).
I think there are many things the police can do to find out if it is him.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
I wonder if MS can keep up this effort and if we'll eventually start to see sponsored virii added to the real TCO for windows OS'. Oh wait.
Let's keep in mind that patents are in place to keep lawyers employed and keep them litigating. -CatGrep
I wonder how many people will turn in thier friends, family etc.. for cash that they they may or may not get. Seems to me like microsoft will get a flood of calls from people that have friends and stuff that like programming. Whoes to say what they were programming. What about false accusations by the technically inept?
Got hosting
"A: release it to the news/public and risk MS ire
or
B: Submit it confidentially to the MS bug track for a hefty reward"
That system already exists.It is called "Black Mail."
Sdelat' Ameriku velikoy Snova!
Silly Germans! If he had used that knowledge and effort at something constructive instead of destructive, I'm sure he could have gone quite far. On the other hand, he's got a reputation now, which would have been more complicated to build had he taken the non malicious route. No such thing as bad publicity, or so they say.
Oh, and MS should pay to keep up their reputation...puh-leez. Their reputation is already lower than a snake's belly in a gully. How can they go farther? Before any knee-jerk MS apologists start replying, go check out what I've said about rewards being paid off...you'll find the situation is just as depressing as I've described.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
OK, I want some of that dough.
The article mentions that Microsoft used some technical means to confirm the informants' information but the informants did not use technical means to identify the guy. This leads to some questions:
Does Microsoft somehow bug your code if you use MS products to produce it? If I remember correctly some of the Word macro viruses had an ID number somewhere inside them that let MS identify the copy of Word that originally produced the virus.
Is such a serial number/product ID what MS used to confirm the informant's information?
It would not necessarily need to be a number. Deliberate variations in the code produced by a compiler from one machine to the next could be used as a fingerprint.
Barring that, was there some other technical means that could have been used to locate the author?
If I wanted to be a Anti-Virus Bounty hunter is my best bet learning to decompile code or to hang around on IRC chat channels and either encourage other users to write viruses so I can turn them in later, or make friends with real virus writers so I can turn them in?
Maybe a piece of reference code can be made available on a website and people can compile it on a range of machines and MS compilers. The resulting code can be compared and to see if the machine/compiler pair can be identified from the executable. If two machines with the same OS and developement tools create code with slight differences I would begin to worry if I were a virus writer.
I am amazed, with the number of open access points, that someone ever gets caught.Guess they can't help bragging to their friends.
Any strategy contains the seeds of its own failure. In this case, bribing criminals to hand-over their own is a classic but short-term solution.
Firstly, it sets the stage for blackmail. If one isolated hacker is worth $5m, how much is an unreleased worm worth? Probably much, much more. I'd not be surprised if MS regularly get asked for money upfront before worms are released. Paying out will only make this worse.
Secondly, it is a Darwinian filter. Yes, you can pay to get hold of an isolated criminal. No, you cannot use this tactic against criminal gangs. $5m is not a lot when compared to the value of a large botnet. Setting bounties will eliminate the free-lancers and leave the stage open for more organized criminals who will probably be more agressive in using zombied PCs for criminal acts (child porn, DDoS, etc.)
Thirdly, it is prejudicial and likely to lead to the arrest of innocent people. Given that any zombied PC can be used to launch a worm attack, how can any evidence be trusted? Confessions, too, are unreliable. Bounties are rapidly turned into lynchings.
Lastly, it is a distraction from the real issue: Windows' fundamental security weaknesses. Microsoft must release a secure Windows within the next 12 months or risk permanent damage to their brand. Paying bounties for worm writers fools no-one: Windows remains insecure and there remain an unlimited supply of smart criminals happy to take advantage of that.
Sig for sale or rent. One previous user. Inquire within.
It has deterent value. It says if you become good at writing viruses you will get nailed. Maybe MS does not care about the young kid messing around who does not damage anything. Microsoft is showing good restraint.
It may deter kids but certainly not pros. Rewards rely on enough individuals knowing who commited a crime so that at least one betrays the criminal. With kids that's easy since they're publishing their exploits as part of a game. With pros, no way. When terrorists and organized criminals write and distribute viruses, expect the MS reward to have much less impact.
Prevention through proper security, OTOH, cuts against both kids and pros. Cut out the exploit and you cut out the damage. Of course, MS management knows this...
Naked Rayburn
Specifically: You can buy anything.
Except secure code, apparently.
This whole reward thing is nothing more than a PR move. Microsoft comes out looking like the hero for offering the reward which led to the capture of some kid, masking the fact that their crappy code allowed this to happen.
Two questions arise from this:
- What will be the fallout in terms of orgs moving to non-MS platforms (MacOS, Linux, etc)?
- By most accounts, this particular virus/worm was very poorly written. My understanding is that this is also true of most of the other recent viruses. How long will it be before someone writes a virus for win32s which is truly destructive, in terms of things like writing random data in random places (sector 0, anyone?) on the disk, or scrambling the BIOSes and firmware of things like HDDs making them completley unusable?
And before we suggest that the damage was limited to broadband home users who don't patch their machines, consider that orgs like these were taken down: a few banks, at least one coast guard station, St Luke's Hospital, Delta Airlines, and the list goes on.
There is very little future in being right when your boss is wrong.
...is that the software system design, default behaviour, and security level is so poor that a 17 year old can easily exploit it and cause so much damage.
Look, if an anti-social 19 year old can create such a devasting worm, I am afraid the odds are against this strategy of fighting the problem. What, there must be a 100 MILLION other kids just like him, playing away on their windows computer, looking to be more than just a pimple faced teenager.
Let's see, ingredients to a killer windows worm:
1. Anti-social teenager
2. windows computer
3. internet connection
4. some free time (see 1.)
Sorry, this is just not the way to resolve the problem. It is just too easy, not even worth celebrating. No wonder MS is ONLY investing 5M in this method (what is 5M to MS?).
Sdelat' Ameriku velikoy Snova!
With this purported arrest there are a few questions that enter my mind.
(1) Do they have the right guy? I doubt it!
(2) What of a payload. Perhaps next time there will be a real payload. IMHO dumping a worm onto the net is about the same as a prank. I somehow doubt the "authorties" will see the humour. In which case perhaps the next worm will contain a payload worthy of the punishment that this young man will suffer.
This could be the beginning of a serious escalation.
What people need to realise is that with a billion plus people on the net, if there is a vulnerability then it will be found. It does not matter who does it - because SOMEONE will. Punshing the pranster is not a deterant. Fixing the broken software is the only solution and fat cat Mr. Moneybags Bill Gates should be able to accomplish the later... either that or withdraw the clearly faulty software from the market.
If we chose to attack and punish the pransters then it is we who escalate this and I would expect the reaction will be in the form of an escalation of the damages.
... a VERY good hacker releasing a virus but making it look like it came from someone else, perhaps someone the hacker is at war with, or just some random victim? And tyhen joe victim would be stuck, trying to prove they didn't do it, with the evidence all over their computer.
sucks. It could be done JUST to get the reward for that matter, although that would be risky, but still possible.
microsoft got a mega buhzillion dollars in the bank from not hiring coders and not insisting on great code since forever and a day. I think what is more appropriate when money is being talked about is a class action lawsuit from thousands of joe MS users, not the government, joe users large and small who have been victimised by insecure OS that they got *suckered and conned* into running, and I mean suckered by their abusive monopoly tactics and vendor lockins for OS that happened over the past decade especially. Most people didn't "choose" to run microsoft, they got faked into it by it being installed on their boxes when they bought them. Then all of microsofts profits from not doing their job, combined with the ridiculous no warranty deal that profitable software gets, turned into the victimized end user's problems, where you get borken computers, anger, frustration, and in the case of businesses, millions of dollars in actual-for real damages, probably billions, I don't know. A big ole pile of cash, call it that. I bet in a lot of cases the constant and recurring damages exceed the cost of the software installed by many factors.
That sucks too. viruses and worms are BOTH the fault of evil hackers AND filthy rich monopolists who did NOT give a care about security until the past coupla of years, and even then it was half assed. MS as a total company gets it's corporate mindshare from william gates, always has, and he just don't and never has given a crap as long as he can rake in the dough, he's an extreme predator, and I don't care how "compassionate" and"giving" with his "foundation" some mafia don is with ill gotten gains, he's still a mafia chieftain, and made his loot by being a crook. Easy to give away free money you stole and conned people for.
Same with MS and gates, he needs to go to JAIL as far as I am concerned,he's a chronic serial crook, a repeat offender to boot, hidng behind the corporate wall of almost near immunity, and he shows no sign of stopping being a crook, although I will grant he's apparently trying to fix security in longhorn, but that's a long ways offf and doesn't address past crimes, and I think he's only doing it because he is being forced to by market pressures.
Seriously, this is just the known "cost of doing business" mentality again. If it's cheaper to pay a reward than to develop a secure product in the first place, that's what MS will do.
This is the exact same way they treat regulation - if it's cheapter to break the law and pay some puny court-ordered fine here and there, so be it.
The organisations who were taken down should have taken more precautions, then.
If worms and viruses actually did real damage, I would suspect that future attacks would be less successful because of the real shock value associated with it - people might start to be more proactive in securing their machines, or not letting potentially insecure machines on their network.
However, I suspect that viruses/worms are never going to be that destructive given that a nonfunctional computer cannot spread the infection further - there would be little incentive to release such a virus/worm.
Arresting a murderer doesn't bring dead victims back to life. Does this reduce the usefulness of the police initiative to arrest murderers?
(Your analogy is flawed in general. The same applies to "bank robbers or muggers" as you mentioned: Once a crime has been committed, the damage has been done; and if no damage is done, I'd have trouble calling it a "crime".)
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Who is the person that decides if a worm/virus is serious? I'm just curious because I could imagine MS being the type that could say "We don't owe you any money because we don't consider this a serious problem."
Can't buy me looo-ove...
(sic the Beatles)
--------
* Sigh *
German news reports claims that the Sasser author's peer group encouraged him to write the worm, make it more effective and spread it.
I wouldn't be surprised if one of his friends from this peer group is the one who reported him. After all, the whistleblower also sent source code as proof to Microsoft Germany before the authorities stepped in - he must have been in direct contact with the author and may even be a co-author.
I still don't know what to make of this. I don't like bad hackers writing worms, but I don't like the reward program, either.
------------------
You may like my a cappella music
http://www.heise.de/newsticker/meldung/47217
according to this news (german) the 18 year old guy they arrested confessed having coded and released Sasser and several NetSky variants, when his home was searched by the authorities.
However I guess the guy who betrayed him by sending MS code fragments might be in trouble, too, because if he did know the author was coding a virus and he didnt inform the authorities to prevent release, but afterwards reported to MS to take the bounty, he might have acted slightly illegal, too.
(german authorities seem to have gained knowledge by US authorities who gained knowledge from Microsoft - a little bit indirect if u ask me)
Corvus
Why should Microsoft be any different? Because it's in their economic interest to pay the rewards. Every virus/worm writer they discourage undoubtedly saves them quite a bit of money, even if indirectly (less bad publicity, less hassle from OEMs who are sick of high support costs, etc.).
"Biped! Good cranial development. Evidently considerable human ancestry."
i dont' know the punishment the author of this virus will get, but with the creation of this reward fund it may start off professional virus writing. If the punishments for writing a virus aren't that strict then if someone could write a virus of this magnitude and release it, then get a friend to nark on them and split the reward money after the guy gets out of jail or something
Rather than coding a virus with the exploit hacker John finds, he may now just keep the code to himself. Which sure, stops a new virus coming onto the net... But...
Now John has an exploit in his hands he can use at any time on any one he likes. Rather than being enouraged by the underground community to write a virus (therefore alerting everyone else to the vulnurability,) John is now encouraged to shut up and not tell anyone, as his hacker friends are the most likley to lag.