Slashdot Mirror
Botnet Expert Wants 'Special Ops' Security Teams
CWmike writes "Criminal cybergangs must be harried, hounded and hunted until they're driven out of business, a noted botnet researcher said as he prepared to pitch a new anti-malware strategy at the RSA Conference in SF. 'We need a new approach to fighting cybercrime,' said Joe Stewart, director of SecureWorks' counterthreat unit. 'What we're doing now is not making a significant dent.' He said teams of paid security researchers should set up like a police department's major crimes unit or a military special operations team, perhaps infiltrating the botnet group and employing a spectrum of disruptive tactics. Stewart cited last November's takedown of McColo as one success story. Another is the Conficker Working Group. 'Criminals are operating with the same risk-effort-reward model of legitimate businesses,' said Stewart. 'If we really want to dissuade them, we have to attack all three of those. Only then can we disrupt their business.'"
-- Requiring ISPs to send out warnings to zombie machines would help, but I'm not sure if I'd like to give them the opportunity to use packet inspection on my connection to verify the nature of the traffic. That's a slippery slope.
-- How does the Internet Police cross international boundaries in a legal fashion? A Status of Forces Agreement, perhaps? Would England really like Argentina (for example) to shut customers off because they're supporting a botnet?
-- What enforcement tools would be utilized to force people to use anti-virus/malware programs? What are the consequences for the user if they choose not to? There's quite simply too many potholes for a one-nation or government solution, I think. I can't think of a country that's fixed all of their own individual problems, much less open up an Internets Po-Po division to take care of a global problem as well.