Malware Attribution: Should We Identify the Crooks Who Deploy It?

Brian Krebs asks: What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

Why WOULDN'T you?

[argStyopa]

Seriously, if someone is running around breaking windows (pun intended) in your neighborhood, they're outed in the local crime report.
If they did it to 1.5 million homes, I'd bloody well expect that yes, they should be identified.

I personally wouldn't object to having them branded, either.
Or, if you're more Adam Smithy, just suspend their ability to file civil lawsuits allowing people to do whatever they want to them that doesn't actually rise to criminal activity.

Re:Why WOULDN'T you?

[drinkypoo]

The problem is that you don't want to give them notoriety. Some of them are in it just for that. Stupid, sure, but still true.