Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Attribution: Should We Identify the Crooks Who Deploy It?

Posted by Soulskill on from the you-break-it-you-bought-it dept.

Brian Krebs asks: What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

12 of 87 comments (clear)

  1. Like Sourceforge? by Anonymous Coward · · Score: 5, Insightful

    [nt]

    1. Re:Like Sourceforge? by NotDrWho · · Score: 5, Funny

      Now, now, there is no need to insult crooks by associating them with Sourceforge.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    2. Re:Like Sourceforge? by CastrTroy · · Score: 2

      This has been going on for quite a while. I don't know why this is news to everybody or why all of a sudden we are making a big deal out of it. Here's an article from 2013 about how GIMP was abandoning Sourceforge because of their shoddy, adware ridden, installers.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  2. Why WOULDN'T you? by argStyopa · · Score: 5, Interesting

    Seriously, if someone is running around breaking windows (pun intended) in your neighborhood, they're outed in the local crime report.
    If they did it to 1.5 million homes, I'd bloody well expect that yes, they should be identified.

    I personally wouldn't object to having them branded, either.
    Or, if you're more Adam Smithy, just suspend their ability to file civil lawsuits allowing people to do whatever they want to them that doesn't actually rise to criminal activity.

    --
    -Styopa
    1. Re:Why WOULDN'T you? by drinkypoo · · Score: 3, Interesting

      The problem is that you don't want to give them notoriety. Some of them are in it just for that. Stupid, sure, but still true.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Why WOULDN'T you? by requerdanos · · Score: 3, Informative

      Of *course* they publish the names of suspects. Heck, where I live you can go to the county website and see names and photos of people arrested on suspicion of a crime, who have not been convicted, most of whom will never be convicted. You can try it out here.

  3. Re:No don't it will only create notoriety by fustakrakich · · Score: 4, Funny

    We could "ID" them in the obituaries...

    --
    “He’s not deformed, he’s just drunk!”
  4. I'd just like to know... by JumpinJohnny · · Score: 2

    How much malware is produced by government/military organizations vs. criminals vs. corporations. There is probably plenty of overlap.

  5. Re:No don't it will only create notoriety by jellomizer · · Score: 3, Insightful

    For many of these folks, they don't see themselves as being the bad guy. But Innovative entrepreneurs, or activist for some cause.
    They don't seem to realize, how much harm they are actually causing.

    This notoriety, could be similar to the notoriety a sex offender has. Not of a lone rogue, fighting the good fight while bucking the system. But as that creepy guy who has access all your personal data, and will use it to profit off of it, and causing people like your grandmother to suffer, during their golden years.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  6. No different than anything else by ScentCone · · Score: 4, Insightful

    It's no longer fashionable to associate human character, judgement, and action with unpleasant results. Malice? There is no malice. There is only the problematic tool or technology, against which we should rage. It's not murder, it's a "gun death." It's not a reckless jackass badly flying a GoPro in a crowded place, it's a "drone incident." It's not a bad driver, it's another "SUV death." It's not a criminal trying to steal your savings or reputation, it's "malware."

    Talking out loud about how actual humans are responsible for the stupid or evil shit they do is no longer acceptable. That would mean assessing their intelligence, or making a considered moral judgement, based on some sort of, you know, identifiable value system. We can't have that! We'd need to post Trigger Warnings near any discussion that might result in the horrifying prospect of recognizing that not everyone is as smart as everyone else, or calling an evil actor evil, because, you know, judging. Much better to talk only about the scary tools, never about the people. Hey, Russian credit card scammers and bot farmers are really the victims, here - the malware made them use it. Probably of some sort of western patriarchal influence and whatnot.

    --
    Don't disappoint your bird dog. Go to the range.
    1. Re:No different than anything else by ScentCone · · Score: 2

      There is a level of craziness to this post

      Of course there is. I'm describing a pervasive, increasingly toxic type of craziness that impacts nearly every bit of public discourse that pops up when anything bad is being discussed. If such discussions were generally rational, there'd be nothing to have to talk about. But rational discussions involving causality and agency are now considered rude, like gluten.

      --
      Don't disappoint your bird dog. Go to the range.
  7. That is not the real problem by s.petry · · Score: 2, Insightful

    Most malware is hosted and served out by businesses most people consider "legit". This is second only to Governments who infect millions of devices often inadvertently.

    In both of those cases, there is no use in reporting. Oh yeah, some schlep will probably be made to be a fall guy but the shit storm will still be there churning out shit.

    Report when the correct people can be, and are, held accountable for their actions. Until then, all men are created equally and have the same rights under due process. If one class of people puts themselves above the law, the laws are invalid. Unfortunately this is a cyclical problem in history. Expect vigilantism to increase until things are put back into balance.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.