Malware Attribution: Should We Identify the Crooks Who Deploy It?

← Back to Stories (view on slashdot.org)

Malware Attribution: Should We Identify the Crooks Who Deploy It?

Posted by Soulskill on Monday June 1, 2015 @03:41AM from the you-break-it-you-bought-it dept.

Brian Krebs asks: What makes one novel strain of malicious software more dangerous or noteworthy than another? Is it the sheer capability and feature set of the new malware, or are these qualities meaningless without also considering the skills, intentions and ingenuity of the person wielding it? Most experts probably would say it's important to consider attribution insofar as it is knowable, but it's remarkable how seldom companies that regularly publish reports on the latest criminal innovations go the extra mile to add context about the crooks apparently involved in deploying those tools.

5 of 87 comments (clear)

Min score:

Reason:

Sort:

Like Sourceforge? by Anonymous Coward · 2015-06-01 03:46 · Score: 5, Insightful

[nt]
1. Re:Like Sourceforge? by NotDrWho · 2015-06-01 03:59 · Score: 5, Funny
  
  Now, now, there is no need to insult crooks by associating them with Sourceforge.
  
  --
  SJW's don't eliminate discrimination. They just expropriate it for themselves.
Why WOULDN'T you? by argStyopa · 2015-06-01 03:48 · Score: 5, Interesting

Seriously, if someone is running around breaking windows (pun intended) in your neighborhood, they're outed in the local crime report.
If they did it to 1.5 million homes, I'd bloody well expect that yes, they should be identified.
I personally wouldn't object to having them branded, either.
Or, if you're more Adam Smithy, just suspend their ability to file civil lawsuits allowing people to do whatever they want to them that doesn't actually rise to criminal activity.

--
-Styopa
Re:No don't it will only create notoriety by fustakrakich · 2015-06-01 03:54 · Score: 4, Funny

We could "ID" them in the obituaries...

--
“He’s not deformed, he’s just drunk!”
No different than anything else by ScentCone · 2015-06-01 04:28 · Score: 4, Insightful

It's no longer fashionable to associate human character, judgement, and action with unpleasant results. Malice? There is no malice. There is only the problematic tool or technology, against which we should rage. It's not murder, it's a "gun death." It's not a reckless jackass badly flying a GoPro in a crowded place, it's a "drone incident." It's not a bad driver, it's another "SUV death." It's not a criminal trying to steal your savings or reputation, it's "malware."

Talking out loud about how actual humans are responsible for the stupid or evil shit they do is no longer acceptable. That would mean assessing their intelligence, or making a considered moral judgement, based on some sort of, you know, identifiable value system. We can't have that! We'd need to post Trigger Warnings near any discussion that might result in the horrifying prospect of recognizing that not everyone is as smart as everyone else, or calling an evil actor evil, because, you know, judging. Much better to talk only about the scary tools, never about the people. Hey, Russian credit card scammers and bot farmers are really the victims, here - the malware made them use it. Probably of some sort of western patriarchal influence and whatnot.

--
Don't disappoint your bird dog. Go to the range.