Sasser arrest seen as small step in cybercrime fight

Jaikumar Vijayan   Today’s Top Stories    or  Other Operating Systems Stories  

Reduce Cost and Increase Efficiency with Grid Computing Oracle Database 11g Internet Seminar Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management The Trend from Unix to Linux in SAP Data Centers Oracle Database 11g on Windows: Development and Deployment Staying Ahead of the Curve: Oracle Database 11g vs. Microsoft SQL Server 2005 Sign up to receive Security Resource Alerts

May 10, 2004 (Computerworld) -- Despite the speed with which the alleged perpetrator of the recent Sasser outbreak was nabbed, the security community is still doing too little to bring malicious attackers to justice, several experts said today.
Sven Jaschan, an 18-year-old German man who had just graduated from vocational school, was arrested Friday in connection with the Sasser worm (see story). Jaschan was nabbed following a tip to Microsoft Corp. from a group of individuals in his home state of Lower Saxony in Germany. Microsoft passed the information to German authorities, who arrested him near the German town of Rotenberg.
The speed of the arrest is "encouraging," said Ken Dunham, a director at iDefense Inc. in Reston, Va. "This is a big improvement over the arrests never seen of yesteryear. The more arrests that are made, the more malicious code authors are likely to avoid the release of malicious code into the wild."
"I am very impressed with the international cooperation in law enforcement and with the FBI's effectiveness" in going after cybercriminals in general, said Alan Paller, director of research at the SANS Institute. "I am equally impressed with the Justice Department's success in getting other countries to implement laws that make such attacks crimes."
The problem, though, is that such arrests are few and far between, said Bruce Schneier, chief technology officer and co-founder of Counterpane Internet Security Inc., a managed security services provider in Mountain View, Calif. In fact, a majority of malicious attackers aren't caught, he said.
The arrests only "tend to happen with stuff that is high-profile," Schneier said. Much less effort is put into pursuing perpetrators of less visible and targeted attacks, he said.
Doing so can be a hard and expensive task, experts said.
"To date, the virus writers who have been caught [have been] mostly amateurs," said Andrew Plato, a consultant at Anitian Enterprise Security, a Beaverton, Ore.-based consultancy. "They were caught using traditional means of law enforcement, such as tips from friends -- not high-tech analysis of the worm or attack vectors," he said.
When it comes to such issues, "far more should be done to ensure that logs exist to allow tracing back originating traffic to its actual source," said Russ Cooper, editor of the NTBugtraq mailing list and an analyst at Reston, Va.-based TruSecure Corp. "ISPs continually fight these attempts by law enforcement, presumably because they feel the burden of having to comply will be too heavy."
Fear of retribution is another reason many victims have been unwilling to go after attackers, even when their identity is known, Schneier said. "We built a forensic capability so that we could go after the bad guys. But surprisingly, very often companies don't want to do that. They don't want to make waves because they are very afraid of retribution," he said.
Stronger penalties are also needed against those who launch such attacks, Cooper said. "For far too long, it seems as if society treats the act of infecting or taking over someone's computer as 'cute,' " he said.
"Someone willing to cause billions of dollars of cost and millions of man-hours of effort clearly needs to be locked away to prevent us from being abused by them in the future," Cooper said.
But prosecuting cybercriminals can be difficult, said David Endler, a director at TippingPoint Technologies Inc. in Austin. "The standards of electronic forensic evidence have yet to catch up to the same standards" used for more traditional crimes, Endler said.
The lack of standard international cyberlaws is also a problem, he said. "If a resident of Germany unleashes a worm from a compromised computer in Russia, do extradition laws apply?" he said.
With reports from Reuters news service.

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

Sasser arrest seen as small step in cybercrime fight Microsoft: Almost 1.5M download Sasser cleanup tool Microsoft, law enforcement officials pursuing Sasser author

Corporate users wary of Sasser worm as new variants appear

"Apple yesterday dropped the price of the 64Gb MacBook Air by a whopping $500 ($400 less for the SSD and..." Read more... "It's a cheaper IT Blogwatch: in which Apple cuts the price of the top-end MacBook Air. Not to mention dan..." Read more... Read more Operating Systems posts or See all Blogs

Microsoft promises four patches next week Google gives away home-cooked Web application security scanner Storm botnet stages Fourth of July attacks More top stories...

Microsoft trumpets security additions in upcoming IE8 Apple cuts price of high-end SSD MacBook Air by $500 Ultrathin showdown: Apple MacBook Air vs. Lenovo ThinkPad X300 vs. Toshiba Portege R500

This old laptop: Revitalizing an aging notebook on the cheap All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how. Bill Gates moves on Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft. Five things you should never tell your boss There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss. Hands-On: Firefox 3 fixes what's broke and keeps what's right With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be. Windows Vista A to Z Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS. More Continuing Coverage After 9/11: Homeland SecurityAsk a Premier 100 IT LeaderBlackBerry Legal BattleData Security BreachesElectronic VotingFirefoxH-1B VisasHP's Boardroom ScandalHandheld DevicesHurricane Katrina AftermathMicrosoft Legal IssuesMicrosoft's VistaOpen SourceRFID TechnologySCO's Linux FightSarbanes-Oxley ActSpamVoice Over IPWi-FiWindows Meta File VulnerabilityWindows XP Service Pack 3 IT Careers 2010 Four years from now, the IT field will be a vastly different place. Will you be ready? More Special Reports Premier 100 IT Leaders 2007 Best in Class2006 Computerworld Horizon Awards2006 Premier 100 IT Leaders2006 Salary Survey2007 Best Places to Work in IT2007 IT Forecast2007 Premier 100 IT Leaders40 Years of ComputerworldASPs, Take TwoBest Places to Work in IT 2003Best Places to Work in IT 2004Best Places to Work in IT 2005Best Places to Work in IT 2006Business Intelligence Home RunsBusiness Intelligence: Smarter BIBusiness Intelligence: The Future of BICRM Goes VerticalCRM: Sober CRMCareer Planning Guide 2005Careers: IT Profession 2010Computerworld Horizon Awards 2005Data Management: Mining for GemsData Management: Taming Data ChaosDevelopment: Hard-Workin' Web SitesDevelopment: New Tools New ChoicesDevelopment: The New World of Application DevelopmentDevelopment: The Web Services TsunamiDevelopment: Web Services HurdlesDisaster Recovery: Preparing for the WorstE-commerce Grows UpE-mail/Groupware: Big DecisionsFaces of Mobile ITForecast 2006Global MobileHardware: Multiple Cores, Multiple ChallengesHardware: On-Demand Un-HypedHardware: The Shape of Things to ComeHorizon Awards: 10 Cool Cutting Edge TechnologiesIT Management: Guide to Managing VendorsIT Management: Navigating Global ITIT Management: Recovery AheadIT Management: The Future of ITIT Management: The Resourceful Project ManagerInnovative Technology Awards 2004Management: Reinventing ITMicrosoft in TransitionMobile/Wireless Leaders and LaggardsMobile/Wireless: The Untethered WorkerMobile/Wireless: Tiny Gadgets, Huge CostsNetwork Management: Taking ControlNetworking: Turbulence Ahead!Networking: VoIP Goes MainstreamOperating Systems: In the Slow LaneOperating Systems: Linux Goes GlobalOperating Systems: Should You Nix Unix?Outsourcing: Offshore Buyer's GuideOutsourcing: Outsourcing DangersPremier 100 IT Leaders 2004 Best in ClassPremier 100 IT Leaders 2005 Best in ClassROI: Do the Math!Salary Survey 2003Salary Survey 2004Salary Survey 2005Security Action PlanSecurity: Compliance HeadachesSecurity: Proactive SecuritySecurity: Risk and RewardSecurity: Tips From Security ProsSouped-up SecurityStorage: Battling ComplexityStorage: Cheap & Secure Data StoresStorage: Stretching Your Storage DollarsStorage: The Lean Storage MachineStorage: The New Rules of StorageStorage: The Ultimate Backup GuideSupply Chain: Missing LinksSupply Chain: RFID Reality CheckThe Business of SecurityWeb 2.0 SecurityWireless: Wireless At Work All Zones Application Performance Zone Business Continuity Zone Data Center Management Zone Enterprise-Class Security Zone The File Data Management Zone Grid Computing on Windows Zone Security Management Zone ITIL Best Practices Zone The SAS Zone Storage Virtualization Zone Business Intelligence and Analytics Zone See your link here

Linux Rising Get this Computerworld report free (a $195 value) for a limited time, compliments of Novell. Linux is now firmly entrenched in the enterprise. Computerworld's new Executive Bulletin on the open-source operating system will get IT managers up to speed on the latest Linux developments, ranging from its impact on database sales to competition with other operating systems. Download this executive briefing  Energy Logic: Cutting Data Center Energy Costs By 50 Percent or More Energy Logic: Cutting Data Center Energy Costs By 50 Percent or More View this webcast now! Go to the webcast  Five Technologies Simplifying Infrastructure Management Get this white paper now! (Source: Liebert) Today's data centers must support more devices, are consuming more power and generating more heat. Learn five infrastructure technologies that are making it easier for growing businesses to introduce new IT systems as needed while maintaining high levels of availability. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Deploying Virtualized NetWare on Linux Whitepaper Toward More Flexible, Next-Generation Collaboration Solutions Driving Business Success Through Workgroup Choice and Flexibility View more whitepapers

• Sasser arrest seen as small step in cybercrime fight
• Microsoft: Almost 1.5M download Sasser cleanup tool
• Microsoft, law enforcement officials pursuing Sasser author
• Corporate users wary of Sasser worm as new variants appear

• Microsoft promises four patches next week
• Google gives away home-cooked Web application security scanner
• Storm botnet stages Fourth of July attacks
• More top stories 

HP StorageWorks EVA4400 Before now, midsize customers settled for either an expensive and complex array or low cost solution that lacked functionality. Now experience virtual storage with enterprise class functionality at an affordable price. View this product demo now

Understand Messaging Archiving Email storage is growing at an average rate of 35% annually - three out of five decision makers cite the growth of messaging storage as their leading messaging-related problem. This Osterman Research white paper discusses the several reasons to implement a messaging archiving system and provide an overview of Sunbelt Software's offering focused squarely on the archiving space. Download this white paper now!

Best Places to Work in IT Where can you earn top dollar, get the best benefits, the latest IT and more? Find out in our 14th annual survey.