Inside Symantec's security bunker

(continued from previous page)

Symantec does not tell those people with compromised IP addresses that their computers are being controlled by hackers, due to the sheer scale of the problem. "A botnet can consist of thousands of machines, and we just don't have the time to contact everyone. Our first priority is our customers," Ogden said.

However, when it comes to serious incidents, Symantec does support the police. But the company is keen to point out that it doesn't supply any direct details on customers. "The information we supply to our customers belongs to them, and it's up to them to provide information to law enforcement agencies regarding any suspect activity. When companies are targeted, it's the customer who initiates giving information about the offending individuals," Ogden said.

It also supports the police in its efforts to counter botnets. "In the U.K., the National Hi-Tech Crime Unit has been proactive in trying to close down botnet activity. We welcome any initiative which closes down botnets," Ogden said. "We have had some contact with the authorities in the past, and it works quite successfully."

If a company is the subject of an attack, Symantec recommends it goes to the police. Symantec will only go so far with chasing potential criminals. If an attack has been unsuccessful, they are unlikely to be hunted down, Ogden said.

"If we have controlled and closed down a particular threat to a customer, there's not a great deal of benefit in tracking down the individuals who mounted the attack," he said.

Tom Espiner of ZDNet UK reported from London.

[BlueLaser]

So why the nuke bunker?

I understand that digital security is a very serious issue and that some security threats can affect lives...but a nuclear bunker?

Is this really practical or just for show?

My Guess...

My guess is that they got a good deal for the facility from the British government. Governments often sell land, equipment or even decomissioned bunkers at below market values to reduce inventories they are not using.

[GrandpaN1947]

Newbies will see

this bunker story and think they are doing a great job. Personally, in the past I've found their software to be a pretty interface but largely ineffective. Perhaps they need a bunker so newbies will think they have it together, kind of like feeling safer with AOL :-)

[My-Self]

And they still could not detect the Sony Rootkit ...

That paranoia level seems designed to floor executives without real knowledge about computer security and it certainly works for that use.

One thing I'm still wondering is, how comes Symantec (and all others) could not detect the Sony Rootkit while it was reportedly infecting around 500000 machines and had done so for months.

The article defines emergency as "Emergency: There is a possibility of code being deposited on vulnerable machines". So did Symantec do as they say "If the situation is critical or an emergency, we pick the phone up and say to the customer 'You could be under attack,'" or did they rather phone Sony/BMG to work out an arrangement ?

Who else have such deals with Symantec ? Who else is authorised to exploit vulns and get away with it ?

Maybe it takes more than a cold war bunker to hide their dirty secrets ...

[The Harper]

But, they did detect it!

For what it's worth, the most recent version of both SAV (Symantec AV) and NAV (Norton AV) detected the Sony rootkit. If you go back to some of the first articles on the topic, one of the ways this particular rootkit was "discovered" was via Symantec Response, who then issued an advisory.

So your point is . . . ? ? ?

[Yog Sothoth]

Funny British quirk escapes in this article

to quote the article:
"If anyone gets past that, there's one last line of defense to deal with. "That's when I appear with a baseball bat," said Gordon May, Symantec's facilities manager."

Anyone who knows anything about British culture will find this comment hilarious.

(hint...it's about FIREARMS!!!)

I think I giggled for 10 minutes.

[n3td3v]

What I have

1. Banks of monitors for news tv channels world wide
2. Security news wire on Google Groups for e-mail based news.
3. Political radio phone-in discussion listened to at times of breaking news.
4. Two computers. one for visiting sites , other for software development and web development, with server facing the internet for honey potting.
5. Key word user name accounts on corporate I.M to honey the latest I.M phishing and virii threat.
6. Key word user name accounts on corporate E-mail to honey the latest Mail phishing and virii threat.
7. Connections to IRC, internet forums, mailing lists and interpersonal friending of suspected malicious users.
8. Connections to indivudal employees connected with big corporate web sites to feed back infos between each other.
9. A general internet presence under the "n3td3v" alias to let the internet and security community know of current feeling on news sites.
10. Propaganda mailings sent to corporations with recommendations of vulnerabilities and exploit and incident found to be current on the vendor's network and/ or software.