October 12, 2005 8:30 AM PDT

Security exec to cops: Talk to us

The police should talk more to security companies that gather vast amounts of data on the activities and whereabouts of hackers and virus writers, a security expert urged.

Peter Tippett, chief technology officer at Cybertrust, said that information provided by the security company led to the successful arrests of the writers of the Melissa and Kournikova viruses, yet he says the police still rarely ask him for intelligence.

Cybertrust maintains four databases, tracking 11,000 hackers and virus writers, Tippett said. The system, known as "The Brain," records where these cybercriminals pop up online, notes their known pseudonyms and details which of the 600 or so hacking groups they belong to.

The company also employs a team of 78 people to maintain and update the system. They are constantly "watching the underground and seeing what the bad guys are doing," Tippett said.

"We have worked with the FBI and Scotland Yard, and in the past, that has proven successful. We provided the police with the name and location of the Kournikova writer and also Melissa," he said. However, he added that there is still a great deal of room for improvement with law enforcement bodies who "rarely" request such data.

Tippett said that data doesn't typically implicate the people behind one of the most worrying trends in security--the creation of networks of compromised computers, or "botnets." While the armies of hackers and virus writers tracked by the Brain are the foot soldiers, the generals--believed to be members of the Russian mafia--do not surface in the channels monitored by Cybertrust, Tippett noted.

"The mafia aren't dumb enough to have their people yakking on public networks, though a lot of the people they are employing may do so," he said.

But catching those writing the code for these criminal gangs is definitely a step in the right direction, and the 11,000 individuals tracked by the Brain include those responsible for around 3,000 Web site defacements each day, according to Tippett, as well as more serious crimes, such as virus writing.

The police would normally have to subpoena information such as that held by Cybertrust, but one problem with that approach is that they often do not have the technical knowledge to know which information to ask for, in order to catch virus writers and hackers.

"The police know they do not need a subpoena with us," Tippett said. "They know they can call us any time, and sometimes, I'll even call them and tell them what questions they need to come and ask us."

But helping to catch virus writers does not pay the bills for security companies, and some may argue that it is not their job to fill in the blanks for the police.

"Five years out of five, we have not found a way of making money out of this," Tippett said. "The reason we do it is so we know what's coming next."

Tippett said security companies can learn a great deal from "the chatter" in the underground.

He said: "When Microsoft launched DCOM (distributed component object model) six years ago, the chatter went right up. All the hackers were saying to each other, 'Have you guys got anything for this?'"

Because of that, Cybertrust knew DCOM was going to be hacked, so the company spoke to all of its customers back then, Tippett said.

"Then in July 2003, Microsoft posted a patch for DCOM, and these guys in our database just lit up," he said. "The first two vulnerabilities came on the same day--one published by Microsoft and one published by the bad guys--and it became obvious this was something to worry about."

"A week later came SoBig, two weeks later came Blaster," Tippett said.

The writers of those worms are still at large, although one teenager was convicted earlier this year for writing a variant of MS Blast.

Will Sturgeon of Silicon.com reported from London.

2 comments

Join the conversation!
Add your comment
Simple
It is called time management, for we forget the police are operating 24/7 in real time, chasing mundane ordinary motorists for speeding, or other offences, for general operational revenue, and then the other more important criminal offences like murder, drug dealers, ATM muggers and other simple real criminals for the first 24 hours, to keep us safe from these wrongdoers. The question is where do the police find the 25th hour in the day, to learn the expertise, and chase down theoretical cybercriminals, most of whom reside outside their jurisdiction, when push comes to shove?
Posted by heystoopid (691 comments )
Reply Link Flag
The Russian mafia?? LOL
All tech-savy people who do bad things (calling them hackers puts a bad light on anybody who's even had to do light work like hack their own computer's registry) with that knowledge are foot soldiers of the Russian mafia? *Groans* Never thought that maybe somebody wanted to do something really wicked to get a little fame?

Re: The FBI... It's my belief that these guys can't be bothered to get involved in something unless the crimes committed make the mainstream media. Kind of like they have to be embarrassed into doing their jobs with a "why isn't the FBI doing something about this?" story (I'd mention another federal agency and hurricane Katrina, but think they're getting nicely stomped on as it is, already). And, of course, it has to involve a big company or a person with money. For example, if there's a serial killer out there, and their victims are homeless or lower-income people, you won't hear much about it on the news. But, if it's the case of a kidnapped upper-class nice-looking girl, they do stories and count the days since they've been missing.

Ask me sometime about the FBI ignoring a cult that's into beating and killing women that has slavery and has the same philosophy as Hitler. Even told the FBI where to find these people, but they do nothing while people go missing and end up dead. *Sighs*

- CyberWoLfman
Posted by CyberWoLfman (47 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.