Symantec Wants To Use Victims To Hunt Computer Criminals

Hugh Pickens writes "Business Week reports that security experts plan to recruit victims and other computer users to help them go on the offensive and hunt down hackers. '"It's time to stop building burglar alarms to keep people out and go after the bad guys," says Rowan Trollope, senior vice-president for consumer products at Symantec, the largest maker of antivirus software. Symantec will ask customers to opt in to a program that will collect data about attempted computer intrusions and then forward the information to authorities. Symantec will also begin posting the FBI's top 10 hackers and their schemes on its Web site, where customers go for software updates and next year the company will begin offering cash bounties for information leading to an arrest. The strategy has its risks as hackers who find novices on their trail may trash their computers or steal their identities as punishment. Citizen hunters could also become cybervigilantes and harm bystanders as they pursue criminals but Symantec is betting customers won't mind being disrupted if they can help snare the bad guys. "I'm convinced we can clean up the Internet in 10 years if we can peel away the dirt and show people the threats they're facing," says Trollope.'"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Cleaning the uncleanable?

[LitelySalted]

I think, ultimately, that the internet will never be cleaned up. It is very idealistic to think there are a finite number of hackers and that their methods will not become more and more sophisticated as time goes by.

The kind of "cleaned up" internet that these companies talk about requires STRICT regulation and STRICT monitoring. It is very apparent, from just the audience that posts on Slashdot, that regulation is the exact opposite of what people want.

As far as the approach, the idea of a proactive anti-virus is novel, but I think the idea of recruiting novices to help hunt expert hackers is ludicrous. All it would take is a couple of reprisals from the hackers to permanently deter the said novice from going after a hacker.

False leads?

[dintlu]

How difficult would it be for an enterprising "computer criminal" to leave a trail of breadcrumbs leading to someone else?

IF this is easy to do, Symantec knows it, and this effort amounts to nothing more than a publicity stunt to sell more licenses.

I'd like to see it applied for anti-spam as well

[damn_registrars]

While it is pretty meaningless to go after spammers themselves in many cases, we could use a similar approach to cut off spammers where it really matters - at the revenue stream. If we made some strategic purchases from spamvertised sites, we could potentially figure out who is making money in the deal. And when we find them, we will find who is funding the spammers. After all, spam isn't sent out just for fun; it is sent out because someone is paying the spammers to send it out. You can use the merchant information to go after the people who are paying for spamvertising - they are often involved in illegal sales of (pirated software / counterfeit drugs / counterfeit property) anyways. If the funding dries up, the spammers will need to find other work.

Re:such a john wayne

[cdrguru]

1. Impossible. There is no way to both have "computing for everyone" and have educated users. Users are going to be, well, users always.

2. Sorry, not really possible either. If I can convince the user to run a program, grant security authorization to this program and do whatever it takes to take over their computer, the operating system is irrelevent. And yes, we are there today. Windows is plenty secure but it, as Linux does, requires an Administrator. When that is the "user" you no longer have security.

3. The criminals aren't interested in having their code reviewed.

4. I'm glad we have some unrealistic utopian folks here. It is always refreshing to see people that simply do not understand that all human activity since the beginning of time has revolved around "commerce" and "commerce" is, by its nature, marketing.

Dogs are not involved in commerce. Dogs do not experience "marketing". If everyone was more dog-like we wouldn't have problems like this. We would, however, have masters.

Re:such a john wayne

[Phurd Phlegm]

Define hacked. My ROM based computer is pretty damned immune to being hacked, in the traditional definition of the word.

A recent paper [ucsd.edu] reports on hacking a voting machine that could only execute out of ROM. Interesting paper. I hadn't read about the technique they used before--it's quite ingenious. Turns out, being ROM-based didn't make it unhackable at all.

Re:Huh? Clean up the Internet?

[wagnerrp]

Right now, it is not illegal, wrong, immoral or forbidden to have a computer owned by a botnet. This means that if my computer at home is infected nothing will stop it from doing whatever its little botnet commander wants it to do. And my ISP will not do anything to prevent or deter this computer from stepping on the rights of others in any way possible.

Maybe 7 years ago, my sister's computer got caught into a botnet. Someone had loaded mIRC and a bot, and her computer was off trying sequentially to find more machines to infect. We got dropped offline, and our modem was blocked from reconnecting.

That evening, I called the ISP tech support, explained what was going on, and explained why we were disconnected. He turned our connection back on, and a couple seconds later, the scans started up again. He then proceeded to walk me though telneting into the modem, watching the NAT states to see which internal IP was causing the behavior, and then tracing that back to the machine that was infected so I could clean it.