Redefining malware to minimize the negative public outbreak by renaming it to Remote Forensic Software, now that's a evil marketing department's positioning strategy in action. I've already discussed how inpractical the utopian central planning of a security industry is, and while you're limiting the access to the tools who may help someone unethically pen testing an internal asset, you're also limiting the possibility for the discovery of such vulnerable asset - basically a false feeling of security, you don't touch it, it doesn't move, until of course someone else outside your controlled environment comes across it, the way they will sooner or later since it's an open network, one you benefit from, but cannot fully control.Australian law enforcement have been using spyware for a while, and Austria following Germany's interest into the concept is getting involved too:
"Germany is hiring software specialists to design "white-hat" viruses that could infiltrate terrorists' computers and help police detect upcoming attacks, an Interior Ministry spokeswoman in Berlin confirmed Saturday. The government is still drafting legislation to permit snooping via the internet under judicial control, but has decided there is no time to lose in developing the "remote forensic software." The ministry said the BKA federal police had been instructed to resume the development and hire two specialists."
Are cyber criminals or bureaucrats the industry's top performer? In November, 2008, we'll be discussing how come so much money were spend to develop the malware, given the lack of any ROI out of this idea during the entire period, whereas DIY malware tools are not just a commodity, but also freely available for a law enforcement to use. Moreover, emailing malware is so old-fashioned and noise generating, that even the average Internet users knows "not to click on those email attachments sent from unknown source". A far more pragmatic approach would be to embedd the malware on sites suspected of evangelizing terrorism, or radicalizing their audiences, by doing so you'll end up with a larger infected sample, and eventually someone, let's say 1 out of 10,000 infected will turn out to be a terrorist, by whatever definition you're referring to in the case. Even more pragmatic, by requesting a botnet on demand, and requiring the botnet master to tailor your purchase by providing you with infected hosts in Germany whose browser language, and default fonts used are Arabic, you will not just save money, but will increase the probability of coming across a stereotyped terrorist, by outsourcing the infecting stage to those who excell at it.
Excluding the sarcasm, it's your money that go for funding of such initiatives who basically "shoot into the dark" to see if they can hit someone. Even if they manage to infect someone, more staff will be required to monitor the collected data, which means more money will go into this, ending up with an entire department monitoring wishful thinking and thought crime. Geheime Staatspolizei anyone?
If you really want access to real-time early warning threat intell for possible threats, monitor the public cyber jihadist communities don't come up with new ones to use them as honeypots for cyber jihadists, identify local residents, evaluate their state of radicalization and attitudes towards standard terrorist ideas, prioritize, and take action if necessary.
Cartoon courtesy of Mahjjob.com
No comments:
Post a Comment