Woot! Score one for the good guys. And Microsoft too, though I truly hesitate to call them one of the good guys. This wonderful person is a German citizen, and was arrested by their police force in cooperation with the FBI, Secret Service and Microsoft. Guess the guy just turned 18, and the crimes were commited before his birthday, so the authorities have to charge him as a child. But as Axel Eble points out, the civil suits are going to keep this guy in debt until the end of time.
I’ve been meaning to post on this for a couple of days, but there’s always something else to do. I guess that’s what happens when you have parts of your life that have nothing to do with IT and security. Anyways, here’s a couple of links for more information on the subject.
Microsoft patting itself on the back
Cnet: Microsoft reward snags suspected Sasser author
Now for a non-American point of view, just to be fair: The Register: German police arrest Sasser worm suspect. I’d find a German paper, but I’ve forgotten almost all the German I learned while over there. If you have a good translation, or a German article written in English, I’d be interested in seeing it.
I spent most of yesterday at a conference put on by the FBI and the San Franciso chapter of Infragard on Economic Espionage. Unluckily, I was not the target audience for the vast majority of what was presented at the conference and the one segment that directly related to network security was cut very short due to previous speakers going over their time limit. I did get to see all the slides, but in most cases the comment was “I was going to talk about this but I don’t have time.” Oh well.
One of the segments that I saw that was interesting was a case study of a incident that started in 1999 and is still ongoing. What I didn’t understand was why the FBI chose to talk about an incident where they have all the information and evidence, but the purpetrator (sp?) managed to get away to his home country and thereby escape justice. If I was giving the presentation, I would have picked a case where I could say “He got 20 years for his crime” not “He went back to Japan and we’re still trying to extradite him.” Especially when most of the day was spent with the FBI agents going on about how they want the private sector to communicate better with them. A failed case is not the best way to instill confidence in the security managers out there. I’m sure that the agents are very good at their job, but marketing doesn’t seem to be their strong point.
I’ve (thankfully) never had to interact with the FBI or Secret Service or any other branch of Federal law enforcement directly, but I’m thinking hard about joining Infraguard. Part of me wants to be more in the know about what is happening on the federal level with these folks, but another part wants to stay as far away as possible. Something about youthful indescretions catching up to me. Not really, but I’m not sure I want to place myself in the company of people who are even paranoid than I am, and also happen to carry guns.
This is the second presentation by the FBI and Infragard that I’ve attended, and the first one was much more concentrated on computer security. I guess that’s what I was expecting in this go round. I should have read the description a little better before making a four hour round trip through commute hour traffic. I’ll know better next time.