Friday, November 10, 2006

The hidden economy of internet security

Two recent items about the underground economics of internet security are worth a read. First up is Scott Berinato's Wired article Attack of the Bots:
The bot market isn't like an ad hoc street-corner bazaar of cheap handguns. It's more like the narcotics business: a highly organized subculture of people fulfilling specific functions. There are producers, distributors, and customers with varying degrees of criminal involvement.

Software developers are the bot market's equivalent of indoor hydroponic marijuana farmers – a highly technical coterie responsible for coding bots and C&Cs...Demand for more-capable bots creates intense pressure for innovation.

The second, Cybercrime - An Epidemic, comes to us from the good folks at Team Cymru (who are also listed on Google's short Thank You list "for going out of their way to improve the Google experience for everyone"):
Given this precept, it behooves governments and law enforcement to embark first on activities that raise both the cost and the risk to the miscreants...the intent is to highlight the root causes of the cybercrime epidemic: poor security practices, legal shortfalls, insufficient coordination, and lack of recognition of the existence and/or severity of cybercrime on multiple levels.

No comments: