Sean Donelan wrote:
http://www.vnunet.com/News/1141901
Trustcorps claims it has scientific and anecdotal resaerch supporting its conclusion that over three million computers are "owned" by malicious groups.
Well, it isn't as if that article really had many of the details that were meaningful. I decided to go right to the source (www.trustcorps.com) and see what they had to say. Beyond seeing that they were yet another web site that looks great iff you are using IE, I found almost NO substance. I visited the "Press Room," and the "News" items, and even the archives thereof. Nothing there (at least not those claims). Ok, so maybe they haven't put it on their web site yet. Still, I suppose someone made those claims, and I think they deserve a little examination.
On the other hand, Information Risk Management questioned how any one person could "own" hundreds of computers at any one time. And systems are often not "owned" by a single group, but exploited by multiple groups
Well, no one here is truly defining what "owned" implies. I know what a ruckus it kicked up here on NANOG when the first truly distributed denial of service hit eBAy (or was it Yahoo???). No matter. That was no where near three million computers, but it certainly didn't require a lot of control to qualify as "control," or a lot of ownership to qualify as "owned." I'm amused at the thought that so-called hacker groups are in any way coordinated, or working together, other than a few here and there (and more for monetary gain than fame and glory). Three million? Sure, I believe, if you stretch the definition thin enough, that three million is quite believable. Organized in any way? Nonsense. Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous amount of software out there that makes it EASY to take over machines (and I include every single default install of every single OS that enables anything more than port 22), if it weren't for the stunning array of folk who think that expediency is valuable, and ethics malleable, if it weren't for the vast populace that just wants pabulum, and padded cells, none of this would be possible. Trust me. The only bad guys that are organized are the ones who are after $$$, and they have absolutely no need to control three million computers. One or two is plenty, and for just long enough. The idea that there is a vast underground of pimply-faced teenagers just waiting to control the world would be laughable, were it not for the continued commercial assaults that insist it is so.
Unfortunately this computer crime doesn't fit the FBI crime reporting statistics well. Vandalism of Property? Is the cracking of computers happening more or less often than car theft?
Car theft is clear. Someone takes your car, and then you don't have it. When someone compromises your computer(s), what do you lose? What do they gain? It's a very unclear question. -- I apologize; I take it all back. MS Exchange is RFC-compliant. See RFC 1925, point three. http://www.faqs.org/rfcs/rfc1925.html