Intelligence Gathering & Prosecuting Hackers

[Thewhistlingwind]

I take it Law Enforcement on the internet is virtually useless.

That about sums things up. Unless your attacker is using no proxies and lives in a 1st world country, it's not worth your effort.

The cost would be too high. Your expert cyber crimes division is too costly to run due to the high salary cost of experienced computer professionals, etc. These guys are only going to get involved if something really big is happening.

Probably not even then. You don't really see government intervention until theres trespass on government property. (Because then it's a national security issue.)

So - It's pretty much look after yourself from a users point of view.

Yup. Also, it's important to note that in many cases it's actually more dangerous for you to get involved if you see obvious wrongdoing than it is to just pretend the world is fine.

(Example occurring right this moment: http://www.reddit.com/r/AskReddit/co...of_about_47k/#)

The irony is that the laws designed to prevent computer fraud have served only to put white hats in jail.

It'd be nice to see more effective counter measures given to users for self defence such as boobytrapped documents, pdf.s that 'phone home' if stolen. I've heard about this sort of thing being applied to hardware such as stolen laptops phoning home and taking photo's of the culprits. One or two convictions have been successfully made using this sort of technique.

If such things were to become widespread, malicious parties would just configure their servers not to allow outbound connections.

Which, while I wouldn't know (In practice), I'm sure they already do.

[SparTacux]

The conclusion of my original post - is don't bother trying to identify anyone. It's a waste of time.
I take it none of you guys ( who work in computer security jobs ) have ever managed to locate anyone and take any sort of Action against them as a result of cracking ( Or attempting to Crack ) your systems.

These guys could probably earn more cracking systems than using their computer skills for honest purposes. - and not get caught ! Who said a life of crime doesn't pay.

One more question:
If most of these guys are not using direct connections to crack your machines, - then are the probes to your Firewall ( on your ISP range of IP addresses ) likely to be from compromised machines or other customers who use the same ISP as you do getting up to no good?

[OpSecShellshock]

The conclusion of my original post - is don't bother trying to identify anyone. It's a waste of time.
I take it none of you guys ( who work in computer security jobs ) have ever managed to locate anyone and take any sort of Action against them as a result of cracking ( Or attempting to Crack ) your systems.

These guys could probably earn more cracking systems than using their computer skills for honest purposes. - and not get caught ! Who said a life of crime doesn't pay.

One more question:
If most of these guys are not using direct connections to crack your machines, - then are the probes to your Firewall ( on your ISP range of IP addresses ) likely to be from compromised machines or other customers who use the same ISP as you do getting up to no good?

Well some of them can be located, but their operations tend to be distributed. Researchers have taken down entire Autonomous Systems only to have criminal organizations migrate everything to another one the next day. You can learn a lot about Disaster Recovery and Business Continuity from those guys.

Point is, it's enough work just to get our own house in order and move on to the next thing. Protecting and cleaning our own assets and getting our users back to work is the primary concern, and on some days it's all there's time for.

And yes, the reason a lot of them do it is because there's no other work available for people with their skill sets, and they would like to eat. Only a small handful of them ever get to have a tiny giraffe.

Also yes, most of the attack traffic you see is going to be coming from other compromised machines.