Bot Master Bentley Behind Bars - A Small Victory
When I give presentations or tours of SophosLabs one of the most common questions I am asked is “Do you work with law enforcement agencies to track down the malware authors” my usual response is that “Yes but our help can be limited”. The biggest problem is which law enforcement agency do you work with. As our Google earth demonstration shows, malware is often highly distributed and its very difficult to identify the true source.
That doesn’t mean that our collaboration isn’t successful. Yesterday came the announcement of the successful prosecution of Robert Matthew Bentley a malware author from Florida. One of the biggest challenges for Law enforcement in these cases is actually to identify a ‘victim’ and gathering the evidence trail to successfully prosecute. In this particular case this is where we were able to help.
We were approached by the UK’s Metropolitan Computer Crime Unit (CCU) to see if we could identify any infections of a specific variant - Vanebot, a quick search of our databases identified a candidate, and after checking with the customer, the details were passed on to the CCU. This enabled the evidence gathering process to begin and a real ‘victim’ to be identified and ultimately a successful prosecution. Even though there was no infection evident on the customers machines, anti-virus log files that kept all the information from infections had the necessary information to arm the CCU with the evidence they needed.
So whilst our part in all of this might seem relatively small, we were very pleased to be able to help and even more pleased when it resulted in a conviction. The real Kudos should go to the tenacity of the CCU, Secret Service and other agencies involved, and in particular the company affected and the their willingness to help those agencies.
This is perhaps the real problem for authorities hunting down cyber criminals: finding a victim who is willing to assist the law enforcers with their case. If more came forward, more hackers would be arrested and punished appropriately for their crimes.
Investigation and prosecution of malware authors are unfortunately few and far between, the complexity of cases and the international nature of the hunt makes it very difficult, but its excellent to see a successful prosecution, and very satisfying to have played a small part in the process
Posted on June 13th, 2008 by Mark Harris, VP of SophosLabsFiled under: General
Windows 7 security - A great leap forward or business as usual?
