This article describes how the Secret Service is becoming more aggressive in discipling the 'attacking' community (hackers are individuals that tweak, play, invent, fix, and overall test the boundaries of systems to discover, secure, and improve new advances and legacy technology). However, it mentions how the shadowcrew community practices good IA and provided for continuity of its services by backing up its data and relaying to another alias community. Further this proves that a 'drug war' mentality is ineffective at combating attackers by hitting the sources alone because followers have successive participation planned well in advance. Legal deterents need to catch up with technology and become enforceable while advances in proactive (not reactive) IA technologies need to be incorporated to implement a "Holistic IA" strategy as opposed to the traditional point solutions protecting against common risks.

I used the word 'discipline' in the subject instead of 'charged' because the way laws stand written today it will be difficult to successfully prosecute the owners of the site. The site seems to mostly provide instructions and tools for others to use, only giving the Govt. an argument for 'proxy' mal-intent to charge against. The owners of the site only have to claim that the tools and instructions were intended to be used for the trustworthy community to better defend their respective 'private' activities. The tools and instructions are not contra-band and cannot be charged as such until laws are updated to reflect it, which cannot happen because then that will ban the tools and processes for the IA, network, and system admins needing such applications to effectively pursue their orgs security posture.

The theme of the article of "increasing awarness that you are being watched" is simply not enough for effective deterence but is a step in the right direction.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/9866/29007#29007