In response to the news that the authors of the Mirai botnet have avoided prison sentences after cooperating with the FBI and providing substantial assistance in other complex cybercrime investigations, IT security experts commented below.
Nadav Avital, Threat Analytics Manager at Imperva:
“Assuming that the justice system in cases of cybercrimes works in the same way as in other type of crimes, it is a common practice to cut a deal with the state to get a reduced sentence.
I trust that the justice system carefully weighed the consequences in this case and can only guess that the benefits from the defendant’s assistance was substantial.
The silver lining here, in my opinion, is that the Mirai authors were brought to justice. Unfortunately, the attribution problem, in the cybercrime world, is very difficult and consequently not enough criminals are apprehended.”
“The idea of the FBI employing convicted criminal hackers sounds like a perfect tagline for a movie yet it’s not too farfetched when it comes as a way of injecting young hacker knowledge and enthusiasm into an arguably behind the times law enforcement body. Putting hackers inside the government seems at first a wildly unorthodox idea but when it is broken down, it could be argued as a far cheaper option on public money. Although law enforcement lacks money and young blood, it does need updating with ethical hacking techniques that could be time consuming to train the older generations, not to mention it is a far more inviting and romanticized option than jail time for the criminals.
There is always a threat that fresh faced hackers would desire being placed on the payroll after an attack but this can’t be the majority. Being vetted to work in highly confidential areas of law enforcement is a serious procedure and can be highly intrusive. In my previous role investigating highly confidential computer forensics for the police even put me and my loved ones in interviews to talk aspects such as finances in fear of corruption. So when hiring potentially unknowns purely down to their skills, there will always be a risk attached – but like anything in cyber security, it’s about weighing up that risk.”
“It’s interesting to hear reports of the Mirai botnet authors now helping law enforcement agencies. However, with their original code in the public domain for almost two years now, and so many derivative botnets created since, it’s hard to see that this is going to make too much of an impact on the level of IoT device abuse that is now occurring and, hence, result in any reduction in the damaging DDoS attacks they have been the source of.”
.
.
Ben Herzberg, Director of Threat Research at Imperva:
“By being involved in Mirai and such activities, these people may have been exposed to more details of other criminal cyber activity. If by cutting a deal with them, the law enforcement agencies got concrete evidence about more severe criminals, they got my ‘like’.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.