
What if something like the Morris Worm never happened? - shrikrishna
https://stories.shrikrishnaholla.in/what-if-1557e226c6d#.26dp7o3ce?ref=hn
======
no_protocol
Has a ransomware or botnet perpetrator been convicted of a crime in any
country?

Morris was convicted under CFAA, it's surprising to me that it isn't a
"regular" thing to hear about another hacker getting convicted on a daily
basis. What are the reasons this doesn't happen? I understand they can hide
their identity, etc., but are there even active investigations? Is there a
single biggest reason why, like not being able to prove which person caused
something to happen?

I don't really like real world analogies for computer systems, but if there
was a big line of people in masks knocking at my door and trying 100s of
different keys in the lock, 24/7, I'd probably seek some legal remedy rather
than just getting more locks.

~~~
paulmd
It's really hard to track down the perpetrator unless they make a mistake.
Even if you tracked the perpetrator down, there is a very good chance they are
in Eastern Europe or some other country/region that will not prosecute or
extradite them.

So basically it's almost certainly a waste of time for law enforcement and
they mostly don't bother. If they did, we would see command/control moved
inside Tor and it would become even more difficult to track (AFAIK this
already happens in the more sophisticated botnets).

The appropriate analogy is probably something like fake check scams. Illegal,
but difficult to trace and likely to lead to a dead end.

~~~
no_protocol
> The appropriate analogy is probably something like fake check scams.
> Illegal, but difficult to trace and likely to lead to a dead end.

Oops, I actually jumped topics for the final paragraph and was making an
analogy about scanners trying random passwords on a known port, or similar.

~~~
paulmd
Well - and this goes for ransomware too - if you are smart then you aren't
doing the portscanning or mailing from your personal PC. It's coming from
compromised PCs or IoT devices in a botnet. So tracking down the perpetrator
still involves finding the well-concealed owner of a botnet.

As a mitigation strategy you can certainly perform filtering and rate-limiting
at a firewall, or even blacklisting certain IPs. I'm pretty sure there are
already collectively-maintained blacklists of badly-behaved machines/devices.
But you're really just taking some compromised PCs off the net, not going
after the perpetrator.

------
_audakel
HAHA

    
    
      When he took off the headset, there was a single tear in   his eye, and he was smiling... “We’d like to fund you”
    

-No VC ever

------
galori
fun read.

But...I'm sure there would have been another worm or virus (and many others -
like there had been) that would have caused the same vigilant info security
that we have today.

~~~
cc438
The way I read it, the point was that "another first virus" wasn't likely to
be designed as a benign proof of concept by a tinkerer who meant no harm. The
author's view is that the Morris Worm was a happy accident in that it grabbed
all the attention owed to the first virus to affect networks on a global scale
but it did so without causing any real and lasting harm.

------
pfarnsworth
Sorry I know this is a story but this is dumb. Morris wasn't the only person
thinking about security, and sure it happened but it was bound to happen as
some point. And I'm sure he doesn't feel any shame whatsoever from it.

During that time, viruses were being transmitted without Internet through
sharing floppies, and they were widespread.

------
anonymfus
He should suspect it before actually running the simulation.

