Prosecuting those who spread malicious code
I am receiving the Klez worm almost daily. I have used programs like Sam Spade and Spam Punished to identify the sender's ISP. I have repeatedly contacted the ISP requesting their help in identifying the perpetrator, but I only get the standard "thank you" e-mail in response. Are there any federal law enforcement agencies that have an interest or responsibility in tracking these criminals? Have any victims, to your knowledge, been successful in civil litigation against the non-cooperative ISP?
In your question, you use the word "criminal." Chances are the folks sending you Klez aren't really criminals in the vast majority of cases. They are victims, too, unknowingly infected with the worm. Sadly, many ISPs will ignore the problem as well. You can report such problems to the Computer Emergency Response Team Coordination Center (CERT-CC)
. They gather statistics about attacks and might be able to offer some advice on how to clean up if you are infected. Unfortunately, though, they are unlikely to help you actually stop such an attack or interact with an ISP.
For more direct involvement with law enforcement, I recommend that you file a complaint with the Internet Fraud Complaint Center (IFCC), which is a partnership between the FBI and the National White Collar Crime Center (NW3C). Their Web site is www.ifccfbi.gov. Finally, if this is a persistent problem, where you believe an individual is actually targeting your organization, you may want to try your local FBI field office. A handy list of these offices, their postal addresses, phone numbers, and Web sites is at www.fbi.gov/contact/fo/fo.htm. Outside the U.S., you may want to try contacting your closest law enforcement agency affiliated with Interpol, a list of which is available at www.interpol.int/Public/Links/PolJust.asp
For more info on this topic, please visit these SearchSecurity.com resources:
Best Web Links: Law, public policy and standards
Computer forensics not just for TV
This was first published in January 2004