Microsoft puts $500,000 on virus writers' heads
MS offered two $250,000 rewards for info leading to arrest and conviction of those responsible for bugs that choked the Net recently.Updated: Dec 28, 2003 12:30 IST
Microsoft Corp, beset by widespread criticism of security flaws in its software, on Wednesday put up a bounty to track down the authors of two computer bugs that choked the Internet earlier this year.
Microsoft offered two $250,000 rewards for information leading to the arrest and conviction of those responsible for the Blaster worm and the SoBig.F e-mail virus, which infected more than half a million computers, crashed thousands of systems, and snarled Internet traffic across the globe in August and September.
The world's largest software company -- which last month admitted that security concerns have begun to affect its bottom line -- also said it had earmarked an additional $4.5 million for future rewards.
Security headaches for Microsoft and its customers are likely to continue at least for the short term. The Federal Trade Commission has scheduled a news conference on Thursday to talk about a security hole in its Windows operating system.
The Wild West-style bounty underscored the threat posed by viruses and worms in an interconnected world, as well as the problems associated with catching those who originate them.
While SoBig.F and Blaster have caused little lasting damage, other cyberattacks have paralyzed automatic-teller machines, frustrated police dispatchers, and knocked nearly the entire country of South Korea offline. Security experts say future attacks could disable power plants, hospitals or other "critical infrastructure."
AN INDUSTRY-WIDE PROBLEM
"These are not just Internet crimes, cybercrimes or virtual crimes. These are real crimes that hurt a lot of people," Microsoft General Counsel Brad Smith said at a news conference, where he was joined by officials from the US FBI, Secret Service, and Interpol, the international police agency.
Many of the most damaging viruses have spread through security holes in Microsoft products, leading to widespread criticism of the Redmond, Washington software maker.
Although computer security is an industry-wide problem, "we have clear responsibility to take a leadership role in addressing the issue," Smith said.
US investigators have identified suspects behind three of the six Blaster variants, but have not yet tracked down the author of the original version, saidacting deputy assistant director of the FBI's cybercrime division, Keith Lordeau.
The United States recently increased cybercrime penalties, but many other countries do not even have laws on the books. Still, perpetrators could face prosecution under existing theft or trespass laws, saidInterpol's director of information and technology systems, Peter Nevitt.
Security experts familiar with the investigation said the trail had recently gone cold. The unprecedented cash lure could generate new leads and sow mistrust in the hacker community, sources said.
"Apparently, they haven't had too much luck, which is why they are resorting to offering money," saidresearch manager at Finnish anti-virus firm F-Secure, Mikko Hypponnen.
"There's certainly more of a motivation to reveal the identify of a virus writer than there was at this time yesterday," saidsenior technology consultant at computer security firm Sophos Plc in the United Kingdom, Graham Cluley.
Informants will be eligible for the reward regardless of country of residence, Smith said, as long as the suspect is found guilty. Internet users can send tips to any FBI, Secret Service or Interpol office, or online at the Internet Fraud Complaint Center (http://www.ifccfbi.gov) or Interpol (http://www.interpol.int).
First Published: Dec 01, 2003 11:13 IST