Black Hat Notebook

FTC asks companies to report attacks

The Federal Trade Commission is asking corporations to report incidents when they are victimized by spyware attacks, but some experts say the process of doing so puts businesses in a tricky position, in which they must weigh the benefits of pursuing malware code distributors against the potential for legal recrimination.

Speaking at a roundtable discussion Aug. 2 at the Black Hat Briefings security conference in Las Vegas, Eileen Harrington, a deputy director in the Bureau of Consumer Protection at the FTC, said that companies will need to be more forthcoming if they are to help the agency track down malware writers and take those individuals to court. While companies must be held responsible for any mistakes they make that leave computer networks and sensitive data exposed to attacks, law enforcement officials need private-sector organizations to contribute more actively if the FTC is going to make headway in tracking down those responsible for the programs, she said. —Matt Hines

FBI: Hackers must help fight Web mob

The FBIS point man for Internet crime wants hackers to join the fight against international gangs of Web mobsters. Dan Larkin, unit chief of the FBIs Internet Crime Complaint Center, used the spotlight of the Black Hat Briefings security conference in Las Vegas on Aug. 2 to call for a new level of trust and cooperation between security researchers and law enforcement, warning that online crime is being controlled by "very sophisticated, very organized" attackers. "More often than not, valuable information ends up in your hands before it gets to us," Larkin told a standing-room-only gathering of security professionals. "We need to leverage your capabilities and your strengths. You have to be able to tap into us. We have to figure out how to team up and be better partners."

During his presentation, which centered on the escalation of what he described as "mobsters on the Internet," Larkin said his unit has successfully created industry alliances with software vendors and academic institutions in the United States and overseas. "We are being proactive to anticipate the threats. We now have frameworks where Citibank can share information with eBay and PayPal, and we can track online crimes in the early stages," Larkin said. —Ryan Naraine