Raymond A. Pompon HCL CapitalStream
Most malware authors operate with impunity, very few are prosecuted. Based on the author's first-hand experience with a decade's worth of malware cases, several organizational behaviour factors for successful malware prosecution become evident. Some of these factors are already part of the known body of best practices for incident response, such as promptness and partnerships, while other factors include resolve and awareness. This paper will examine a variety of cases, including the very successful Christopher Maxwell botnet prosecution (http://www.justice.gov/criminal/cybercrime/maxwellPlea.htm). The points of view of the individuals directly involved in these cases will explored, including the perspectives of the organizational staff and leadership, the FBI case agents and prosecuting attorneys. The paper will look at the cases with respect to the differences between generic incident response and responding to a malware infection. The paper will examine the critical behaviours that can organizations can implement to help apprehend and successfully prosecute malware authors.
