*Hard to believe that Spanish authorities are this lacking in ingenuity. Seizing control of millions of computers owned by utter strangers is, what, a team sport in Spain?
–Will Mariposa Arrests Prove to be a Deterrent?
(March 4, 5 & 8, 2010)
The three alleged ringleaders of the Mariposa botnet who were arrested
in Spain last month may not ever go to jail because Spain does not have
legislation that addresses their alleged crimes. Merely owning and
operating a botnet are not punishable offenses in Spain; to increase the
likelihood of prison time, investigators need to produce credible
evidence that the men also engaged in data theft and identity fraud.
The Mariposa botnet is believed to have helped its operators steal
personal information of more than 800,000 people. Opinion is mixed
about whether the arrests will have an impact on others who are tempted
to try similar schemes. While some view the arrests as a deterrent to
others, others say that in general, people arrested for cybercrime are
not the brains behind the operation, but the administrators of a system
created by the masterminds. The catch in this situation is that while
it is illegal to use malicious software, it is not illegal to write it,
making prosecution of the authors unlikely if they were ever to be
caught.
Others note that to win the fight against botnets,
international cybercrime law must be harmonized and Internet service
providers (ISPs) must "be willing to identify affected machines and
quarantine them while informing customers of" the infection.
http://www.krebsonsecurity.com/2010/03/mariposa-botnet-authors-may-avoid-jail-time/
http://www.cnn.com/2010/TECH/03/05/cyberattack.prosecute/index.html
http://www.theregister.co.uk/2010/03/08/botnet_takedown_analysis/
