Here’s a recent ZDNet guest editorial I wrote about the recent disclosures around Koobface. Ryan Naraine summarizes my text pretty well:

Stefan Tanase argues that the public outing of the Koobface hacker gang makes it even more difficult for law enforcement to act.

Just as a stand-up comedian carefully places his punch line at the end of the joke, I also usually leave my conclusions for the end of a post. Except for this time. This time, I would like to start with the conclusion: For an ongoing investigation not to be jeopardized, it is extremely important that all information related to those being investigated does not become public.

When (cyber)criminals suspect they’re being investigated, they become more careful. But when they are sure that someone is after them, they become unpredictable in their actions. Simply hiding, making a run, covering their tracks, buying their freedom, fighting back or any combination of these are just some of the options. I’m sure you know this if you watch the Discovery Channel. You also know this if you’re actively tracking the latest disclosures around the Koobface botnet.

What happened with Koobface after the identities of its authors and the inner workings of their underground business became public? The obvious happened, of course. They began wiping out all public information about themselves from the Internet: Facebook profiles, Twitter feeds, Foursquare check-ins, Flickr pictures, you name it. They are covering their tracks in the cyber-world as we speak, and only God knows what else they are doing in the real world to protect the most valuable thing they have right now: their freedom.

[ SEE: Facebook exposes hackers behind Koobface worm ]

A disclosure of information that can jeopardize an ongoing investigation is not something which I support, nor something with which I agree.

I’ve heard OSINT (Open-source intelligence) as an argument for this public disclosure. It’s not. OSINT is about using freely available information to produce actionable intelligence, not about making actionable intelligence freely available on the Internet. Was it done to push authorities by creating pressure or to aid them, in any way? I’m not sure the pressure supposed to push law enforcement into actually doing something in this case will be enough to compensate for the fact that the gang behind Koobface are now destroying evidence and going further underground. The public exposure has obviously hurt efforts.

Investigations can take years – many years. Anyone who has actually been involved in such an investigation knows how frustrating it can be. But it doesn’t mean that we should at one point make everything public and hope for the best. Bad guys go to jail after being on trial, not after being on trial by the media.

[ Koobface gang pulls server after Facebook exposes hackers ]

Therefore I am making a public plea to all security researchers that were, are or will be involved in cybercrime investigations: Don’t publish data that can ruin years of investigative work. Only share information regarding attribution with law enforcement and trusted contacts. Make sure you understand that certain legal procedures need to be followed and they might take time. Be patient and don’t become frustrated. In the end, everything will be ok. If it’s not ok, then it’s not the end.

I would love to be able to end this text in an optimistic note. However, in real life things are not black and white all the time. There are countless other e-crime related activities in which it’s not clear if law enforcement, either alone or with private partners, are working on a case. That often makes it difficult to ’stand by’ while it seems that nothing is being done. It’s a fine line. What is needed is a better way to determine whether something is being worked across various levels of law enforcement, and what level of participation is occurring with private partners.

* My thanks to Kurt Baumgartner, Jan Droemer, Andre’ M. DiMino, Costin Raiu, Roel Schouwenberg, Dmitry Tarakanov and countless others for contributing to this article.

PS: Here’s a Threatpost poll where you can cast your vote: Was exposing the Koobface gang a good idea?

Paul Graham wrote about the maker’s schedule in 2009 – basically that there are two types of schedules in this world (primarily?). The traditional manager’s schedule where your day is cut up into hours and a ten minute distraction costs you, at most, an hour’s worth of time.

On the other hand you have something PG calls the maker’s schedule – a schedule for those of us who produce stuff. Working on large abstract systems involves fitting the whole thing into your mind – somebody once likened this to constructing a house out of expensive crystal glass and as soon as someone distracts you, it all comes barreling down and shatters into a thousand pieces.

This is why programmers are so annoyed when you distract them.

Because of this huge mental investment, we simply can’t start working until we can expect a couple of hours without being distracted. It’s just not worth constructing the whole model in your head and then having it torn down half an hour later.

In fact, talking to a lot of founders you’ll find out they feel like they simply can’t get any work done during the day. The constant barrage of interruptions, important stuff ™ to tend to and emails to answer simply don’t allow it. So they get most of their “work work” done during the night when everyone else is sleeping.

read more: Why programmers work at night

Thousands of Facebook users were complaining last week about pornographic and violent images showing up on their walls. It turned out not to be a piece of malware or a vulnerability in Facebook itself that caused all the trouble, but a “self-XSS” instead which Facebook users were tricked into doing.

“Self-XSS” – what’s that? As Facebook is describing it, “during this attack, users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content.” Doesn’t it remind you of something? Yes, it does - the famous “Taliban virus”.

In case you’re unfamiliar with it, the “Taliban virus” would come in the form of an email message reading “Dear user, You have just received a Taliban virus. Since we are not so technologically advanced in Afghanistan, this is a MANUAL virus. Please delete all the files on your hard disk yourself and send this mail to everyone you know. Thank you very much for helping us”.

While the second example is (or at least I hope it is) a suggestion that obviously should not be followed, it seems that people were rushing in to fall for the first scam. Copy-pasting some JavaScript code into my address bar – that should be harmless and it actually sounds nice. Click!

Don’t become a victim to these scammers – or to others. Don’t copy paste code into your browser bar. Don’t allow applications to post on your profile and access your personal information just to see a funny video. No, there’s no tablet giveaway if you and your friends Like that page. If something sounds too good to be true, it probably is. Stay safe!

Is piracy the main reason why computers in Romania are so vulnerable? Not really. 15 of TOP 20 software vulnerabilities are actually found in free software packages.

Around half of PCs in Romania are vulnerable to hacking, according to Kaspersky Lab. For example, 47.4 percent of PCs in Romania run an outdated Winamp player, and all previous versions allow a potential hacker to remotely access their PC. (…)

Looking at the top 3 vulnerabilities in Romania, they come in free software packages. The main reason for the high level of vulnerability to attacks on PCs is the users’ lack of understanding of the important of updates, the researcher goes on.

A very good English summary of my Romanian vulnerability research written by Corina Saceanu can be read at Romania Insider: Kaspersky Lab: Free, outdated software makes half of Romanian PCs vulnerable to attacks

…meanwhile in security:

• Mikko Hypponen, CRO at F-Secure, does a TED talk on computer viruses: Fighting viruses, defending the net. Even though Mikko is not presenting anything groundbreaking, it’s definitely fun to watch the history of computer viruses and how the threat landscape has evolved in the last decade presented in a TED manner. Also, I really enjoyed watching Mikko say he’s “connecting back to our lab systems through the Web, so we can see in realtime…” while his address bar was pointing to file:///C:/ted/ (at 5:20)

• You’ve probably already read it, but just in case you missed it: 7 Things Facebook Should Do To Increase Security - a must read opinion piece written by Eugene Kaspersky and published by Mashable.

• Credit card numbers, email addresses, classified information. What else are cybercriminals after these days? Frequent flyer miles. That’s right! Fabio Assolini, fellow malware researcher at Kaspersky Lab, has more details: “Customers of Brazilian airline companies are being targeted by a flood of phishing messages whose goal is to steal customer’s accounts and their miles in the frequent flyer programs maintained by local airlines. The miles stolen from customers are becoming a new kind of currency among Brazilian cybercriminals and phishers, who can use them to issue tickets for themselves, sell tickets to other criminals or use them in barter schemes. Read more about Flying phishers: cybercriminals targeting frequent flyer miles.

• We’ve been talking about it for years, now it’s official: U.S. Says Cybercrime a Major National Security Threat
  
  
• Being insecure costs money: The security breach that targeted sensitive data relating to RSA’s SecurID two-factor authentication product has cost parent company EMC $66m in the second quarter, The Washington Post has reported. Link.
  
  
• Google Enables Gmail Two-Factor Security in 150 Countries. Is Facebook next? 

Children in the Sigur.info Summer School are learning malware families by playing a challenging game :) 

After receiving a lot of questions and hearing many opinions about privacy concerns and Google+, I decided to write an opinion piece about the matter.

It was published yesterday in the Zero Day blog at ZDNet: Social networking privacy - beyond the Google+ hype

Ryan Naraine manages to capture the essence of my text in this summary:

The problem with social networks is that they are, well, social. Social networks are on a constant struggle to find an equilibrium point between usability and security, as you can’t expect the perfect balance between the two. It doesn’t exist.

Nice infographic of the space shuttle program.