lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ILEPILDHBOLAHHEIMALBEEJLGOAA.jasonc@science.org>
From: jasonc at science.org (Jason Coombs)
Subject: RE: Symantec wants to criminalize security info sharing

Aloha, Cory.

> Historically, have worms/malware visibly affected the US stock market?

First let me say that the answer is an empirical "yes" to your question.

I've personally watched worms and malware affect U.S. stock prices.

Look at a recent stock chart of SYMC -- there are lots of reasons to explain
the recent rise to all-time-highs. They were added to the S&P 500 in April,
the U.S. markets have just staged one of the great short-term rises in
history, etc.

However, when you plot a detailed overlay of malware events with specific
minute-by-minute charts of each day's trading, something that you probably
don't have the data available to do easily, and compare it to news wires and a
timeline showing people's actions in the industry, press, etc. what you see is
that particular financial instruments, such as near-expiration stock options,
move dramatically. These moves are obviously predictable for those
in-the-know...

What isn't as easy to assemble, but that I've witnessed personally and have
some evidence to substantiate, is the relationship between comments made by
the executives of Symantec and specific features of subsequent malware.

For instance, at the beginning of June a bit of malware was released that
targeted financial services companies... I think it was one of the SoBig
viruses, but I'd have to go back to my notes to confirm... Inside the virus
was code that would attempt to determine if it had infected a computer that
belongs to a hard-coded list of financial services companies, and if so then
bad things would happen such as gathering passwords and account numbers with
the appearance that this pilfered data would supposedly make it back to the
malware author ... the likelihood of that actually happening is so small as to
be absurd, and authorities would capture the malware author if there really
was any direct communication between the person and the infected hosts at
financial services companies -- just as certainly as Blaster.B (Lovesan)
variant author Jeffrey Lee Parson's insertion of code to contact his own Web
site led to his capture recently.

What nearly everyone missed was the fact that a Symantec executive (as I
recall it was the CEO during an investor presentation during May) had only
days prior lamented the fact that Symantec didn't have enough market
penetration into financial services companies...

Now, I'm not suggesting there is a direct conspiracy between Symantec
executives and malware authors. I'm stating that there is in fact, and in
provable fact, a direct link between these people -- the free market, the
press, and SEC-mandates for equal access to information that could impact the
public's analysis of the company as an investment. It can be seen in the
sequence of events just described and it can be surmised, without being
ridiculous, that professional malware authors would take advantage of their
ability to impact stock prices in order to make money.

When better evidence emerges that is non-circumstantial, you can be sure that
we'll all see it. Until then, if any Symantec executive really calls for
criminalization of full disclosure, I've got the ability to assemble a
detailed report showing item after item of circumstantial evidence that may be
enough to justify an SEC investigation.

I hope that it's never necessary for me to write this report. I also hope that
if any such investigation does occur at any time in the future, that we don't
find out that we've been deceived by people who have a fiduciary duty to be
trustworthy -- that's happening in other places, but it should not be
tolerated by any member of the infosec community.

One thing is certain: the potential exists for malware authors to manipulate
the stock market. And where there is potential for penetrations or abuses,
they often do in fact occur. In my opinion, Symantec should consider going
private in order to remove this potential for financial reward of malware
authors.

Sincerely,

Jason Coombs
jasonc@...ence.org

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of
l8km7gr02@...akemail.com
Sent: Thursday, September 11, 2003 12:25 PM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] RE: Symantec wants to criminalize
security info sharing


Mr. Coombs,

I find your ideas intriguing and wish to subscribe to your newsletter.

Seriously though, you make some fairly serious accusations -- do you
have anything with which to back them up?  I'm not trying to be
adversarial, I just think it would make for some very interesting
reading.

Historically, have worms/malware visibly affected the US stock market?

Personally, I think that any move to restrict discourse (by Symantec
or others) without air-tight justification should be met with extreme
skepticism (and subsequent retaliation) by the public.  I very much look
forward to hearing how Symantec spins the announcement over the next few
days.

If it's true and Schwarz meant exactly how Wired represented him, I'm
still not convinced his motivations are (directly) dollar-based.  It's
all part of the same Branding movement, started in the early '90s.  It
wouldn't be unheard-of for Symantec to wish to trandscend its relatively
modest position in the AV world and make themselves out to be *the*
resource for security and recovery tools and information.

That doesn't mean it's right, of course -- it just wouldn't be
unexpected.

take care,

Cory



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ