Would a Malware BuyBack Program Work?

Thursday, December 27, 2012

Jeffrey Carr

296634767383f056e82787fcb3b94864

I just read a story about how successful L.A.'s gun buyback program has been and it reminded me about a suggestion that was made at our Boston Suits and Spooks event - that a buyback program might be successful in reducing the amount of malware in circulation. Most malware writers just want to be paid for their research; something that isn't happening frequently enough or at a rate that's considered fair by the researchers. As a result, some of those researchers are exploring grey markets in offensive malware development or are selling 0-days to clients as a form of threat intelligence, or both.

 

Imagine how much malware the U.S. government could buy for the price of one F-35 ($600 million per jet). And the intelligence gleaned from a forensics review of all that malware would be priceless. Certain precautions would have to be built in to the program to reduce fraud or recompiling malicious code to create slightly different versions for sale, etc., but I think it's worth at least a pilot program to gauge its effectiveness.

Possibly Related Articles:
12448
Viruses & Malware
Information Security
malware Research Threat Intelligence
Post Rating I Like this!
Default-avatar
Ray Pesek Unfortunately malware is an intangible asset, unlike a gun. Selling a copy to the feds does not take it out of circulation; they're just another customer. And I'm sure they're not the best paying one. You'd probably have to register as a government supplier or something as well. :-)

If you sold malware to the government, you're just painting a target on your back for a future law enforcement action. So a program like this could take the dumb criminals out of circulation, but not the smart ones.
1356809787
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.