Last month the Chief Security Strategist for FireEye, Richard Bejtlich, published a blog post entitled “Target Malware Kingpins.” In it, he argues that we should go after the relatively small number of malware authors worldwide who possess top-tier skills and provide the tools upon which so many cybercriminals (and others) rely in order to profit and achieve their goals.
The jumping-off point for Bejtlich’s piece is the following statistic and statement offered to BBC by the director of Europol’s European Cybercrime Center in October 2014: “[there are] around 100 good programmers globally right now… We roughly know who they are. If we can take them out of the equation the rest will fall down.”
Such a strategy is compelling in part because it renders some order unto an ecosystem that seems to contain a remarkably wide and always-evolving array of threats to an ever-wider range of targets. In Bejtlich’s words: “With millions of malware samples discovered every year, affecting many millions more computers and users, the scale of the problem seems so large as to defy mitigation.”
Despite the logic and elegance of the proposed approach, it has received surprisingly little attention, at least in the public domain. Granted, as Bejtlich concedes, the suggested solution is not a silver bullet (in that it won’t single-handedly eliminate the malware problem); and critics have pointed to specific weaknesses on the merits (which Bejtlich addresses in his post).
Still, one would have expected to see more debate and more consideration. Perhaps this will begin to change, as earlier this week, Bejtlich raised these ideas in testimony before a House subcommittee hearing on “Understanding the Cyber Threat and Implications for the 21st Century Economy.”
Looking ahead, the need to gain traction against malicious actors in the cyber domain is likely to become more acute. Consider, for instance, the report issued earlier this week by Europol entitled “Exploring Tomorrow’s Organised Crime” — which envisions a future in which “a virtual criminal underground” grows and converges into “the domain of ‘traditional’ organized crime…such as drugs trafficking, the facilitation of illegal immigration or the counterfeiting of goods.”
Likewise, as more devices become “smart” and interconnected online in an increasingly broad Internet of Things, the range of opportunities for cyber-criminals (in the form of vulnerabilities ripe for exploit) also expands. While the current balance of power seems to tilt in favor of the criminal element, tomorrow’s is likely to favor them even more.
It’s also worth remembering that the kingpin strategy has proved useful in other contexts such as the challenge posed by multinational drug cartels, and by transnational terrorist groups. Without overstating the case, the approach has achieved some significant gains and proved to be a helpful instrument within a broader portfolio of tools and strategies.