Facebook criticised for 'hurting' cybercrime investigation
A MAJOR internet security firm has criticised Facebook for identifying the alleged members of the gang behind the Koobface worm, a piece of malicious software designed to hijack users' computers.
In an unusual step, Facebook last month named six Russian men it said had been running the $2m scam against its members since for three years. It publicised photographs of the group and pinpointed their office in central St Petersburg.
The world's largest social network said it had acted out of frustration at the fact law enforcement agencies had apparently failed to investigate the Koobface gang, triggering a debate about the best way to tackle cyber crime.
The anti-virus firm Kaspersky Lab criticised Facebook's strategy at a cyber security conference.
Stefan Tanase, a senior security researcher with the firm, and part of an international working group collaborated for two years to track down the Koobface gang, said the attempted naming and shaming of the gang will probably mean they will never be arrested for their alleged crimes.
"Naming and shaming can stop companies like Facebook really dealing with things like Koobface," he said.
"I'm questioning whether these guys will ever get arrested now."
"If they [cyber criminals] don't get caught before they quit they will probably never get caught."
Mr Tanase said that since they were publicly identified, the Koobface gang had deleted online traces that allowed investigators to track them down, and so made evidence gathering more difficult if they are ever arrested.
"Yes, it hurts investigations," he said.
"When criminals find out they are being investigated they will be doing everything they can to preserve their freedom."
Kaspersky's stance was backed by F-Secure, another anti-virus firm, which told The Telegraph that naming and shaming "undermines any efforts to get these guys arrested".
It is not clear why the Koobface gang have not been investigated despite the detailed intelligence gathered by Facebook and internet security firms, which has been passed to authorities in the West and in Russia. St Petersburg has long been viewed as a centre of organised cyber crime, however.
The Koobface worm emerged in 2008 and spread itself by sending fake messages on Facebook and other social networks to its victims’ friends. If the recipient of the message clicked on a link that promised “you look just awesome in this movie” or similar, they were directed to a website that told them to update their Adobe Flash software.
Those who fell for the trick actually downloaded software that took control of their computer and recruited it into a “botnet”. This global network of Windows and Mac machines controlled by the Koobface gang was then bombarded with advertisements for fake antivirus software. Victims’ Google searches were also hijacked to deliver traffic to crooked websites.
Facebook said new security measures it introduced stopped Koobface's spread before it named the gang, and that immediately after it did they shut down the server they used to control hijacked computers.