Full Disclosure mailing list archives
RE: RE: Symantec wants to criminalize security info sharing
From: "Jason Coombs" <jasonc () science org>
Date: Thu, 11 Sep 2003 14:03:11 -1000
Aloha, Cory.
Historically, have worms/malware visibly affected the US stock market?
First let me say that the answer is an empirical "yes" to your question. I've personally watched worms and malware affect U.S. stock prices. Look at a recent stock chart of SYMC -- there are lots of reasons to explain the recent rise to all-time-highs. They were added to the S&P 500 in April, the U.S. markets have just staged one of the great short-term rises in history, etc. However, when you plot a detailed overlay of malware events with specific minute-by-minute charts of each day's trading, something that you probably don't have the data available to do easily, and compare it to news wires and a timeline showing people's actions in the industry, press, etc. what you see is that particular financial instruments, such as near-expiration stock options, move dramatically. These moves are obviously predictable for those in-the-know... What isn't as easy to assemble, but that I've witnessed personally and have some evidence to substantiate, is the relationship between comments made by the executives of Symantec and specific features of subsequent malware. For instance, at the beginning of June a bit of malware was released that targeted financial services companies... I think it was one of the SoBig viruses, but I'd have to go back to my notes to confirm... Inside the virus was code that would attempt to determine if it had infected a computer that belongs to a hard-coded list of financial services companies, and if so then bad things would happen such as gathering passwords and account numbers with the appearance that this pilfered data would supposedly make it back to the malware author ... the likelihood of that actually happening is so small as to be absurd, and authorities would capture the malware author if there really was any direct communication between the person and the infected hosts at financial services companies -- just as certainly as Blaster.B (Lovesan) variant author Jeffrey Lee Parson's insertion of code to contact his own Web site led to his capture recently. What nearly everyone missed was the fact that a Symantec executive (as I recall it was the CEO during an investor presentation during May) had only days prior lamented the fact that Symantec didn't have enough market penetration into financial services companies... Now, I'm not suggesting there is a direct conspiracy between Symantec executives and malware authors. I'm stating that there is in fact, and in provable fact, a direct link between these people -- the free market, the press, and SEC-mandates for equal access to information that could impact the public's analysis of the company as an investment. It can be seen in the sequence of events just described and it can be surmised, without being ridiculous, that professional malware authors would take advantage of their ability to impact stock prices in order to make money. When better evidence emerges that is non-circumstantial, you can be sure that we'll all see it. Until then, if any Symantec executive really calls for criminalization of full disclosure, I've got the ability to assemble a detailed report showing item after item of circumstantial evidence that may be enough to justify an SEC investigation. I hope that it's never necessary for me to write this report. I also hope that if any such investigation does occur at any time in the future, that we don't find out that we've been deceived by people who have a fiduciary duty to be trustworthy -- that's happening in other places, but it should not be tolerated by any member of the infosec community. One thing is certain: the potential exists for malware authors to manipulate the stock market. And where there is potential for penetrations or abuses, they often do in fact occur. In my opinion, Symantec should consider going private in order to remove this potential for financial reward of malware authors. Sincerely, Jason Coombs jasonc () science org -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of l8km7gr02 () sneakemail com Sent: Thursday, September 11, 2003 12:25 PM To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] RE: Symantec wants to criminalize security info sharing Mr. Coombs, I find your ideas intriguing and wish to subscribe to your newsletter. Seriously though, you make some fairly serious accusations -- do you have anything with which to back them up? I'm not trying to be adversarial, I just think it would make for some very interesting reading. Historically, have worms/malware visibly affected the US stock market? Personally, I think that any move to restrict discourse (by Symantec or others) without air-tight justification should be met with extreme skepticism (and subsequent retaliation) by the public. I very much look forward to hearing how Symantec spins the announcement over the next few days. If it's true and Schwarz meant exactly how Wired represented him, I'm still not convinced his motivations are (directly) dollar-based. It's all part of the same Branding movement, started in the early '90s. It wouldn't be unheard-of for Symantec to wish to trandscend its relatively modest position in the AV world and make themselves out to be *the* resource for security and recovery tools and information. That doesn't mean it's right, of course -- it just wouldn't be unexpected. take care, Cory _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Symantec wants to criminalize security info sharing Richard M. Smith (Sep 11)
- Re: Symantec wants to criminalize security info sharing Jonathan Rickman (Sep 11)
- Re: Symantec wants to criminalize security info sharing Azerail (Sep 11)
- Re: Symantec wants to criminalize security info sharing Adam Shostack (Sep 11)
- Re: Symantec wants to criminalize security info sharing Gregory A. Gilliss (Sep 11)
- Re: Symantec wants to criminalize security info sharing Blue Boar (Sep 11)
- Re: Symantec wants to criminalize security info sharing Darren Reed (Sep 12)
- <Possible follow-ups>
- RE: Symantec wants to criminalize security info sharing Jason Coombs (Sep 11)
- Re: RE: Symantec wants to criminalize security info sharing l8km7gr02 (Sep 11)
- RE: RE: Symantec wants to criminalize security info sharing Jason Coombs (Sep 11)
- Re: RE: Symantec wants to criminalize security info sharing l8km7gr02 (Sep 11)
- RE: Symantec wants to criminalize security info sharing Thor Larholm (Sep 11)
- Re: Symantec wants to criminalize security info sharing Jonathan Rickman (Sep 11)