Q&A: Luis Corrons on taking down cyber criminals

We talk with Panda Security's Luis Corrons about how companies and law enforcement are taking on malicious hackers.

Bringing down cyber criminals is no simple task. Not only is the internet a place where anonymity is easily achievable, but hackers have been honing their skills to remain undetected when attacking.

However, there have been a number of successful cyber crime investigations this year, most notably the one that culminated in the arrest of the Mariposa botnet mastermind.

With these concerns in mind, we spoke to Panda Security technical director Luis Corrons, a man who has been heavily involved in the Mariposa case, about the best way to battle with the baddies.

Last time we spoke, we talked about your involvement in the Mariposa case. How has the saga developed since then?

Advertisement - Article continues below

Mariposa, as we know it, that botnet is dead. There are still computers infected, but they have no control. There is no problem.

The bot was created by this guy Iserdo, who was in Slovenia. We didn't talk about that guy back in March because the police said "don't mention this name."

He was arrested around a month ago. The good thing is that we know this guy had sold several hundred different bots to different people, so that means there are other Mariposa-like botets out there and maybe with information that the police have taken from Iserdo, we can work on taking those down.

With this arrest, we have cut off the head. That was the guy creating all the malware for this. No one else is going to buy anything from him I hope.

Mariposa was a fairly big case, and one that was to some extent successful for the good guys. Why was it a success and what is the best way to take on the bad guys?

We are having some discussions within the industry to see what are the best ways to do this. The thing is, we believe it is impossible to end cyber crime, just as it is impossible to end crime in real life, but we have to make things difficult for criminals.

Which is the best way? Of course, if we could do as we did with Mariposa, arresting the people controlling and creating the botnets, that would be great but that doesn't work in most cases.

We were wondering what it would be like to go undercover, to be able to infiltrate different gangs of cyber criminals so we can gather a lot of intel - that would be great but there are problems with that.

The first one is that it is a long-term thing. [You can't] go to your company and say: "You know all the money you are paying to me? I'm not going to do anything for you, but [will be working on] one investigation. It's not just me either and its going to be for a few years." That is hard to justify.

Another problem is that sometimes if you want to infiltrate and you have to be one of the criminals, you have to do things that you shouldn't. In that case, you need to be with law enforcement. We have to find ways to cooperate even better with law enforcement.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now

Most Popular

Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019