Banning malware is not an option!
The only way to fight bad guys with malware is good guys with malware!
This post is approved by the NRA (National Ransomware Association)
A US state that was struck by a ransomware attack last year is now proposing a local law that would ban possession of malicious software. Local news website the Baltimore Fishbowl reported that Maryland's Senate heard arguments on Senate Bill SB0030, a proposition that would "label the possession and intent to use ransomware …
You are mistaking. The good guys already have lots of malware. Just take a look at their computers. It is as simply as that. Therefore, the proposed wording is slightly off. Fixed version:
"label the possession
and intent to useof ransomware in a malicious manneras a misdemeanor"
Then you simply start, randomly, to arrest and convict people you do not like and put them away for 10 years. That also solves the problem of "...making something illegal doesn't help unless you can catch and prosecute those who break the law". You are all criminals. You know it, I know it, we all know it. Now, get with the program.
...making it illegal to run a public computer system which is susceptible to known malware.
I'm feeling generous: perhaps the authorities could endorse a register of known vulnerabilities which must be fixed or the CxO gets a vacation in the big house. If you get caught by a new one then there could be leniency - as long as you had a response plan.
The legislators aren't making it illegal in order to actually stop crime, silly! They are doing it to be seen doing something by their electorate. All it is is a somewhat sad plea for re-election.
Sadly, it seems to work. And it will continue to work as long as the only prerequisite for voting is the age of the voter.
But it's not murder, it's extortion. Which is already illegal and yet still happens. We don't need new laws for this kind of thing, we need the existing laws to be enforced.
Put another way, I could kill you with a hammer. Shall we make all hammers illegal? What about screwdrivers? Pointy sticks? Rocks?
To be fair, such seemingly useless laws do give a "fallback" law in cases where a perpetrator has been caught, but there is insufficient evidence to prove that they actually carried out the ransomware attack. A bit like convicting a burglar for "going equipped" because you cannot prove beyond reasonable doubt that he had actually broken into any houses.
Unfortunately such "fallback" laws tend to get mis-used by police as a primary law in order to convict people who are entirely innocent of any malicious intent. Like using the knife law to convict an entirely innocent van driver who had a knife in the van to use as a tool. Or twisting loosely-worded anti-terrorist legislation to convict a cyclist for taking a short-cut over DoD owned land (which would otherwise be simple trespass which is not a criminal offence).
Another gleeful group of idiots walking around with red hand marks on their backs from all the patting they've received from themselves. Later next week, they're going to go to the cafeteria to make obesity-contributing nutrients and salmonella illegal. That'll show those carbs and bacteria!
That's good! I'm assuming they know who works there though, which is different than people on the internet anonymously and maliciously using malware. I didn't mean to say they weren't holding the people running the kitchens accountable. I was saying they were making bacteria illegal instead, then not bothering to deal with the people behind the counter, the real problem. Which is insane, because it's untenable.
If it's not currently a crime, they aren't criminals, so by making it a criminal offence you are creating new criminals.
So, what should have been said is 'making perpetrators aware that this is a crime'
The thing is, it already is a crime - so they are already a criminal. However, in Maryland they can now prosecute the same individual for two crimes, not one, for each individual offence - which means more time in prison (assuming they were daft enough to commit their crime in the USA whilst they are actually in the USA), more profit made by the private prison services, and in theory more corporate taxes paid by them.
Everyone is happy (Except the criminal, who doesn't really care because chances are they aren't in the USA and have no intention of ever physically being there)
Convoluted - yes, pointless - probably.
I'm not sure why the title of the article says "Make malware possession a crime!" sarcastically because in the article it spells out that the proposed legislation seems to want to punish "intent to use" the ransomware in a malicious way more so than "possession of malware".
For example, in some states if you're caught driving around suspiciously in a neighborhood late at night and the police search your trunk and find certain things, you can be charged with what is called "possession of burglary tools". While these normal tools, crowbar, big screwdriver for prying windows, etc. are nothing more than that, normal tools, the suspicion of the person's intent to use said tools for malicious purposes is the problem, not the tools.
Biting the hand that feeds IT © 1998–2020