Microsoft Places $250K Bounties On Hackers

The reward program, sponsored by Microsoft and backed by those law enforcement agencies, represents the first major partnership between the private sector and government officials to hunt down, capture and prosecute hackers and virus writers.

At a press conference today at the National Press Club in Washington, Microsoft's top attorney pledged to press prosecution of suspected virus writers and reward those who turn them in.

"Every part of the Internet community suffers from the criminal act of releasing viruses and malicious code. These are not just Internet crimes or cybercrimes but real crimes that disrupt the lives of real people," said Brad Smith, senior vice president and general counsel at Microsoft. "These are the saboteurs of cyberspace, and they're hiding behind their computer screens. The purpose is to encourage people to come forward and reveal the identities of the perpetrators, and it will help deter the commission of these crimes in the future."

Microsoft will offer two rewards from the $5 million fund, each for $250,000, to help law enforcement catch those responsible for spreading the MSBlaster and SoBig worms, Smith said. The rest of the fund will go to help federal and international law enforcement agencies nail hackers, cyberterrorists and cybercriminals.

One solution provider angered by the spate of hacker attacks that disrupted business last summer praised the bounty program. "This is a great approach," said Michael Goldstein, vice president at LAN Associates, Fort Lauderdale, Fla. "These hackers are costing companies millions of dollars and huge amounts of downtime."

Microsoft is prepared to dig even deeper into its pockets to haul in the suspects, Smith added. "We'll address them on a case-by-case basis. It's a first step, and a big enough step to have an impact," Smith said. "If we need to spend more money, we'll spend more money. It's a priority. "

To date, law enforcement agencies have suspects in three of the six MSBlaster incidents, Smith said. However, neither he nor representatives from the law enforcement agencies comment on the status of three suspected cyber-criminals who were picked up last summer for allegedly spreading variants of the MSBlaster virus.

Officials from those agencies acknowledged the economic damage caused by the viruses but noted that prosecution is difficult because the Internet has no boundaries and each nation has its own laws or lack of laws concerning computer crimes.

The crisis has "severely impacted computer users worldwide. The FBI recognizes the significance of these problems," said Keith Lourdeau, acting deputy assistant director of the FBI's Cyber Division. "Because the Internet reaches beyond borders, we work with all agencies."

An official from Interpol, a 181-member international law enforcement agency based in Leon, France, said the funds will help the agencies wrestle with legal issues that handcuff their efforts.

"The Internet challenges current legal concept because borders are no longer boundaries. Hackers can launch an attack from the safety of their own country and cause damage in other countries ," said Peter Nevitt, director of information systems at Interpol. "This should be the first step in a consistent and focused collaboration between the private sector and law enforcement internationally and nationally."

The U.S. Secret Service, a former Treasury Department agency which is now part of the U.S. Homeland Security agency, is getting serious about protecting the nation's computer infrastructure, one official said.

"The Secret Service is not only concerned with apprehending those individuals that commit computer crimes but partnering with the private sector to prevent those attacks and protect our critical infrastructure before they can be damaged," said Bruce Townsend, deputy assistant director of investigations for the U.S. Secret Service.

Officials claimed that most viruses and worms are targeted at the most developed nations such as the United States. However, one Microsoft partner based in a South American nation pointed out that regardless of where the bullet is aimed, the damage is replicated globally .

"It's a universal problem," said Mariano de Larrobla, president of de Larrobla & Associates, a Microsoft Certified Partner in Uruguay, at the company's recent Momentum partner conference in New Orleans. "We don't have many hackers in Uruguay, but if a virus or worm hits in the United States, we get it within two to three hours," he told CRN.