I only skimmed this article (mostly because of where it came from), but I really caught this line:
No one has a business interest in catching identity thieves or malware
writers. There’s no money in it, so no-one’s bothered.
I would also add, while some of us would help and/or deal with threats, we just can’t or don’t have that authority. Bejtlich is one of the notables who talks about dealing with the threats instead of vulnerabilities. He makes a ton of sense and I agree with him, in theory, I just don’t think most of us have any opportunity to deal with the threats beyond identifying them with guesses.
no one has bothered? is the article’s author for real?
just because there’s no business model for it doesn’t mean it isn’t happening…
a) people are going after the adware/spyware/etc makers all the time and they are being fairly public about the fact… my understanding is that paperghost has participated in this activity, for example…
b) anti-virus folks have been profiling virus writers for a loooong time – i myself was once tapped for info on a then high-profile virus writer in order to help put him behind bars (not that things worked out that way in that particular case, but still)…
seems to me this paul hales person is talking out of the wrong hole…