![[Ad box removed; this image serves to flag pages that need to be updated in my log file.]](/i/boxremoved.png)
So, the latest round of Microsoft worms has been spamming us all into the ground recently. The common wisdom is that the most pernicious recent worms are the work of semi-professionals. They're basically well-written, and they appear to be designed specifically to give the worm authors a broad base of compromised machines that can be applied to some useful purpose (for instance, spamming). I've heard plausible theories that organised crime is involved. In other words, the latest round of worms are not the work of script kiddies. Well, in this story from KOMO TV's Web site, we hear that the authorities have arrested yet another script kiddie; and just like the last one, he or she is (if guilty at all) only responsible for a minor variant that caused negligible damage in comparison to the main worm infestation. So, if this is not script kiddie work, why do the authorities keep arresting script kiddies?
Maybe they're arresting script kiddies to deflect attention from the real problems. The "juvenile" they just arrested is only even alleged to have played a vanishingly small role in the recent infestation... but even at this early stage, he or she is being spun as a major criminal, just like the previously-arrested script kiddie. As long as the authorities keep arresting and prosecuting small fry like this, they can keep appeasing the public thirst for blood, without having to do anything that would really make a difference.
But why wouldn't they want to really make a difference? Well, maybe the same criminal gangs that are spreading the main infestations, also control the law enforcement agencies. More likely, the law enforcement people know that if they started looking really hard at cause and effect, they'd have to start assigning some blame to the software manufacturers who were negligant about security in the first place and made it possible for the worms to exist.
So the conspiracy theory in one sentence is as follows: The authorities are chasing after script kiddies to prosecute over worm attacks, even though they know the script kiddies aren't really a significant part of the problem, because they want to distract the public from seeing Microsoft's share of the responsibility for the worm problem.
Here's a second layer of conspiracy theory: lots of people have a vested interest in keeping the public scared of teenagers. These prosecutions help that effort.
Remember, worms like these should be theoretically impossible. I've lost count of how many times I refuted rumours of such worms, back in the BBS days, with a technical explanation of why such a worm could never exist because no software company would be so irresponsible as to make a client automatically execute email messages in a trusted context. It turns out Microsoft really was that irresponsible, and even now that we've seen the inevitable result, Microsoft is absolutely set on doing anything except what would fix the problem. That could be called criminal negligance; but as the antitrust cases have shown, if Microsoft does something against the law, then that law just won't be enforced.
Look, here's an analogy: The bank left its vault door standing open. Robbers came in and took out all the money. Everyone was upset. The police arrested a kid who stole a pack of gum from the candy store, and issued a press release saying they're getting tough on the crime wave. Meanwhile the bank has hired a contractor to remove the vault door from its hinges and cart it away, so that they can't be sued in the future for leaving the door open because there won't be a door. The bank has also issued a press release demanding that the candy-store kid should get the death penalty because it's important to send a message to the evil robbers who raided the vault.
[Conspiracy theory of the moment]