Gadi Evron drew my attention in an article for Dark Reading to a piece in IT Pro by Asavin Wattanajantra. The piece quotes Dr. Steve Marsh, of the UK's Cabinet Office (the Office of Cyber Security, to be precise) as saying that botnet operators are interested in money-generating attacks on the private sector, not causing damage to "national networks".
You might recall that I made a not dissimilar point in this blog with regard to Conficker, when we were all wondering what April 1st would bring: basically, I maintained that the Conficker gang was unlikely to attack the Internet infrastructure, as some journalists and others were fearing.
However, I don't feel, for a number of reasons, that the UK government (or any government) should be complacent about the risk from botnet-directed attacks for purposes of espionage or cyberwarfare (whatever you may understand by that particularl buzzword). I've explained my reasons for that in a blog for (ISC)2 ( International Information Systems Security Certification Consortium) at http://blog.isc2.org/isc2_blog/2009/11/botnets-not-a-problem.html.
David Harley
Director of Malware Intelligence
