Back when we first added encryption to BitWise, people used to joke with us about if we were willing to accept that we might indirectly support hackers by providing an encrypted IM service. We have never really worried about this because it seemed highly unlikely that hackers would actually trust any company-created encrypted IM. It looks like we were right.
A recent ComputerWorld article caught my eye with the title Hackers build private IM to keep out the law. I have to say that this is one of the biggest non-news news articles that I've ever read because a) the "duh factor" is pretty high and b) it doesn't really say much other than these IM networks exist and are really hard to find. Since anyone with half a brain probably suspected this anyways, is it really worth reporting on any more than, say, "Grass growing as we head into Spring season?"
From a law enforcement perspective, I think that releasing or publishing this article was even more ridiculous. Andrew Moloney, business director for financial services for RSA, part of EMC Corp., has now publicly stated that they have agents inside of this hacker IM network. What ever happened to keeping your cards close to your chest? If the hackers have any sense (which they most certainly do), they'll be extra careful or maybe even start gravitating elsewhere. Unless they don't actually have agents inside and just want to raise the paranoia level, but that seems like a strange bluff.
I think the folks most enlightened by this article will be the hackers who now know to be extra careful on their infiltrated network. Certainly the rest of the world who cared to think about hackers and IM could have realized such a network existed without being told about it.
Well, the article did serve at least one purpose: it confirmed your belief that these networks exist. I believe that RSA announcing that they have operative spys active on these networks was a message to EMC's shareholders (EMC is a public company). The message is probably: RSA encryption is a technology used by good responsible organizations, and we don't want it being used by criminals.
Publicly announcing something negative is usually a tactic to silently convey another message. Amber alerts to help retrieve children, Linux vulnerabilities to get them fixed, and a corporation announcing that they are addressing a 'problem' in order to convince shareholders that the company is active and strong.