It was the second meeting of the group, which is largely made up of people on several closed security-related mailing lists. Among the approximately 200 who attended were representatives from Microsoft, Symantec, Cisco Systems, the FBI, Department of Homeland Security, and the Secret Service.
"It was all about sharing information and developing trust relationships that allow for better sharing of information," says Randy Abrams, the director of technical education with antivirus vendor ESET. The networking at the meeting, even more than its presentations, are crucial for sharing data, tactics, and ideas, he adds. "We all need to know who's working for the good guys, who can take action, who those people trust, and who are their resources."
The meeting -- which was hosted by the Internet Security Operations Task Force -- was a follow-up to last summer's debut meeting, which was held at the headquarters of Cisco. Like the 2006 conference, last week's was closed to reporters. It was hardly hush-hush, however.
"It's hard to be a secret when the agenda's on the Web," Abrams says.
"The real value isn't in the presentations, it's in the networking. I'm not in a position to shut down a [phishing] Web site, but I know who can," says Abrams. "Now, if the FBI contacts me and asks who to go to, I can put them in touch. A lot of that kind of networking goes on."
Most of the presentations and conversation, says Abrams, were about botnets -- fast-growing collections of compromised computers that are used to launch phishing attacks and spread malware -- and the recent boom in spam.
"These are what we're seeing as the predominant problem," says Abrams, who declined to get specific. "We don't want the bad guys to know that we know what they know."
Much of the formal and informal emphasis was on strategies and technologies that work, and when. " 'This is where this is effective,' someone from an ISP would say," says Abrams. "Or 'this is how we tracked down spammers.' "
Abrams might have been bullish on the networking opportunities at the meeting, but he sounded pessimistic on the chance that the security community would soon get a handle on botnets or spam. "We won't, not in the near term, but eventually I think we'll be able to knock down the numbers," he says.
"Next year when we meet it will be a lot more focused on specific recommendations," Abrams says. "We won't be waiting until then to implement [strategies], but we'll have a much better idea of what we can do [that works] and what we should do."