One of the leading figures involved in the detection and takedown of the infamous Mariposa botnet has told V3.co.uk that those responsible are unlikely to be punished for their crimes.
Luis Corrons, technical director at Panda Security, worked with the FBI, the Spanish Guardia Civil and other groups to shutdown the botnet in December 2009.
Three months later it was announced that three men had been arrested in connection with Mariposa.
The botnet stole account information for social media sites and other online email services, usernames and passwords, banking credentials and credit card data by infiltrating an estimated 12.7 million compromised IP addresses in more than 190 countries.
However, Corrons was pessimistic that the people arrested, including two known by their online names 'Netkairo' and 'Ostiator', will ever be brought to justice, especially as operating a botnet does not currently constitute a crime in Spain.
"The police have to prove that they stole information and then used that information to get money," he explained. "This may take years, and the police have said: 'We think they're not going to jail.' It's really frustrating for us and them."
Corrons believes that, although the Spanish authorities are tightening the law in this area, it is likely to prove too late to indict the masterminds behind Mariposa, which was one of the largest botnets ever recorded.
International collaboration between law enforcers is increasingly important, he said, especially given that botnets like Mariposa can be set up with relatively little technical expertise but inflict widespread damage.
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away