It's Not A Con » Regulation

Fatal System Error

con — Tue, 20 Apr 2010 10:31:24 +0000

Without wanting to turn my Blog into a book-club, without the wine I may add, I want to recommend a very interesting and readable book. ‘Fatal System Error’ by Joseph Menn, offers a fascinating glimpse and insight into how cybercrime has evolved, it’s consequences and the issues that law enforcement faces in counteracting it.

The factual narrative is enlivened by focusing on the story of two individuals who have battled against the rise in cybercrime. Barret Lyon, a computer whizz who unwittingly became embroiled in protecting legitimate and illegitimate businesses against attacks. Andrew Crocker is a British detective, who in working for the National Hi-Tech Crime Unit in the UK, went to Russia to track down and prosecute hackers and to find out who they ultimately worked for.

The books offers great insights into how cybercrime works, who is involved and why it is being used. It is truly shocking and thought-provoking, in equal measure.

Symantec Supports FTC in Shutdown of Pricewert

con — Fri, 05 Jun 2009 11:44:11 +0000

The BBC amongst other sites, is reporting that the US Federal Trade Commission has asked for an American ISP called Pricewert LLC to be shut down. Pricewert has been accused of knowingly distributing child pornography, viruses, spam, and other personal information, which hasn’t exactly endeared it to the FTC.

Symantec were approached to back up the FTC’s case with security data gathered through the use of our Global Intelligence Network, basically to provide a flavor of the type of malicious activity taking place on these sites.

Obviously I don’t just want to sound like I’m banging the corporate drum, but it’s pretty important that as a company we not only protect our customers but also work with enforcement groups like the FTC to help stop malicious activity at its source, by eradicating the organizations that foster cybercrime.

Our Intelligence Network has a pretty incredible reach, and whilst it means we can keep our finger on the pulse, the Internet is a truly massive space and it takes cooperation across the whole industry to make sure that everyone has a safe and fruitful surfing experience.

Industry-wide cooperation is a topic I feel very strongly about and it’s something I hope to blog more about in the future, mainly because I want to make the consumer more aware of their role in the whole ecosystem. It’s all well and good governments, security vendors, ISPs and the like working together to secure the environment, but the consumer has more influence than they realise and getting them to unilaterally apply sensible surfing practices is the Everest that we’re all aiming for.

Take that!

con — Thu, 04 Jun 2009 13:24:40 +0000

The Guardian has published a story that suggests that UK and US security authorities are preparing themselves to strike back at the ‘bad-guys’ who misuse the internet. Hackers who attack defence or commercial computers in the US and UK in future may be in for a surprise: a counterattack, authorised and carried out by the police and defence agencies that aims to disrupt and even knock them off the net.

I am sure that many of you and the public at large would say: ‘about time too’ and ‘ serves them right’. There is some sense of justice, if it were felt that the bad-guys could be brought to account and punished. The story in The Guardian refers to ‘secret plans’ and un-named senior officials, and generally, ‘people familiar with the topic’. As such, this is when we all have to start to take a sanity check on all of this.

This is an idea that has been around for a long time, and for as long as it has been around, nothing has come to pass. Why? I think it comes down to practicalities and to ethics. If it were that easy to be able to directly target and find the ‘bad-guys’ do you not think, the authorities would not have been doing something already? Exactly, tracking down the bad-guys is a tough and involved exercise. The other issue is that in ‘taking them out’, via denial of service approaches for example, is that you can impact and impinge upon other legitimate users of the internet. This is what is referred to as collateral damage.

The other consideration is ethics and the rule of law. It has long be suggested that in the real world, the Police and authorities know who most of the criminals potentially are. However, in most democracies to convict someone you need to prove cause and provide evidence. It is not just a matter of going along to the houses of known and suspected criminals and throwing them in jail or ‘taking them out’ so-to-speak. I believe that that the authorities who are involved in tracking down the cyber-criminals and ‘bad-guys’ have a very difficult and complex job. However, they need to continue to operate within the confines of what is both practical and ethical. They deserve our thanks and support and all the resources they need to help bring the rule of law to ‘net.

A culture of surveillance?

con — Tue, 28 Apr 2009 08:45:11 +0000

The debate as to how much information the Government and security services should hold on us as citizens is an ever contentious one. Our ability to ‘communicate’ has never been more powerful and pervasive. Advances in technology have enabled it. Modern day communications, be they telephone or internet based, do leave a ‘log’ of what happened . The debate is twofold: the philosophical one as to the right to access this information, then the practical, just how much of this information should be disclosed or examined?

The UK is somewhat characterised as one of the countries wherein, its citizens are extensively monitored. It is a sobriquet derived from the early and extensive adoption of CCTV. The UK Government had been set to try to implement a database that would have recorded all internet activity for the use of the security services. This has now been scrapped, according to the BBC.

The Home Office will instead ask communications companies – from internet service providers to mobile phone networks – to extend the range of information they currently hold on their subscribers and organise it so that it can be better used by the police, MI5 and other public bodies investigating crime and terrorism.

There is an interesting analogy that could be used here and it is with respect to the modern day telephone. We are all aware and have become accustomed to seeing our telephone activity being logged. Every month, we receive our statements and we can see that someone has been logging all the call we made, to what number, at what time and for how long. By implication we acknowledge that this is happening and we are comfortable with it, as it does not go to the next step of reporting the content of the call. Furthermore, we are all aware that law enforcement can now routinely uses telephone records to help with criminal investigations.

So, there is practical and legal precedent. It will be interesting to see if this can and will be extended to the internet. The Government is now engaged in another round of consultation. It will be interesting how this round of discussion and debate pans out.