Friday, July 01, 2011

Cybercrime Fight Hurt by Apathy, Law Enforcement Hurdles

Michael Cooney writes on NetworkWorld:

General public apathy and collaboration with the law enforcement community assure that cybercrimes of all sorts will continue to rise.

That was one of the conclusions from a congressional hearing this week called "Hacked Off: Helping Law Enforcement Protect Private Financial Information."

A big problem we are facing in the fight against financial crimes is that the criminal complaint has almost disappeared. Even when a police report is filed, it is often "so the bank will give you your money back. Case closed," said [.pdf] Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.

"The understandable hesitation of law enforcement to 'work a case' in these areas has led to an unfortunate form of apathy by the consumer as well as the financial institutions. Large banks lose millions of dollars each year to phishing and malware, but they reimburse the cost to customers and structure the losses into the cost of doing business. Consumers have been trained that if they experience financial losses they should contact their financial institution rather than the police. If they have had their money returned by their financial institution, there is little incentive to share that information with law enforcement," Warner stated.

More here.

Hackers Are Being Radicalised by Government Policy

Loz Kaye writes on the

Now that the LulzSec boat has sailed over the horizon, it seems a good moment to take stock of the past weeks' "hacktivism" frenzy. We've been bombarded with images of oddballs lurking in murky chatrooms – geeky teenagers who are simultaneously global cyber-villains. Given the reporting, we'd be forgiven for thinking that it's all about the personal obsessions of a few nerds. This would be to ignore the wider context.

LulzSec wasn't an isolated or unique phenomenon. People with passionate beliefs have been using new technological tools to effect change out of a sense of powerlessness. In the last year, I've watched 38 Degrees using the strength of association online to change government policy, WikiLeaks force transparency on those who'd rather run from it, even the amorphous mass that is Anonymous taking a stand on whatever issue they feel deserves their attention.

These tools are now themselves under attack. Lord Mandelson's last gift to us, the Digital Economy Act, is just one of a raft of "three strikes laws" worldwide that threaten to cut off households from the web. Buried in the coalition's Prevent strategy is the assertion that "internet filtering across the public estate is essential". Nor is it solely a British issue; Nicolas Sarkozy called for global online governance at the eG8 in his attempt to civilise the "wild west" of the web.

We're starting to see what this civilising process entails. Open Rights Group revealed that Ed Vaizey and lobbyists held a secret meeting discussing the future of web blocking powers. There was no public oversight and no one asked the net natives. Vaizey has relented a little via Twitter, consenting to open up the discussion – the Pirate Party and I welcome that invitation. It will take more, however, than getting a few NGOs around a table to ease the real sense of anger poisoning the online community.

More here.

Thursday, June 30, 2011

Despite Controversy, Federal, State Wiretaps on The Rise

Michael Cooney writes on NetworkWorld:

While their over-use is controversial federal and state requests for court permission to intercept or wiretap electronic communications increased 34% in 2010 over 2009 with California, New York, and New Jersey accounting for 68% of all wire taps approved by state judges.

According to the 2010 Wiretap Report [.pdf], released today by the Administrative Office of the United States Courts (AOUSC) the most frequently noted location in wiretap requests was "portable device," a category that includes cellular telephones and digital pagers. In 2010, a total of 96% of all authorized wiretaps were designated as portable devices. The most common surveillance method was wire surveillance that used a telephone - land line, cellular, cordless or mobile. Telephone wiretaps accounted for 97% (2,253 cases) of the intercepts installed in 2010, the majority of which were cell telephones.

According to the report, 84% of all applications for intercepts (2,675 wiretaps) in 2010 cited illegal drugs as the most serious offense under investigation. As of Dec. 31, 2010, a total of 4,711 people had been arrested and 800 had been convicted as a result of all interceptions reported as terminated.

More here.

Tuesday, June 28, 2011

Lack of Cyber Pros Puts U.S. in Dangerous Position

Kevin Coleman writes on

In testimony this year before the Senate Judiciary Committee’s Crime and Terrorism Subcommittee, Gordon Snow, assistant director of the FBI’s Cyber Division, said the number and sophistication of cyberattacks have increased dramatically during the past five years and are expected to continue to grow.

Although that paints a pretty bleak picture, what he said next caught the attention of cybersecurity professionals around the world.

“The threat has reached the point that given enough time, motivation and funding, a determined adversary will likely be able to penetrate any system that is accessible directly from the Internet,” he said.

If you think that is bad, hold on — there is more, and it gets worse. He went on to say, “The FBI has identified the most significant cyber threats to our nation as those with high intent and high capability to inflict damage or death in the U.S.; to illicitly acquire assets; or to illegally obtain sensitive or classified U.S. military, intelligence or economic information.”
More here.

U.S. Urges Banks to Tighten Online Fraud Protections

Via Reuters.

Bank regulators warned banks to be on guard against increasingly clever computer hacking on Tuesday, indicating heightened alert against security breaches that have plagued government and corporate institutions in recent weeks.

The Federal Financial Institutions Council -- an interagency group that includes the Federal Reserve, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corp -- issued a reminder to banks to use more than one form of authentication for online consumers.

"Fraudsters have continued to develop and deploy more sophisticated, effective and malicious methods to compromise authentication mechanisms and gain unauthorized access to customers' online accounts," the council said.

The warning comes after a series of high-profile security breaches including a threat to the Fed by a hacking group. The threat never materialized.

More here.

You Are Missed on Your Birthday...

Happy Birthday, Lori.

You would have been 46 this year.

We miss you.

- ferg

Sunday, June 26, 2011

Mark Your Calendars: The 146th Scottish Highland Games, Labor Day Weekend

Mark Your Calendar: The 146th Scottish Highland Games

Labor Day Weekend at the Alameda County Fairgrounds
September 3rd and 4th, 2011

See you there!

- ferg