[SecurityRatty] tag: crime

Global Dispatches: U.K. funds national e-crime unit

Mon, 06 Oct 2008 00:00:00 +0000

The U.K. Home Office has earmarked ?3.5 million ($6.2 million U.S.) in funding over three years for a new national e-crime unit.

ePolicing - Tomorrow the world?

Thu, 02 Oct 2008 13:57:15 +0000

This week has finally seen an announcement that the Police Central e-crime Unit (PCeU) is to be funded by the Home Office. However, the largesse amounts to just £3.5 million of new money spread over three years, with the Met putting up a further £3.9 million — but whether the Met’s contribution is “new” or reflects a move of resources from their existing Computer Crime Unit I could not say.

The announcement is of course Good News — because once the PCeU is up and running next Spring, it should plug (to the limited extent that £2 million a year can plug) the “level 2″ eCrime gap that I’ve written about before. viz: that SOCA tackles “serious and organised crime” (level 3), your local police force tackles local villains (level 1), but if criminals operate outside their force’s area — and on the Internet this is more likely than not — yet they don’t meet SOCA’s threshold, then who is there to deal with them?

In particular, the PCeU is envisaged to be the unit that deals with the intelligence packages coming from the City of London Fraud Squad’s new online Fraud Reporting website (once intended to launch in November 2008, now scheduled for Summer 2009).

Of course everyone expects the website to generate more reports of eCrime than could ever be dealt with (even with much more money), so the effectiveness of the PCeU in dealing with eCriminality will depend upon their prioritisation criteria, and how carefully they select the cases they tackle.

Nevertheless, although the news this week shows that the Home Office have finally understood the need to fund more ePolicing, I don’t think that they are thinking about the problem in a sufficiently global context.

A little history lesson might be in order to explain why.

Back in 1930’s, Bonnie and Clyde and other US bank robbers were using the new-fangled automobile to flee across state lines — creating jurisdictional problems as a result. The US solution was to make bank robbery (along with auto-theft and other related offences) into federal offences rather keeping them as state-specific infractions. In particular this meant that the FBI could provide federal level policing (tracking down and killing John Dillinger for example).

We have the same jurisdictional issues dealing with cyberspace, with criminals in one country fleecing consumers in another while using systems hosted in a third. The Convention on Cybercrime addresses part of the problem by trying to ensure international consistency where eLaws are specifically needed (which of course is only the case for small parts of eCriminality, fraud is fraud whether eEnabled or not). However, there is limited inter-jurisdictional co-ordination for eCrime investigations — for example Interpol (often incorrectly perceived to be international police force) merely keeps a large database and passes faxes from one place to another.

In practice, most cross-border investigations are done as “joint operations” and the jointness is usually very limited — one force does all the legwork and a liaison officer in the other country deals with local paperwork. There’s usually a quid pro quo element to these joint operations, for budgeting reasons if no other.

What isn’t happening, or at least only in a handful of very specialised areas, is any international co-operation in setting priorities or selecting cases to pursue. Every country is doing its own thing about eCrime, and there’s a widespread impression that any criminal who can operate from “across the state line” is essentially immune from serious investigation.

We identified this problem last year when we (Ross Anderson, Rainer Böhme, Tyler Moore and myself) wrote a report on Security Economics and the Internal Market for ENISA. It’s not an easy one to fix whilst politicians (and populaces) are unwilling to see “foreign” police officers operating in their country, and the establishment of a truly international “cyber police force” seems equally unlikely.

Our policy proposal to tackle the issue harks back to WWII’s SHAEF, which has morphed into similar arrangements within NATO. In essence liaison officers from multiple forces would sit around a single table, working with a central coordinator, to set policy and decide which investigations to pursue. They would then communicate back to their own countries, who have specifically budgeted to provide appropriate assistance. So it’s very like “joint operations”, but the scheme is multi-laterial, and has a true command and control function in the centre — who will quickly learn to shy away from politically sensitive topics and make a real impact on eCriminality.

To summarise then, a welcome to the Home Office for finally finding a small amount of funding for some country-wide ePolicing; but it’s well past time to be working on world-wide initiatives.

California makes it a crime to 'skim' RFID tags

Wed, 01 Oct 2008 20:00:00 +0000

This week, California became the second state to pass a law making it illegal to steal data from RFID (radio frequency identification) cards.

Thoughtcrime

Thu, 25 Sep 2008 09:36:26 +0000

We're developing a "pre-crime detector" that detects hostile thoughts.

If you only read one thing today, let this be it!

Wed, 24 Sep 2008 20:04:06 +0000

Im a big admirer of the man behind the Kaspersky products. Ive watched him and his company become more respected every year.
Read the first 7 paragraphs of this article.
It will give you alot to think about as you travel thru cyberspace.

clipped from www.pcadvisor.co.uk

Eugene Kaspersky: ‘no such thing as 100% secure software’

Kaspersky outlined the alarming, changing nature of the online threat. All malware these days is aimed at one thing: making money. Online crime is a billion dollar industry, he said, and to a certain extent banks accept this, rather than go public with the true extent of the problem and undermine consumer confidence.

India Using Brain Scans to Prove Guilt in Court

Mon, 22 Sep 2008 02:10:22 +0000

This seems like a whole lot of pseudo-science:

The technologies, generally regarded as promising but unproved, have yet to be widely accepted as evidence — except in India, where in recent years judges have begun to admit brain scans. But it was only in June, in a murder case in Pune, in Maharashtra State, that a judge explicitly cited a scan as proof that the suspect’s brain held “experiential knowledge” about the crime that only the killer could possess, sentencing her to life in prison.
[...]

This latest Indian attempt at getting past criminals’ defenses begins with an electroencephalogram, or EEG, in which electrodes are placed on the head to measure electrical waves. The suspect sits in silence, eyes shut. An investigator reads aloud details of the crime — as prosecutors see it — and the resulting brain images are processed using software built in Bangalore.

The software tries to detect whether, when the crime’s details are recited, the brain lights up in specific regions — the areas that, according to the technology’s inventors, show measurable changes when experiences are relived, their smells and sounds summoned back to consciousness. The inventors of the technology claim the system can distinguish between people’s memories of events they witnessed and between deeds they committed.

Nairobi, Mombasa street cameras to tackle crime

Thu, 18 Sep 2008 20:00:00 +0000

The Kenyan government has adopted closed-circuit television (CCTV) cameras to tackle the rising cases of insecurity in the streets, said Bitange Ndemo, permanent secretary in the Ministry of Information and Communication.

Notorious Crime Forum DarkMarket Goes Dark

Wed, 17 Sep 2008 20:07:20 +0000

The top hangout for credit card thieves and phishers announces it's closing its doors, following the arrest of a Turkish hacker -- and alleged kidnapper -- prominent on the site.

EstDomains & Intercage: A Perfect Couple in Crime

Mon, 15 Sep 2008 17:32:00 +0000

If you track malware issues as readily as I do, you're likely aware of the failings of clownpacks like EstDomains and their hosting buddies Atrivo/Intercage. You need only follow Sunbelt's take on the topic, or search Emergingthreats to come up to speed.
Yesterday, EstDomains posted the most inept, ridiculous response ever issued to the endless and worthy criticism, largely leveled by Brian Krebs at the Washington Post.
Not only can't these morons from EstDomains write, they're either so deeply clueless or flagrantly malicious (likely both), it's beyond laughable. This section sums it up best:
"The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality. But the outstanding performance of hosting services is not the sole reason why EstDomains, Inc appreciates this partnership so greatly. Intercage, Inc generously provides EstDomains, Inc specialists with reports regarding discovered malware vehicles. As the main database for additional domain name management services is located in Intercage Data Center, EstDomains, Inc has the perfect opportunity to get notifications of the slightest mark of malware presence in the shortest time and take measures in advance."
What? Really?
Again, aside from the absolute butchery of the language, did they just say "The company also has a reliable ally in its battle against malware in a face of Intercage, Inc which provides company with the hosting services of the highest quality."? SIGH...yes, they did.

Allow me to exemplify just how ridiculous a claim that is.
Following is content from a packet capture I took during a recent Storm worm analysis.

Using the ip2asn module included in NSM-console availabe in HeX, we find:
27595 | 216.255.189.211 | INTERCAGE - InterCage, Inc.

Using Etherape, also included in HeX, we see:

Using Eric Hjelmvik's NetworkMiner, we see:

See the recurring theme? Intercage, EstDomain's "reliable ally in its battle against malware".
Nice work, guys...keep it up.

I'm submitting this to The Daily WTF as we speak.

del.icio.us | digg

Links for 2008-09-10 [del.icio.us]

Wed, 10 Sep 2008 20:00:00 +0000

Paul Melson's Blog: ArcSight User Conference 2008
* Logger 3.0 has adopted a more-ESM-like boolean filter interface. Big improvement over the chained-regex search in 2.5 and earlier. * Demo of Logger 3.0 shows that searches of data (no details on data set) are roughly 80x faster than a similar sized search on 2.5. (The claim is 100x faster, but I counted. Still, that's a significant improvement.) * Hugh has hinted that the slick, high-performance append-only storage stuff that Logger has is going to be integrated into ESM is some release beyond 4.5. That could mean the end of the Oracle / PartitionArchiver storage model.
Splunk Tames the Chaos Brought on by Virtualization : VMblog.com - Virtualization Technology News and Information for Everyone
Existing system management tools were not designed to handle the dynamic nature of virtualization. The Splunk for VMWare Management application includes a VMWare API for data input, over 25 pre-defined searches, alerts, and reports and dashboards specifically designed to monitor key metrics for the VMWare Virtual Infrastructure.
Dorian Software BLOG: Why Your HR Department Will Love Windows Vista, Even If Your IT Department Doesn't.
Event ID 4802 tracks whenever the screensaver is invoked after a group policy-determined idle time. Event ID 4803 tracks whenever the screensaver is dismissed by the logged-on user.
Moderately Idiotic Competitor
But the clever inside criminal is taking all the payroll data from the system that is either off the network or is temporarily down. When the machine comes back up, there is no record of the intrusion and the traditional "inside out" log management system tells the user there is no problem.
Last In - First Out: Presumed Hostile - Your Application is Out to Get You
Help - Eclipse SDK - Working with the Log4J Logging sample
Cartoon 2 from The Data Governance Institute ROI
Eccentric Engineer » Blog Archive » Conf Call Hem and Haw
It’s just a damned centralized-logging platform. Unix sysadmins have been doing those for years. This stuff is about as basic as tying your shoes. All this fluff seems like overkill…but it’s IT…and we have policies.
(ISC)2 Blog: Security metrics: more is not better
Are you Owned? | Roer.Com Information Security Blog
# list of all your profiles online, with your log in. # list of all your IM/e-mail and other communication tools, with log in # list of other sites/tools that requires you to log on. # The lists above should also include each sites URL or contact information for changing passwords, or in worst case shutting them down. # a friends-list who you trust, and who are willing to help you get back your own life online. The purpose is to have them help you rebuild your internet presence. Make sure you agree some way for them to be certain that they are communicating with you, and not someone else.
Industry View: Web Application Security Today - Are We All Insane? - CSO Online - Security and Risk
The problem has gotten so bad that industry sources say most websites hosting malware have been hacked, Google says 1.3 percent of their search queries return malicious content, and Vint Cerf (father of the Internet) approximates that one quarter of all PCs are part of a botnet. Firewalls are not working. Antivirus/spyware is not working, nor are weekly patching, user education, SSL, or "turning off the home computer" as recommended by the FBI cyber-crime website. In what has become an inside joke, every authority says to use these "best-practices" despite their ineffectiveness.
TaoSecurity: Schneier Agrees: Security ROI is "Mostly Bunk"