"Elite cybergangs can no longer make great money stealing and selling personal identity data. Thousands of small-time, copycat data thieves have oversaturated the market, driving prices to commodity levels. Credit card account numbers that once fetched $100 or more, for instance, can be had for $10 or less, says Gunter Ollmann, chief security strategist at IBM ISS, IBM's tech security division."

The announcement is of course Good News — because once the PCeU is up and running next Spring, it should plug (to the limited extent that £2 million a year can plug) the “level 2″ eCrime gap that I’ve written about before. viz: that SOCA tackles “serious and organised crime” (level 3), your local police force tackles local villains (level 1), but if criminals operate outside their force’s area — and on the Internet this is more likely than not — yet they don’t meet SOCA’s threshold, then who is there to deal with them?

In particular, the PCeU is envisaged to be the unit that deals with the intelligence packages coming from the City of London Fraud Squad’s new online Fraud Reporting website (once intended to launch in November 2008, now scheduled for Summer 2009).

Of course everyone expects the website to generate more reports of eCrime than could ever be dealt with (even with much more money), so the effectiveness of the PCeU in dealing with eCriminality will depend upon their prioritisation criteria, and how carefully they select the cases they tackle.

Nevertheless, although the news this week shows that the Home Office have finally understood the need to fund more ePolicing, I don’t think that they are thinking about the problem in a sufficiently global context.

A little history lesson might be in order to explain why.

Back in 1930’s, Bonnie and Clyde and other US bank robbers were using the new-fangled automobile to flee across state lines — creating jurisdictional problems as a result. The US solution was to make bank robbery (along with auto-theft and other related offences) into federal offences rather keeping them as state-specific infractions. In particular this meant that the FBI could provide federal level policing (tracking down and killing John Dillinger for example).

We have the same jurisdictional issues dealing with cyberspace, with criminals in one country fleecing consumers in another while using systems hosted in a third. The Convention on Cybercrime addresses part of the problem by trying to ensure international consistency where eLaws are specifically needed (which of course is only the case for small parts of eCriminality, fraud is fraud whether eEnabled or not). However, there is limited inter-jurisdictional co-ordination for eCrime investigations — for example Interpol (often incorrectly perceived to be international police force) merely keeps a large database and passes faxes from one place to another.

In practice, most cross-border investigations are done as “joint operations” and the jointness is usually very limited — one force does all the legwork and a liaison officer in the other country deals with local paperwork. There’s usually a quid pro quo element to these joint operations, for budgeting reasons if no other.

What isn’t happening, or at least only in a handful of very specialised areas, is any international co-operation in setting priorities or selecting cases to pursue. Every country is doing its own thing about eCrime, and there’s a widespread impression that any criminal who can operate from “across the state line” is essentially immune from serious investigation.

We identified this problem last year when we (Ross Anderson, Rainer Böhme, Tyler Moore and myself) wrote a report on Security Economics and the Internal Market for ENISA. It’s not an easy one to fix whilst politicians (and populaces) are unwilling to see “foreign” police officers operating in their country, and the establishment of a truly international “cyber police force” seems equally unlikely.

Our policy proposal to tackle the issue harks back to WWII’s SHAEF, which has morphed into similar arrangements within NATO. In essence liaison officers from multiple forces would sit around a single table, working with a central coordinator, to set policy and decide which investigations to pursue. They would then communicate back to their own countries, who have specifically budgeted to provide appropriate assistance. So it’s very like “joint operations”, but the scheme is multi-laterial, and has a true command and control function in the centre — who will quickly learn to shy away from politically sensitive topics and make a real impact on eCriminality.

To summarise then, a welcome to the Home Office for finally finding a small amount of funding for some country-wide ePolicing; but it’s well past time to be working on world-wide initiatives.

To start off, Scott gave a very funny Top 10 list: “How the IT world is like our lovable Government and Washington establishment”. (Several of these were LOL for me!) A few of my favorites:

• Each has a different plan for Security
• Both are huge cost centers with creative budget practices
• Both are trying to secure our ports
• Both invented the Internet
• Both generate a log of “hot air”
• Source code and Legislation are equally unreadable and buggy
• Random misuse of power from the Mayflower Hotel to the Datacenter

Scott talked about the world today with millions of new users of the internet, over 10 billion videos watched on the internet on a regular basis and the internet’s impact of disintermediation of traditional revenue producing business models:

• E-bay and Craigslist– disrupts the media business and want-ads revenue stream
• Amazon.com disrupts the book/publishing business and becomes the worlds electronic card catalogue
• Youtube is disinter mediating TV with their videos
• Curriki is creating the new online coarse curriculum displacing scholastic books which we spend $4.3 Billion annually.

(more…)

ShareThis

"I reject the notion that Al Qaeda is waiting for 'the big one' or holding back an attack," Sheehan writes. "A terrorist cell capable of attacking doesn't sit and wait for some more opportune moment. It's not their style, nor is it in the best interest of their operational security. Delaying an attack gives law enforcement more time to detect a plot or penetrate the organization."

Terrorism is not about standing armies, mass movements, riots in the streets or even palace coups. It's about tiny groups that want to make a big bang. So you keep tracking cells and potential cells, and when you find them you destroy them. After Spanish police cornered leading members of the group that attacked trains in Madrid in 2004, they blew themselves up. The threat in Spain declined dramatically.

Indonesia is another case Sheehan and I talked about. Several high-profile associates of bin Laden were nailed there in the two years after 9/11, then sent off to secret CIA prisons for interrogation. The suspects are now at Guantánamo. But suicide bombings continued until police using forensic evidence—pieces of car bombs and pieces of the suicide bombers—tracked down Dr. Azahari bin Husin, "the Demolition Man," and the little group around him. In a November 2005 shootout the cops killed Dr. Azahari and crushed his cell. After that such attacks in Indonesia stopped.

The drive to obliterate the remaining hives of Al Qaeda training activity along the Afghanistan-Pakistan frontier and those that developed in some corners of Iraq after the U.S. invasion in 2003 needs to continue, says Sheehan. It's especially important to keep wanna-be jihadists in the West from joining with more experienced fighters who can give them hands-on weapons and explosives training. When left to their own devices, as it were, most homegrown terrorists can't cut it. For example, on July 7, 2005, four bombers blew themselves up on public transport in London, killing 56 people. Two of those bombers had trained in Pakistan. Another cell tried to do the same thing two weeks later, but its members had less foreign training, or none. All the bombs were duds.

[...]

Sir David Omand, who used to head Britain's version of the National Security Agency and oversaw its entire intelligence establishment from the Cabinet Office earlier this decade, described terrorism as "one corner" of the global security threat posed by weapons proliferation and political instability. That in turn is only one of three major dangers facing the world over the next few years. The others are the deteriorating environment and a meltdown of the global economy. Putting terrorism in perspective, said Sir David, "leads naturally to a risk management approach, which is very different from what we've heard from Washington these last few years, which is to 'eliminate the threat'."

Yet when I asked the panelists at the forum if Al Qaeda has been overrated, suggesting as Sheehan does that most of its recruits are bunglers, all shook their heads. Nobody wants to say such a thing on the record, in case there's another attack tomorrow and their remarks get quoted back to them.

That's part of what makes Sheehan so refreshing. He knows there's a big risk that he'll be misinterpreted; he'll be called soft on terror by ass-covering bureaucrats, breathless reporters and fear-peddling politicians. And yet he charges ahead. He expects another attack sometime, somewhere. He hopes it won't be made to seem more apocalyptic than it is. "Don't overhype it, because that's what Al Qaeda wants you to do. Terrorism is about psychology." In the meantime, said Sheehan, finishing his fruit juice, "the relentless 24/7 job for people like me is to find and crush those guys."

I've ordered Sheehan's book, Crush the Cell: How to Defeat Terrorism Without Terrorizing Ourselves.

From: XXXXX
To: mike_rothman@XXXXXX
Subject: RE: Att.
Date: Thu, 7 Feb 2008 22:36:52 +0100


Dear mr Rothman,

I do not know you either, so I will send you some pictures of my estate in Germany, you can look at it at google earth from above. Sended you the adress before.

XXXXXX
Barendorf
Germany

#############

My age is 50, married with a German Lady, having two Sons.


Further, I 'am not interested in the company you are working for, only how to get the money to Germany. BUSINESS ! ! !

Now it's your turn.


Sincerely

XXXXXXXXXXX

---

From: mike_rothman@XXXXXX
To: XXXXXXXXX
Subject: Att.
Date: Thu, 7 Feb 2008 21:25:38 +0100

Att. XXXXX,
I received your quick response to my proposal. To formally introduce my self to you, I am an old top banker and have worked with Scottish Investment Trust for so many as one of their fund manager. I am an international staff, presently in Scotland office.
Scottish Investment Company is registered in Scotland number 1651. I started work with SIT 2004 and I am responsible for the European Jurisdiction Equity. I was with Abbey National Asset mangers before I moved to SIT, and a member of CFA institute.
I graduated from University of Dundee and Edinburgh where I got my BSc and MBA in civil engineering respectively.
First, I believe it is necessary for me to express my profound gratitude to you for even responding to my email with interest. I am obliged to you for your gracious concern and I hope your assistance is really genuine, although through your email I would know if I could count on you at least to an extent.
I sincerely, appreciate your interest to assist me in this project. I need a reliable foreigner who would be of assistance to me in order to have the funds transferred.
However, I would like to be convinced of your willingness, commitment and most of all your trustworthiness to execute this deal with me. I certainly cannot compromise any of these virtues, you know what I mean, and I have my principles.
Without doubt, you will eventually earn the benefits or our partnership if we are able to work things out and have the funds relocated within couple of weeks or thereabout and thereafter disbursed to your other respective accounts.
Indeed, it is necessary for me to be certain of the person to whom I will be entrusting this deal, my trust will definitely not be given out lightly, I need to be fully convinced that you are a matured person with some integrity, we should at least have respect for each other, this I would say is very essential.

Scottish Investment Trust (SIT) was founded in 1887; The Scottish Investment Trust (SIT) today is one of the world’s oldest and largest independent, self-managed investment trusts with assets of over £45 billion at 30 September 2007.
We have been working to provide solid returns for investors for over 115 years - through a number of bull and bear markets and the most volatile conditions. Our approach has generated real long term growth in both capital and income.
When you invest in SIT you are buying shares in a company that invests in the stocks and shares of companies on the world's major stockmarkets. Your investment has the potential to grow both through incomes from dividends and through capital growth from increases in share price.
SIT has a diversified equity portfolio and invests in a broad spread of international equities. Although there is always an element of risk involved in any stockmarket investment, we aim to lower this by spreading investment over numerous companies and sectors around the world, while actively searching for opportunities to benefit our investors and maximise returns.
We aim to provide steady growth in both capital and income, whilst prudently spreading investment risk. We consider these to be the key requirements for anyone seeking a solid core holding for their investment planning.

However, in my First Email Proposal to you, I stated that the said funds came out as a result of the following:
""I handle all our Investor's Direct Capital Funds and secretly extract 1.3% Excess Maximum Return Capital Profit (EMRCP) per annum on each of the Investor's Magellan Capital Funds.
As an expert, I have made over £27.4m from the Investor's EMRCP and hereby looking
for someone to trust who will stand as an Investor to receive the funds as Annual Investment Proceeds from Scottish Magellan Capital Funds.

EXPLANATION: I have more than 158 Corporate Investors attached to my PORTFOLIO who’s Capital Investment Funds are been managed and administered by me alone.
This Capital Investment Funds has a value of US$5.4Billion FIXED. The $5.4billion is been used for trading in Stock Market, Crude Oil and Lending with Profit Returns.
Every Year, each Corporate Investor is expected to receive 20% interest from his total Investment Capital Funds which is paid to the Investor annually as their Excess Maximum Return Capital Profit (EMRCP). However, I made average of 21.3% from the Investor's Investment Capital Funds annually, which have exceeded our targeted 20% of Total Investment Capital Funds. On this note, I retained the extra 1.3% from the 21.3% as my personal profits for managing the Capital Investment which is this £27.4m. On the other hands, I cannot claim this funds without presenting someone to stand as an Investor otherwise our Establishment will convert the funds into the Company's Treasury. This is why I came to you for the deal to take place.
DURATION: If you are very serious as I am, we will have this transaction concluded with 25 Banking days from the date of start.
However, for such a business of lofty magnitude, I think the most important thing is for us to build a strong association between each other so that I can be able to trust you because I have been betrayed by so many people even by my co workers that I have now decided to play my cards very close to my chest. I will like this deal to be secret and confidential. No third party. Just between you and me. Do not discuss it with any Scottish Investment staff to avoid jeopardizing my work and position.

Before we go into this deal, I will like to know about you.
Following this mail, send me your telephone number so I can call you to discuss on the modalities of the transaction. You may as well call me on my number +4XXXX so that we can discuss on the modalities of the transaction.
Sincerely
Mike Rothman

---

From: XXXX
To: mike_rothman@XXXXX
Subject:
Date: Thu, 7 Feb 2008 13:09:36 +0100



Dear mr. Rothman,

I'am a businessman, Dutch, living and working in Germany have several companies.

off course I'am interested for the 30%.

When this is phishing I'am not interested and can you better try to find someone else.
I will not pay any money for taxes, transport, lawyers, barristers or others.


Sincerely


XXXXXXX

1. The complicated story - The scammer uses a fairly complicated story, which would really require an investment professional to figure out whether it's kosher or not. But all that complicated vernacular contributes to building a credible front in the form of the Scottish Investment Trust, which is a global and well known investment house.
   
   
2. The request for "confidentiality" - The fact that this guy is claiming that he's got some additional funds because he "out-performed" sound like a hoax to me. Also the fact that he's requested confidentiality, even from other SIT personnel means this is a ruse.
   
   
3. The fact that he needs a "foreigner" to place the money - Again, this just sounds funky. If he outperformed the expectation, I'm sure he'd be due a nice bonus from SIT. Not an illicit $35 million dollar payout that he needs to get out of the country.
   
   
4. Other inconsistencies - You can't see the domain (I removed it), but it's a public email service in Australia. Yet the phone number he provided (I removed that also) is in the UK. These are inconsistencies that you need to catch.