Last week at Virus Bulletin in 2012, Tyler Moore of Southern Methodist University (SMU) gave a talk entitled "Measuring the cost of cyber crime." It was a study done in collaboration with multiple individuals in multiple countries. The study sought to answer this question - How much does cyber crime cost? Up until this point, nobody really knew. more
Every now and again a report flies across the network about the police breaking down someone's door and attempting to arrest the home owner for bad things online - assuming that whatever happened from that person's Internet connection is their fault. Now there are lots of problems with this - lots of problems. But one of the big ones is that anyone can access an open access point... more
Question: why has air travel become so painful? Because the threat posed by bad actors requires making everyone jump through hoops before letting them board a plane. To the point that, despite obvious requirements to ensure air safety, some are now openly questioning if the cure is not worse than the disease. Registering a domain name could be about to go the same way. more
The Microsoft action against 3322.org, a Chinese company, started with the news that computers were infected during the production phase. Stepping away from the controversy surrounding the approach, there are important lessons that cyber security officials and upper management, deciding on the level of and budget for cyber security in organisations should learn and take into account. I'm writing this contribution from a premise: China uses the fact that most IT devices are built in China to its advantage. Allow me to start with an account from personal memory to set the stage. more
Today I released a report on 'National cyber crime and online threats reporting centres. A study into national and international cooperation'. Mitigating online threats and the subsequent enforcing of violations of laws often involves many different organisations and countries. Many countries are presently engaged in erecting national centres aimed at reporting cyber crime, spam or botnet mitigation. more
I will first begin this post by emphasizing that this article is entirely my personal viewpoint and not to be considered as endorsed by or a viewpoint of my employer or any other organization that I am affiliated with. Neither is this to be considered an indictment of the sterling work (which I personally value very highly) that several people in Microsoft are doing against cybercrime. Microsoft's takedown of 3322.org to disrupt the Nitol botnet is partial and will, at best, have a temporary effect on the botnet itself... more
Reading this morning's blog from Microsoft about "Operation b70" left me wondering a lot of things. Most analysts within the botnet field are more than familiar with 3322.org - a free dynamic DNS provider based in China known to be unresponsive to abuse notifications and a popular home to domain names used extensively for malicious purposes - and its links to several botnets around the world. more
Australians may lose their right to privacy online if the attorney-general has her way. Nicola Roxon's discussion paper is before a parliamentary inquiry. Proposals include storing the social media and other online and telecommunications data of Australians for two years, under a major overhaul of Australia's surveillance laws. The government passed a toned down version of these proposals last week, giving police the power to force telcos to store data on customers for a specific period while a warrant is sought. more
The President and Congress are deliberating how best to ensure appropriate cybersecurity protection for private sector critical infrastructure. Legislative action and Executive Order are both under consideration. It is possible, however, that the White House Office of Management and Budget (OMB) already has sufficient statutory authority to enact new cybersecurity regulations through the normal notice-and-comment rulemaking process. more
While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more