April 4 2008 by The Systemic Analyst.

MessageLabs has put out a wonderful paper entitled The Online Shadow Economy. It details just how advanced the business of cyber crime has become and should be a must read for everyone. The report is short and easy to read. I encourage everyone, not just techies, to take a look at it.

Posted in Cyber Crime | No Comments »

March 4 2008 by The Systemic Analyst.

Anyone interested in the different types of Identity Theft should read Lanny Britnell’s article entitled “The Changing Face of Identity Theft” originally published in the American Chronicle. In it, the author outlines several types including, “True Name”, Medical, Criminal and Synthetic Identity Theft.

Posted in Identity Management, Cyber Crime, North America | No Comments »

February 12 2008 by The Systemic Analyst.

ISN Security Watch has reported that “2008 will see an expansion of economic espionage in which nation-states and companies will use cybertheft of data to gain economic advantage in multinational deals.” Is this so much an expansion of a social-ill, or a facilitation?

As with many unsavoury issues related to the internet, such as cyber crime or bullying, this latest threat has its roots firmly planted outside of the cyber-world in physical reality. Contrary to what many would like to believe, insider trading and corporate espionage are nothing new, they didn’t just appear as a one-off Enron fiasco and they continue to occur in the U.S. and elsewhere every day. In fact, the bigger the business the more likely such grey-area techniques are used to gain an advantage over the competition. In many resource-rich developing countries, it’s common practice for some foreign-nationals to bug the meeting rooms and offices of potential clients in order to rig bids for lucrative contracts, guaranteeing success over competitors. That such tactics should be transferred to a cyber-world should come as no surprise.

Quite possibly because it makes better news, we have a tendency to splash our headlines with the latest technological scare. We are constantly warning the public of the dangers lurking everywhere in an e-environment: Mind your on-line behaviour facebook isn’t as private as you think, Cyber-bullying will destroy your child, Beware of cyber-crime, your identity is at risk! As a result, our focus is always directed on the technology, rendering the internet and other tools the risk as opposed to what actually is the threat.

Unfortunately, the fault is not to be found with technology, but with humans. If anything, something like the internet should be considered as somewhat of a mirror or looking-glass that only reflects the behaviour and flaws of humans, magnifying those tendencies back at us. Thus, old scams that prey on human weaknesses, such as greed, are facilitated through e-mail increasing the rate of such crime. Likewise, bullying which for so long has been ignored in our schools is only aggravated, becoming pervasive and unrelenting for victims. Economic espionage, like any other business process, is more accessible and streamlined. These threats aren’t new, however, they are just being facilitated through advancing technology.

Until we shift our focus away from the technology and onto the underlying threat that is human nature, these problems will only continue to worsen. As with many security related issues, our attention is misplaced on the immediate consequences - the tools, the victims or the crimes. As a result, we don’t dig beneath the surface of the situation to address the true source of the problem. Behind every issue undoubtedly stands a human. Our approach to security must begin to accept this fundamental principle if we are ever to achieve stability.

Posted in Identity Management, Cyber Crime, North America | No Comments »

February 12 2008 by The Systemic Analyst.

The Wall Street Journal has reported that “President Bush has promised…an estimated $6 billion to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers.” Coming from the same government that enlisted the help of communications service providers to unlawfully spy on its own citizens, this plan seems more than a little questionable. Moreover, governments, like most big bureaucracy, tend to be the least effective at countering cyber-threats.

It will be interesting to watch this initiative as it moves forward. At least when it fails to protect against external cyber-threats, the government will have a fairly decent dossier built on the activities of those companies remaining in the U.S.

Posted in Cyber Crime, North America | No Comments »

December 11 2007 by The Systemic Analyst.

Here is an interesting website called The Technology Liberation Front, which has as its catch phrase, “The real problem is not whether machines think but whether men do.” The short commentary entitled “Welcome to the United States, Criminal Suspect!” discussing the 2 to 10 fingerprint scan foreign visitors to the U.S. should now expect upon entering or leaving the country first drew us to the site, but further investigation revealed many articles worth a perusal.

Posted in Cyber Crime | No Comments »

December 5 2007 by The Systemic Analyst.

At least something good might come out of the gross loss of personal data in the British child benefits information leakage. The incident, which entailed the loss of personal information for some 25 million people across the U.K., has brought about a reassessment of plans for a new, high-tech national identity document. Although a seemingly small silver lining in a very dark cloud, the child benefits incident (and resultant reassessment) could ward off an even larger storm.

Leaders of many countries have been all too quick to look upon technology as the ultimate security solution. Unfortunately, technology, as good as it is, can only ever offer humans assistance in answering our problems. No matter what the technology used, human beings will still be involved in the installation and maintenance of any system, resulting in the same gaping security holes existing today. Furthermore, the misplaced dependency on technology to fix human problems only leaves the many human issues that breed insecurity completely ignored and unsolved.

The use of biometrics in national identity documents has never been a good idea, something on which we at International Perspectives have commented widely. That is not to say that biometric technologies are not a useful tool, indeed, in access control management it provides a good degree of security and ex post facto review on security breaches and as an identification tool for police, biometrics are invaluable. The optimum word here, though, is tool, not solution.

National Security, and indeed most other types of security, will only ever be increased with a fundamental shift in perspective as to how security is approached. Increasing focus on the human factor and what drives people to behave in certain ways must absolutely be addressed if security is to be improved.

Relying upon technology to solve those problems will only breed more problems. The lost disc fiasco in the UK should stand as a testament to what further complications can arise from depending on technology to increase security. Consider what the state of security will be when the same humans maintaining a large centralized identity database loose biometric information among other details of yet another 25 million people.

Posted in Identity Management, Cyber Crime, Europe | No Comments »

November 27 2007 by The Systemic Analyst.

Here is an interesting article from The Record:

“A first review of Secret Service files has found that only half of identity-theft cases involved technological devices, such as computers, scanners and digital cameras, and only 10 percent were done exclusively through the Internet.

Some low-tech tactics in the other cases included rerouting mail by sending change of address requests to institutions handling credit card and bank accounts, swiping items right from residents’ mailboxes and “Dumpster diving” — going through trash for information used to produce counterfeit documents and to open credit accounts.

Researchers from Utica College’s Center for Identity Management and Information Protection analyzed 517 closed Secret Service cases of ID theft from 2000 to 2006. It was the first study of such files from the federal agency, which is responsible for investigating identity theft and fraud.

Among their findings:A fifth of the time, identity thieves stole personal data at their workplace. Of those, 60 percent were employed in places such as stores, car dealerships, gas stations, casinos, restaurants, hotels, hospitals and doctors’ offices.

Another 22 percent worked for financial services, such as banks and credit card companies, and 9 percent were in government.

• The thief was a relative or friend of the victim 16 percent of the time.

• Personal information was stolen from someone’s home, car, wallet or pocketbook 12 percent of the time.

• Most of the thefts occurred in the Northeast and the South.

• The median loss was about $31,000, although in one case a thief spent millions on luxury vehicles and established shell companies to defraud more victims.

The study follows a recent Consumer Reports poll that found Americans overwhelmingly believe they are more vulnerable to identity theft when a business has their Social Security number. Most respondents said they want companies to stop using the numbers to identify customers.

A Social Security number, coupled with a date of birth and address, is the holy grail for identity thieves, said Cindy Wofford, special agent in charge of the Secret Service’s Newark, N.J., field office.

“Those three things together identify you,” she said. Personal information should never be given out over the telephone or Internet unless you know whom you’re dealing with, she said.

In addition to shredding documents before discarding them, Wofford recommends not storing any passwords on your computer’s hard drive. Hackers know how to retrieve them, she said.

Additionally, Postal Inspector Douglas Bem said residents shouldn’t use their home mailboxes for outgoing mail. And by no means should they raise the flag on the box if they do. “That’s as much an indicator to a thief as it would be to a letter carrier that there’s mail to be had,” he said.

Bem said there were few instances in which identity thieves rerouted mail by submitting a change of address card to the postal service. In the overwhelming majority of cases, he said, “the change of address was actually done directly with the bank or financial institution” that held the victim’s personal information.

“Many times we see mail that is stolen by organized groups who may have infiltrated airlines or private delivery companies or private mail rooms,” Bem said. “It even occurs when couriers hired by the banks and financial institutions are picking up mail from post offices. It’s not all residential mailboxes —not by any stretch.”

High-tech versus no-tech

High-tech theft: 49 percentUse of the Internet (e-mail, phishing,hacking, malware/viruses)Technological devices (i.e., computers, scanners, digital cameras)

No-tech theft: 51 percentIncludes rerouting of bank and credit card mail, mail theft, Dumpster diving, public records.”

Posted in Cyber Crime | No Comments »

November 7 2007 by The Systemic Analyst.

The following is an article by Brandon Dimmel published in the Infopackets Gazette:

The government doesn’t understand cybercrime. For many, that might not be much of a surprise, but the fact alone is enough to prevent any real measures in defending against the rapid growth of malicious activity on the Internet.

According to a report last week by Toronto, Ontario’s International Perspectives research group, the most significant barrier between government bodies and their ability to do something about cybercrime is simply their ignorance on the topic. Alicia Wanless, executive director of International Perspectives, argues, “I think it’s difficult for the average person to get a grasp of what it is, the ‘cyber’ in front of it makes it seem as though it’s some new type of crime…In most cases it’s traditional crime that’s been facilitated by ICT (information and communications technology).”

In other words, the fact that it doesn’t feature a gun or a bank makes it seem foreign, and perhaps less threatening. And yet, there are still innocent hostages caught in between. (Source: intergovworld.com)

International Perspectives argues that all governments should pursue more than just remote education campaigns. A few websites here and there, well out of the public eye, simply won’t prepare anyone for the realities of the Internet. “There’s been a lack of adequate movement towards countering cybercrime, just even on a public awareness level — putting up Web sites isn’t enough,” Wanless said. (Source: pcworld.com)

Instead, education must be direct. Wanless and her fellow researchers believe a strong tactic would be instituting web crime education into the curriculums of college and unversity courses.

Three major recommendations were recommended by International Perspectives for governments:

One, establish an independent agency to actively pursue cybercriminals.

Two, fund a body that can investigate cybercrime and its impact on society. That group should feature diverse professionals, including security experts, academics in the field, and lawyers.

Third, ensure that activity posing a threat is criminalized, and soon. Above all, it’s about time we started taking these crimes and their criminals seriously.

According to Wanless, it can be a chain reaction. “If individuals start accepting their own responsibility in this, and they get active and interested, then their bosses will, and then politicians will.”

To purchase a copy of ‘Countering Cyber Crime: It’s Everyone’s Responsibility’, which offers simple ways individuals and organizations can effectively counter cyber crime, click here. International Perspectives is proud to be a part of IT Security Week this November, for more information click here.

Posted in In The News, Cyber Crime, North America | No Comments »

November 5 2007 by The Systemic Analyst.

Originally published on InterGovWorld.com:

The term cyber crime continues to present challenges in effectively countering illicit activity involving computers and networks. For the segment of society not turned off by the word cyber, the thought of crime seems to render the wider concept a problem of just law enforcement or government.

Effectively combating cyber crime, however, must include efforts and initiatives involving individuals and organizations outside of the public sector. A shift in government focus that expands to include funding initiatives beyond just those of law enforcement and academia is imperative in a serious bid to curtail widespread cyber crime.

Government focus as well as funding must include widespread education campaigns geared at raising awareness of the threat of cyber crime among the general public. Increased vigilance on the part of every individual around online activity, electronic banking transactions and disclosure of personal information will have a far greater impact in countering cyber crime than any police-based initiative ever could.

Raising the awareness of average computer users, however, will not occur through the commissioning of expensive studies on cyber crime in Canada. Unfortunately, most Canadians will never take the time to read such analysis. More effective spending on education campaigns would target audiences of mass media, through catchy television commercials or advertisements in public transportation.

Educating young computer users is just as imperative as educating police. Instructing young children and youth on the ethics of computer use, the risks of poor online practice and dispelling myths around on-line anonymity and other cyber legends will change the direction of an entire generation of plugged-in citizens.

Encouraging industry to reasonably promote security will help engage individuals in being vigilant. Marketing products as “simply secure” - meaning all the user needs to do is plug this box or install that software to ensure absolute security - should be discouraged. Humans by nature seek easy solutions. Misleading the average user into a false sense of security is just as bad as publicly assuring the masses that the government through funding schemes and increased policing has cyber crime under control.

Cyber crime is not limited to child exploitation alone. Although politically interjecting the specific crime of child exploitation and trafficking helps to gain support, increased attention must be given to the growing rates of fraud, money laundering and other crimes also facilitated by information communication technologies. Focusing on only one aspect of the problem at the expense of others will do little in the overall countering of cyber crime.

While law enforcement does face unique challenges in countering cyber crime, increased funding and education alone will not address many of those difficulties. As with similar issues experienced in government, the bureaucratic nature of many law enforcement agencies coupled with stifling hiring practices prevent the openness and innovation necessary to address the threat of cyber crime.

In an age when the focus of security has increasingly turned towards countering terrorism and the role of technology, past notions of policing need to be assessed. Indeed, it is quite likely that our traditional reactionary approaches are ill-equipped to handle threats such as cyber crime. As a result, new thinking around how such threats are approached, outside of the traditional law enforcement and defence arenas, should be considered. Such approaches must take into consideration, as well as engage, the many people who currently look towards the government for solutions.

To purchase a copy of ‘Countering Cyber Crime: It’s Everyone’s Responsibility’, which offers simple ways individuals and organizations can effectively counter cyber crime, click here. International Perspectives is proud to be a part of IT Security Week this November, for more information click here.

Posted in In The News, Cyber Crime, North America | No Comments »

November 5 2007 by The Systemic Analyst.

Here is an interesting story from Reuters:

“China’s battle against fake and substandard drugs has taken an unusual twist with the discovery of a Web site masquerading as that of the country’s food and drug watchdog.

The site was apparently set up to promote a diabetes medication, according to a report on government-run Web site china.com.

While looking very similar to the State Food and Drug Administration’s real site (www.sda.gov.cn), it has a totally different address — and was still functioning Thursday.

“This site is definitely not for real,” an official at the regulator was quoted as saying. “These lawbreakers have got some balls!”

The fake site (http://www.tnb163.cn/sdfs/index.htm) can be accessed from another purporting to be from a research institute promoting the miracle benefits of a new diabetes drug. But not only is that site a fake, the drug is too, the report added.

The link takes users to a false page on the watchdog’s site which lists all the country’s officially approved drugs, to give the impression that the drug is recognized.

Calls to the regulator were not answered.

China is in the midst of a crackdown on makers of shoddy drugs following a series of scandals at home and abroad which have tainted the country’s reputation.”

Posted in Cyber Crime, North America | No Comments »