Get Smart about Business Spending
(continued from previous page)
adware industry; it's about trying to identify the players operating on the margins, who make things more complicated for everybody. Beyond that, you address the idea of criminalizing the behavior, and that's important too.
So, we need more complex regulations that define spyware and adware properly?
Yes. And there has to be a global context too. We're very interested in advocating for senate ratification of the Council of Europe's Convention on Cybercrime. That would help create a global framework for people to investigate and prosecute cybercriminals. If we look at Can-Spam, it was well intentioned, but it drove everyone overseas. And the Council of Europe's Convention will help us go after cybercriminals around the world.
Isn't a big part of the problem found in the idea that law enforcement doesn't have the time, money or manpower to effectively pursue cyberthreats?
Kurtz: Resources are certainly an issue. But again, with the Council of Europe's Convention, we've seen that with the laws in place, people can be effectively prosecuted. In other words, if the convention is ratified, with the new reach in U.S. law, we could see people prosecuted overseas.
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
But it would seem that we'd still need help on the ground in those countries--and here--to really deter this behavior.
Kurtz: The Convention would at least help to level the playing field. Prosecutors in the U.S. still do not have a reasonable expectation of successfully prosecuting people in these regions. The U.S. cannot
Not to harp on the matter, but people seem discouraged that even when the criminals are found, it's very hard to prosecute them.
Kurtz: I wouldn't dispute that. Having the laws is not a panacea, it's a first step. And it will help to add more law enforcement resources--and that's another step. No matter what, you're still going to see these attacks. That's where we'll still need technology to help us protect ourselves.
One of the important things about this organization is to look across the scope from the simple awareness of cybersecurity as a safety issue to building up education in cybersecurity, to looking at the policy implications of what the executive and legislative branches are considering, to looking at criminal behavior and increasing penalties. We have to look at the whole picture.
The rise of online fraud seems to stand as one of the larger technological threats to national security, as it could enable terrorists to raise funds. Will there be more federal action around cybercrime if homeland security is factored into discussions?
Kurtz: I think there is some value in that concept. For one thing, we've seen a change in hacking behavior over the last year-and-a-half, where the activity is now being conducted for a profit. There's a lot of money being raked in. Some numbers I've seen indicate that 5 percent of all phishing attacks are successful, which is scary when you consider the volume in these attacks that we're seeing.
But is phishing a threat to national security?
Kurtz: I think there's cause for concern when you consider the potential nexus between hacking for profit, organized crime and extremist or terrorist elements.
A lot of people, when they speak of cyberterror, are speaking in limited terms about people launching cyberattacks--mainly denial-of-service scenarios. I'm not pushing that off the table, but this other idea may be far more serious. And I frankly don't feel that we have a good
I refer to Paul Kurtz's comments below:
***********************************************
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
*************************************************
I'm from Singapore and I strongly disagree that Singapore is "where a lot of this stuff is coming from". Please see the difference between Malaysia, Indonesia, Philippines AND Singapore.
Singapore is an island state with a strong and fair legal framework. We have a certain level of technological capability too.
BUT it is most unreasonable to label Singapore as a source where spyware writers/host are from. In fact Singapore takes a very serious stance on cybercrime. How many spyware, virus, worm were ever traced to Singapore? I believe none so far.
Asia may be a region where spyware writers come from, but pls do differentiate the difference between each country. I would welcome you visit Singapore one day and experience for yourself the uniqueness of Singapore and the culture we have. I'm sure you will not find cyber rogue as part of our society.
Cheers
Soo Koon
I refer to Paul Kurtz's comments below:
***********************************************
However, we know that the practical implications of actually succeeding in prosecuting people out of the country are still not high. The Convention could help change this. And if we can get countries like the Philippines, Singapore, Malaysia and Indonesia--where a lot of this stuff is coming from--to sign off, we can get the framework to pursue cybercriminals on a more worldwide level.
*************************************************
I'm from Singapore and I strongly disagree that Singapore is "where a lot of this stuff is coming from". Please see the difference between Malaysia, Indonesia, Philippines AND Singapore.
Singapore is an island state with a strong and fair legal framework. We have a certain level of technological capability too.
BUT it is most unreasonable to label Singapore as a source where spyware writers/host are from. In fact Singapore takes a very serious stance on cybercrime. How many spyware, virus, worm were ever traced to Singapore? I believe none so far.
Asia may be a region where spyware writers come from, but pls do differentiate the difference between each country. I would welcome you visit Singapore one day and experience for yourself the uniqueness of Singapore and the culture we have. I'm sure you will not find cyber rogue as part of our society.
Cheers
Soo Koon
- One time, re-usable passwords
- by s0ndra May 16, 2005 6:08 AM PDT
- Retool the password for one-time reuseable passwords and secure access to any computer, ATM, cell phone forever. SJS:)
- Like this Reply to this comment
-
(4 Comments)