Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Policy Development - Cyber Security
#1
The phenomenon of Internet crime is one that has only appeared in the last 30 odd years.


The subject itself covers the whole spectrum of issues from insecure internet sites, the hacking and theft of corporate and personal data, to denial of service attack’s for financial or political gain.

Cybercrime is now seeing a greater visibility, but much of this is pre-occupied with state sponsor cyber warfare, industrial espionage and organiser crime.

Police forces, their resources already spread thin are ill equipped to tackle Internet crime and national initiatives have focused on high level issues such as Islamic extremism, and not local threats.

Child protection and the investigation of alleged child exploitation now take up a disproportionate amount of time and resources for law enforcement agencies.

An emphasis on community policing and boots on the ground lead to the loss of 1500 fraud prevention offices from the national police force in previous decades, further undermining policing.

With arbitrary thresh holds set on the value of fraud needed to trigger an investigation, it is likely that a whole generation of low value internet fraudsters has emerged, unlikely to ever be discovered or prosecuted as long as they pursue a low profile career in crime.

Early December saw a denial of service attack on the home routers of a number of home broadband supplier’s most noticeable customers of Deutsche Telekom , the UK Post Office and TalkTalk.

Un-identified hackers had exploited a known deficiency in the software in certain models of home broadband wireless routers to swamp the routers with white noise generated by a piece of malware or malicious software which infected the router itself.

Home routers are bought in bulk from the manufactures and supplied to the customer with a company logo on it, but seemingly with no attempt to patch know software bugs or change widely known default administration passwords.

Many internet providers are competing on price not service, not least because of a high customer churn rate, and any additional customisation is an incurred cost to be avoided.

Computer operating system vulnerabilities remain a strong issue. With the Microsoft Windows operating systems almost total domination of the computer market, it represents a potential single point of failure.

Microsoft has attempted to avoid a repeat of the security issues with the Windows XP operating system, by designing a mechanism to in effect coerce users to upgrade to Windows 10 by persistent and intrusive alert boxes and arguably miss-leading inducements know as dark patterns.

Although this will gradual reduce the volume of laptops open to exploitation, significant reservoir of Windows XP machine remain alive, often infected with malicious software, and unlikely to be retired or replaced for years to come.

The use of Windows Update to force people to upgrade though does have one serious drawback. Its arbitrary nature and the disruption it causes has meant many people simply turn the feature off as being inconvenient, and therefore never receive important updates.

With Windows XP these included periodic updates to the Malicious Software Removal tool which was used to quietly dis-infect afflicted machine, although a body of opinion believed the running of the software and its automatic modification of system files in itself breached privacy laws.

Many of these compromised machines, both private and commercial, are, grouped together into networks of  remotely controlled computers called botnets, and used to co-ordinate denial of service attacks, swamping chosen website with fake network traffic to slow or disable them.

As society moved towards the nebulous phenomenon of the Internet of things, in which every one of your home appliances is connected to the Internet, from home heating to fridges, a more encompassing approach to internet security needs to emerge.

Hijacking of webcams is already a known issue, with victims blackmailed or exploited, as is the issue with user’s disc drivers being maliciously encrypted to force payment in Bitcoins, to have them unlocked.

A policy of better education, better provision of safe guards, and better policing all contribute to a safer computer environment. The government’s flagship initiative the National Cyber Security Centre is a positive step and should be applauded for bringing the subject into the public domain.

Software and hardware vendors, along with broadband suppliers need to take steps to offer more robust security.

It has been said that it will take several more generations before the general populous are wholly computer literate, but people continue to be defrauded due to a combination of gullibility and a lack of basic IT security education.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)