IT chiefs demand centralised e-crime unit
Cybercrime reporting confusion
The HMRC child benefit data loss debacle has reinvigorated calls to establish a central police unit to tackle cybercrime. Business leaders are expressing concern that not enough is being done to help victims of computer crime, who are unsure of who to turn to in the event of being subjected to computer-related fraud or attack.
David Roberts, chief executive of the Corporate IT Forum, said IT directors are starting to believe that the government is failing to prioritise the fight against cybercrime.
"There is no source to go to to report e-crime, other than the local police station – and they have very little understanding of it. It is a significant problem," Roberts told the Financial Times.
The National High Tech Crime Unit maintained a close relationship with industry, however, since the specialist unit merged other agencies to form the larger Serious Organised Crime Agency (Soca) in April 2006 there has been less contact.
Instead of reporting cybercrime to the police, the public is encouraged to report fraud to their banks, a policy criticised by a House of Lords select committee and security researchers. Soca itself only takes reports of cybercrime indirectly, and tackles only the largest cases.
These changes have "reduced the focus on 'everyday' computer crime that is relevant to UK business and the general public", ICI global information security director Paul Simmonds said.
The recent HMRC loss of a CD containing 25 million records has brought heightened attention to a debate that has been raging quietly for some time. Even though the unencrypted discs have probably simply been mislaid rather than fallen into the hands of cybercrooks, the incident has highlighted concerns about a lack of information on the extent of cybercrime.
A petition calling on rapid action on funding for a central police co-ordination unit proposed by the Metropolitan Police and the Association of Chief Police Officers (ACPO) has attracted the support of security experts among its 215 signatories thus far. ACPO has submitted its proposals, but the Home Office says it needs further "clarification on detail and costs".
An e-crime study by the science and technology committee of the House of Lords also made proposals designed to address the lack of authoritative data on incidents of cybercrime, via the establishment of a national e-crime unit.
The government rejected these proposals, to the consternation of security experts, in a move that suggests that ACPO will have an uphill battle getting its cybercrime concerns addressed in the corridors of power. ®
Stop e-crime by blocking port-25 on dynamically-assigned IP addresses
Stopping spam and e-fraud is easy.
All ISP's must impliment a port-25 out-bound block on their network boundary from all customers with dynamically-assigned IP addresses.
This will prevent customer machines that are trojanized (or otherwise part of a bot-net) from participating in direct-to-mx e-mail campaigns that are the source of most of the world's spam and phishing / fraud attempts.
Any customers who actually still use pop-mail must send mail through their ISP's out-bound MTA or connect to an external MTA on a port other than 25.
Why isin't that solution being called for?
The blame game
An e-crime unit - what a joke.
For about 6 months I created\implemented a company policy of reporting phishing scams for run of the mill and banking scams. These consisted of notifying the Met & OFT.
Primarily the emails were intercepted by their own mail security as being recognised as phishing scams so the recipients on the other end were unable to receive them. After a process being created to allow reporting I started to realise that I may just have been the only person in the country to actually report these.
Needless to say I was asked only to send one of each type of scan caught by our mail security as they had very little resources to even log the issues never mind deal with them- I advised I was only sending one of each type!!!
This example of one tiny corner of 'Cyber Crime' [I too feel this term has no meaning] as they put it show just how unprepared the police force & authorities are. I think we have devolved into a culture where the police are encouraged by the political authorities to be seen to be dealing with problems yet not actually do this as it takes too much time & the quick wins - shoplifters, shoplifters ....eh...... shoplifters are dealt with as the police get an instant brownie point for these but not the more relevant ones.
Anyway, the police force wouldn't pay the wages for someone who could do this job - I think the old entrapment tactic of actually catching someone doing it then giving them the option to work for them for peanuts or going to jail for 30years (without their playstation) would be the best approach.
Its simply laughable
Computer Crime, What Crime?
If you can't report it, it's not happening, therefore they don't have to work out how to solve it.
It won't happen...
... now that the ACPO (Association of Chief Police Officers - England & Wales) lead on Economic Crime (includes hi-tech crime), Commander Sue Wilkinson, has been lured away to work in Australia on secondment for two years.
Assistant Commissioner Steve House, who was Sue's line manager, is an interim replacement until her successor is identified in early 2008. But the momentum for a Police Central eCrime Unit (PCeU) has been lost, setting this initiative back indefinitely.
Stop the bandwaggon, I want to get on !!
How on earth does the cavalier approach of HMRC to personal information have anything to do with the need for a centralised unit dealing with computer related crime?
And please let's avoid the pointless neologism "cybercrime". There's unauthorised access, and there's fraud. The term "cybercrime" has the same purpose as the term "Intellectual Property", it's an artificial umbrella to lump together disparate concepts in order to advance the position of the person using the term.