Feeds

European conference sets agenda for cybercrime fight

Talking shop calls for tougher domain registration checks

SANS - Survey on application security programs

The Council of Europe has called for a worldwide implementation of its Convention on Cybercrime to fight the growing problem of economic crime on the web.

During the fifth annual CoE conference on cybrecrime in Strasburg this week, participants spoke in favour of greater international cooperation in sharing existing tools, instruments, best practices and initiatives. The conference also heard calls for improved co-operation between law enforcement and industry (ISPs, IT firm and national CETS).

Delegates also backed requests for ICANN to tighten up domain name registration processes to make life more difficult for spammers and other riff-raff. It was suggested that police ought to able to use the WHOIS database to fight cybercrime, while protecting the privacy of individual registrants - arguably a competing goal.

Russia and China both recently tightened up their domain registration process, requiring photo ID before authorities allocate new domains, for example. The measures have been welcomed by security watchers, even though rumours suggests ID-forging services designed to circumvent the new checks have already emerged in the digital underground.

The conference also considered the security and privacy implications of greater use of cloud-based technology, making a number of recommendations.

In order to meet the law enforcement and privacy challenges related to cloud computing existing instruments on international cooperation – such as the Data Protection Convention (CETS 108) and the Budapest Convention – need to be applied more widely and efficiently.

Additional international standards on law enforcement access to data stored in the “clouds” may need to be considered.

Globally trusted privacy and data protection standards and policies addressing those issues need to be put in place and the Council of Europe is encouraged to continue addressing these issues in its standard- setting activities as well as by the Global Project on Cybercrime.

Eurocrats called for an upcoming UN convention on cybercrime in Salvador, Brazil to adopt Europe's approach as a globally-applied action plan for fighting cybercrime, electronic espionage and related threats.

Council of Europe Deputy Secretary General Maud de Boer-Buquicchio told delegates: “The UN Crime Congress in April 2010 will be an opportunity to reinforce our global response to the global threat of cybercrime and cyberterrorism.

"I think we will have the best chance to succeed if we unite around one international instrument which already exists – namely the Council of Europe Cybercrime Convention.”

A total of 29 countries, mostly European but also including the USA, have ratified the Budapest Convention since its adoption in 2001. Portugal and Montenegro announced the ratification of the Convention at the conference this week while Argentina made a request for adopt the treaty.

Nineteen countries have signed but not ratified the Treaty, including the UK and Spain. The convention provides guideline for any country developing comprehensive national legislation against cybercrime as well as framework for international cooperation.

Around 300 cybercrime experts from some 60 countries took part in the CoE cybercrime conference this week. Topics on the agenda included mapping networks and combating online child pornography, as well as training for judges and prosecutors. Human rights and privacy have already been pencilled into the agenda of next year's conference.

A summary of the main conclusions of the conference and background information on the Council of Europe's cybercrime busting efforts can be found here. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.