backtop


Print 4 comment(s) - last by Mike Acker.. on Aug 18 at 8:51 AM


Infographic explaining cyber crime and security  (Source: Rasmussen College)
Governments and police authorities are scrambling to try and catch up to global demand of stolen information from cyber criminals

Growing up in the United States, children are continually warned about potential “real-world” crime that plagues only a small number of the population each year. However, more people are now becoming victims of cyber crimes, and there is very little being done to help protect Internet users – and companies routinely targeted.

Increasingly, the looming threat of cyber crime is hitting us at a rapid pace –researchers estimate organized crime groups collected more than $388 billion from identity theft and other crimes in 2011. Amazingly, cyber crimes are quickly approaching the $411 billion industry involving the trafficking and selling of illegal narcotics, according to Rasmussen College researchers.

Criminals are developing their cyber crime skills that include phishing, internet scams, identity theft, and other sophisticated attempts to steal personal information.

For internet users looking to protect themselves, researchers have a few basic tips: not using a single password for all online accounts, avoid clicking unsafe links, connecting to secure Wi-Fi accounts, keep security software updated, and be careful about what you’re posting on the Internet.

That’s all fine and dandy for casual Internet users, but what if the problem is a structural issue from corporations and the government?

The U.S. government is now making its own cyber security a more pressing matter, though very few people seem to know what to do.

Senators Jay Rockefeller (D-W. Va) and Joseph Lieberman (I-Conn.), the Senate Homeland Security Committee Chairman, believe the Pres. Obama administration should utilize an executive order for cyber security. Lieberman and Rockefeller haven’t had success with efforts in Washington because certain industries aren’t happy they’d be forced to adhere to stricter digital standards.

Obama is interested in seeking longer prison sentences for digital criminals, and Defense Secretary Leon Panetta has a cyber operation plan to standardize military cyber operations.

Even with all of this talk regarding U.S. vulnerabilities, the U.S. government has found success launching coordinated attacks. In addition to temporarily crippling Al Qaeda, the U.S. has used Stuxnet and Flame to target Iranian computer networks.

In the long term, government legislation will not help protect the US government – and its citizens – from cyber attacks, but elected officials trying to ignore the problem won’t do any good.

Source: Venture Beat



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

response
By Mike Acker on 8/16/2012 9:48:44 AM , Rating: 4
it should be evident by now to most everyone that our most commonly used software is built to be exploited for market research, "data mining", and surveillance. cybercrime is just opportunistic misuse of that design.

consider alternatives. I'm now building my 2d Linux box.

think about "cloud computing". just another means of keeping track of what you're up to

tracking can range from innocuous to nuisance to malicious . theoretically tracking results in, at most, a little "targeted advertising". but this might not be all that could be the result. there are trolls out there looking to instigate various extortion schemes. and worse

it's time to put serious thought into the question: who -- besides me -- is using my computer, -- and for what ??




Business Exposure
By dsx724 on 8/14/2012 11:18:33 AM , Rating: 2
One of the largest problems your hear on the news as well as in my job is the exchange of information between companies. If one of the partners that you're doing business with doesn't have adequate security (usually the case if your business is small or their business is small), your consciousness doesn't translate into overall security of information.

The increase prison time is not going to make a difference because there too much money to be made. It's like treating the symptoms than to address the real issue of corporate responsibility.




By Targon on 8/18/2012 7:18:20 AM , Rating: 2
There are some fairly minor things that can be done to really help cut down on international cyber security. The first would be a way to filter based on national origin(IP address blocks and web content requirements that indicate what country the content is from, if the country and IP block do not match, the filter kicks in). Yes, there CAN be forgeries for the IP, but this sort of thing would help. I don't need ANY content from China, Russia, or anywhere in Africa or South America, so why not let me filter this crap out automatically? ISPs for the most part who are concerned about security must wonder if it would make sense to auto-filter IP addresses originating from China and other places where most spam and attacks originate. China has their own firewall to filter people there from content, so why are we allowing them to even connect on ports other than 80?




rooting cybercrime
By Mike Acker on 8/18/2012 8:51:55 AM , Rating: 2
we need to root out the deficiencies that enable cybercrime rather than "treating the symptoms" -- as noted by another writer on this blog.

study the methodology used by cyber-criminals:
1. impersonation: assuming a false identity. Proper deployment of public key encryption (PGP,GnuPG) on e/mails, transactions, and software transmittals is the place to start

2. injection: (un-authorized updates) -- SQL, iFrame, "Man in the Browser", root kits, ...

3. executable documents: most modern documents -- html, flash, spreadsheets, word, jpeg, pdf -- can conatin executable code -- java, vbs, byte code, C#, .net, php ...

as a result all modern documents must be handled as though they were .exe files

this means we have to take a step back and re-examine the construction of our operating software

the operating software must never run an un-known program in "real" mode -- such programs must be run in "user mode"

in "user mode" programs are not allowed to actually run: we only allow simulation: testing to see what the program wants to do

to accomplish this, in user mode a program is not allowed to execute any privileged instruction.

privileged instructions include input/output, and memory allocation or access. these operations must be requested by the application program and the operating system will check these for proper permissions ( remember authentications above ) before performing such requests for the application

now we need to examine the security features of the x86/x64 chips to see how this could be done -- and whether it is actually being sufficiently implemented

the x86/x64 chips provide 4 privilege levels -- "ring0,1,2,3 as well as both memory protection and virtual memory

are these all being used properly?

read all the hacker reports

also
http://www.theregister.co.uk/2004/10/22/security_r...

also Root Kit arsenal
http://www.amazon.com/Rootkit-Arsenal-Escape-Evasi...

then think about switching to Linux. I'm building my 2d "nix" box now. there's a lot of good software; maybe not every favorite from the earlier system but anyone interested in security is going to want to take a look. grab an older PC and put Ubuntu in; check it out.




"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki