backtop


Print 4 comment(s) - last by Mike Acker.. on Aug 18 at 8:51 AM


Infographic explaining cyber crime and security  (Source: Rasmussen College)
Governments and police authorities are scrambling to try and catch up to global demand of stolen information from cyber criminals

Growing up in the United States, children are continually warned about potential “real-world” crime that plagues only a small number of the population each year. However, more people are now becoming victims of cyber crimes, and there is very little being done to help protect Internet users – and companies routinely targeted.

Increasingly, the looming threat of cyber crime is hitting us at a rapid pace –researchers estimate organized crime groups collected more than $388 billion from identity theft and other crimes in 2011. Amazingly, cyber crimes are quickly approaching the $411 billion industry involving the trafficking and selling of illegal narcotics, according to Rasmussen College researchers.

Criminals are developing their cyber crime skills that include phishing, internet scams, identity theft, and other sophisticated attempts to steal personal information.

For internet users looking to protect themselves, researchers have a few basic tips: not using a single password for all online accounts, avoid clicking unsafe links, connecting to secure Wi-Fi accounts, keep security software updated, and be careful about what you’re posting on the Internet.

That’s all fine and dandy for casual Internet users, but what if the problem is a structural issue from corporations and the government?

The U.S. government is now making its own cyber security a more pressing matter, though very few people seem to know what to do.

Senators Jay Rockefeller (D-W. Va) and Joseph Lieberman (I-Conn.), the Senate Homeland Security Committee Chairman, believe the Pres. Obama administration should utilize an executive order for cyber security. Lieberman and Rockefeller haven’t had success with efforts in Washington because certain industries aren’t happy they’d be forced to adhere to stricter digital standards.

Obama is interested in seeking longer prison sentences for digital criminals, and Defense Secretary Leon Panetta has a cyber operation plan to standardize military cyber operations.

Even with all of this talk regarding U.S. vulnerabilities, the U.S. government has found success launching coordinated attacks. In addition to temporarily crippling Al Qaeda, the U.S. has used Stuxnet and Flame to target Iranian computer networks.

In the long term, government legislation will not help protect the US government – and its citizens – from cyber attacks, but elected officials trying to ignore the problem won’t do any good.

Source: Venture Beat



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

rooting cybercrime
By Mike Acker on 8/18/2012 8:51:55 AM , Rating: 2
we need to root out the deficiencies that enable cybercrime rather than "treating the symptoms" -- as noted by another writer on this blog.

study the methodology used by cyber-criminals:
1. impersonation: assuming a false identity. Proper deployment of public key encryption (PGP,GnuPG) on e/mails, transactions, and software transmittals is the place to start

2. injection: (un-authorized updates) -- SQL, iFrame, "Man in the Browser", root kits, ...

3. executable documents: most modern documents -- html, flash, spreadsheets, word, jpeg, pdf -- can conatin executable code -- java, vbs, byte code, C#, .net, php ...

as a result all modern documents must be handled as though they were .exe files

this means we have to take a step back and re-examine the construction of our operating software

the operating software must never run an un-known program in "real" mode -- such programs must be run in "user mode"

in "user mode" programs are not allowed to actually run: we only allow simulation: testing to see what the program wants to do

to accomplish this, in user mode a program is not allowed to execute any privileged instruction.

privileged instructions include input/output, and memory allocation or access. these operations must be requested by the application program and the operating system will check these for proper permissions ( remember authentications above ) before performing such requests for the application

now we need to examine the security features of the x86/x64 chips to see how this could be done -- and whether it is actually being sufficiently implemented

the x86/x64 chips provide 4 privilege levels -- "ring0,1,2,3 as well as both memory protection and virtual memory

are these all being used properly?

read all the hacker reports

also
http://www.theregister.co.uk/2004/10/22/security_r...

also Root Kit arsenal
http://www.amazon.com/Rootkit-Arsenal-Escape-Evasi...

then think about switching to Linux. I'm building my 2d "nix" box now. there's a lot of good software; maybe not every favorite from the earlier system but anyone interested in security is going to want to take a look. grab an older PC and put Ubuntu in; check it out.




"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki