A Treaty for Cyberspace

On June 28, 2009, In legal, By eugenekogan

Here’s a quick summary:

The United States and Russia are locked in a fundamental dispute over how to counter the growing threat of cyberwar attacks… Both nations agree that cyberspace is an emerging battleground.

Russia favors an international treaty along the lines of those negotiated for chemical weapons… The United States argues that a treaty is unnecessary.

Basically, it sounds to me like both countries want to continue cyber attacks against each other. The difference is that Russia wants to have a treaty in place so that it can continue to deny what it does, whereas the US would rather not bother with such a thin veil of cooperation.

Cyber attacks aren’t like chemical warfare. First of all, it’s nearly impossible to identify who is attacking you over the Internet. And even if you do have a clue as to which country a hacker is coming from, how will you be ever be able to openly prove that he is working for that country’s government? This quote from the WSJ says it well:

In the digital world, as the cyber threat shows, physical distinctions such as political borders are unhelpful and can be dangerously confusing.

I think we have more important things to deal with regarding cyber security than pointless treaties. It’s time for new solutions to this new and different problem.

NY Times: U.S. and Russia Differ on a Treaty for Cyberspace

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Alleged Hacking Effort Thwarted

On June 13, 2009, In legal, news, By eugenekogan

U.S. and Italian authorities said Friday they arrested a group of hackers and conspirators who allegedly stole from phone companies around the world. The illegal profits funded terrorist activities, Italian officials alleged.

A federal grand jury in New Jersey indicted three people Friday, including one man who has been linked to al Qaeda. The three suspects, who live in the Philippines, are accused of providing Pakistani nationals in Italy with access to stolen phone lines.

via Alleged Hacking-Terror Effort Thwarted – WSJ.com.

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Will honest people turn to cyber crime?

On December 21, 2008, In hacking, legal, By eugenekogan

There has been a lot of hype in the news recently about unemployed IT workers turning to cybercrime to make ends meet. Some forecasts 1 claim that the guys running your mail server might “use their skills to steal credit card data using phishing attacks.” Of course, there are no hard facts to back up this claim. I find it hard to believe that an otherwise honest person would turn to something as extreme as stealing credit card numbers to help pay his bills. The truth is that there has been the opportunity for making large sums of money through cyber crime for years. If someone with the necessary skills and lack of morals was going to go into the phishing business, they would have probably already done so.

cyber_crime_chart

npr.org

Perhaps the economic downturn does help cyber criminals become more successful, simply because there are more desperate people out there to be scammed. Suddenly, a chance to “win $50 from Bank of America” might be just too tempting to resist. After all, “it’s a ripe economy to take advantage of people,” 2 according to a McAfee cybercrime strategist. (Nice job title.)

On the other hand, I’ve also seen claims 3 that corporations are performing more internal investigations into employee fraud and misuse of resources. I believe this type of criminal behavior is much more likely to rise, since people generally feel less guilty about taking advantage of their employers, as opposed to outright stealing from a stranger. It’s a bit like how taking home a box of pens from work might not be a big deal, whereas doing the same from a Staples store is much more obviously theft.

There is also one more reason why laid off or unemployed computer geeks might turn to criminal means: it’s the only job they can get. It’s obviously a tough job market, even considering that IT jobs are better off than most other fields. If you’ve got hacking skills and need to make some money, I suppose it’s possible that you might be tempted to work for a criminal organization. Once again, I don’t believe that usually-honest people will start joining the mob out of desperation; we’re just not that bad off yet. But I did come across at least one example 4 of an unethical corporation hiring hackers to help them exceed the limits on rain forest logging. It’s hard to know if this is an unusual case, or if it’s becoming more rampant.

The bottom line is that companies (and government agencies) need to be even more vigilant against the insider threat. It’s always been there, and it always will. The best we can do is try to mitigate it. Personally, I’m not too worried about IT workers turning to cybercrime – the crooked ones are already there.

  1. Jobless techies turning to crime
  2. Fighting cybercrime in an economic downturn
  3. Insiders Pose New Threats In Down Economy
  4. How do you illegally log a rain forest? With hackers
  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Random search actually finds something

On April 6, 2008, In legal, By eugenekogan

Apparently, a random airport customs search actually found something useful. According to Random Search Stops $600 Million In Trade Secrets Bound For China:

Jin was traveling on a one-way ticket to Beijing at the time. She declared that she had $10,000 in U.S. currency in her carry-on luggage. Customs and Border Protection officers found about $30,000 in cash.

They found several technical documents labeled “[Company A] Confidential Property,” Chinese documents, a European company’s product catalog of military technology written in English, a personal laptop computer, a thumb drive, four external hard drives, 29 recordable compact discs, and one videotape.

A search of the thumb drive and hard drives, conducted with Jin’s consent, revealed numerous documents marked “[Company A] Confidential Property.”

I’d say flying on a one-way ticket to China and carrying that much media, including four external hard drives, is an obvious red flag. Of course, they need to realize that not everyone traveling with a laptop is a Chinese spy. I just hope this doesn’t lead to more invasive airport searches, but rather more appropriately focused ones.

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response

Leave your laptop at home

On February 13, 2008, In encryption, legal, security, By eugenekogan

Most people don’t realize how limited their rights are when they are crossing the U.S. border. This is especially true when it comes to portable electronics, such as your laptop. Of course border guards can search your luggage to look for contraband, such as drugs, illegal food items, or even animals. But did you know that they can also search within your personal laptop? They don’t need just cause or any suspicion of illegal activity. It doesn’t matter if it’s your personal laptop, or one owned by your company. Not only can they ask you to turn it on, but they can also request that you login and allow them to examine the contents of your system.

My advice: leave the laptop at home, unless you absolutely need it on your trip. At the very least, don’t bring any sensitive data with you, especially in an obvious and unencrypted state. Ideally, if you travel often, you may want to have a basic laptop without any real data just for this purpose.

Let’s just hope these laws never apply to crossing state borders, as well…

  • email
  • Digg
  • Facebook
  • LinkedIn
  • Google Bookmarks
  • StumbleUpon
 
0 Comments
Leave A Response
« Previous Entries
Go To Top »