Friday 23 November 2007

Cybercrime is not limited to PC

An obvious statement but often forgotten: as computers invade our daily life (Fridges, washing machines, photocopiers...), we should be a bit more careful.. See the iPhone, only one week old at the time of this post.
"Exploit turns iPhone into a spy tool" http://news.zdnet.co.uk/security/0,1000000189,39290994,00.htm

or for hacking obviously: http://news.zdnet.co.uk/security/0,1000000189,39291479,00.htm (13 December 2007)

and obviously on wireless in general (19 novembre 2007) http://resources.zdnet.co.uk/articles/comment/0,1000002985,39290910,00.htm

Cybercrime and police investigation

An often left on the side issue is the difficulties police forces encountered when investigating crime committed with the use of internet:
for an example, encryption being a nuisance (although it is supposed to create security to prevent cybercrime, rather than to be a hindrance to investigation of...) "Skype encryption baffles German police" (23 november 2007)
http://news.zdnet.co.uk/communications/0,1000000085,39291017,00.htm

Wednesday 21 November 2007

Just for fun: reinventing sentencing one day?

The following article brought a smile: will the criminal system ever introduce a bootcamp for hackers? Never know but look at the following: "Korea's Internet Addiction Bootcamps Mistargeted" http://www.techdirt.com/articles/20071119/003003.shtml 20 November 2007

and what about sex offenders and the use of internet? " Is Banning Internet Usage For Sex Offenders Reasonable Or Practical?" 28 December 2007 http://www.techdirt.com/articles/20071227/152807.shtml

Cybercrime, copyrights law, and the post-scarcity economy

Copyrights is not always associated with crime but given the fuss about piracy by big companies controlling digital copies, it is worth looking at the issue a bit more closely.

First this article on Techdirt which highlights the craziness of copyrights law (whether with civil or criminal sanctions) http://www.techdirt.com/articles/20071119/015956.shtml "The Infringement Age: How Much Do You Infringe On A Daily Basis?". The article, drawing on the results of an other article, asks the pertinent question of the legitimacy of copyrights laws as they stand. If we infringe so much, often without fully realising we do, is there not something amiss?
Which leads me to the concept of post-scarcity economy which the founder of Techdirt, Mike Masnick, is fully aware of as he followed the course of the professor who launched the idea. See http://www.guardian.co.uk/technology/2007/nov/01/blogging.interviews We live in a world where crime against property used to be defined against the idea of scarcity: what was scarce was valuable, the seriousness of the crime increasing with the value and the social perception of the criminal behaviour. The problem, notably for piracy, is that there is no scarcity and thus the perception that crime exists has disappeared. Do we need to readjust our concept of crime? How? I believe it is the challenge for the next 5 years of criminal lawyers.

An other line of thought is the possible explanations for the success of Silicon Valley: the noncompete model that never existed there seems to have largely contributed to the explosion of new ideas and IT impact on everyday life. In other words, information is valued for its ability to be shared and freely available, not for its confidentiality. Is that the clue of the problem?
see Techdirt on Wed. 5th December 2007 http://www.techdirt.com/articles/20071204/005038.shtml

obviously this is without wondering about the procedural aspect of some lawsuits, many civil, but why not one day criminal? "FSF Sets Up Fund To Pay For Experts Who Can Show How Flimsy RIAA Evidence Is" http://www.techdirt.com/articles/20071119/175102.shtml

In comparison, counterfeiting creates less challenges " Dawn raids net three web-counterfeit suspects" http://news.zdnet.co.uk/internet/0,1000000097,39291018,00.htm (23 November 2007)

Monday 19 November 2007

How to use fear to steal information...

Not the first report on the practice, but the latest: how to use the fear of spyware to phish for credit card details... Very effective, thanks to people's credulity...

http://news.zdnet.co.uk/security/0,1000000189,39290658,00.htm

Cybercrime and legal response: an impossible task?

nothing new really, but it is interesting to see that the argument comes back regularly, often coinciding with a warning about the increase in cybercrimes. Can Government control the web? Here, Dr. Vinc Cerf reaffrims it can't because of the very nature of the web; but what about China? it builts a great electronic wall around its borders to such an extend that the state controls most communication (see the book of Goldsmith on Who controls the internet?) So to which extends Cerf's assertion is correct, one may wonder...

http://news.zdnet.co.uk/internet/0,1000000097,39290831,00.htm

old crimes, new bottles...

To borrow the famous expression from David Wall, here is another example of how crime can be resilient and take new shapes with a new name: wi-fi piggybacking or the unauthorised use of electronic communications, just to get free access (but what if it goes further by the way?)
http://news.zdnet.co.uk/communications/0,1000000085,39290850,00.htm
with an update on December 14th 2007 http://www.techdirt.com/articles/20071214/150940.shtml

And the emergence of botnets, showing how one cannot help using new technology for our old crime of fraud...
http://news.zdnet.co.uk/security/0,1000000189,39290694,00.htm
and http://news.zdnet.co.uk/security/0,1000000189,39291184,00.htm (30 November 2007)
and Stephen Fry's article (yes, humour does not prevent knowledge of technology!!) http://www.guardian.co.uk/technology/2007/nov/17/stephenfry.security

More dramatic is the case of this girl in the US who committed suicide after what might be considered as harassment from a fake character in Facebook. The case is exploding all our concept of victim and perpetrator... http://www.techdirt.com/articles/20071210/005356.shtml (10 December 2007)

Russia and China: shamed as worst offenders

Should not come as a surprise that China and Russia represent major threats for the online world; the amount of money at stake, and also the political stance, makes it to attractive to avoid spying, hacking, 'zombying' and the like. The only difference between the two countries: Chinese cybercrime remains state-orientated and controlled; Russian cybercrime seemed more privately "owned" although the complacency of the Russia state can be argued to amount to complicity...
But is the West really that big fat cow that needs to be milked? (see the article on the guardian about the RBN) Maybe, but cybercrime here is not about redistributing wealth to the masses, rather redistributing it to a very small number of people using crime to increase their own personal profits. In this respect, I strongly opposed the Guardian's line stating that the "RBN was founded and is run by techies, not career criminals." A career in crime is no longer about being a thief in the physical world: actually, it brings more money to go online than to stay offline...

On Russia
http://www.guardian.co.uk/technology/2007/nov/15/news.crime
and http://news.zdnet.co.uk/security/0,1000000189,39290683,00.htm

On China
http://news.zdnet.co.uk/security/0,1000000189,39290843,00.htm

and more generally, although... http://news.zdnet.co.uk/security/0,1000000189,39291200,00.htm (3rd December 2007)
"Cracking open the cybercrime economy (14 December 2007) http://resources.zdnet.co.uk/articles/features/0,1000002000,39291463,00.htm

Cybercrime and social networking: at last an awakening?

Richard Thomas, the information commissioner, spoke before the House of Lords Constitution Committee, raising concerns about the consequences of data-sharing, whether on social networks like Facebook, or with other data-sharing practices between public and private sectors.

It's time people wake up to the serious fraud issues those practices raise. Identity information should be confidential, from date of birth (=age) to mother's maiden name and so...
see the UK practice to let the information of the civil registry available to all. The justification in 1860s when created on the grounds of creating statistics is no longer adapted to the reality of the 21st century. ANybody can obtain one's mother maiden, the very word considered by banks as the most secure password! At least the practice in France and in most continental European countries enforces security as the information on the civil registry can only be accessed by the individual concerned or his immediate family, but never by banks, employer, lending firms...

see for the electoral register also available to anybody lending no more than 10p and the controversial claim the founder of 192.com makes about availability of data: big bother is not anymore the state but your neighbour! http://www.guardian.co.uk/technology/2007/nov/08/freeourdata.news


"New front in the battle against identity theft"
By Robert Verkaik, Law Editor
Published: 23 November 2007
http://news.independent.co.uk/sci_tech/article3187110.ece


And a new point against social networking: "Facebook enabling tailored email attacks" 21 november 2007
http://news.zdnet.co.uk/security/0,1000000189,39290972,00.htm

Thursday 8 November 2007

Fraud: the help of non legal tools

The article below is interesting for what it reveals about fraud: is there any lesson to be learnt by law enforcement agencies in detecting and investigating fraud? And how can the software be accurate in its detection without infringing HR?

http://news.zdnet.co.uk/security/0,1000000189,39290606,00.htm

and a similar line a few weeks later, with Google's experiment: http://news.zdnet.co.uk/security/0,1000000189,39291258,00.htm (4th December 2007)

and the usual recommendation about security behaviour: http://news.zdnet.co.uk/internet/0,1000000097,39291241,00.htm (3rd December 2007)

Social networking and crime

Always wondered when people will start to realise how dangerous those websites are for crime purposes. The beginning of an anwer seems to arrive; lets hope it will not just stay a wish...

http://www.euractiv.com/en/infosociety/eu-web-security-watchdog-sets-sights-myspace/article-168035

Wednesday 7 November 2007

ISPs, when will we think about them in a different way?

The US Congress condemns Yahoo!, but this should not come as a surprise.What is amazing is that nobody rethinks the role of the ISPs in this particular situation.
Yahoo! claims: "The fundamental point remains unchanged: we did not know the case related to a journalist ... We did not know this was a political case." But this is not the point: China will never tell them that it is political! Nobody in an extradition case will ever tell the other country they want the extradition because the person is a political opponent: they know that doing so leads to refusal of extradition. So why is Yahoo! not thinking further ahead? and why lawyers in the Western world are not changing their perception of what Yahoo! is: Yahoo! is not a company anymore, it is a law enforcement agent! the same rules should thus apply to Yahoo!

http://news.zdnet.co.uk/internet/0,1000000097,39290605,00.htm

and for another case of helping law enforcement officers, this time by ... YouTube! http://www.techdirt.com/articles/20071129/105357.shtml (29 November 2007)

The ambiguity is probably at its peak when one sees that Yahoo! settles some cases. The ironic argument is that it probably costs Yahoo! pitance to negotiate the end of the court cases in comparison with the damaging effect of a court case in the public opinion. So people, be warned!
http://news.zdnet.co.uk/internet/0,1000000097,39290784,00.htm

At least, ISPs should wait for legal orders (although is legal compliance with HR, that is an other question) http://www.techdirt.com/articles/20071127/025958.shtml (November 2007)
or should be recognised as such as the French government bill suggests (26 Novembre 2007) http://news.zdnet.co.uk/internet/0,1000000097,39291067,00.htm "France cracks down on illegal file-sharing" and the enlighting TechDirt article http://www.techdirt.com/articles/20071126/021329.shtml (26 November 2007)

Tuesday 6 November 2007

Terrorism, more comments

Statewatch, specialised in HR and civil liberties, is not particularly happy about the EU proposal. It is true that if the nature of the internet justifies any infringement to HR, then why not extending the policy outside terrorism, like for fraud where the costs are actually greater than terrorism's?

http://www.statewatch.org/news/2007/nov/03eu-com-terror-plans.htm

Monday 5 November 2007

Terrorism without terrorism

Vice President Franco Frattini, the EU commissioner in charge of freedom, security and justice, suggested to modify legislation on terrorism, so as not to require a terrorist action to be committed. Nothing really new, but a way of reaffirming the importance of combating terrorism at its roots. Internet is viewed as a particular threat.
Yet how does one prove the intent if there is no active step taken towards committing a terrorist action?


http://www.euractiv.com/en/infosociety/internet-targeted-new-eu-anti-terror-rules/article-168085

Privacy, identity theft and social networking on the web...

Social networking is trendy and it is true that if the number of users were a country, it would not be of the size of Switzerland but rather the UK or Japan.
thus it is amazing what people can reveal of their personal life without thinking of the dangers of doing so. Dangers of hacking (but is the offence of hacking sufficient to tackle the issue?) which can lead to modifying contents (but what is there is no gain, thus a harmless joke?), dangers also of investigations as anybody, including police, has access to Facebook for example and can use the data...
When people are going to wake up??


http://news.zdnet.co.uk/security/0,1000000189,39290556,00.htm

Why spam is a crime or should be one...

Spam is a regular occurence on IT newspapers or columns. But this case illustrates particularly well why spam should be a crime, independently of its outcome (whether it incites to defraud others)...

http://news.zdnet.co.uk/security/0,1000000189,39290558,00.htm

Friday 2 November 2007

When the Lords wish more security... and the government does not see the urgency

Not all about criminal law, but of relevance to the issue of identify theft and fraud.

http://news.zdnet.co.uk/security/0,1000000189,39290465,00.htm


Fraud: the view of a former fraudster!

Self-explanatory but essential to grasp the shift technologies brought to criminal law. I can add that a scan of a real cheque is sufficient to create a new one, or the scan of a reference letter (and not to give you any ideas here, hopefully).

http://www.zdnet.co.uk/misc/print/0,1000000169,39290470-39001093c,00.htm

Cybercrime and beyond

I viewed this video during a training session; it applies perfectly to the course, but goes also beyond. Law today is about thinking the unthinkable. Hope this course will give the tools to do so!

http://youtube.com/watch?v=pMcfrLYDm2U

Cybercrime: non-legal answers

The article below is self-explanatory, but revealing about the first method to fight cybercrime.

http://news.zdnet.co.uk/security/0,1000000189,39290504,00.htm

similarly, see the comments of Nicholas Miller, Airpatrol on ZDnet UK (19 november 2007)
http://resources.zdnet.co.uk/articles/comment/0,1000002985,39290910,00.htm

and as reported by Marcus Browne for ZDNet Australia on 21 november 2007, http://news.zdnet.co.uk/security/0,1000000189,39290987,00.htm






Thursday 1 November 2007

ISPs again: why responsible?

The following article from David Meyer is quite revealing about the role ISPs are now asked to perform: to be law-enforcement agents, but without the name, the rights and the duties. The objective is repression, laudable if human rights are not put aside. But is it always the case?
The other aspect of this call for ISPs co-operation is the emphasis put on IP materials, worth as much as child protection?

http://news.zdnet.co.uk/communications/0,1000000085,39290371,00.htm

Spam, waste of money or money maker?

Regular posting about spam fill my mail box, always to complain about the waste of time and money it creates. But nobody complains about the junk mail they receive in their postal mailbox, although sometimes it amounts to the only mail received in a week. Why then electronic junk mail like spam gets the headline cover so often? The article is just starting to give an answer...
http://news.zdnet.co.uk/security/0,1000000189,39290391,00.htm