By Will Sturgeon, 1 June 2007 13:00
NEWS
When it comes to fighting cyber crime, it helps to understand why attacks happen and what motivates the criminals. How much insight do you have into the criminal world?
We have some visibility into these communities, particularly when we are working with governments to help them, which we do. If we have information, for example, on a DDoS attack happening and we can see it we will share that.
And what trends are you seeing?
A lot of threats do come from very definite sources and as I have said we are seeing a lot of activity in emerging markets in particular.
But if you are a talented individual born on the West Coast of the US, what kind of career opportunities do you have? How about if you are an equally talented individual but you're born in the slums of Sao Paulo or in Siberia? What's the difference in professional and educational opportunities?
And yet what's the common factor? Access to the internet.
So the picture you're painting is of cyber crime growing for the same reasons many other crimes do - as a result of socio-economic factors. Do you think governments and law enforcement have failed to realise this and failed to make the connection that cyber crime is like all other crime and something which needs to be targeted with some urgency?
Governments need to very proactively ensure ISPs are offering protection to users, that is the first thing governments must do. One of the best ways to solve these issues is through the ISPs.
Governments should also take a very active and strong role. When things actually take place the proper actions need to be taken to take people to court.
So what measures need to be brought in and what should the penalties be?
I'm the wrong person to answer that question but I think all governments need to talk to one another about how they address this problem. And all governments need to look at this with the same weighting.
Given this is a global problem, do you think we could ever see success going to the Chinese government and telling them Western businesses are annoyed at the amount of malicious code coming out of China, or going to the Nigerian government and complaining about scam emails? These aren't issues which will resonate as much as their own local issues.
It is right to say that different governments are definitely at different stages. A global initiative should be looked into but who will take the lead... that is a difficult issue. At the EU level there are some very good developments.
You've recommended that Icann, the internet domain name body, introduce a new dot-bank top level domain and make it prohibitively expensive so only legitimate businesses would register it, as a means of tackling phishing. This sparked some criticism because of workarounds criminals would use such as domain spoofing and DNS hacks. Do you still think dot-bank domains are a good idea?
We've done the right thing. We've started the discussion and we've raised the level of the discussion and by speaking to financial institutions we've learned this initiative is one measure which could help.
But you accept it's far from perfect?
It's not the silver bullet. It's not the one thing. But there are practical things which would help immediately. If it cost, for example, $50,000 to register a dot-bank domain name, that would already make it more challenging. While this doesn't stop the problem on its own, and while people could still replicate that URL, a further level of education is still required.
Is it worrying that to date the industry has had more discussions about having a dot-sex domain name and a dot-xxx domain name than it has about introducing something such as dot-bank?
Yes, it's very worrying. This is why we've brought up this issue. We've now had good discussions with leading financial institutions and this has raised the discussion. Discussions continue with Icann also.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below