November 14 saw an event held at the prestigious Chatham Hose which aimed to discuss the trends, threats of cybercrimes and the ways to combat them.
Entitled 'Cyber Crime: Prevention, Protection and Punishment' the on-the-record discussion was chaired by editor at large of Wired Magazine Ben Hammersley. The panel consisted of Janet Williams, Head of Intelligence and Covert Policing for Metropolitan Police, Visiting Professor, Professor Peter Sommer, Information Systems Integrity Group, Department of Management, London School of Economics and Dr Richard Horne, Director of Electronic Protection for Barclays.
The event was aiming to tackle the problems of cybercrime and discuss the key factors in preventing it, from the casual home internet user to the biggest corporation. Using the analogy of a policeman who will warn you of dangerous streets when you move into a new home, Janet Williams suggested that every police officer should have training to help people deal with the basics online.
Peter Sommer discussed that while cybercrime is thought of as a relatively new concept, it has in fact been around for a lot longer than many people think. Computer worms such as the Robert Tappan Morris 'Morris Worm' or the Worms Against Nuclear Killers - perhaps more commonly known as the WANK worm, thought to be the first major worm to have a political message - were around in the late 80s.
He mentioned how cybercrimes have actually existed as far back as 1970, when they were simply known as "computer crimes."
He gave the example of teenager Jerry Neal Schneider, who stole nearly $1 million of equipment from Pacific Telephone and Telegraph after stealing personal information via the telephone and 'dumpster diving' (raiding through skips) to retrieve printouts from the company.
In 1978, Stanley Mark Rifkim conducted at the time what was the biggest bank robbery in U.S. history when he stole $10.2 million from the Security Pacific Bank through wire transfer via telephone. There was even a film starring one of the teen stars of the 80s, Matthew Broderick, called 'War Games' which truly emphasize just how long cybercrimes have actually been a problem for.
Sommer said how that "80 per cent of protection is simple hygiene", translated as using readily available anti-virus software will protect you in much the same way washing your hands will protect you from most diseases. This statement was dismissed by Janet Williams, Head of Intelligence and Covert Policing for Met Police, who went on to suggest more needs to be done.
One simple strategy Williams brought up is the idea of a start-up video on computers to which will also guide people step-by-step while they are using a computer to warn them against the threat and dangers of cyber-attacks.
Questions were also raised about the language used when discussing cybercrime; is it too daunting or too broad a subject to make most people understand its impact? And what about the future? Are we putting ourselves at greater risk to more sophisticated attacks by constantly innovating our technology?
The key point Sommer made was that the reason cybercrimes are seen as more of a problem now is simply because more people have access to the internet and therefore more people are at risk. Right now, there are 2.1 billion worldwide who have regular access to the internet, with each one susceptible to an attack or information breach in a different way (later discussed by Dr Richard Home).
Sommer ended his discussion with an idea to help prevent and protect people from cyber-attacks - by slowing down innovation.
The rise of smartphones and touch screen computers now mean people are able to do more online whenever they want. Are we moving so fast with technology that we cannot possibly keep on top of the wave of cybercrimes that are frequently occurring? If we are happy to let people get their hands on the latest technology and download the latest apps to their phones at every opportunity, surely more must be done to give people the basic knowledge of how they can be attacked and prevent them at any opportunity.
Williams described the Police Central e-crime unit as a "very lonely place" when it began three years ago but now has since grown to be a much more co-ordinated organisation. The success of the PCeU can currently be measured at the rate of "1:35", meaning for every one pound they spend, they are able to save £35.
Speaking last month, Williams noted the success of the PCeU, saying: "In the initial six month period the PCeU, together with its partners in industry and international law enforcement, has excelled in its efforts to meet this substantial commitment and have delivered in excess of £140m of financial harm reduction to the UK economy."
She listed the various ways in which people are committing cybercrimes to con people out of money: False websites, selling fake pharmaceuticals, malicious software and stealing personal details - all of which prey on the fact the general public is still unaware of the dangers of cybercrimes and how it can affect them.
So what are the main issues when trying to protect people against these crimes? Williams suggests that firstly, people are just too "bamboozled" by the language to truly grasp the impact. More needs to be done to focus on the impact of these crimes to people's lives, which can only be done if people understand the significance of their actions in the online model. Williams suggests focusing on the impact and not details.
Dr Richard Horne is a Director of Electronic Protection for Barclays. Working for a corporate company - a bank at that - Horne understands the various forms of cyber-attacks that exist. He broke them down into three categories: Attacks on you, attacks on others as they interact with you, and attacks on availability of services. Each one of these poses a different threat to different variations of internet users.
'Attacks on you' is as straight as it sounds and is one of the key areas that needs addressing, either by giving people more information or by improving the language when discussing cybercrimes (more on that to follow).
The reasons this is an added issue is that it leads to the second form of attack described by Dr Horne - attacks on others as they interact with you. This is especially a problem for corporations, it shows no matter how much you spend on security or how much you aim to prevent cyber hacks at your corporation, if the attack occurs on the "weakest link on the chain" - home owners who cannot afford expensive security or are unaware they are being attacked - your corporation is still at risk.
Along with the third type of attack - 'attack on availability of services', which translates as an attack which disables your business - corporations need to work hard to prevent attacks form affecting them. But as Horne pointed out, "you cannot prevent everything." The best option for a business of any size is to be able to detect events from happening and work out a strategy to be able to recover without too much damage.
What makes protecting your business more of a challenge from these threats is that in many cases you aren't fighting an organisation, rather just a collection of individuals working together.
So what are the other issues that surround cybercrimes and how do you get people to be more aware of them? For a start, the term 'cybercrime' appears to be too broad a subject. Crimes which come under this umbrella could include Lulzsec attacks, setting up a fake website, email viruses - crimes featuring "everything that runs on a battery" said Hammersley. It is understandable why people are so confused. But Peter Sommer says the best way around this is to "worry about the cyber environment, not what cybercrime is."
Another problem is that if a big business is attacked, they may not want it to be public knowledge reinforcing the issue: there is not enough general knowledge about cybercrimes to fully prevent it. Horne mentioned the time that Sony had to apologise to congress after their systems were breached and what a major embarrassment that was for the company and a huge blow in terms of public relations. Sommer did reveal that because of the Public Disclosure Act, around 45 per cent of people and businesses do report an attempted hack.
So what about the future of cybercrimes? Where is it heading and what needs to be done to prevent it? iPhone and iPad apps have opened up a whole new area that can
be exploited, as seen by the recent InstaStock incident, a rogue app developed by Charlie Miller which highlighted the security flaws in Apple's iOS mobile operating system. The potential losses and damages caused by these new areas of cybercrime are currently incomprehensible. As the sophistication of attacker tools increases, the knowledge of these attacks decreases.
Horne reiterated his point about the only way to cope with future attacks is to deal with each situation as they arrive as it is impossible to prevent everything. The idea that by slowing down innovation is the best deal with the possible onslaught of new attacks was again dismissed by Janet Williams, saying that not only is it impractical but it is not the best solution.
As Williams suggests: "I don't see innovation slowing down, so we need to get better."