Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on March 11, 2007 2:38 PM.

The previous post in this blog was Botnet sales pitch using DNS attack?.

The next post in this blog is Italians fall vicitim to criminals.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Botnet sales pitch using DNS attack? | Main | Italians fall vicitim to criminals »

Yikes!

Last week Dark Side's Site Editor, Tim Wilson, wrote a blog "Firewalled - One Bite Is Not Enough" that made me very depressed. Attending last week's Visa Security Summit, he describes the current law enforcement attempts to catch the bad guys. What he wrote, while I know all this, depresses me to read.

Here are some article quotes that should make you depressed too:

"..that U.S. law enforcement agencies seldom attack computer crime in any sort of coordinated, nationwide fashion. Almost everything is still being done regionally."

"Internationally, the problem appears to be even worse. During the presentation, a discussion of the prosecution of international computer criminals quickly devolved into an explanation of jurisdictions and extradition treaties. One of the speakers essentially said that Interpol, the organization that's supposed to be coordinating cross-border crime investigations, is all talk and no action."

"All four of the speakers conceded that they investigate only a fraction of the cases that are reported, because only that fraction has a chance to result in arrest and conviction. If it's unlikely that the cops can find the criminal -- or if they anticipate having trouble prosecuting the case -- they simply don't even look into it. "We just don't have the resources," two of the speakers said."

"So the average Russian spammer today is sitting pretty. Even if U.S. or U.K. officials could find him, which is no easy task, they probably wouldn't have the resources to pursue an arrest. And even if they did find him and arrest him, they might not be able to extradite him -- or they might not be able to build a case that resulted in a prosecution in another country's courtroom."

"When we polled black hats about their attitudes last month, fewer than 3 percent of respondents said they worry about getting caught and ending up in jail. Four percent said they worry they might get caught, but they doubt they could be convicted. Five percent said they know getting caught is a possibility, but they don't worry about it."

"...it appears that today's computer cops are more bark than bite."

Bottom line: Don't expect law enforcement officials to protect your enterprise. Absolutely make sure you have a layered identity authentication defense in place.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on March 11, 2007 2:38 PM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/144

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)