Category: Defence

Posted on

Talking Tor and Silk Road on ABC Local Radio

ABC logoThis evening I had a lovely conversation on ABC Local Radio in Sydney and around NSW on the takedown of the Silk Road internet marketplace and the Tor anonymity software that made such anonymity possible.

The presenter was the redoubtable Dom Knight. Given that we last spoke in April, we had a lot to catch up on. Here’s the full audio.

Podcast: Play in new window | Download (14.4MB)

The audio is of course ©2013 Australian Broadcasting Corporation, archived here because it isn’t being archived anywhere else.

Posted on

Do McAfee’s new cyberstats really represent a shift?

Composite image of ZDNet column headline and McAfee report title: click for ZDNet columnAs brokers of reliable information about the scale of online crime and espionage, most information security vendors would make great used car salesmen — but McAfee’s latest research finally seems to be taking the right path.

In my column at ZDNet Australia this week, I give McAfee some praise for the most recent research they’ve funded, a preliminary report from the Washington-based Center for Strategic and International Studies titled The Economic Impact of Cybercrime and Cyber Espionage that dismantles the daft idea that cyberstuff costs the global economy a trillion dollars a year.

McAfee now admits that you can’t run a small-N survey in a couple dozen large, wealthy nations — often a self-selected sample of known crime victims at that — and extrapolate the data globally.

Their new figure is “probably measured in the hundreds of billions of dollars”, although they never quite commit to one specific number…

“In the context of a $70 trillion global economy, these losses are small, but that does not mean it is not in the national interest to try to reduce the loss, and the theft of sensitive military technology creates damage whose full cost is not easily quantifiable in monetary terms,” McAfee writes.

True, but as McAfee themselves point out, this supposed cybercrime explosion is really down at the level of shoplifting. Retailers generally budget between 0.5% and 2% for pilferage and other such “shrinkage”.

I also mention my previous critical comments about various infosec vendors’ dodgy statistics — but I don’t link to them, because they were mostly published at non-CBS mastheads. So here’s a selection of stories I’ve written on this subject over the last couple of years.

Continue reading “Do McAfee’s new cyberstats really represent a shift?”

Posted on

Talking NSA and spying on The Project

Screenshot from The Project, 8 July 2013The revelation that the US National Security Agency (NSA) was engaged in such comprehensive spying of American citizens and their allies, some of it possibly unconstitutional, continues to make headlines.

The focus has not narrowed to the manhunt for Edward Snowden as I’d feared. Instead, there’s a steady stream of mainstream news stories as new details emerge — including my third appearance on Channel TEN’s The Project on Monday night.

On the previous two occasions, when I was talking about cyberwar and crimefighting smartphones respectively, I was chatting with the presenters. Since they’re in Melbourne, that involved sitting in front of a green screen and looking down the barrel of a camera as if it’s your best friend.

But this time my comments were to be included in a stand-alone “package”, as they’re called, along with comments from Fairfax journalist Philip Dorling and others. So a videographer came to my hotel room on Friday afternoon to shoot me at my desk, while the Melbourne-based journalist asked me questions via speakerphone — and I looked toward a yellow piece of paper that indicated where the journalist might have been standing had he actually been there.

Ah, the magic of television!

The video of the three-and-a-half minute segment, including comments fore and aft by the presenters, is over the fold.

Continue reading “Talking NSA and spying on The Project”

Posted on

I’ve just launched “Corrupted Nerds”, with many cybers

Corrupted Nerds: Conversations cover image: click for the first episodeLast night launched a new website and podcast, Corrupted Nerds, and the first episode is an interview with Eugene Kaspersky.

Yes, this is a “replacement” for the Patch Monday podcast I used to do for ZDNet Australia, but which was killed off in a budget cut at the beginning of 2013 — with my approval, by the way, because I agreed that from ZDNet Australia’s point of view the money would be better spent on a written column, The Full Tilt.

I won’t got into details about Corrupted Nerds, apart from saying that the subtitle is “information, power, security and all the cybers in a global internet revolution that’s changing… everything”, and to point to the introductory blog post for more details.

I’ve got four episodes in the pipeline, but no funding yet. So I’d be grateful if you could both spread the word and comment upon what I’m doing. I thank you.

Posted on

Infosec at AusCERT 2013: the media coverage

AusCERT 2013 conference banner: click for conference websiteHere’s a list of the news stories I’ve found this morning that have been written about the AusCERT 2013 information security conference.

The theme for this year’s conference was “This time it’s personal”:

[The theme reflects] the growth in attacks and unauthorised disclosures of online personal information. Motivated by illicit financial gain, cyber criminals obtain unauthorised access to personal information, but more and more, we are seeing data disclosures being posted publicly by attackers for political motives, rather than financial gain.

Hence the theme will resonate within the information security community and remind us that the online environment provides opportunities galore to capture personal information; of the impact these breaches can have on the lives of individuals; and the importance of information security to prevent these attacks. AusCERT2013 will explore these issues and bring experts from Australia and around the world to provide insight and solutions to deal with these challenges.

Items are arranged alphabetically by masthead and then chronologically. If I’ve missed anything, please let me know. Indeed, I daresay that some more articles will be published on Monday or Tuesday, so if that happens I’ll update this post appropriately.

There’s a lot here for me to read, so if I’m going to write a reaction piece some time then it’ll be… later.

Continue reading “Infosec at AusCERT 2013: the media coverage”

Posted on

AusCERT 2012 and the militarisation of cyberspace

AusCERT 2012 logo: click for conference websiteI didn’t make it to information security conference AusCERT 2013 this year. I’m about to read what’s been written and compile a list — but first, a reflection on what happened in 2012.

When I look back two years to what I wrote from AusCERT 2011, I’m reminded that we were just getting our head around the implications of the Stuxnet worm. Not only was malware being written by organised criminals, and we were facing an explosion of anti-banking malware and mobile malware, and looking ahead to when an angry child might deploy malware against their neighbours — we were now made well aware that malware was also being written by nation states with budgets in the millions of dollars and beyond.

But looking through the list (below) for AusCERT 2012, what jumps out is the emphasis on the militarisation of information security, as well as the emphasis in the scale of criminal activities. I won’t expand on that, because the conversation with AusCERT general manager Graham Ingram speaks for itself.

Articles from AusCERT 2012

Podcasts from AusCERT 2012

  • Patch Monday episode 139, “War talk dominates AusCERT 2012”, the first of two episodes based on material recorded at the information security conference. The overall theme is that infosec is becoming militarised. We no longer talk about “information assurance” but “defensive cyber operations”. Click through for the full list of speakers.
  • Patch Monday episode 140, “Cybercrime: it’s just too easy”, the second of two episodes based on material recorded at the AusCERT 2012 information security conference. AusCERT general manager Graham Ingram explains why cybercrime is here to stay, and F-Secure chief research officer Mikko Hypponen details a complex transnational criminal operation that saw goods bought fraudulently in Denmark being resold in Moscow, as well giving his views on hacktivism and the level to which antivirus companies should cooperate with governments.

Bonus Extra Video

After the conference, my flight back to Sydney was delayed. With the need to kill some time, this video was the result.

My compilation of reports from AusCERT 2013 will be posted later today. My compilation of reports from AusCERT 2013 is now online.