cybercrime – Page 9 – Stilgherrian

19 May 2012

Talking AusCERT 2012 and cyberwar on ABC Local Radio

My full output from the AusCERT 2012 information security conference has yet to appear. Stand by. But last night I did a half-hour conference wrap with Dom Knight on ABC Local Radio.

We spoke about the conference atmosphere itself, cybercrime, cyberwar, the risk of Cybergeddon (yes, I know), and the claim by Eugene Kaspersky that Apple is ten years behind Microsoft when it comes to security.

Not that Mr Kaspersky would ever, like, troll the entire planet.

Podcast: Play in new window | Download (15.5MB)

What we didn’t talk about, really, was the two stories that have been published so far:

Russian crims evade transaction profiling, which details a trans-national organised crime operation profiled by Mikko Hypponen.
DNS poisoning the thin end of a wedge’, in which domain name system pioneer Dr Paul Vixie supports my argument that fiddling with the internet’s fundamental navigation systems probably isn’t such a great idea.

15 May 201216 May 2012

AusCERT 2012: What’s changed since 2011?

I’m currently on the train down from the Blue Mountains to Sydney, en route to the AusCERT 2012 information security conference on the Gold Coast, and I’m thinking about what stories might emerge.

Here’s what I wrote last year when, just like this year, I was on the ZDNet Australia team:

AusCERT 2011: Firms ignore ID theft risk, in which Bennett Arron explains that police forces don’t yet take this stuff seriously enough. Has this improved? I’m seeing talk but no action.
AusCERT 2011: Son of Stuxnet within a year: expert, in which Eric Byres explains why the Stuxnet worm — the presumed US-with-Israeli-help anti-SCADA attack on Iran’s nuclear program — would spawn a wave of copycats. This didn’t happen. Why not?
AusCERT 2011: Black hats and whitegoods, a story which was provided with the year’s best headline by CBS Interactive’s Brian Haverty where I discussed how the Internet of Things and a billion smart appliances would be the vector for a new wave of attacks. This hasn’t happened — yet — but is it still just around the corner?
AusCERT 2011: Bank theft goes truly mobile, in which Amit Klein, chief technology officer at Trusteer, predicted third-generation anti-banking malware on smartphones by Christmas. Did this happen? Well, not really. Why not?
AusCERT 2011: Silent victims thwart cybercops: Qld Police, in which Detective Superintendent Brian Hay, head of the Fraud and Corporate Crime Group of the Queensland Police Service, bemoaned the lack of hard data. I know how he feels. Do we have any yet?

The feeling I get from scanning those headlines is that there’s always a lot of scaremongering but the threats often don’t materialise. Are the threats over-stated? Does pointing out the threats trigger an effort to counter them, thus defeating them? Is it all just a bit too screechy?

And over the last year there’s been so much talk of imminent cyberwar. Is that just this year’s fashionable scary thing on a stick? I intend to ask a few questions. And I’ll plug it again: Thomas Rid says we shouldn’t believe the hype.

I haven’t yet looked in detail at the conference program but will do so over the next few hours. What do you reckon I should be investigating?

[Update 16 May 2012, 0625 AEST: Changed second paragraph to emphasise that I am covering the event for ZDNet Australia this year as well as last.]

11 May 2012

Security and the Cloud: Hype versus Reality

My presentation from the Saasu Cloud Conference 2012, which I told you about previously, is now online: Security and the Cloud: Hype versus Reality.

I’ll leave the article to explain itself once you click through, but to provide some Googlejuice here are the words hacking, infosec, cybercrime, cyberwar, information security, malware and cows.

11 March 201211 March 2012

Weekly Wrap 91: Information goes in, but doesn’t come out

My usual weekly summary of what I’ve been doing elsewhere on the internets. This post covers the week from Monday 27 February to Sunday 4 March 2012. Busy busy busy!

So busy, in fact, that this wrap is being posted a week late! That’s what I get for deciding at the last minute to insert a two-day cybercrime conference into my schedule. I did fit, but it was a bit tight. Shoosh.

Podcasts

Patch Monday episode 127, “Radiation, nanodiamonds and traffic lights”. From NICTA’s Techfest 2012, researchers explain how to protect their bionic eye circuitry with nanodiamonds, design radiation detectors for ports and airports, and update 40-year-old traffic control algorithms.

Articles

Not a single one. Strange week.

Media Appearances

On Wednesday I was on the panel for Recordkeeping Roundtable’s forum “Freedom of Information?”

Corporate Largesse

In the first part of the week I was at the Kickstart Forum. This meant airfares, accommodation at Hyatt Regency Sanctuary Cove and various meals paid for by Media Connect with the funds obviously coming from their corporate sponsors. Also, AVG gave us a small magnifying glass. Ninefold handed out t-shirts, plus I’ve got a hoodie on the way. Symantec gave us a three-PC license for Norton 360 version 6 and a single-Mac license for Norton Internet Security for Macintosh. And CA gave us men a Windsor shaving kit with mirror, brush etc. I don’t know what they gave the women.
On Thursday and Friday I attended the inaugural Cyber Crime Symposium, with food and drink provided by the Marriott Sydney Harbour thanks to the conference organisers.

Elsewhere

Most of my day-to-day observations are on my high-volume Twitter stream, and random photos and other observations turn up on my Posterous stream (or they used to before my phone camera got a bit too scratched up). The photos also appear on Flickr, where I eventually add geolocation data and tags.

[Photo: Clear Blue Sky. The sky meets the distant Pacific Ocean, with the horizon an indistinct blur. This photo was taken from a Jetstar Airbus A321 somewhere over northern NSW.]

[Update 0900: Added in the corporate largesse from Australian cloud provider Ninefold, which I’d accidentally left out.]

15 January 2012

Talking internet scams on Sydney radio 2UE

Well, this is a roundabout thing. On Saturday afternoons Trevor Long does a regular radio spot on 2UE 954 with presenter Tim Webster. This week Paul Wallbank was going to fill in but then it turned out that he couldn’t. So I ended up doing it.

The topics we discussed included the online extortion attempt against Sydney businessmen Sulieman Ravell and his firm Funds Focus; scams relating to London 2012 Olympics tickets, and other scams that Paul Wallbank had identified, as well as his tips for avoiding scams.

We also mentioned the new top-level internet domains.

Trevor Long, meanwhile, talked about the Consumer Electronics Show (CES) in Las Vegas and what caught his eye there.

Here’s the audio, including the far-too-many mobile phone dropouts — which Tim Webster handled with aplomb — and a little bleep every time I skip over other segments like the sport and traffic reports. In fact I’ve left in Mr Webster’s handling of these glitches precisely because it shows his professionalism.

Podcast: Play in new window | Download (9.4MB)

The audio is Â©2012 Radio 2UE Sydney Pty Ltd, of course, but as usual I’m posting it here in case they don’t post it at their own website. The little beep sound is by junggle via Freesound.org, used under a Creative Commons Attribution license.

10 January 201214 January 2012

Talking cyber threats on ABC NewsRadio

The Australian Federal Police were talking up the risk of “cyber threats” in the Fairfax news yesterday morning, so I ended up talking about it on ABC NewsRadio.

Now the AFP was bouncing off a report from McAfee, which from the title I assume is yet another of those “The internet is dangerous, m’kay?” fear pieces. 2012 Threats Predictions. I won’t bother linking, because all these reports from the major infosec vendors are much the same, jumbling together everything from minor vandalism to “cyberterrorism” — whatever the fuck that is — with little critical analysis.

But I suppose it is actually getting this stuff onto the agenda.

Slowly.

For six minutes.

At this point I reckon I should re-link to two of my pieces from the eCrime Symposium held in Canberra in November 2011. eCrime Symposium: Harden up, warns Aussie crime fighter and eCrime Symposium wrap: Satisfaction tinged with frustration.

The presenter was Cathy Bell (who seems to be missing from the station’s page of presenters), the producer Jared Reed.

Podcast: Play in new window | Download (3.1MB)

The audio is Â©2012 Australian Broadcasting Corporation. While the audio was posted shortly after broadcast at the ABC NewsRadio website, I’m going to post it here anyway. It’s easier for me than trawling their automated daily audio archive.

This is being posted a full day after the actual radio appearance, even though the post was ready within an hour of the broadcast. Why? Because I didn’t want it on the website before I’d posted last week’s Weekly Wrap. Is that good editorial judgement? Or just a little bit too anally-retentive?