By Jan Duffy, IDC
The rise and many cyber-crime and cyber-espionage, I agree that we need a clamp down, but how we balance that with the freedom of the Internet provides and that most of us cherish? United Kingdom Foreign Secretary William Hague has appealed to Governments meet to agree on a set of rules amid growing fears of "cyber war" between States. Addressing the Security Conference in Munich, Mr Hague disclosed that just last month the United Kingdom had come under attack from an "intelligence agency hostile State" trying to penetrate the Foreign Office IT system.
Mr. Hague said the reports of intelligence, he sees as Foreign Minister showing that a single criminal computer program can collect over thirty gigabytes of stolen passwords and credit card details from over 100 countries in a matter of days, causing millions of pounds worth of fraud. More than 40,000 pieces of sensitive information and financial data are quoted on the black market online every day, equal to 13.2 million criminal transactions every year.
Systems of Government are too focused. ZEUS is a famous piece of malware that attempts to steal banking information and other personal information. At the end of December was sent an email forgery as by affixing from the White House to a large number of recipients that were directed to international click on a link and then downloaded a variant of ZEUS. The British Government was targeted in this type of attack and a large number of email surrounded some of our filters. He said Government experts were able to clear the infection, but more sophisticated attacks like these are becoming more common.
He continued saying that last year the interests of national security of the United Kingdom have been targeted in a deliberate attack our defence industry. A malicious file which pretended a report on a Trident nuclear missile was sent a defense contractor from someone masquerading as an employee of another defense contractor. Good protection meant that the email was detected and blocked, but its purpose was to steal information about our projects more sensitive.
Mr Hague said that last month three of his colleagues were sent an email, supposedly from a British colleague outside the FCO, working in their region. The email claimed to be on an upcoming visit to the region and looked innocent enough. In reality it was from an intelligence agency hostile State and contained computer code embedded in the document attachment that he wanted to attack their machine. Fortunately, it was caught in a way that has not reached his staff.
Mr. Hague offered to host an international conference this year to discuss the rules of acceptable behavior in cyberspace, bringing countries together to explore mechanisms for the grant of such standards real political and diplomatic influence.
He said that, in view of Britain, seven principles should underpin the future international rules on the use of cyberspace:
The need for Governments to act accordingly in cyberspace and in accordance with national and international law;The requirement that all have the chance-in terms of skills, technology, trust and opportunity-to access cyberspace;The need for users of cyberspace to show tolerance and respect for the diversity of language, culture and ideas;Ensure that cyberspace is open to innovation and the free circulation of ideas, information and expression;The need to respect individual rights to privacy and to provide adequate protection to intellectual property;The need for us all to work together to address the threat from criminals who act in line;And the promotion of a competitive environment that ensures a fair return on investment in the network, services and content.As we have to balance the need for controls with the desire for freedom? We can reasonably expect agreement on the fight against cybercrime and cyber-espionage when threats are difficult to source change fast and intertwined with Counterintelligence operations of many of the world's top economies?
The United Kingdom has set up a group of cyber operations, the United States has established a Cyber command. This is enough? We support efforts to develop more stringent guidelines or should we just leave everything as it is?
Copyright 2011, IDC, all rights reserved.
No comments:
Post a Comment