Home / News I have a News Tip

Kaspersky Calls for an Internet Internpol… Cybercrime Now Second Largest Criminal Activity

With cybercrime now the second largest criminal activity in the world, measures such as the creation of an 'Internet Interpol [International police]' and better cooperation between international law enforcement agencies are needed if criminals are to be curtailed in the future, Kaspersky Labs founder and security expert, Eugene Kaspersky, has argued. Speaking at AusCERT 2011, the Moscow-based Kaspersky said the last five years had proved to be the "Golden Age" of cyber crime…

Read full story: CIO

Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

How about Russia arrests and prosecutes their known computer criminals Phillip Hallam-Baker  –  May 31, 2011 9:43 AM PST

The big divide in Internet crime is what governments consider to be crime.

The US government and its alies consider bank fraud to be the Internet crime problem.

The Russian government is rather more concerned about 'Information Terrorism' a definition that in their view includes all forms of disagreement with the Putin regime.

So there is little prospect of any agreement on stopping Internet crime in the near future since the West places a much greater priority on freedom of speech than preventing the loss of a few billion dollars in bank fraud that the banks themselves consider too low to be worth bothering to stop.

US banks could very easily eliminate card present fraud by deploying the Chip and PIN protocol deployed in Europe. Chip and PIN has practically eliminated card present fraud in Europe. The residual fraud is almost entirely due to the need to support legacy non-Chip and PIN cards issued in the US.

Stopping online fraud is a little harder, but even this could be eliminated with a little executive branch involvement. I have a Mastercard with an embedded OTP display produced by Niagra ID that I use as a demonstrator. We could deploy that and reduce MOTO fraud to negligible levels. Smart phones are becoming ubiquitous, we could start using those as a second factor authentication tool.

Stopping Internet crime is hard, but not nearly as hard as establishing the type of international institutions being proposed here. Even if Russia signed the treaty it is rather difficult to believe that they would enforce it when they won't even let the St Petersberg police arrest the members of the Russian Business Network. The members of the RBN are rather too useful to the GRU when Putin's mob needs a bit of hacking done against a political opponent.

There will eventually be some sort of organization like the one Kaspersky suggests but it is unlikely that Russia will be a member any time soon.

"US banks could very easily eliminate card Carl Byington  –  May 31, 2011 12:29 PM PST

"US banks could very easily eliminate card present fraud by deploying the Chip and PIN protocol deployed in Europe. Chip and PIN has practically eliminated card present fraud in Europe. The residual fraud is almost entirely due to the need to support legacy non-Chip and PIN cards issued in the US."

http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf

Yes, I know all about Ross Anderson's Phillip Hallam-Baker  –  May 31, 2011 12:58 PM PST

Yes, I know all about Ross Anderson's attack. It is embarrassing for the banks, but not actually what Ross thinks it is.

Chip and PIN has still eliminated card present fraud even with some protocol issues. It doesn't need to be very good to be better than putting the credit card number on the front of the card.

I did not design those protocols, (though in the interests of full disclosure I did contribute in a modest way to a very distant predecessor). Had I done so I would not have put the PIN verification on the card the way they did. But then again, my designs all run on relatively large computers where there are no resource constraints. I don't know what the cost tradeoffs were here.

But even with the flaw as designed the exploit discovered is of a sure-fire ticket to jail variety. Correcting the protocol to eliminate the flaw is trivial. While it would be very difficult to upgrade every terminal a thief has a very high probability of being arrested if he uses the card at a terminal that has been upgraded.

The only attacks on Chip and PIN seen in the wild thus far have been relatively small (less than a million) and involved the legacy channel. From what I understand the fraud has declined as deployment progressed rather than increased exponentially as it has in other areas of card payment fraud.

To post comments, please login or create an account.

Related

Topics

Brand Protection

Sponsored byAppDetex

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias