Internet: UN urges Asia-Pac nations to work harder on cybercrime

120 participants from 19 countries throughout the Asia-Pacific region, the UN International Telecommunications Union Forum in Hyderabad, India, heard the UN's view that progress has already been made in global collaboration through the signing of an agreement between the agency and the International Multilateral Partnership Against Cyber Threats (IMPACT) last year.

The agreement with IMPACT makes state-of-the-art cyber-security measures and early warning systems available to 30 ITU member States, says the UN.

But Nigel Morris-Cotterill, Head, The Anti Money Laundering Network, says that the UN is missing the point.

"There is, in reality, nothing new in cybercrime except unlawful access to a system with no physical entry. The focus on trying to define new forms of crime is diverting resources from the pragmatic use of existing tools to prevent crime and to prevent criminals from benefiting from the crime."

He cites the example of a widely prevalent spamming campaign that has been plaguing inboxes for several months and consistently defeats spam filters. All of them invite visitors to websites with a .cn extension.

"It's easy to defeat these spams in real time. Simply set up a honey trap to attract the spam - if necessary by using the mailbox of someone who is already plagued by it. Then require the domain registrar to immediately kill the domain, and the host where the link goes to to kill it on their servers. In this way, the campaign can be killed within minutes of the first spams being received. Quite simply, harassing spammers in this way will reduce the incidence of such spam."

Yet, he says, there is no such pragmatic - and instant approach - adopted in any country, so far as he can ascertain.

"We know that Russian and Romanian addresses are frequently used by spammers. And we know that many spammers use an instant divert from the address that appears in their mail to their actual site, which is often a place where malware or phishing takes place."

And it is in phishing that the USA needs to take action, he says.

"Phishing most often uses a fake link that appears to be to the legitimate site of a financial institution. But if you look at the anatomy of that link, it most often goes to a .com address. Those .com addresses are either recently set up for the purpose (in which case they can immediately be blocked as I suggested above) or are unlawful directories built into legitimate sites. Increasingly, these are at university servers but they are also to be found exploiting a weakness in a particular and very popular CMS / Blogging software which has not been updated."

Killing an existing site would be unduly draconian, he says. However, ISPs should be requested to take the site temporarily off-line whilst the website owner, who is as much a victim as those who find their personal information stolen, secures his site, he says.

No one is safe, he says. "Everyone takes steps to protect their mail and data servers. But all too often programs do not take the same care over the server where the programs themselves run. This is especially so with some bought in software. We should know: someone hijacked one of our bought in scripts last year and it disrupted the business unit that had bought it. No customer data was ever at risk, and nor was any e-mail: they are all stored elsewhere. All that happened was that someone used a small hole in the residual installation script to upload a page of illicit links into a page we had installed and which we did not visit as it did not contain active data."

=========

Nigel Morris-Cotterill is Head, The Anti Money Laundering Network, the ultimate owner of Vortex Centrum Limited, publisher of ChiefOfficers.Net. www.antimoneylaundering.net

==============