Crushing the Web's dark forces
Updated 5 August 2005 4:20PM On the Internet and in enterprises, keeping clandestine forces at bay is an uphill battle. In this special report, ZDNet Australia profiles five leading security experts who pursue cyber criminals for a living. "I would definitely recommend Firefox," says Denis I. Pankratov when asked which browser he would recommend for Internet banking. Pankratov, co-founder and technical director of the Computer Crime Research Center in Ukraine, told ZDNet Australia that users should use Firefox for all commercial transactions and regular surfing. In our final installment, Pankratov shares his views on whether Linux is more secure than Windows. Robert McAdam, our fourth profile featured yesterday, was attached to the New South Wales Police for many years. After a stint with IBM, he finally realised his dream of running his own company and founded Pure Hacking, a Sydney-based security consultancy.
|
| Writers: Fran Foo and Munir Kotadia Design: Petter Carlweitz Production: Chris Duckett |
"Normal people don't get up in the morning and wonder how they can steal or trick someone.
"I won't rest until we can eliminate wrongdoing," says Alastair MacGibbon, Trust and Safety director at eBay Australia and New Zealand.
After 15 years with the Australian Federal Police, including a stint as director of the Australian High Tech Crime Centre, MacGibbon joined one of the world's largest Internet auction sites. In an interview with ZDNet Australia , he discusses eBay's fight against fraudsters, its relationship with law enforcement agencies and steps taken to educate users against the perils of identity theft.
In your capacity dealing with trust and security at eBay, describe a normal day at work?
MacGibbon: One of the constants in my job is liaison with a number of people and groups. This includes regular meetings and contact with law enforcement agencies, government and various departments within eBay. There are over 1,000 Trust and Safety employees at eBay and PayPal, all dedicated to making eBay one of the safest place in the world to trade and I make it a priority to keep up to date with developments from around the world.
eBay has received a considerable amount of attention from the media (including broadcast) with regards to online auction scammers. Do you think these victims are shooting the messenger -- ie eBay -- instead of heeding the numerous warnings about payment procedures and security?
MacGibbon: Firstly, it's important to put fraud on eBay in perspective. The overwhelming majority of transactions on eBay are completed successfully. In fact, less than 1/100th of one percent of all items listed result in a confirmed case of fraud.
eBay is committed to providing a safe and secure environment for our members. Our Trust and Safety people, systems and technology are there to help minimise risk. We are also committed to providing ongoing consumer information, such as our Safe Trading Guidelines to educate Australian consumers on how they can protect themselves online. The Safe Trading Guidelines can be found in the Security Centre on eBay.com.au.
What is eBay doing to educate buyers on the dangers of online auction fraud?
MacGibbon: According to independent research commissioned by eBay, 67 percent of Australian Internet users believe that online shopping is becoming safer. The survey also revealed that Australians still hold a number of concerns, particularly over the security of personal and financial information. By comparison, online auction fraud was rated down the list in the survey.
That said, eBay undertakes many measures to educate consumers on how to protect themselves online.
Most recently we launched the e-Commerce Safety Guide, a comprehensive resource which is packed with useful information for consumers. The Guide is available from the eBay Security Centre and information covered includes:
- Avoiding fraud
- What to do if you think fraud has occurred
- Sensible precautions for online shopping
- Preventing identity fraud
- Phishing, spoof and spam
- Protecting your home PC (this section was contributed by AusCERT - the national Computer Emergency Response Team for Australia)
- Eight reasons to feel confident buying on eBay.com.au
- Recommended Australian resources
How much (in dollar terms) and how many subscribers have made claims to eBay's buyer protection program?
MacGibbon: I cannot put a dollar amount on this figure [but I can only tell you that less than 1/100th of 1 percent of all items listed result in a confirmed case of fraud].
eBay, like many other online properties, has been a target of phishing scams. What is eBay doing to nab these phishers?
MacGibbon: eBay works closely with law enforcement agencies around the world, as well as ISPs to combat phishers. Importantly, we also provide members with tools to protect themselves from phishing threats. This includes:
- the eBay Toolbar featuring Account Guard (free to download) - which helps you to make sure you are on a legitimate eBay site. The toolbar helps recognise, reject and report potential spoof sites. The Account Guard feature turns green if you are on an eBay website, grey for unknown and red when users should use caution.
- eBay's spoof reporting service - whereby if someone receives a suspicious email purporting to come from eBay it can be sent to spoof@eBay.com.au and we will confirm within 48 hours if it is a legitimate eBay email. PayPal has a similar service where people can send suspicious emails to spoof@PayPal.com
eBay's Fraud Investigations Team -- does every country eBay operates in have one?
MacGibbon: There are over 1,000 Trust and Safety employees at eBay and PayPal operating in the 33 markets around the world.
What elements of law enforcement are entailed in your duties at eBay? For instance, Joseph Sullivan is the senior director of law enforcement relations at eBay in the US. Does eBay Australia have a similar post or do you play that role as well?
MacGibbon: This role is part of my existing responsibilities.
In what circumstance would you refer a case to the AFP (including AHTCC)?
MacGibbon: eBay refers federal or multi-jurisdictional (as in multiple Australian states) matters to the AHTCC. The AHTCC has its own case categorisation and prioritisation models for whether they take on an investigations referral, or pass it to one of their partner agencies. We regularly talk with the AHTCC on a range of issues as we engage government.
How does eBay weed out unscrupulous sellers on your site?
MacGibbon: We have zero tolerance for wrongdoing and are committed to making eBay as safe as possible for our members. We also work closely with law enforcement agencies to help them to bring offenders to justice.
eBay invests in the top people, systems and state of the art technology. As you will understand, we can't give out details of our security systems in order to stay ahead of criminals.
In reality, eBay is not a good place for people to attempt wrongdoing. Being an online business, activity on eBay is highly transparent and attempts to commit wrongdoing on the site can be easily spotted.
We also enlist the help of our 157 million members around the world. Our members inform us of any suspicious activity on site -- much like a neighbourhood watch program.
How many registered members does eBay Australia have and how many auctions are conducted daily on ebay.com.au?
MacGibbon: eBay has over two million Australian members, with just over three million unique visitors in March 2005 according to AC Nielsen NetRatings Netview.
eBay Australia's growth continues to be impressive. Some of our key highlights include:
- According to AC Nielsen NetRatings Netview, eBay.com.au had approximately 3.6 million unique visitors in June 2005
- There were over two million Australian eBay members as at October 2004, or one in every seven adult Australians
- According to online measurement company Hitwise, eBay.com.au was Australia's third most popular Web site in June 2005 ranked by visits
- Gross merchandise volume -- the total value of goods traded on eBay Australia -- was $600 million in 2004, up 110 percent on the previous year
- There are over 2,000 Australians that make a full-time living selling on eBay.com.au (Kinergy, July 2004).
There's been numerous stories about the security aspects of browsers. Would you recommend Internet Explorer or other browsers such as Firefox and Opera for eBay members?
MacGibbon: eBay does not endorse any particular browser.
Is Linux really more secure than Windows?
MacGibbon: eBay does not endorse any particular platform.
What is the most challenging part of your job? What keeps you up at night?
MacGibbon: Wrongdoing upsets me. It did when I was in the Australian Federal Police for 15 years and upsets me still: normal people don't get up in the morning and wonder how they can steal or trick someone. I won't rest until we can eliminate wrongdoing.
Last updated 2 August 2005 10:50AM
It's a wonder how Laura A. Chappell juggles her time between training law enforcement agencies and her other interests.
A member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989, one of Chappell's biggest achievements is creating the Internet Safety for Kids program in conjunction with her company, Protocol Analysis Institute.
In an interview with ZDNet Australia, Chappell shares some of the more interesting crimes she's witnessed and tells of one of the most challenging criminals she's ever pursued.
When and how did your career in computer crime
investigation/forensics begin?
Chappell: The transition from network/protocol analyst to security analyst
was a natural one -- in the early 1990s, as I analysed network
communications with an eye on troubleshooting and optimisation, I
realised that the traffic was not secure. This led to more study,
research and testing in the area of TCP/IP vulnerabilities and
the white hat/black hat tools available to penetrate or attack
networks.
Describe a normal day at work.
Chappell: There is no such thing as a "normal day" at work at the Protocol
Analysis Institute. Approximately 1/3rd of my time is spent on
the road working on live networks, lecturing at industry
conferences or teaching private or public classes on security or
protocol analysis. When I am in the office, the day begins with
e-mail -- typically there are numerous e-mails containing trace
files (files that detail the traffic that has crossed a
network).
Some of these trace files illustrate security breaches or attack tools. Others contain unusual traffic that is negatively affecting network performance. Reading these files is not unlike reading a foreign language unless you understand TCP/IP and application communications. At some point in each day I try to work on the Internet Safety for Kids program -- getting online to search for predators or building out additional materials to support the program.
Finally, I'll start working with new security tools or perhaps begin writing about these tools or networking communications.
What is the most challenging crime you've ever
pursued/still pursuing?
Chappell: A bank experienced an internal "lock down" -- an IT employee who
had created a privileged empire on the network. In essence, this
employee was granted too many privileges -- he controlled the
internal infrastructure and would not share access information or
details with other IT employees.
The management was not happy with the employee's actions and feared that this employee could hold the bank as a digital hostage if the employee were not treated well. In this case, we tapped into the network to 'listen' to the employee's traffic. This provided us with enough knowledge of the employee's actions to validate management's concern.
As a follow-up, we keylogged the employee's system to gather all the system passwords and evidence required to support management's intent to terminate and prosecute the employee.
Who is the most challenging criminal you've ever
pursued/still pursuing?
Chappell: Currently, I am spending many hours focused on online predators
who attempt to lure children away for sexual exploits.
Who, in your opinion, is the most dangerous cybercriminal
and why?
Chappell: The most dangerous cyber criminal is the internal employee (or
ex-employee) that is accessing company information on a daily
basis. A perusal of the US
Department of Justice Computer Intrusion Case listing
illustrates the problem with privileged access to corporate
information.
Which group/gang is the most dangerous online and
why?
Chappell: Although there are several cybergangs in action today, just like
in the physical world, I find the lone wolf to be the most
dangerous entity.
Collectively, these individuals spend thousands of hours working on exploits and attacks -- looking for weaknesses in operating systems, network borders or applications.
How do you measure your performance?
Chappell: My role is to train law enforcement and network personnel to
identify network weaknesses, locate criminal activity and follow
through with the appropriate agency to ensure pristine collection
of evidence if the case will go to trial.
We've read stories about criminal gangs allegedly
blackmailing online betting companies, threatening denial of
service attacks unless they pay up ... is this a common
occurrence and if not, do you see this type of activity
increasing? Any idea who's behind this or where these gangs
originate from? Is it advisable for victims to report such
activity if they're threatened?
Chappell: Blackmailing is rarely monetarily successful for the attackers,
but it is a serious threat to the victim corporation. One of my
clients was gang-hacked because they publicly pursued an
individual who had breached their security.
They spent numerous hours building a "back channel" for communications with their customers and branch offices while performing research and reconnaissance on the attacking group. Law enforcement became involved to track down the US-based suspects. The company was correct in bringing in law enforcement to help - International cases are more difficult.
In terms of ranking, what's your top 5 categories of
cybercrime (eg Internet blackmail, child pornography, social
engineering, virus writing etc)?
Chappell: The list is:
1. Security flaws and vulnerabilities (unpatched and unaudited
systems are especially vulnerable)
2. Worms and viruses
3. Spyware (this is a huge issue that often gets
overlooked)
4. Employees (current or former) with access to privileged
information
5. Child sexual exploitation (this is a personal issue)
In working with local and international law enforcement
agencies, what do you find most challenging? Red tape? Language
barriers?
Chappell: Unfortunately, many law enforcement groups do not have the
technical knowledge or budget to hire or train officers in the
area of network communications. In some cases (as in California),
we have a four-year rotation that requires an officer to change
focus every four years ... for example, if an officer comes into
the HT (high tech) area today, they will be fully-trained in
investigative and forensic work and then rotated out to another
specialty after four years.
In addition, the private sector hires away many LE (law enforcement) professionals at an enhanced salary. In my experience, the LE groups I have trained are some of the most appreciative and attentive students -- they have a personal drive to learn and succeed.
What more needs to be done to fight cybercrime?
Chappell: We need greater budgets for training and more technical tools to
assist law enforcement. In addition, international cooperation
among agencies is improving, but still needs to remain a focus.
One example of a technical tool created to assist LE is CETS
(Child
Exploitation Tracking System) developed by Microsoft and the
Toronto Police Service Sex Crimes unit. This is EXACTLY what we
need!
Which area of law enforcement requires the most funding to
fight cybercrimes and why?
Chappell: I am sure each LE group would state that they need more funding
-- I believe the cybercrime task forces throughout the world need
more funding. In addition, awareness and international expansion
of organisations such as HTCIA should help sharing resources and
knowledge.
Are you heavily involved in fighting the illegal
distribution of music and movies online, be it clamping down on
peer-to-peer networks or otherwise?
Chappell: I do present courses on how P2P networks work, what their
signatures are, what the legal ramifications are to a corporation
or an individual if they are in possession of illegal or
copyrighted materials. As you can see in the US, we are finally
getting some judgments and punishments to help pursue and arrest
guilty parties.
My personal quest is to crack down on the P2P exchange of child pornography depicting sexual torture.
The youth of today grow up in an environment surrounded by
computers and high-tech gadgets. Do you forsee a time when the
number of computer crimes will exceed traditional crimes (such as
petty theft, mugging, bank robberies etc)?
Chappell: Absolutely -- whereas an individual may not be brazen enough to
walk in and rob a bank, Internet anonymity may empower them to
attack a target electronically.
What keeps you up at night?
Chappell: Over the past year or so I have had recurring nightmares related
to cases involving children who are lured by online predators.
This is by far the most emotional and personally satisfying work
I do. Your international readers can visit www.inhope.org for international
Internet child sex law enforcement agencies.
Would you recommend Internet Explorer or other browsers
such as Firefox and Opera for financial transactions over the
Net?
Chappell: Certainly Internet Explorer has had its share of vulnerabilities
-- there are methods to thwart "secure" communications regardless
of the browser used, however. I use a variety of browsers, but
recommend people check bank and credit card statements
carefully.
Is Linux really more secure than Windows?
Chappell: Windows (and Microsoft) have a big target on their foreheads --
because Windows is so prevalent, a hacker interested in having
the most impact is going to focus on that operating system. Linux
also has its vulnerabilities -- it is not completely secure.
Published 2 August 2005 6:00PM
Until today, Jo Stewart-Rattray remains wary of Internet banking.
"I personally do not recommend it," she told ZDNet Australia recently. When asked what keeps her awake at night, she said: "The idea of acceptable risk in the banking and finance sector when it comes to online and credit card transactions!"
As director of Information Security at Vectra, an Australia-based security consultancy and IT specialist, Stewart-Rattray is more than qualified to talk. She has extensive experience in IT security, providing corporate clients with strategic and technical information security services, vulnerability assessments and business risk guidance throughout the Asia-Pacific region.
The $18 million company caters to a variety of enterprises which hail from banking and finance, transport, manufacturing, retail, health and government sectors.
When and how did your career in computer crime
investigation/forensics begin?
Stewart-Rattray: Whilst I was working in the utilities sector I
was involved in investigating potential misuse of corporate IT
services together with tracking down a cyber stalker and an
identity thief!
What's a normal day at work like?
Stewart-Rattray: Not entirely sure that I know what a normal day
is!
I spend a lot of time educating senior management about the
dangers of the Net and the need for low level in-house forensics
capability. Much of my day is spent liaising with and I guess
interpreting for technical resources and translating their output
into management speak.
What is the most challenging crime you've ever
pursued/still pursuing?
Stewart-Rattray: The most emotionally draining was the case of a
cyber stalker. A lot of my psych skills were required.
This case also required us to be squeaky clean because of the
potential legal ramifications.
Who, in your opinion, is the most dangerous cybercriminal
and why?
Stewart-Rattray: Anyone who uses people and exploits natural
human conditions can be extremely dangerous. A social engineer is
of course a good example of this. These people do not use
technology to gain access to sensitive information in the first
instance but rather use any organisation's weakest link to gain
access …its people.
Which group/gang is the most dangerous online and
why?
Stewart-Rattray: Any group in it for the ego trip ... hacking,
cracking, or indeed, phreaking, simply because they can.
The damage in terms of leaked information can be immense costing
organisation's their reputations along the way.
How is your work performance measured?
Stewart-Rattray: As my consulting team is engaged by corporations
to track down internal issues or external attacks, our success is
measured by our ability to secure their environment or our
ability to prevent the environment from being breached.
Describe, in-length if possible, your most successful
bust?
Stewart-Rattray: One I would prefer not to answer.
We've read stories about criminal gangs allegedly
blackmailing online betting companies, threatening denial of
service attacks unless they pay up ... is this a common
occurrence and if not, do you see this type of activity
increasing? Any idea who's behind this or where these gangs
originate from? Is it advisable for victims to report such
activity if they're threatened?
Stewart-Rattray: Any such activity should be reported to the
e-crime unit of the police service in each state. It's commonly
thought that such activity emanates from behind the old Iron
Curtain. These are not, according to police statistics, a common
occurrence in Australia at present.
In terms of ranking, list your top 5 cybercrime
categories
Stewart-Rattray: According to local eCrime statistics for
computer-related crimes, they are:
- Porn (24 percent)
- Fraud (19 percent)
- Drugs (16 percent)
- Sex (11 percent)
- Assault/Harassment (8 percent)
- Homicide (5 percent)
- Larceny (4 percent)
- Identity (3 percent)
- Terrorism (1 percent)
- Access (1 percent)
In working with local and international law enforcement
agencies, what do you find most challenging? Red tape? Language
barriers?
Stewart-Rattray: Jurisdictional issues!
What more needs to be done to fight cybercrime?
Stewart-Rattray: Ensure that law enforcement agencies have the
staffing and technical levels required to fight the growing
number of computer-related and computer-assisted crimes.
Organisations need also to be aware of their responsibilities in
relation to good governance practices with regard to information
security.
Which area of law enforcement requires the most funding to
fight cybercrimes and why?
Stewart-Rattray: State police services have little funding. A lot
of funding is allocated to the federal sector and for research
into policing methodology however, at state level, e-crime units
seem to be under staffed and have a great deal of trouble keeping
people with good technical skills as they are often poached by
the private sector. This issue relates directly to salary
discrepancies in the public and private sectors.
The youth of today are brought up in an environment
surrounded by computers and high-tech gadgets. Do you forsee a
time when the number of computer crimes will exceed traditional
crimes (such as petty theft, mugging, bank robberies
etc)?
Stewart-Rattray: Not everyone is going to want to sit up nights
in a darkened room by themselves playing at being a super nerd.
There will always be crimes that include blood and guts and
manual means.
What keeps you up at night?
Stewart-Rattray: The idea of acceptable risk in the banking and
finance sector when it comes to online and credit card
transactions!
Would you recommend Internet Explorer or other browsers
such as Firefox and Opera for financial transactions over the
Net?
Stewart-Rattray: I personally do not recommend Internet banking.
As for transactions such as purchases over the Net ... there is
always a risk involved, the idea is to minimise it. Currently
Firefox is picking up momentum in this space.
Is Linux really more secure than Windows?
Stewart-Rattray: More holes are being found in Linux every day.
It should be remembered, that in the world of hacking, where
there's a will there's always going to be a way!
Updated 3 August 2005 7:00PM
An "accidental" ethical hacker. That's how Robert McAdam describes himself.
Attached to the New South Wales Police for many years, McAdam was lured to the private sector during his time at IBM while working on the Sydney Olympics.
He left Big Blue to pursue his dream of running his own company and founded Pure Hacking, a Sydney-based security consultancy.
When and how did your career in computer crime investigation begin?
McAdam: Quite by accident, I was working for IBM as a Project Manager on the Olympics and it was suggested by a colleague that I come across to the Security Practice. Given my work history in policing, and now Pure Hacking, I have a core personal value around making others safe.
What's a normal day at Pure Hacking like?
McAdam: Ensure the electronic systems are functioning as expected (and they always do). Read the latest security advisories, check sites which have been hacked over the last 24 hours, and respond to current and new client queries.
Then we start hacking.
What is the most challenging crime you've ever pursued?
McAdam: A financial institution was being extorted. A hacker had infiltrated the systems and was extorting the business for financial gain. At the time, the business thought it was over. Pure Hacking stopped the extorter and the business is still running today so it's a great result. Can't provide more details.
Who, in your opinion, is the most dangerous cybercriminal and why?
McAdam: A bored employee. They are the most dangerous because they are in a trust relationship. The most common offender in most crimes are those you trust -- the Internet is no different.
Which group/gang is the most dangerous online and why?
McAdam: We've only dealt with individuals acting independently for personal gain, not organised crime.
Describe, in-length if possible, your most successful bust?
McAdam: With a 9 year career in policing, there are many war stories. In IT Security, law enforcement is not a focus. For those issues, the client wants the problem fixed and that's it.
We've read stories about criminal gangs allegedly blackmailing online betting companies, threatening denial of service attacks unless they
pay up ... is this a common occurrence and if not, do you see this type of activity increasing? Is it advisable for victims to report such activity if they're threatened?
McAdam: In Pure Hacking's experience, this is not a common occurrence (common being a daily or weekly event). The victims really should contact the authorities in these circumstances as they have significant resources either directly or indirectly. These resources may be available in-house, or through their relationships with other law enforcement agencies. It pays to tap into another's network -- especially when it's all that they do.
What are the top five cybercrimes?
McAdam: As follows:
- Virus writing
- Ignorant users opening up attachments
- Social engineering -- relying on good manners or ignorance to gain illegal access
- Replicas of Web sites
- Using the Internet as a vehicle to wage a personal attack on an individual -- relating to domestic violence issues
What more needs to be done to fight cybercrime?
McAdam: Education, Education, Education. The tools exist to protect an environment and businesses misconfigure them, or let security lapse. Security is an ongoing process.
Which area of law enforcement requires the most funding to fight cybercrimes and why?
McAdam: Again, education. Simply stated, the criminals know and profit from individuals' ignorance.
The youth of today are brought up in an environment surrounded by computers and high-tech gadgets. Do you forsee a time when the number of computer crimes will exceed traditional crimes (such as petty theft, mugging, bank robberies etc)?
McAdam: In relation to crimes, petty theft and bank robberies are at different ends of the spectrum for the victims and the offenders.
I do not see Internet crime exceeding traditional crimes because the level of knowledge required to bring a bank down [offline] is usually significant. In contrast, to obtain a firearm and to walk into a bank is relatively simple.
I believe it is the same trend on the Internet as in the 'real world'. Repeat offenders will generate most of the problems.
Would you recommend Internet Explorer or other browsers such as Firefox and Opera for financial transactions over the Net?
McAdam: Firefox has significantly less vulnerabilities, but poor site design and programming means that a site can only operate securely on the IE platform. Pure Hacking uses Firefox when testing.
Is Linux really more secure than Windows?
McAdam: No
Updated 4 August 2005 5:30PM
"I would definitely recommend Firefox. And not only for commercial transactions but for normal surfing as well," says Denis I. Pankratov, technical director at the Computer Crime Research Center.
Based in Ukraine, the centre, which Pankratov co-founded, is a non-profit, non-governmental and scientific research organisation which functions on a voluntary basis.
The research lab regularly collaborates with universities and law enforcement agencies in its quest to reduce the number of cybercrimes.
When and how did your career in computer crime investigation begin?
Pankratov: In 2001 with the establishment of Computer Crime Research Center. I'm the other founder (the first being Vladimir Golubev).
Who, in your opinion, is the most dangerous cybercriminal and why?
Pankratov: The most dangerous criminals are those whose existence we don't even suspect.
But sure, the biggest social danger is generated by virus writers and cyberterrorists.
Which group/gang is the most dangerous online?
Pankratov: There are too many of them! Any such group with money in mind is dangerous.
But personally, I don't like spammers.
We've read stories about criminal gangs allegedly blackmailing online betting companies, threatening denial of service attacks unless they pay up ... is this a common occurrence and if not, do you see this type of activity increasing? Any idea who's behind this or where these gangs originate from? Is it advisable for victims to report such activity if they're threatened?
Pankratov: I've heard that some of these cases were connected with Russian "groups". But I think these groups are spread all over the world.
My only advice is don't follow or give in to their instructions. Always contact your local law enforcement officials.
In terms of ranking, what's your top 5 categories of cybercrime?
Pankratov: It's as follows:
- Child porn
- Spam
- Phishing
- Virus writing
- Adware, spyware and other trojans
In working with local and international law enforcement agencies, what do you find most challenging? Red tape? Language barriers?
Pankratov: It's time. Everyone's too busy these days.
What more needs to be done to fight cybercrime?
Pankratov: First of all, education. Then, implementation of good working security practices and tighter co-operation on an international basis.
Which area of law enforcement requires the most funding to fight cybercrime?
Pankratov: International cooperation and education.
The youth of today grow up in an environment surrounded by computers and high-tech gadgets. Do you forsee a time when the number of computer crimes will exceed traditional crimes (such as petty theft, mugging, bank robberies etc)?
Pankratov: Scary thought but in future, well, it's possible.
Would you recommend Internet Explorer or other browsers such as Firefox and Opera for financial transactions over the Net?
Pankratov: I would definitely recommend Firefox. And not only for commercial transactions but for normal surfing as well.
Is Linux really more secure than Windows?
Pankratov: I think the answer to this question depends mainly on how well a computer is setup. If done properly, most operating systems should be secure. But since statistics say that an overwhelming majority of regular uses use Windows, public opinion seems to be that Linux is more secure.
Linux has many more tools in its default installation to be more secure but you still need to be educated to use them.
Updated 5 August 2005 4:20PM