Cyber-crime is not just a law enforcement issue anymore

Cyber-crime is not just a law enforcement issue anymore

Summary: Now is the time to launch an initiative to develop a strategic roadmap to address malicious cyber activity in a proactive way that uses all available resources, one that includes the engagement of key stakeholders from government and the private sector.

SHARE:

Guest editorial by Andy Purdy and Tom Kellermann

The Internet is having a transformational impact on how individuals, organizations, and governments conduct their daily lives, and holds unrealized promise for impacting society for the better. A mind-numbing amount has been written and spoken about the threats in cyberspace that are affecting, and can even more seriously impact, our privacy, our economic well-being, and even our national security, so much so that there may be a cry-wolf reaction among some. While it is apparent that comprehensive cyber legislation will not be enacted during this term of Congress, significant progress to reduce national cyber risk can and should be made nonetheless.

At a minimum, the success of these efforts requires that key private sector representatives engage in a more formal, ongoing way, with government representatives so that we can better measure the nation’s progress in assessing and reducing the risk in cyberspace. In short, the public sector needs a seat at the table with government to chart the nation’s cyber course. We must work together to specify what is required for progress and what success looks like. We need a much clearer picture of what we as a nation need to worry about in cyberspace, and what we need to do about it. At its heart, this requires that the public-private collaboration identify critical national cyber priorities, set goals and objectives for each, and identify corresponding milestones and metrics for those objectives so that they can be resourced, tracked, and improved over time.

It is important that private companies and government officials have a better idea of what the most important initiatives are or should be, and whether, how, and when to collaborate actively or provide input. A particularly important candidate to be one of the national cyber priorities, is the problem of malicious cyber activity, which should be framed just that way, and not as the narrower problem of cyber crime.

Early in 2010, Google disclosed that they had reached out to the National Security Agency for help in defending themselves against the Aurora cyber intrusions emanating from China, because of the sophisticated attacks that were attempting to steal their intellectual property crown jewels. Reportedly thousands of other American companies have suffered at the hands of the same cyber attackers. The recent revelations about the apparently far more sophisticated “Stuxnet Worm” raise even greater concerns about not only the threat to industrial control systems, but to our information and communications technologies, generally. Stuxnet reportedly targets industrial control systems that use Siemens software and infected over 30,000 computers in Iran, including computers involved in running nuclear facilities in Iran. Although many suspect nation-state sponsorship and intent behind Stuxnet, the public may never know who was behind it.

Next -- The greatest fear... -- >

In the most recent spate of publicity about the cyber threat, the greatest fear articulated by some – of a devastating nation-state or state-sponsored attack against our government and/or critical infrastructure, a so-called “digital Pearl-Harbor,” has reportedly led the Pentagon’s new Cyber Command to “seek[ing] authority to carry out computer network attacks around the globe to protect U.S. interests….” (“Pentagon is Debating Cyber Attacks,” Washington Post, 11/6/2010, p. 1). Deputy Secretary of Defense William Lynn recently wrote in Foreign Affairs about the significance of the threat, and the Departments of Defense and Homeland Affairs announced that they had signed a Memorandum of Understanding to exchange cyber experts to increase the level of coordination to enhance the nation’s preparedness for a cyber attack. White House Cybersecurity Coordinator, Howard Schmidt, has publically stated that his office is reviewing available legal authorities to make sure they do not pose an obstacle to an effective response.

While it is important to clarify or supplement the available legal authorities to support offensive and defensive actions, particularly related to the kinds of attacks that could come in the future, we need to begin to more aggressively address the intellectual property and economic losses we are suffering now, that collectively arise to the level of national security significance. Unfortunately, the facts not only demonstrate that the cyber threat to the U.S. is real in terms of the kinds of attacks that can happen in the future, but that there is a significant ongoing negative impact to American industrial competitiveness – the theft of intellectual property from American companies -- that is not being adequately addressed by a strategic and coordinated government and industry initiative. The Deputy Secretary of State, James Steinberg, recently told a meeting in Washington that companies who feel they have been victimized by attempts or actual thefts of their intellectual property should contact the Department, which can pursue complaints through the World Trade Organization (WTO). However, there does not appear to be a proactive effort by the Department or others in government to reach out to corporate America to solicit such information so there can be a coordinated effort to protect American interests.

The Chinese government, during early conversations in recent weeks with current and former U.S. government officials about malicious activity emanating from China and the possibility of working bilaterally at first to create international norms of behavior in cyberspace, have pointed out that more cyber attacks come from the U.S. than China, no doubt because of the visible (to Internet Service Providers and observant network administrators) presence of millions of computers in networks in the U.S. that have been implanted with malicious software (these infected computers are called “bots”) that are being remotely controlled to launch spam, identity theft, phishing attacks (where the fraudster sends an email disguised as a legitimate business to surreptitiously implant malicious software on the computer), distributed denial of service (DDOS) attacks, and are available to convey more serious attacks if so desired by the person or organization remotely controlling a large number of such bots (a “botnet”). The Chief Information Security Officer of one of America’s largest telecommunications company has said that a botnet containing as few as 65,000 computers (no longer considered a large botnet by any means) could shut down the IT system of ANY organization in the United States.

Next -- Strategic opportunities for action... -- >

Strategic possibilities for action are in plain view, although some are controversial. The Obama Administration is reportedly considering an Australian initiative that will be formally launched on December 1st that requires Internet Service Providers (ISPs) to notify customers if they have computers that are infected with malicious software, and to require those customers to take certain ameliorative measures before they can be reconnected to the Internet. Japan has a program the Cyber Clean Center, organized by the Japan Emergency Response Coordination (JP-CERT) Center with over 76 ISPs, in which participating ISPs send customers with infected computers an email or a letter directly them to a website where they can access a cleanup tool. Comcast has begun voluntarily notifying such customers to they can take steps to protect themselves and others. The Federal Communications Commission (FCC) held a hearing on November 5th to consider whether and how ISPs and telecommunications carriers might help address the national cyber risk, and what role the FCC might play.

According to the Wall Street Journal, the Commerce Department is reportedly preparing to release a report in coming weeks that will enhance policing of Internet privacy and create a privacy watchdog position to oversee it. The Journal reports that the White House has convened a task force to create specific policies based on the report.

Cyber Crime

For proof of this reality, one can turn the pages on countless reports produced by both government researchers and their private industry counterparts. From the Symantec Global Security Threat Report to the Verizon Business Data Breach Investigation Report, and most recently, to the First Annual Cost of Cyber Crime Study -- Benchmark Study of U.S. Companies1 . The U.S. government has produced similar tomes, including the National Strategy for Trusted Identities in Cyberspace (2010) and the White House Cyberspace Policy Review (May 2009). Bottom line: the case for action has been written over and over again.

Despite these efforts, however, to amass some data on the nature and depth of the cybercrime epidemic, almost no one is systematically collecting and sharing statistically significant malicious cyber activity data in the United States, much less globally. In addition, there is precious little effort to focus on the enablers of this malicious activity who knowingly, recklessly, or blindly facilitate this wrongdoing and, in fact, help miscreants and more serious actors to operate with impunity.

Next --Connecting the dots... -- >

When suspicious activity and even evident crimes are discovered there is insufficient capability, even in the U.S., to connect the dots among disparate databases to get a true picture of which instances of criminality are connected to each other, to which malicious actors, and to which enablers. For example, there is no federated information collection, analysis, and sharing capability on cyber activity and malicious actors, even between federal agencies or between them and state agency databases, generally, much less making it possible to connect the dots between suspicious cyber activities that have been tentatively connected with terrorists and other instances of cyber criminality—such as, spam, identify theft, financial fraud, and so forth.

How good a handle can we have on whether terrorists are financing their operations through spam or cyber crime without such capability? Similarly, how can we most effectively focus government resources on the most significant actors and most problematic activity if we cannot connect the dots?

Much has been written about the challenge of attribution in cyberspace. Who is intruding in our systems and who is behind the malicious activity? If we are attacked, will we know who is behind it, so that we can respond, without incurring the wrath of the world community? All too often it remains difficult, if not impossible, to identify the involved parties who hide behind the anonymity and global orientation of the Internet and utilize a catacomb of enablers, consisting of both legitimate and illegitimate providers, to cover their tracks. This includes Internet Service Providers (ISPs), hosting companies, merchant banks and online payment systems. Most times, however, we know who the enablers are and they must become an important part of the initial inquiry and long-term vigilance.

Internationally, even in those limited cases where individual cyber criminals or syndicates involved in this activity are uncovered, often the laws on the books or the investigative resources available in the countries in which they operate make meaningful investigation or consequential prosecution unlikely. In some countries, the ruling governments and resident Internet infrastructure are uncooperative at best, and recalcitrant, at worst. How do deal with these important bottlenecks for effective action against cyber crime is an important component of the challenge. Traditional approaches are not sufficient to impact the problem or reduce the larger risk that it represents to the United States and its allies.

None of these points is actively and openly debated among the government or private industry organizations; nor is the fact that current means of law enforcement have proven insufficient, specifically because they tend to be reactive instead of proactive. We have stood by as law enforcement, however well-intentioned (and well-intentioned they are!), has been the de facto lead nationally and internationally in the fight against malicious cyber activity. Frankly, this is issue is much larger than what law enforcement can or should be called on to solve.

The same could be said of the policies that U.S. legislatures have put in place in an attempt to affect change in these scenarios. While it is important to find and punish as many wrongdoers as possible – an admittedly reactive but essential activity -- even that approach is inadequate to have a significant impact on the magnitude and risk of the involved activities. Legislative action is a key component of ensuring that the necessary laws and investigative and prosecutive resources are available to help the law enforcement perform their traditional and critical function, but it cannot be a substitute for the larger collaborative initiative that we recommend.

Diminishing this vast, complex ecosystem of cyber risk demands a comprehensive approach that crosses the societal and organizational boundaries that the threats themselves transcend. Businesses can and must contribute more to addressing this challenge than merely being called on to report specific incidents, which is a very important activity in its own right. Governments must reach out to its industry partners offering intelligence that can help organizations thwart attacks before they occur.

Next -- A new approach... -- >

Despite growing public awareness of increasing malicious online activity and expanding collaboration to encourage broader and more transparent reporting of cyber incidents and warning of potential victims, little progress is being made to stem cyber crime, much less the broader issue of malicious cyber activity. We must recognize that more of the same will not change this reality. We need a new approach.

This ongoing struggle to stem the advancement of cybercrime worldwide has reached the policy and lawmaking arenas. The push for stronger laws to criminalize malicious online conduct has only just begun to bear fruit in the form of any regular prosecution of the involved transgressors, particularly when the problem is viewed through the lens of the global environment. The problems are too great to solve merely by ramping up traditional law enforcement efforts, although increasing the magnitude and coordination of those efforts is important.

Perhaps the most significant issue that continues to thwart such progress is that key government and business stakeholders do not see that the problem of malicious cyber activity is as important as it is, and that to address it seriously requires more effective partnering and information sharing across the public and private sectors. With so much said and written over so many years about the problem of cyber crime – and, in more recent years, malicious cyber activity – the question remains: how can law enforcement, other key government organizations, and businesses come together and partner in a manner that transcends previous efforts and hits back at cybercrime in a game-changing way?

To begin to tackle this problem cybercrime must be addressed with recognition of its context as part of the larger problem of malicious cyber activity – including as it does, a continuum of malicious actors ranging from the low-level hacker and the pure criminal, to organized criminal groups and nation states and their proxies and surrogates. It must be addressed strategically and proactively by an alliance of key business and government stakeholders, including, but not limited to, law enforcement.

Next -- A desperately needed public-private alliance... -- >

Quite simply, the seriousness and complexity of this problem that we need to address desperately requires a public-private alliance – made up of U.S. and international stakeholders – to embark on a truly strategic approach to reducing the frequency, impact and risk of malicious capabilities. More important, to work effectively over time and sustain itself, this partnership must also be one that respects the equities and perspectives of key stakeholders in its processes and path forward that leaves all of its various participants feeling respected and validated for their contributions.

The two overarching problems are, first, that there are virtually no consequences for malicious cyber activity, and second, the Wild West nature of cyberspace enables serious malicious activity to use widely available vulnerabilities, attack tools, alternative payment processes, and traffic patterns to operate with impunity. Thriving malicious activity enables more serious activity while we wait for comprehensive cyber legislation that may never come, and is not as critically required as some think. Melissa Hathaway, the author of the 2009 White House Cyberspace Policy Review, has forcefully called for the need to “drain the swamp” to make it harder for the miscreants of cyberspace to operate, and for those who enable them to do so. That problem, together with the fact that the innumerable positive, but disparate, cyber initiatives and activities are either uncoordinated, stove-piped, or reactive, means that we are working hard, but losing ground.

Now is the time to launch an initiative to develop a strategic roadmap to address malicious cyber activity in a proactive way that uses all available resources, one that includes the engagement of key stakeholders from government and the private sector. This initiative should be informed by the efforts to tackle the global problem of child pornography in 2006-7, led by the National Center for Missing and Exploited Children and the Financial Services Technology Consortium. The heart of that effort was a working group made up of key stakeholders relevant to an understanding of the scourge of child pornography and the flow of funds that enable and reward it, including representatives from law enforcement, academia, payment processors, others in the financial industry, and other representatives of the private sector.

This initiative must include a focused effort to collect and share data on malicious actors and those who enable them to operate successfully and frequently anonymously in cyberspace, and identify and leverage available technologies and processes to better secure the transactions, communications, and online interactions between and among individuals and organizations. By more strategically collecting and sharing data we can better connect the dots between the offending activity and those behind it, and we can supplement the traditional law enforcement response with a response that uses the full authorities and resources of government and the private sector. No single effort or initiative will eliminate the cyber threat posed to our government, critical infrastructure, organizations, or individuals, but this initiative can help us reduce the frequency, impact, and risk of malicious activity.

About the authors:

* Andy Purdy is chief cybersecurity strategist for CSC and helped to found and formerly headed the National Cyber Security Division and U.S. CERT at the Department of Homeland Security.

* Tom Kellermann is vice president of Security Awareness at Core Security Technologies and is a Commissioner on the Cybersecurity Commission for the 44th President. He previously held the position of senior data risk management specialist for the World Bank treasury.

Topics: Browser, CXO, Government, Government US, Hardware, Security, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • RE: Cyber-crime is not just a law enforcement issue anymore

    sdfsdvfxcvx
    sdlkfjsdljf
  • RE: Cyber-crime is not just a law enforcement issue anymore

    As long as the credit card banks can factor the cost of their lax security onto the hapless victimized merchants, there is no incentive to crack down on cyber credit card crime.

    When a fraudulent transaction takes place, the card holder is not liable, the bank is not liable, and it is only the merchant that pays for the fraud.

    Until the banks are made to cover the cost of the fraud, nothing will change.
    omb00900@...
    • RE: Cyber-crime is not just a law enforcement issue anymore

      @omb00900@...
      I guess that we need a better <a href="http://www.sentrylink.com/web/loadCriminalReport.do">criminal background check</a> when it comes to cybercrime activities. There could be so many things done in order to stop this, but as long as nobody fights for that, we will continue to suffer from such criminal acts.
      misterloftcraft
  • Time to deal with hackers

    The time has come to get tough with hackers and other online criminals. When the writer of a virus, trojan, or worm is positively identified, execute the little piece of crap. The same goes for those hacking into commercial databases, like the TJX breakin.

    OK, that would be an extreme punishment by Western standards. However, in other parts of the world, such punishments are culturally acceptable (like Indonesia). So, when some little American, British, or French punk gets busted for such crimes and he is in a country that wants to execute him, Western leaders need to shut up and let it happen. Stop all the do-gooder pleading for the punk's life. Once a few of these punks pay the ultimate price, the crap will stop.
    topsidefarm@...
  • RE: Cyber-crime is not just a law enforcement issue anymore

    Really great article, this is the first thing that I have seen written that brings together all of the information out there. Some key "players" that I think is missing is the Software Companies. They tend to be dismissive towards accountability on any system issues if you try and report any issues that the average user may find instead of helping identify and fix the issue. The other thing that concerns me is in todays world everyone is a software developer trying to break into the industry. Any software company or person that sells software in the country should have to register on a government register and sign an agreement that allows our government to intervene if any issues of system security are reported or found. Companies that are using their apps as a backdoor into the user systems should be prohibited from operating in the US.
    Another issue is the data collection. There should be structured guidelines for what data is collected and what questions can be asked. If the government came up with a standard database format then companies should submit a document of intent once a year to provide what was collected and what it was used for. There is a fine line between the difference of a person sitting outside my house collecting information for ill intent and a person sitting in my house on my computer. One of the scenarios I can press charges against, the other can sell my data for profit and abuse my privacy in multiple ways and get away with it without any penalty. The data that is sold isn't just personal contact information and interests but now your location. This can be abused dramatically by cold callers and telemarketers that not only know how to get ahold of you but when you are home too.
    ChristineK0313
  • Our Malware Problem is Infection

    Political and law-enforcement approaches may act to reduce malware fraud, but cannot eliminate theft itself. So it is important to look at the technical flaws in our systems which malwares exploit.

    First, we cannot stop malware by patching. Large, complex systems always will have some exploitable error. After years of intensive patching, our malware problem has gotten worse, not better.

    Next, since we always have some exploitable error, we cannot stop malware from getting in and running once. But we *can* stop malware from *infecting* and running forever, which turns out to be the major worry.

    Define "infection" as "modified boot data which causes malware to run on every session." Malware is bad, but the chances of getting it on any one session are low. The real problem is the *infection* which keeps malware running on every session.

    Once infected, a computer is likely to keep running malware until a new operating system is installed. Malware started by infection thus may be hundreds of times more of a problem than malware which sneaks through to run in one session. Yet little is done to stop the infection.

    Operating systems have been trying to stop unauthorized access from the beginning. We have decades of personal computer experience to tell us that does not work. When malware runs, it finds a way to subvert the OS, and then the OS cannot stop anything. All it takes is for one malware to get through once, and malware is in place forever.

    To stop infection and maintain the current experience, new hardware is needed, as well as modified OS software to use it and a special support process to update the software.

    To allow secure use in a potentially-infected environment, we need certification that our system is not infected. Anti-virus scanners cannot provide such a guarantee because modern malware hides very well. Only the OS manufacturer can know what files should be present, and what they contain. For OS installs which can be infected, government rules should require OS sales to include a facility to at any time certify the install as infection free, or not.

    One of our largest malware problems is online banking. All the usual claims of authentication failure are nonsense when the customer computer has a bot. No 2-factor nor 1-time nor external dongle authentication will bother a bot between the user and the bank.

    There probably can be no bank-side solution to secure online banking when a malware bot is in the customer computer. And currently there is no way to guarantee detecting such a bot, either by the bank or the customer. However, the OS manufacturer could make available a LiveCD/DVD version which is "difficult or impossible" to infect, to provide a clean system for online banking.

    To begin the process of changing our entire hardware base, the FCC should issue type-acceptance rules to require each computer and computer-like device to be "difficult or impossible" to infect. In general, all boot data must be protected from unauthorized modification. Each device or system should include some way to certify a lack of infection. Each reset or reboot must recover an uninfected system.

    Terry Ritter
    http://www.ciphersbyritter.com/COMPSEC/
    RandSec
  • missing one aspect of the problem

    Still missing is a way to address the fact that many governments will be tempted to make use of cyber space for espionage or tool for a covert attack (STUXNeT for example). In a time when a foreign policy objective cannot be achieved through legal means the use of a cyber weapon may be too attractive of an option to refuse. You can do it and get away with it. Governments play a dual role: they can both help solve the problem or make it worse<br><br>Still a very good article. Definately more than a cyber-crime problem.
    VytautasB@...
  • RE: Cyber-crime is not just a law enforcement issue anymore

    Terry,
    I agree with everything you said. If I may, I have some ideas. They are "Raw" and I have to admit I don't work in IT. Honestly I am IT worst nightmere. Until this past year when I ran into these issues I always took cyber security for granted. To me it was a given that my system was set up for my home with all of the protection I needed "Out of the box". Mix that with my love of gadgets and the curiosity of what software could do and you come up with a deadly mixed cocktail for any IT person to handle. I find there is a lack of step by step checklist out there for the non-tech user, the ones that are writen for the pro's seem to only make things worst in the hands of a person that has to deal with issues that no one seems to want to help with. With all of that in mind I brainstormed last night to figure out what could be done to secure not only the system from outsiders that want to do it harm but from insiders that have no concept of how much damage they could be doing to they system.
    1)Why do companies spend so much money on IT inside the companies walls and not provide Home Network Security checks for workers that work from home -even casually? Most users would love to have a free "Geek Squad" to drop in and check to make sure everything is up to date, hooked up, configured, and secure. IT people are "in the know" more that the average user for issues that the industry is having issues with. They have a knowledge base that can look at a system understanding what to look for in logs and such. I have seen HoneyPots in articles and would love to have one, but no clue on how to do it - an IT could set it up and if I was attacked the company would have a starting point on who, what, where, and why....
    2) I have a SD card reader and I know that a system OS stripped down to basics could be installed on a tiny drive live that. Why can it add 2 that are set up to have no contact with the main drive, one for social networking and those social games and one that is super secure to handle banking, budget, & taxes? If they are broken out and preconfigured for those certain tasks and only those tasks my thoughts are that it would lead to a system that isn't worth the time to hack and is overall more secure.
    I may be wrong and I am not even sure if this is all possible. Thats why I wanted to throw them out for brainstorming and have someone else take a good idea and make it great.
    ChristineK0313
    • Avoid Infection by Booting from DVD

      @ChristineK0313

      We have a malware problem specifically because our PC designs have a systemic vulnerability which malware exploits. The problem is a hardware security flaw which cannot be fixed by software patches, add-on software, or virtualization.

      Specifically, our PC's are unable to protect start-up boot data from being changed by malware. That is how malware infects a computer to get itself started on each session. The ultimate fix is to innovate storage systems (drives) which independently prevent unauthorized changes to boot data. Operating systems would have to change to support this new approach.

      Adding drives for different purposes is not particularly helpful when the boot drive has been infected.

      There is no easy way to prevent almost instantaneous malware changes to a boot hard drive. Operating systems have been trying to prevent unauthorized access forever, and we can see how well that works. Only new hardware can block infection when the OS has been subverted by malware.

      On the other hand, it is possible to boot from a drive which is "difficult or impossible" to infect. A good example is a CD or DVD. Many Linux distributions do support a "LiveCD" form, although usually just as an introduction. The Puppy Linux distribution does better by supporting incremental updates to a DVD+RW, to allow browser, add-on, and configuration updates to the DVD itself. I have a new article about using Puppy Linux for online security:

      http://www.ciphersbyritter.com/COMPSEC/ONLSECP5.HTM

      Another possibility is to boot from a USB flash drive, but they can be written to almost as easily as a hard drive, and are easily infected. Worse, they then can transfer that infection to the hard drive in any computer they boot.

      There are a very few flash drives which do have a write-protect switch, but operating systems do not handle that well. It is possible to boot from a write-protected drive, but updates require the switch to be flipped, and when it is, infection can happen almost instantaneously. And an infected flash drive can infect a machine even with write protect on.

      Some people seem to get almost indignant about the need to boot from DVD to get a secure online environment. It does take a little longer to start up, but when it does, at least you know the result is clean and suitable for online banking, even if the hard drive is infected. Most people will start up a browser and then do all they need, only experiencing Linux briefly at the start and end of sessions.

      Some people have point-of-sale software which will not function under Linux, and I have nothing for them.

      Others resent being forced to learn something about a new OS when they are happy with the old one. Doing nothing and then banking online is a very serious risk, but everybody gets to make their own choices.
      RandSec
  • RE: Cyber-crime is not just a law enforcement issue anymore

    Never was.
    james347
  • RE: Cyber-crime is not just a law enforcement issue anymore

    Terry<br>I am using a Mac and I am pretty sure my boot has been altered somehow. The issue is that nobody wants to believe a Mac can have these issues. Not even sure what an F start is but my install logs show that it isn't even allowed. So could a system be in danger if it had to start from a disk and the computer itself says that it isn't allowed? I hear about the malware being written to hardware now not just the OS, could something like that be prevented?
    ChristineK0313
    • About That Infected Mac...

      @ChristineK0313

      "I am using a Mac and I am pretty sure my boot has been altered somehow."

      The best way to control your paranoia is to be able to re-install your system at will, and then actually do it.

      "The issue is that nobody wants to believe a Mac can have these issues."

      Of course a Mac can be infected. Every large, complex system has faults. Everything that boots from writable store can be infected.

      Normally, Macs are not targeted because they represent only about 6 percent of the browsing market. But if attackers are willing to waste general effort infecting Macs, they surely do have the technology to do that.

      Specific targeting for an institution, group, or individual is of course independent of OS, since whatever effort is necessary will be applied.

      "Not even sure what an F start is but my install logs show that it isn't even allowed. So could a system be in danger if it had to start from a disk and the computer itself says that it isn't allowed?"

      I am the wrong source to ask. Wikipedia indicates that a Mac F-start may be related to keyboard function-key "macros."

      There is a significant peace-of-mind advantage to systems which load from DVD and start clean on every session.

      "I hear about the malware being written to hardware now not just the OS, could something like that be prevented?"

      Of course "hardware" can be infected. In modern systems, start-up programs and data are saved in writable on-board flash memory. In general it is possible to infect the BIOS flash on the motherboard, or on secondary boards like video cards, or any devices with BIOS.

      Hardware infections do exist and can be very serious. Recovery requires simultaneous independent cleaning of all parts, and if even one infection is missed, all of it may have to be done all over again. Parts cannot be checked in another machine without a probability of infecting all parts there. Since there is no way for users to detect a BIOS infection, there is no way to know how common it is.
      RandSec
  • RE: Cyber-crime is not just a law enforcement issue anymore

    Although Corporations and Governments are victims of cyber-crime, I also suspect they instigate a significant percentage of these attacks.
    That is to say, they are beneficiaries (as well as victims) of this behaviour, therefore they aren't really interested in stopping it.
    lehnerus2000
  • RE: Cyber-crime is not just a law enforcement issue anymore

    "a public-private alliance ? made up of U.S. and international stakeholders ? embarking on a truly strategic approach to reducing the frequency, impact and risk of malicious capabilities {utilizing the] systematically collecting and sharing statistically significant malicious cyber activity data {via a program of } federated information collection, analysis, and sharing capability on cyber activity and malicious actors between federal agencies and state agency databases making it possible to connect the dots between suspicious cyber activities that have been tentatively connected with terrorists and other instances of cyber criminality?such as, spam, identify theft, financial fraud, and so forth"

    is both a utopian dream and a privacy nightmare. (IMO, of course)
    ghastly