Cybercrime and the Russian mob

Cybercrime and the Russian mob

Summary: Yes, Eastern Europe is indeed a hotspot for cybercrime. On this week's Patch Monday podcast, former police officer Stephen McCombie explains why.

TOPICS: Security

Yes, Eastern Europe is indeed a hotspot for cybercrime. On this week's Patch Monday podcast, former police officer Stephen McCombie explains why.

McCombie is now a lecturer at the Centre for Policing, Intelligence and Counter Terrorism at Macquarie University. Russia is the perfect breeding ground for online crime, he says, because it has as many technically educated people as Australia yet a corruption level that's among the highest for any country with halfway decent internet connectivity.

McCombie was speaking at last week's inaugural Cyber Crime Symposium in Sydney. Another speaker was Chris Gatford, proprietor of Hacklabs, a penetration testing firm.

Gatford says that organisations' networks are showing the same vulnerabilities as a decade ago. We're not learning. And the payment card industry data security standard (PCI DSS) has failed us because it's not being enforced strongly enough.

Poor password management like the breach of Vodafone dealers last year shouldn't be happening, Gatford says. He reinforces the message that we've repeated frequently on Patch Monday: humans are the weakest link.

Gatford has compiled a database of reported data breaches in Australia and New Zealand, and notes that the number of incidents has doubled in the last 12 months. But have there actually been more security incidents? Or is this just the result of more media attention?

To leave an audio comment on the program, Skype to stilgherrian or phone (02) 8011 3733.

Running time: 33 minutes, 17 seconds

Topic: Security


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Cybercrime must be webrooted from the world
  • "Patch Monday: humans are the weakest link."

    Yes - but NOT the end-user and the cybercrime victim!

    The system used MUST be capable of providing security that the end-user can understand and easily manage. (2003 study - USA - National Science Foundation).
    Responsibility lies with:
    a. the system supplier to provide a system that provides security by design and implementation (oops - why is SEAndroid even needed as a Government funded exercise if security was a PRIME consideration in Android's design?) Just ask anyone from Microsoft what happened to the "Palladium"/NGSCB project and promises that were made at the time!!!!

    b. the CIO / system / Network manager to choose software products suitable for purpose and configured / managed appropriately (oops - how on earth do we do that in a "cloud" environment?).

    NO - NO - NO - the end-user is NOT the weakest link at all!! They never should be even considered as such! The systems that they use have to be supplied and managed so that the inexpert end-user can easily do what they should do! (e.g. why should an email attachment inherit the privileges of the user who is reading their mail - in any decent system implementing full "least priviliege" technologies this simply would not happen. The fact that this may happen is NOT the responsibility of the end-user - but rather the system supplier.)

    c. The REAL weakest link is the system itself - just like a car with no brakes!
    and given current trends nothing is likely to happen unless governments take on the responsibility they should to protect their citizens in an age of cybercrime and even cyberwarfare! (Hopefully the Europeans are starting to take a lead!) Yes - that means regulation over products and systems sold and deployed - well, just like in any other industry from cars to pharmaceuticals!
    (After all - remember for a nation like Australia that is an ICT "colony", totally dependent upon imported ICT products and systems we are facing a situation where most managers may have actually no idea just how they work - in other words, just what's "under the bonnet".

    So STOP BLAMING THE USER - they are NOT the weakest link. What they are forced to use definitely IS!
    • I'm fairly sure that BLAMING THE USER is not the focus of the linked-to podcast, but indeed some of the very human-factor issues you raise. Possibly my reply needs more capital letters and exclamation points.