The HMRC child benefit data loss debacle has reinvigorated calls to establish a central police unit to tackle cybercrime. Business leaders are expressing concern that not enough is being done to help victims of computer crime, who are unsure of who to turn to in the event of being subjected to computer-related fraud or attack. …
Stop the bandwaggon, I want to get on !!
How on earth does the cavalier approach of HMRC to personal information have anything to do with the need for a centralised unit dealing with computer related crime?
And please let's avoid the pointless neologism "cybercrime". There's unauthorised access, and there's fraud. The term "cybercrime" has the same purpose as the term "Intellectual Property", it's an artificial umbrella to lump together disparate concepts in order to advance the position of the person using the term.
It won't happen...
... now that the ACPO (Association of Chief Police Officers - England & Wales) lead on Economic Crime (includes hi-tech crime), Commander Sue Wilkinson, has been lured away to work in Australia on secondment for two years.
Assistant Commissioner Steve House, who was Sue's line manager, is an interim replacement until her successor is identified in early 2008. But the momentum for a Police Central eCrime Unit (PCeU) has been lost, setting this initiative back indefinitely.
Computer Crime, What Crime?
If you can't report it, it's not happening, therefore they don't have to work out how to solve it.
The blame game
An e-crime unit - what a joke.
For about 6 months I created\implemented a company policy of reporting phishing scams for run of the mill and banking scams. These consisted of notifying the Met & OFT.
Primarily the emails were intercepted by their own mail security as being recognised as phishing scams so the recipients on the other end were unable to receive them. After a process being created to allow reporting I started to realise that I may just have been the only person in the country to actually report these.
Needless to say I was asked only to send one of each type of scan caught by our mail security as they had very little resources to even log the issues never mind deal with them- I advised I was only sending one of each type!!!
This example of one tiny corner of 'Cyber Crime' [I too feel this term has no meaning] as they put it show just how unprepared the police force & authorities are. I think we have devolved into a culture where the police are encouraged by the political authorities to be seen to be dealing with problems yet not actually do this as it takes too much time & the quick wins - shoplifters, shoplifters ....eh...... shoplifters are dealt with as the police get an instant brownie point for these but not the more relevant ones.
Anyway, the police force wouldn't pay the wages for someone who could do this job - I think the old entrapment tactic of actually catching someone doing it then giving them the option to work for them for peanuts or going to jail for 30years (without their playstation) would be the best approach.
Its simply laughable
Stop e-crime by blocking port-25 on dynamically-assigned IP addresses
Stopping spam and e-fraud is easy.
All ISP's must impliment a port-25 out-bound block on their network boundary from all customers with dynamically-assigned IP addresses.
This will prevent customer machines that are trojanized (or otherwise part of a bot-net) from participating in direct-to-mx e-mail campaigns that are the source of most of the world's spam and phishing / fraud attempts.
Any customers who actually still use pop-mail must send mail through their ISP's out-bound MTA or connect to an external MTA on a port other than 25.
Why isin't that solution being called for?