Someone will have to die before governments take cybercrime as seriously as they take digital piracy, a panel on cybercrime and internet security was told last week. US-based investigative journalists met local industry representatives for a debate in Madrid last Thursday evening. Brian Krebs, investigative journalist and …
First to die?
Hacking hospital records, or even computer-controlled treatment equipment, is one way to kill somebody online. Radiation treatment machinery already has been used as a death ray by mistake due to operator error, but not by hacking.
Or, hack an American health insurance company, and electronically deny a load of people the cover that they paid for. They'll die. Look for photogenic children or for families of legislators. Kill two birds with one stone - as the saying goes. Or maybe that's three birds.
Electrical power systems are another promising target, we're told (why are we told that?) Supposedly they have poor computer security and isolation. And if you crack a nuclear power site, then you have hit the jackpot.
Re: First to die?
If you're referring to the Therac-25 incident, this is generally recognised as being due to a software fault rather than operator error. Regardless of the actions of the operator, the machine should never have been capable of delivering the lethal doses of radiation that it did.
So, in the original meaning of the word at least, hackers have already caused several deaths - by hacking together their software with insufficient design and testing.
I suppose that "social engineering" to get someone to commit suicide doesn't count? At least two interesting past cases come to mind.
Death or robbery?
I don't think it would take someone to die, it would just take some companies to lose serious amounts of money before governments are forced into action. Although if you're trying to persuade governments to do something it's helpful to use an argument other than "billion-dollar companies will lose some money".
A Crack is not a Hack ...... but a Hack can be a Crack
"Few of the panelists thought government regulation could do much to improve web security, especially since the issue was very low down on the political agenda of most politicians."
Err .... that is because they are not intelligent enough to either see how important Control of CyberSpace HyperRadioproActive IT is with regard to All Earthly Command and Control Systems, for IT Virtually Powers and Drivers them/Takes them Over for Future Fitness of Progressive Purpose, but just dumb enough to try and protect their present hidden agendas in such Past Establishment Honey Traps as have Secrets that will destroy them because they have been Systematically Selfishly Abused for the Accumulation of a Fools' Gold Wealth specifically designed to Enslave with the Hunt for the Key which Unlocks the Universal Store and Treasuries.
Most, if not all politicians, are far too low down the Intelligence Food Chain to have any idea how to unpick those Crude Locks...... which is where Others enter the Field to Corner All Markets and Make and Take Obscene Advantage of Man's Arrogance in such Ignorance.
And by the way, there are only criminals on Earth, for CyberSpace doesn't protect or harbour them.
Not difficult to see that one
Because ``piracy'' only affects big cartels of change-resistant companies and reactionary lobby groups. Goes to show where our government's priorities are. Hint: Not with us, the people.
To combat cybercrime, secure systems would help, but what we really need, and where governments could shine, is to provide an ``identity infrastructure'' geared toward privacy -- quite the opposite of the stuff all of them are building now. For starters, since everything will have, what am I saying, already has some identity tacked onto it electronically, such systems must, and I mean sine qua non absolute requirement type must, support multiple identities for the same person. Why? Because people have a work life, a private life, a hobby life, and probably a few more. How? Open research question. But the need for better privacy independently of crap software is quite clear to me, and to any psychologist posed the question. People have multiple ``faces'', and often need to remain separate and some (private sex life, anyone?) well outside of the grasp of others, including officials.
As a sidenote, the drug trade quotes are also guaranteed to be inflated. What is usually quoted is "street price", which has basically no bearing on what is actually charged in the streets (for stuff that may or may not be cut down with sugar, flour, strychnine, what-have-you) nor makes sense to factor against wholesale lots, which is what you'll see in the news.
As opposed to half-baked security...?
"Menn, meanwhile, said that no new privacy regulations had been applied in the States since the 1970s."
Children’s Online Privacy Protection Act (COPPA)
Federal Trade Commission's Final COPPA Rule (PDF)
Communications Assistance for Law Enforcement Act (CALEA)
Depart of Defense Directive 5400.11.R - Privacy Program (May 14, 2007 edition) (PDF)
Defense Privacy Office
Electronic Communications Privacy Act (ECPA)
Fair Credit Reporting Act (FCRA, PDF)
As Amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT)
Federal Trade Commission's Red Flag Rule (PDF) (DELAYED UNTIL NOVEMBER 1st 2009)
Family Educational Rights and Privacy Act (FERPA, The Buckley Amendment)
US Department of Education Final Rule (PDF)
Protection of Pupil Rights Amendment (PPRA)
No Child Left Behind Act (PDF)
Genetic Information Nondiscrimination Act 2008 (GINA, PDF)
Proposed rule making genetic information covered under PII, HIPAA, and HITECH (PDF)
Gramm-Leach-Bliley Act (GLBA)
Federal Trade Commission's Final Financial Privacy Rule (PDF)
Federal Trade Commission's Final Safeguards Rule (PDF)
Health Insurance Portability and Accountability Act (HIPAA, PDF)
HITECH Act (Notice: I could not find it consolidated and called out anywhere, so had to create it myself, PDF)
HITECH Breach Notification Guidance and Request for Public Comment (From the US Department of Health and Human Services, PDF)
Federal Trade Commission's Health Breach Notification FINAL Rule (PDF)
Safe Harbor Guidelines from the US Department of Commerce
(excerpted from http://arielsilverstone.com/resources/us-privacy/)