Feeds

back to article Been hacked? Don't dial 999: The plods are too dense, sniffs sec bigwig

Police are powerless to stop super-smart criminals from hacking the world's biggest companies, a top-ranking security bod has warned. Juniper Networks' security chief said there was simply no longer any point in calling the police when hackers and DDoSers came to call, because the cops can't do anything. He wants to see a world …

COMMENTS

This topic is closed for new posts.
Bronze badge
Happy

Reminds me of something...

He wants to see a world where big firms share information about potential targets and stop them before any damage can be done.

I think I have heard that story before - I think it was called "Minority Report" or so.

Well, OK, they are just blacklisting dodgy IP addresses and try to make it sound sexy. Still - given the ethics of your average CEO, such ideas should not be mentioned too noisily around. One might hear it and implement it "in the real world".

1
0
Silver badge

Not their job

> Police are powerless to stop ... criminals from hacking

Although the way the police work, it's rare for them to jump in during the commission of a crime and stop it. Historically, the police have always been a force that acts after a crime: both to catch the baddies (if possible) but mostly to act as a deterrent to prevent further crimes being committed. More recently they have acted as both advice-givers to help citizens enable themselves to not become victims of crime and most recently they have been used as a salve to reduce the fear of crime - rather than crimes themselves (although recent figures suggest that crime rates are at their lowest for 30 year, for what that's worth) so it looks like something's happened.

For more "modern" crimes against companies, organisations like the Serious Fraud Office have been set up - although their success rate is amazingly low, the cost of their prosecutions is amazingly high and the time it all takes is amazingly long. It appears that we need an SFO for cyber-crime, but preferably one that is actually able to be effective: both in catching the baddies and deterring the noobies.

Although before any crime-fighters can start to take action, we need a decent set of laws and some judicial precedents setting out what is OK and what is actually a little bit naughty.

2
0
Bronze badge

Modern policing...

"Historically, the police have always been a force that acts after a crime"

An accurate statement, noting the "historical" point. Modern policing seems to seldom act, even after a crime has taken place. In most cases where they do act, what happens is half-hearted lip-service or lacking competence.

Some of it is understandable - why bother taking a scumbag through the legal system of sharp lawyers (and the perps themselves) playing the system, only to be faced by soft-hearted liberal judges who (sometimes)hand out soft sentences in soft prisons, or nonsense 'suspended' sentences?

Catching international criminals? Don't make me laugh.

Catching international cyber-criminals? Not a chance.

0
3
Holmes

Re: Not their job

...although recent figures suggest that crime rates are at their lowest for 30 year, for what that's worth) so it looks like something's happened.......

What's happened??

see..

https://shijuronotgeorgedixon.wordpress.com/2013/07/19/those-crime-figures-again/

0
0

Re: Not their job

What's happened is a new industry securing its future revenue streams by spreading good old FUD

0
0
Anonymous Coward

Re: Not their job

Historically, the police have always been a force that acts after a crime: both to catch the baddies (if possible) but mostly to act as a deterrent to prevent further crimes being committed

Yup, the "catch em in the act" capabilities of the police appear to be close to absent.

I dealt over the weekend with an attempted blackmail on FB. Standard scam: fake profile of pretty young woman used to lure a student with probable money (nicely visible on profile) to commit act of indecency in front of camera to impress said lass, with an invite 5 minutes later to pay £250 via Western Union or see said indiscretion plastered all over FB and YouTube. To make sure said individual didn't regain the use of braincells absent during the original act, it all had to happen in 30 minutes or else "his life would be ruined".

The problem I have is not that people are stupid - sure, I live more at the top end of the bell curve, but I know it takes those other people to shape that bell curve, What annoyed me was that I had to help this guy entirely by myself.

Police: not interested, nor capable or even competent.

FB: what you want to TALK to someone? And make us culpable? You're having a laugh, surely? The effort we put into making our help system as impossible to use as possible should have been a hint. Honestly, some people..

Google: Hi, thank you for contacting security. Here is a list of situations we can deal with, we hope we left your situation out because that would mean we'd actually have to DO something. Yes, we know that is basically the same answer that Facebook gave you. You still haven't grasped that we don't care about end users, do you?

Fair enough, but I had to try to make sure I wasn't treading on anyone's toes. Anyway, I dealt with it. Mainly by intimidation - there are just too many people to fleece for a petty crook to spend much effort in chasing one "investment" which may have turned sour, so once I scared him a little he walked away from it.

As an aside, personally, I think Western Union's sole source of revenue must be scam artists these days, that's at least the impression I get.

0
0
Bronze badge

Personally I'd be more worried about the complete lack of IT knowledge that the police possess rather than their willingness to use it, as anybody that has tried to report RIPA offenses will know.

9
0
Silver badge
Joke

"Personally I'd be more worried about the complete lack of IT knowledge that the police possess"

Apparently ignorance is no defence for the law.

0
0
Bronze badge

This is all very well but as a company we have a legal requirement to report any attacks on our network. Our local plod just went "Meh" last time we had a problem with a major DDoS on one of our client's systems, and wouldn't even log it and give us a crime number, which we needed.

0
0
Bronze badge

You might want to take this response from ACPO next time you go to the police station. It's aimed primarily at questions revolving DPI, but it still does refer to DDoS attacks as being offenses under the fraud and computer misuse acts.

https://nodpi.org/wp-content/uploads/2010/07/acpojune2010.pdf

2
0
Silver badge
FAIL

@Vimes

So ?

ACPO also issued guidelines on how to deal with photographers, pointing out that photography in a public place is NOT illegal. They were completely ignored.

5
0
Bronze badge

Re: @Vimes

Whilst that is unfortunately true, I'm guessing most of those stopped were either unaware of that advice or didn't have a copy of it on them (why should they?).

This is a different situation since somebody would be both requesting them to take action rather than stop it and have a clear idea of why they should be given that help.

0
0
Silver badge

Amsterdam is famous for two things

Is it canals and Rembrandt, or tulips and Anne Frank?

2
0
Bronze badge

Could be interesting

*Up to 40Gb/s throughput capacity*

Really?

0
0
Bronze badge

I interpreted this as "man selling hard-hats runs around yelling ' the sky is falling!'"

2
0
Bronze badge
Facepalm

So let me get this straight, security company says that no one else can help you when shit hits the fan...except maybe a certain company that makes security equipment? Hmmm.....

0
0

Browser Fingerprinting

Is only good for tracking the average technophobic user and is totally dependant upon the browser having Javascript & Flash enabled. Any good cyber miscreant worth their digital salt should know how to spoof all the parameters being recorded.

2
0
Bronze badge

Re: Browser Fingerprinting

Right, so browser fingerprinting will only be good for blocking Distributed Denial of Service then, right?

Oh.

And by the way, slightly wrong:

>totally dependant upon the browser having Javascript & Flash enabled

With java script turned off and flash not installed,

https://panopticlick.eff.org/

tells me that only one in 244,552 browsers have the same fingerprint as mine.

Or have a look at the same information at

http://kluge.in-chemnitz.de/tools/browser.php

Sure, some websites like

http://www.4schmidts.com/browser_info.html

require java script. Lots of websites require java script now.

0
0
This topic is closed for new posts.