back to article Been hacked? Don't dial 999: The plods are too dense, sniffs sec bigwig

Police are powerless to stop super-smart criminals from hacking the world's biggest companies, a top-ranking security bod has warned. Juniper Networks' security chief said there was simply no longer any point in calling the police when hackers and DDoSers came to call, because the cops can't do anything. He wants to see a …

COMMENTS

This topic is closed for new posts.
  1. Chairo
    Happy

    Reminds me of something...

    He wants to see a world where big firms share information about potential targets and stop them before any damage can be done.

    I think I have heard that story before - I think it was called "Minority Report" or so.

    Well, OK, they are just blacklisting dodgy IP addresses and try to make it sound sexy. Still - given the ethics of your average CEO, such ideas should not be mentioned too noisily around. One might hear it and implement it "in the real world".

  2. Pete 2 Silver badge

    Not their job

    > Police are powerless to stop ... criminals from hacking

    Although the way the police work, it's rare for them to jump in during the commission of a crime and stop it. Historically, the police have always been a force that acts after a crime: both to catch the baddies (if possible) but mostly to act as a deterrent to prevent further crimes being committed. More recently they have acted as both advice-givers to help citizens enable themselves to not become victims of crime and most recently they have been used as a salve to reduce the fear of crime - rather than crimes themselves (although recent figures suggest that crime rates are at their lowest for 30 year, for what that's worth) so it looks like something's happened.

    For more "modern" crimes against companies, organisations like the Serious Fraud Office have been set up - although their success rate is amazingly low, the cost of their prosecutions is amazingly high and the time it all takes is amazingly long. It appears that we need an SFO for cyber-crime, but preferably one that is actually able to be effective: both in catching the baddies and deterring the noobies.

    Although before any crime-fighters can start to take action, we need a decent set of laws and some judicial precedents setting out what is OK and what is actually a little bit naughty.

    1. GitMeMyShootinIrons

      Modern policing...

      "Historically, the police have always been a force that acts after a crime"

      An accurate statement, noting the "historical" point. Modern policing seems to seldom act, even after a crime has taken place. In most cases where they do act, what happens is half-hearted lip-service or lacking competence.

      Some of it is understandable - why bother taking a scumbag through the legal system of sharp lawyers (and the perps themselves) playing the system, only to be faced by soft-hearted liberal judges who (sometimes)hand out soft sentences in soft prisons, or nonsense 'suspended' sentences?

      Catching international criminals? Don't make me laugh.

      Catching international cyber-criminals? Not a chance.

    2. Zimmer
      Holmes

      Re: Not their job

      ...although recent figures suggest that crime rates are at their lowest for 30 year, for what that's worth) so it looks like something's happened.......

      What's happened??

      see..

      https://shijuronotgeorgedixon.wordpress.com/2013/07/19/those-crime-figures-again/

      1. Dick Pountain

        Re: Not their job

        What's happened is a new industry securing its future revenue streams by spreading good old FUD

    3. Anonymous Coward
      Anonymous Coward

      Re: Not their job

      Historically, the police have always been a force that acts after a crime: both to catch the baddies (if possible) but mostly to act as a deterrent to prevent further crimes being committed

      Yup, the "catch em in the act" capabilities of the police appear to be close to absent.

      I dealt over the weekend with an attempted blackmail on FB. Standard scam: fake profile of pretty young woman used to lure a student with probable money (nicely visible on profile) to commit act of indecency in front of camera to impress said lass, with an invite 5 minutes later to pay £250 via Western Union or see said indiscretion plastered all over FB and YouTube. To make sure said individual didn't regain the use of braincells absent during the original act, it all had to happen in 30 minutes or else "his life would be ruined".

      The problem I have is not that people are stupid - sure, I live more at the top end of the bell curve, but I know it takes those other people to shape that bell curve, What annoyed me was that I had to help this guy entirely by myself.

      Police: not interested, nor capable or even competent.

      FB: what you want to TALK to someone? And make us culpable? You're having a laugh, surely? The effort we put into making our help system as impossible to use as possible should have been a hint. Honestly, some people..

      Google: Hi, thank you for contacting security. Here is a list of situations we can deal with, we hope we left your situation out because that would mean we'd actually have to DO something. Yes, we know that is basically the same answer that Facebook gave you. You still haven't grasped that we don't care about end users, do you?

      Fair enough, but I had to try to make sure I wasn't treading on anyone's toes. Anyway, I dealt with it. Mainly by intimidation - there are just too many people to fleece for a petty crook to spend much effort in chasing one "investment" which may have turned sour, so once I scared him a little he walked away from it.

      As an aside, personally, I think Western Union's sole source of revenue must be scam artists these days, that's at least the impression I get.

  3. Vimes

    Personally I'd be more worried about the complete lack of IT knowledge that the police possess rather than their willingness to use it, as anybody that has tried to report RIPA offenses will know.

    1. Sir Runcible Spoon
      Joke

      "Personally I'd be more worried about the complete lack of IT knowledge that the police possess"

      Apparently ignorance is no defence for the law.

  4. Alister

    This is all very well but as a company we have a legal requirement to report any attacks on our network. Our local plod just went "Meh" last time we had a problem with a major DDoS on one of our client's systems, and wouldn't even log it and give us a crime number, which we needed.

    1. Vimes

      You might want to take this response from ACPO next time you go to the police station. It's aimed primarily at questions revolving DPI, but it still does refer to DDoS attacks as being offenses under the fraud and computer misuse acts.

      https://nodpi.org/wp-content/uploads/2010/07/acpojune2010.pdf

      1. JimmyPage Silver badge
        FAIL

        @Vimes

        So ?

        ACPO also issued guidelines on how to deal with photographers, pointing out that photography in a public place is NOT illegal. They were completely ignored.

        1. Vimes

          Re: @Vimes

          Whilst that is unfortunately true, I'm guessing most of those stopped were either unaware of that advice or didn't have a copy of it on them (why should they?).

          This is a different situation since somebody would be both requesting them to take action rather than stop it and have a clear idea of why they should be given that help.

  5. Tom 38

    Amsterdam is famous for two things

    Is it canals and Rembrandt, or tulips and Anne Frank?

  6. taxman

    Could be interesting

    *Up to 40Gb/s throughput capacity*

    Really?

  7. Anonymous Blowhard

    I interpreted this as "man selling hard-hats runs around yelling ' the sky is falling!'"

  8. Amorous Cowherder
    Facepalm

    So let me get this straight, security company says that no one else can help you when shit hits the fan...except maybe a certain company that makes security equipment? Hmmm.....

  9. Black Rat

    Browser Fingerprinting

    Is only good for tracking the average technophobic user and is totally dependant upon the browser having Javascript & Flash enabled. Any good cyber miscreant worth their digital salt should know how to spoof all the parameters being recorded.

    1. david 12 Silver badge

      Re: Browser Fingerprinting

      Right, so browser fingerprinting will only be good for blocking Distributed Denial of Service then, right?

      Oh.

      And by the way, slightly wrong:

      >totally dependant upon the browser having Javascript & Flash enabled

      With java script turned off and flash not installed,

      https://panopticlick.eff.org/

      tells me that only one in 244,552 browsers have the same fingerprint as mine.

      Or have a look at the same information at

      http://kluge.in-chemnitz.de/tools/browser.php

      Sure, some websites like

      http://www.4schmidts.com/browser_info.html

      require java script. Lots of websites require java script now.

This topic is closed for new posts.

Other stories you might like