Oh dear....
Most worrying is that Mr Michael had the permissions to install software to remove the malware himself.....
Police did not investigate when Alun Michael MP reported a PC in his office was attacked with malware, the former minister has revealed. Michael, a tech-savvy parliamentarian, was able to detect and remove the malware himself, and described it as "a low level incident". He told The Register that he decided to report it to …
To help much, I've seen the draft remits of the new organisation, until they make all online and financial fraud a crime, not choose what's major by the individual amounts, the organised gangs wont be bothered.
That said, the old NHTCU may have been a one stop reporting place, but the clear up and investigation rate was far less than now, it wasnt the "holy grail" people seem to think.
The budget for eCrime is part of the overall SOCA funding, not a seperate lump so officers have to do their regular stuff as well.
From my time with the SOCA support team, I gained an insight of their plight, and believe me, they do well for the small amount of money and training they have, mainly due to their own passion for the job...their managers have to fight for every penny they get allocated, lots of real good idea's get canned by senior directors due to money problems.
Useless dick waving unit, what we all really want is for the Police to take online credit card fraud seriously but they wont, no dick waving opportunities, just alot of damage to small businesses, just file it under too hard and too boring. Far cooler to be out looking for imaginary super criminals who break into super secure government desktops and finding high tech bot ring super syndicates. Yeah now there's some bragging rights.
".....You do however expect it to be recorded."
I'll bet it was. They'll have jotted the details down on a piece of paper while he was on the 'phone and then filed it in the circular file. Exactly the same as when you get your car broken into then.
If they decide to take him seriously, he may get a questionnaire and some nice leaflets about being a victim of crime.
This is New Britain's New Police force. They know when something's a crime 'cos some computer somewhere will have taken a helpful photograph / video of it for them.
It wasn't really malware. It was a backdoor planted by the Met so that they can do away with pesky things like search warrants in future.
Clearly Alun Michael isn't sufficiently NuLabour and 'they' need to keep an eye on him. This is no surprise as he is an MP for Cardiff. And we know that Wales isn't really NuLabour as they've made prescriptions free.
Spot on.
When it comes to computer crime, the only form of investigation they know is to batter down a front door then look for porn on a hdd, as for the online fraud thats epidemic at the moment, thats not their problem because, I daresay it dosnt count in their (carefully manipulated) statistics.
Hopefully one day soon, some senior police officer /politician (theres not much difference) will get ripped off on line & their bank account emptied & maybe then some action just might get taken instead of silly web sites like getsafeonline
Actually, ed, the article doesn't say that Michael installed anything, only that he detected and removed the malware himself. But I find it curious that you assume that what I presume to be a networked parliamentary PC would not have antivirus protection by default. Is that prior knowledge, or a perfectly understandable cynicism? Alan Michael made some far stranger assumptions, though. However, I think I'll save that thought for the ESET research blog. :)
David Harley
"If a car is broken into, whoever broke into it is long gone and you don't necessarily expect the police to investigate."
Actually, yes I bloody well do expect them to investigate. It's the mere fact that it's widely known that they won't investigate that means the disincentive to commit 'minor' car crime is simply non-existant, leading to MORE car crime.
The street where I live is a fairly busy road, and frequently haunted by 'gangs of hoodies(tm)'. On one fine summery saturday afternoon last year, the street was packed with such types as well as various people just 'hanging around' outside their homes and doing generally no harm. A friend of mine arrived on his new motorcycle and parked it outside before coming in. Twenty minutes later we decided to pop across to the local shop and in doing so we noticed that said motorcycle was gone. This was at around 2pm on a saturday afternoon on a busy street. We called the police, who took nearly an hour to show up, only to be informed that because "they hadn't seen it, they could take no action." We took them on their word, after expressing our suprise and dismay before asking them to leave, and went and found the bike ourselves. (we paid off some of said street kids to spill the beans). The bike was duly recovered in a written-off state.
We pay ever-increasing taxes (via council tax) to support and expand on police operations. I expect to see results from that, not "we've recorded the crime, here's a number and there will be no further action."
Stop spending 70% of the nations budget on "Traffic monitoring" and start doing some real policing and do it now!
Unless you manage to get hold of one of the few and far between specialised units, it's completely useless to try and talk to the police about anything remotely computer related.
As soon as they're out of their usual turf (man grabs bag and runs away, or something similarly plain), they'll likely pretend it doesn't exist.
http://www.parliament.the-stationery-office.com/pa/cm200506/cmhansrd/vo051219/debtext/51219-41.htm
19 Dec 2005
Internet (Rogue Dialling)
Mr. Blizzard: All that I asked for was some justice for the people who had already been victims. I fully acknowledge the tremendous work that my right hon. Friend has done to try to set the system straight, but if we cannot catch the fraudsters and hold them responsible, what is to be done for the victims of the fraud, who only had a contract with BT or some other provider? Can the Government not do something for those victims?
Alun Michael: As I said at the beginning, if my hon. Friend had raised that issue with some clarity I could have said more.
In the cases that my hon. Friend mentioned, BT is the provider of a line. The equipment that is placed on the line and its vulnerability to being used are matters of individual responsibility. They are not the responsibility of BT, which provided the computer whose technology and software were not protected against the possibility of a scam.
As I said, this is a complex area. During 2003 initially but primarily during 2004, there was an explosion of activity involving a scam that had not been anticipated. Many people recognise the need for proper protection for their software and equipment, but do not realise until something goes seriously wrong how important that is, and that it is their responsibility and not that of the provider.
If there is a problem on the road, that has nothing to do with the car that is driven over it. Responsibility for the vehicle and its safety is governed by legislation. It must have passed its MOT, and it must be safe. That is entirely different from the provision of the highway. I think that my hon. Friend has confused and conflated a number of issues.
BT discovered within a day that there was a problem from an analysis of charges that were building up, and notified the person whose equipment was allowing that to happen. It was therefore possible to close it down, and indeed to close the access to overseas numbers. There are numerous such examples.
People have been able to perpetrate a scam and disappear with the money. When that happens, there is no one left to blame, although there are victims. The service provider is a victim, the individuals are victims, but there is no one to blame. We have created a system that will hold money for up to 30 days. I was examining a case with officials and experts today. The fact that the equipment was allowing the criminal—the scammer—to programme it to make the calls was identified within 24 hours. Within 48 hours, the number had been blocked, so the scam could no longer continue. The 30-day delay means that money can be retained within the system and there is a possibility of recompense or, if the equipment has not been properly put in place, of fining. I had hoped to explain some of the wider context: there may not be enough time left, but I shall attempt to do so for my hon. Friend.
We are talking about an industry that is rapidly developing. It provides a variety of services that are used on a daily basis. It is an immensely powerful tool, but my hon. Friend will know that every time one connects to the internet, a warning appears asking whether the user really wants to proceed. The point is to illustrate for users that, along with the power of the system, there are also vulnerabilities.
"I though that with it being a computer within the Palace of Westminster there might be some feedback from the police," he said. "Or at least an acknowledgement it had been recorded - but no."
Considering that is EXACTLY the same response as one receives from those who work/serve/laze in the Palace of Westminster, and most especially from those in executive office who have all manner of minions on the payroll to manage such simplicities as feedback and/or acknowledgement, complaining about it is a bit rich, but not surprising.
"We have got 140,000 cops and most of them don't know one end of the computer from the other,"
Starts at the top; we have Home Secretary / Justice Minsters that don't seem to know that much about them.
I have been doing some training in forensic investigation - not as simple as one might think. Certainly it is clear that most police officers don't know what to do, so the digital evidence is rendered inadmissable in court.
They can't detect the crime
Even if they do, they generally can't catch the culprit
If they do somehow manage to catch them, they can't prosecute
If by some miracle they can and the case is proven, the chances are the culprit gets away with it, or serves a pathetically short sentence
If a user cleans malware themselves, that takes away the ability of IT staff to determine what it was, how it spreads, and possibly if other systems in the organization might be infected.
Cleaning up the one system may win the battle but it helps lose the war.
Systems need to be properly quarantined and proper forensic analysis performed. The best thing he could have done when he detected malware was to simply unplug the machine from the network and call the IT security staff - but leave the system running. That allows forensics to be initiated to capture the state of the machine.
It can also help determine what information was compromised and allow for better investigation with at least a minuscule better chance of finding and prosecuting the perpetrator.
Alun Michael has my sympathy. Those of us pursuing BT and Phorm over the illegal trials of Webwise/PageSense during 2006 and 2007 found that the police (City of London force) weren't that interested either. Nor was the ICO, nor were Ofcom (outside their sphere of interest, although IN their sphere of interest enough to refuse FOI requests about Phorm??).
Those of us experiencing scams aimed at our bank accounts also find it difficult to report these CRIMES to the police because we are told we should report them to the banks.
So Alun - perhaps you could have a word with someone and arrange for the police to be tasked investigating computer based crimes (and financial bank based crimes) on behalf of ordinary citizens? Now you know how frustrating it can be when the police aren't that interested in clear evidence of wrongdoing.