02:39 PM

U.K. Losing Battle Against Cyber Crime

New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.

According to a new report by the Home Affairs Committee, the U.K. is at grave danger of losing the battle against cyber-crime. The report states that much Internet-related financial crime is not being reported to the police and that law enforcement is generally not trained to fight cybercrime.

MPs say that online criminal activity that defrauds victims of money is often not reported to or investigated by law enforcement and is covered up by British banks, who simply reimburse the victims with no attempt to find or prosecute perpetrators. "You can steal more on the Internet than you can by robbing a bank -- and online criminals in 25 countries have chosen the U.K. as their number-one target," stated the Committee's chair, labor MP Keith Vaz. "Astonishingly, some are operating from EU countries. If we don't have a 21st-century response to this 21st-century crime, we will be letting those involved in these gangs off the hook."

The Committee is also concerned about the British court system's ability to deal with this type of 21st-century criminal activity. It recommends that the government review sentencing guidance to ensure that e-criminals receive the same sentences as they would for stealing the same amount of money or data in the physical world. The report also urges the government to establish a state-of-the-art espionage response center to combat Web-based attacks by foreign powers and terrorists.

"At a time when fraud and e-crime is going up, the capability of the country to address it is going down," MPs said in a statement. "Ministers have acknowledged the increasing threat of e-crime, but it is clear that sufficient funding and resources have not been allocated to the law enforcement responsible for tackling it."

[ Doing business with Whitehall isn't cheap. Read U.K. Costliest Country To Bid On Government Contracts. ]

In addition, the Committee called for British legislators to ramp up efforts to curb or remove online content such as extremist agitation or pornography. "Young people are increasingly radicalized online by the words of radical clerics on YouTube [while] tragic murders have shown the terrible consequences of access to indecent images on the Web," said Vaz. In response, ISPs, search engines and social media sites are encouraged to be more proactive about removing inappropriate content, or risk government legislative action.

The Committee's report came out on the same day the Office of National Statistics released new data showing that, despite a welcome return to growth in British IT, cyber security remains a weak area, with too few IT professionals having the relevant skills.

However, the government also told the BBC that it is taking action to tackle the cyber-threat, investing more than £850 million ($1.3 billion) through a national cyber-security program to develop and maintain cutting-edge capabilities.

Not everyone is convinced, however. Business lobbying group the CBI said that an MP proposal that would make it mandatory for British businesses to report cyber-attacks won't help. "Proposals to force businesses to report a cyber-attack as soon as it happens when they should instead be focusing on fighting the attack privately could be counterproductive and put them at greater risk," warned Matthew Fell, CBI director for competitive markets. "Mandatory reporting would also risk cyber security becoming a tick-box regulatory requirement and stifle business-to-business information sharing."

U.K. cyber security industry commentator Klaus Gheri, VP of product management Europe at Barracuda Networks, added, "The growing threat of Internet crime is not specific to the U.K. It is the same everywhere. Law agencies are ill-equipped to protect against cyber warfare. Social media sites have become a regular hunting ground for cyber-espionage attacks and an easy way for cyber criminals to launch targeted attacks against businesses."

However, Gheri also acknowledged that governments have "the biggest responsibility here," calling on Westminster to pass legislation so all businesses have "a prescribed minimal amount of cyber security."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-12
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

Published: 2015-10-12
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Published: 2015-10-12
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

Published: 2015-10-12
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.

Published: 2015-10-12
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.