Risk
7/30/2013
02:39 PM
50%
50%

U.K. Losing Battle Against Cyber Crime

New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.

According to a new report by the Home Affairs Committee, the U.K. is at grave danger of losing the battle against cyber-crime. The report states that much Internet-related financial crime is not being reported to the police and that law enforcement is generally not trained to fight cybercrime.

MPs say that online criminal activity that defrauds victims of money is often not reported to or investigated by law enforcement and is covered up by British banks, who simply reimburse the victims with no attempt to find or prosecute perpetrators. "You can steal more on the Internet than you can by robbing a bank -- and online criminals in 25 countries have chosen the U.K. as their number-one target," stated the Committee's chair, labor MP Keith Vaz. "Astonishingly, some are operating from EU countries. If we don't have a 21st-century response to this 21st-century crime, we will be letting those involved in these gangs off the hook."

The Committee is also concerned about the British court system's ability to deal with this type of 21st-century criminal activity. It recommends that the government review sentencing guidance to ensure that e-criminals receive the same sentences as they would for stealing the same amount of money or data in the physical world. The report also urges the government to establish a state-of-the-art espionage response center to combat Web-based attacks by foreign powers and terrorists.

"At a time when fraud and e-crime is going up, the capability of the country to address it is going down," MPs said in a statement. "Ministers have acknowledged the increasing threat of e-crime, but it is clear that sufficient funding and resources have not been allocated to the law enforcement responsible for tackling it."

[ Doing business with Whitehall isn't cheap. Read U.K. Costliest Country To Bid On Government Contracts. ]

In addition, the Committee called for British legislators to ramp up efforts to curb or remove online content such as extremist agitation or pornography. "Young people are increasingly radicalized online by the words of radical clerics on YouTube [while] tragic murders have shown the terrible consequences of access to indecent images on the Web," said Vaz. In response, ISPs, search engines and social media sites are encouraged to be more proactive about removing inappropriate content, or risk government legislative action.

The Committee's report came out on the same day the Office of National Statistics released new data showing that, despite a welcome return to growth in British IT, cyber security remains a weak area, with too few IT professionals having the relevant skills.

However, the government also told the BBC that it is taking action to tackle the cyber-threat, investing more than £850 million ($1.3 billion) through a national cyber-security program to develop and maintain cutting-edge capabilities.

Not everyone is convinced, however. Business lobbying group the CBI said that an MP proposal that would make it mandatory for British businesses to report cyber-attacks won't help. "Proposals to force businesses to report a cyber-attack as soon as it happens when they should instead be focusing on fighting the attack privately could be counterproductive and put them at greater risk," warned Matthew Fell, CBI director for competitive markets. "Mandatory reporting would also risk cyber security becoming a tick-box regulatory requirement and stifle business-to-business information sharing."

U.K. cyber security industry commentator Klaus Gheri, VP of product management Europe at Barracuda Networks, added, "The growing threat of Internet crime is not specific to the U.K. It is the same everywhere. Law agencies are ill-equipped to protect against cyber warfare. Social media sites have become a regular hunting ground for cyber-espionage attacks and an easy way for cyber criminals to launch targeted attacks against businesses."

However, Gheri also acknowledged that governments have "the biggest responsibility here," calling on Westminster to pass legislation so all businesses have "a prescribed minimal amount of cyber security."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report