Risk
7/30/2013
02:39 PM
50%
50%

U.K. Losing Battle Against Cyber Crime

New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.

According to a new report by the Home Affairs Committee, the U.K. is at grave danger of losing the battle against cyber-crime. The report states that much Internet-related financial crime is not being reported to the police and that law enforcement is generally not trained to fight cybercrime.

MPs say that online criminal activity that defrauds victims of money is often not reported to or investigated by law enforcement and is covered up by British banks, who simply reimburse the victims with no attempt to find or prosecute perpetrators. "You can steal more on the Internet than you can by robbing a bank -- and online criminals in 25 countries have chosen the U.K. as their number-one target," stated the Committee's chair, labor MP Keith Vaz. "Astonishingly, some are operating from EU countries. If we don't have a 21st-century response to this 21st-century crime, we will be letting those involved in these gangs off the hook."

The Committee is also concerned about the British court system's ability to deal with this type of 21st-century criminal activity. It recommends that the government review sentencing guidance to ensure that e-criminals receive the same sentences as they would for stealing the same amount of money or data in the physical world. The report also urges the government to establish a state-of-the-art espionage response center to combat Web-based attacks by foreign powers and terrorists.

"At a time when fraud and e-crime is going up, the capability of the country to address it is going down," MPs said in a statement. "Ministers have acknowledged the increasing threat of e-crime, but it is clear that sufficient funding and resources have not been allocated to the law enforcement responsible for tackling it."

[ Doing business with Whitehall isn't cheap. Read U.K. Costliest Country To Bid On Government Contracts. ]

In addition, the Committee called for British legislators to ramp up efforts to curb or remove online content such as extremist agitation or pornography. "Young people are increasingly radicalized online by the words of radical clerics on YouTube [while] tragic murders have shown the terrible consequences of access to indecent images on the Web," said Vaz. In response, ISPs, search engines and social media sites are encouraged to be more proactive about removing inappropriate content, or risk government legislative action.

The Committee's report came out on the same day the Office of National Statistics released new data showing that, despite a welcome return to growth in British IT, cyber security remains a weak area, with too few IT professionals having the relevant skills.

However, the government also told the BBC that it is taking action to tackle the cyber-threat, investing more than £850 million ($1.3 billion) through a national cyber-security program to develop and maintain cutting-edge capabilities.

Not everyone is convinced, however. Business lobbying group the CBI said that an MP proposal that would make it mandatory for British businesses to report cyber-attacks won't help. "Proposals to force businesses to report a cyber-attack as soon as it happens when they should instead be focusing on fighting the attack privately could be counterproductive and put them at greater risk," warned Matthew Fell, CBI director for competitive markets. "Mandatory reporting would also risk cyber security becoming a tick-box regulatory requirement and stifle business-to-business information sharing."

U.K. cyber security industry commentator Klaus Gheri, VP of product management Europe at Barracuda Networks, added, "The growing threat of Internet crime is not specific to the U.K. It is the same everywhere. Law agencies are ill-equipped to protect against cyber warfare. Social media sites have become a regular hunting ground for cyber-espionage attacks and an easy way for cyber criminals to launch targeted attacks against businesses."

However, Gheri also acknowledged that governments have "the biggest responsibility here," calling on Westminster to pass legislation so all businesses have "a prescribed minimal amount of cyber security."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7437
Published: 2015-03-29
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

CVE-2013-7438
Published: 2015-03-29
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based ...

CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.