Risk
7/30/2013
02:39 PM
Connect Directly
RSS
E-Mail
50%
50%

U.K. Losing Battle Against Cyber Crime

New report by Home Affairs Committee warns that U.K. is insufficiently prepared to protect the country against cyber attacks and other online threats.

According to a new report by the Home Affairs Committee, the U.K. is at grave danger of losing the battle against cyber-crime. The report states that much Internet-related financial crime is not being reported to the police and that law enforcement is generally not trained to fight cybercrime.

MPs say that online criminal activity that defrauds victims of money is often not reported to or investigated by law enforcement and is covered up by British banks, who simply reimburse the victims with no attempt to find or prosecute perpetrators. "You can steal more on the Internet than you can by robbing a bank -- and online criminals in 25 countries have chosen the U.K. as their number-one target," stated the Committee's chair, labor MP Keith Vaz. "Astonishingly, some are operating from EU countries. If we don't have a 21st-century response to this 21st-century crime, we will be letting those involved in these gangs off the hook."

The Committee is also concerned about the British court system's ability to deal with this type of 21st-century criminal activity. It recommends that the government review sentencing guidance to ensure that e-criminals receive the same sentences as they would for stealing the same amount of money or data in the physical world. The report also urges the government to establish a state-of-the-art espionage response center to combat Web-based attacks by foreign powers and terrorists.

"At a time when fraud and e-crime is going up, the capability of the country to address it is going down," MPs said in a statement. "Ministers have acknowledged the increasing threat of e-crime, but it is clear that sufficient funding and resources have not been allocated to the law enforcement responsible for tackling it."

[ Doing business with Whitehall isn't cheap. Read U.K. Costliest Country To Bid On Government Contracts. ]

In addition, the Committee called for British legislators to ramp up efforts to curb or remove online content such as extremist agitation or pornography. "Young people are increasingly radicalized online by the words of radical clerics on YouTube [while] tragic murders have shown the terrible consequences of access to indecent images on the Web," said Vaz. In response, ISPs, search engines and social media sites are encouraged to be more proactive about removing inappropriate content, or risk government legislative action.

The Committee's report came out on the same day the Office of National Statistics released new data showing that, despite a welcome return to growth in British IT, cyber security remains a weak area, with too few IT professionals having the relevant skills.

However, the government also told the BBC that it is taking action to tackle the cyber-threat, investing more than £850 million ($1.3 billion) through a national cyber-security program to develop and maintain cutting-edge capabilities.

Not everyone is convinced, however. Business lobbying group the CBI said that an MP proposal that would make it mandatory for British businesses to report cyber-attacks won't help. "Proposals to force businesses to report a cyber-attack as soon as it happens when they should instead be focusing on fighting the attack privately could be counterproductive and put them at greater risk," warned Matthew Fell, CBI director for competitive markets. "Mandatory reporting would also risk cyber security becoming a tick-box regulatory requirement and stifle business-to-business information sharing."

U.K. cyber security industry commentator Klaus Gheri, VP of product management Europe at Barracuda Networks, added, "The growing threat of Internet crime is not specific to the U.K. It is the same everywhere. Law agencies are ill-equipped to protect against cyber warfare. Social media sites have become a regular hunting ground for cyber-espionage attacks and an easy way for cyber criminals to launch targeted attacks against businesses."

However, Gheri also acknowledged that governments have "the biggest responsibility here," calling on Westminster to pass legislation so all businesses have "a prescribed minimal amount of cyber security."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.