Website to report cyber-crime considered by government
A website for people to report cyber-crime is one idea being considered by a government committee set up to look at internet security. The House of Lord's Science and Technology select committee will report back on how government can better deal with the threat of e-crime. Speaking at a conference in London, chairman Lord Broers hinted at new laws to deal with breaches of data. The committee is due to present its findings in the summer. Reporting crime He told delegates at InfoSecurity 2007 that a website along the lines of the US based Internet Crime Complaint Center which allows US citizens to report e-crime could be set up in the UK. As well as providing more reliable statistics on how widespread the problem of e-crime is, such a site would also be a good way of persuading people who are reluctant to tell the police they have been the victim of online fraud. "One of the problems is that people who, for example, have been the victim of an eBay scam tend to think how stupid they were and that there is no point in going to police. If you were mugged you would be sure to go straight to the police," he said. "In the UK, people are being told to go to their bank first. We are not sure that is right. These are crimes and the police should be equipped to deal with them," Lord Broers said. As part of their work, the committee took a trip to see how the authorities are dealing with cyber-crime in the US. It was impressed by the way that the FBI co-ordinated with bodies such as the Federal Trade Commission and offered standardised procedures for the reporting of online fraud. The committee was also impressed by regional centres set up by the FBI to educate and help US law enforcers deal with the increasing cyber-threat, including work-stations dedicated to the kind of computer forensic work that is increasingly becoming crucial to bring fraudsters to book. "We have similar capabilities here but it is on a much smaller scale. There is one person dealing with fraud and phishing attacks," said Lord Broers. Despite the sophisticated way the FBI is dealing with cyber-crime, the committee found that the Department of Justice have only a "handful" of cases pending. David Emm, a senior technology consultant with security firm Kaspersky, believes that victims of online fraud save time by reporting incidents of fraud directly to their banks. "It cuts out the middle-man. If you go to the local cop shop and say you have been a victim of phishing they are not necessarily going to be clued up on that," he said. He is concerned that the UK no longer has a dedicated cyber-crime agency, since the High Tech Crime Unit was amalgamated with the Serious Organised Crime Agency. Who is responsible? Other issues that Lord Broers touched on in his keynote speech at InfoSecurity 2007, was who should ultimately be responsible for security. "Is there too much responsibility on end-users rather than those best placed to manage the risk, such as operating system suppliers, those operating net sites and those responsible for the network?" he asked. Ideas to shift some of balance back to industry include making vendors responsible for putting up-to-date security software on machines, the possibility of partitioning off part of a computer so it could not be attacked and the potential to prosecute those that employ botnets - a network of machines hijacked by malicious hackers - for using other people's bandwidth. Protecting youngsters Whether current UK legislation is adequate to deal with e-crime is one of the biggest questions facing the committee, which is due to report its finding in July. "In the UK running a botnet is not illegal. It could be being used as part of a grid computing network doing calculations on climate change. Should there be a license for operating a botnet?" said Lord Broers. In the US there are data breach laws to protect people whose personal information has been compromised online. Lord Broers said it was likely that the committee will recommend the UK follows suit. One of the most hard-hitting aspects of the committee's work so far has been that surrounding the threats to young people online. A guided tour around chatrooms showing how easily a police officer posing as a 12-year-old girl can be bombarded with obscene comments persuaded the committee that more needs to be done to educate youngsters about the dangers they face. "We are asking whether the emphasis in schools in strong enough and the current curriculum adequate. It is highly likely we will recommend more be done," said Lord Broers. He admitted that the committee's findings would not have the answer to every question surrounding e-crime. "We can make sure the questions are asked. The net is a wonderful resource and we should not let it be hijacked by the forces of evil," he said.