Changes to the law and the axing of the National Hi-Tech Crime Unit spell trouble for IT managers
Turning up on the last day of the Infosecurity 2006 show I was impressed by the number of smaller vendors populating Olympia
Web security specialist and penetration tester Ivan Ristic, who was on the panel, said, “If [the Computer Misuse Act is changed in this way] we won’t be able to penetration test our own systems.” Of course it will be quite interesting to see what the legal interpretation of a hacking tool is. Ristic clearly believes that if the modified law outlaws hacking tools, then penetration testing also becomes illegal. The upshot is that network security would quickly become weaker.
Another recent development that could lead to network security getting worse is the flushing down the toilet of the National Hi-Tech Crime Unit (NHTCU), the body set up to help companies who fall victim to computer crime and hackers, with a promise of confidentially. Now the NHTCU’s work is to be split between local police and the Serious Organised Crime Agency (Soca), and there is no longer a guarantee of confidentiality, so the worry is that firms won’t report network hacks.
Ristic noted that most companies will in future have to report computer crimes to their local police station rather than specialists in computer law. “This is very disturbing because there’s not many people at police stations who know about this type of crime,” he added.
Bob Ayers, leading security expert at international business and security analyst Chatham House, imagined what would happen if staff at a major corporation asked their local police to investigate a security incident and a court case followed. “Not only do you get the pleasure of sitting in court for months, your competitor gets to say, ‘You got hacked, you’re not safe, trade with us,’” he said.
At the show I had a quick chat with Gary Mackinnon, an erstwhile Moriarty of hacking, according to the US Feds, who may want to throw him in jail and throw away the key for a fair few years. Mackinnon doesn’t look like the demon the Feds suggest – in fact, he lives just up the road from me.
Mackinnon said he just wanted to find out what information about UFOs, if any, the US government was withholding from the public. He pointed out that there were many foreign hackers but he got caught because he wasn’t thorough enough. How did he get caught? While using a graphical remote image viewing tool, he forgot about the time difference.
Just goes to show that network security hangs sometimes by very thin threads. In the UK those threads could soon get thinner.
No comments:
Post a Comment