I am helping Leeds University with a business Cybercrime Survey go to www.bit.do/cybersurvey to complete it or use the QR code.
Many thanks
This is my personal blog for issues that I will make comment upon, my own views. Feel free to comment or connect with me. AQL commissioned Ambassador for the Yorkshire Humberside Cyber security Information Sharing Partnership To join follow www.ncsc.gov.uk/CISP
Saturday, 29 October 2016
Monday, 19 September 2016
ActionFraud and local police investigation
Many people are told when they call the police to report a fraud, especially a cyber based one that they should call ActionFraud or report it to the ActionFraud (AF) website. http://www.actionfraud.police.uk.
ActionFraud is fairly unique and is a world class service for bringing fraud and intelligence together at a national level
BUT, and it is a big BUT, many frauds really should be investigated locally.
And the rules governing AF allow this but many people, including many cops and call handlers seem still to be unaware.
Here is an outline of the rules governing AF and replicated on many force websites. This comes from the Met site, even Northern Ireland is covered
http://content.met.police.uk/Site/reportingfraud
Local police should take a formal report of fraud in the following circumstances, known as ‘Calls to Service’:
Where the crime is in progress, or about to happen, including where a delivery is about to be made or money is at risk (a payment may be stopped if action is taken immediately).
Where the person suspected of committing the crime is locally known or can be easily identified. (Police may refer the complainant to action fraud if the suspect does not reside in their force area.)
Where the person reporting or the victim is vulnerable. The person may be unable to make a report by telephone or the internet, lack understanding of their situation or require additional support from Police or partner organisations.
So if your fraud meets the above criteria then the police should investigate
Simples
Sunday, 15 May 2016
Helping CERT-CISP in Yorkshire Humberside
Following last
week’s launch of The Cyber Security Breaches Survey which found that one in
four large firms are experiencing a cyber breach at least once a month, only
half of all firms have taken any recommended actions to identify and address
vulnerabilities.
Less than a
third of all firms, had any formal written cyber security policies and only 10%
had an incident management plan in place.
This
demonstrates that companies are not ready for cyber-attacks and are not taking
the most basic precautions, technically and through education or training.
I am pleased to be supporting aql’s
commitment to working with businesses in the Yorkshire and Humberside Region we
are helping all companies to improve their own protection by supporting the
Regional Cyber-security Information Sharing Partnership (CiSP)
In order to
help promote the CiSP aql have commissioned me to undertake work on
behalf of the CiSP to improve membership and build activity across the region
aql’s CEO Dr
Adam Beaumont, who is the designated business champion for CiSP in the Region said
“Leeds is the second financial centre in the UK and a global centre for
eHealth and we are dependent on London for connectivity, and connectivity is
the lifeblood of a business these days.”
“Whilst we help provide connectivity and substantial storage for many
parties both public and private we want to ensure that companies in this region
protect themselves and make the internet a safe place to operate and do
business. That’s why I want to see the CiSP succeed. By supporting the joint
efforts of businesses across the region we are helping build growth and make
our community safer.
A valuable part of that effort is to support the CiSP itself, I am
pleased to announce that I have engaged Stuart Hyde QPM to act on behalf of Yorkshire
and Humberside businesses to help develop the CiSP”
I am very honoured to be asked by aql, an exceptional example of growth within the Region, to help drive the CiSP in Yorkshire and Humberside. CiSP is a key national strategy to make the UK a safer place online, and it should be capable of helping businesses to protect themselves.
Sunday, 8 May 2016
Cyber Street Unwise
A few days ago the Register published an article about the waste of £20million pounds on Cyber Prevention. http://www.theregister.co.uk/2016/05/04/ukgov_uncoordinated_illinformed_and_utterly_ineffective_on_cybercime/
One of the findings in the report was that despite spending this money only 15% or so of people had heard of Get Safe Online (GSOL) https://www.getsafeonline.org/
Well that would be a sad story IF GSOL had received this alleged £20M
It hasnt.
In fact the Register got it wrong, but only in detail, such as who is responsible for spending that money. GSOL are not. They receive a max of £70k from Govt so not a bad return 13% of the population for £70K
So who has spent it?
Well its a secretive organisation called Cyber Street Wise https://www.cyberstreetwise.com/ (CSW)
I use the word "secret" because they do not want to tell you who is in charge, nor how they spend their money. Despite the logo "HM Government" in the top left hand corner, a request for a copy of their budget received a response of "Only with a Freedom of Information Act" request will we tell you
And then the response was merely to say £4m per year. No budget, no accounts or outline. Just a single number. In fact they have had about £20m and I believe most has been spent on Saatchi and Co
http://www.thedrum.com/news/2014/01/13/uk-government-urges-public-be-cyber-streetwise-new-campaign-mc-saatchi
At the time their Saatchi Chairman Tim Duffy, said: “This campaign represents one of the most relevant public information campaigns of our time. In cyberstreetwise.com we have created a campaign idea that is as flexible as it is powerful. The success of the campaign will be more and more people in Britain knowing how to be secure online and as a consequence helping to build an even stronger British economy.”
A further request to know who is leading CSW produced a response that stated in relation to the management team of the Cyber Streetwise campaign, "after careful consideration, we judge that the information you request is exempt from disclosure under section 40(2) of the Freedom of Information Act (“FOIA”)."
So much for open Government
No wonder The Register found it so hard to understand who does what.
The campaign from CSW was not about promoting GSOL. In fact they rarely mention GSOL in any of their media.
CSW rarely engages with real dynamic issues and seems to replicate the same mantra on Twitter. Have a look at their feed for example. No doubt a Bot controls the Twitter Feed as their is rarely any discussion. When TalkTalk broke they didn't seem to notice
So its not surprising that the Government's campaign is not working
Its Ok to moan but what should be done
1. Move a substantial amount of the CSW funding to GSOL.
2. Cancel the account with Saatchi
3. Put some of the money into supporting local businesses to engage, particularly through the CiSP. https://www.cert.gov.uk/cisp/
4. Make the civil servants running CSW accountable and let people know who is in charge
5. Create and deliver Public accounts and performance targets for CSW
GSOL has been run on a shoe string for years and the fact that The Register didn't know about CSW is not surprising, albeit poor quality journalism.
Lets hope that Ministers wake up to this saga and help create a more effective strategy for public cyber protection
One of the findings in the report was that despite spending this money only 15% or so of people had heard of Get Safe Online (GSOL) https://www.getsafeonline.org/
Well that would be a sad story IF GSOL had received this alleged £20M
It hasnt.
In fact the Register got it wrong, but only in detail, such as who is responsible for spending that money. GSOL are not. They receive a max of £70k from Govt so not a bad return 13% of the population for £70K
So who has spent it?
Well its a secretive organisation called Cyber Street Wise https://www.cyberstreetwise.com/ (CSW)
I use the word "secret" because they do not want to tell you who is in charge, nor how they spend their money. Despite the logo "HM Government" in the top left hand corner, a request for a copy of their budget received a response of "Only with a Freedom of Information Act" request will we tell you
And then the response was merely to say £4m per year. No budget, no accounts or outline. Just a single number. In fact they have had about £20m and I believe most has been spent on Saatchi and Co
http://www.thedrum.com/news/2014/01/13/uk-government-urges-public-be-cyber-streetwise-new-campaign-mc-saatchi
At the time their Saatchi Chairman Tim Duffy, said: “This campaign represents one of the most relevant public information campaigns of our time. In cyberstreetwise.com we have created a campaign idea that is as flexible as it is powerful. The success of the campaign will be more and more people in Britain knowing how to be secure online and as a consequence helping to build an even stronger British economy.”
A further request to know who is leading CSW produced a response that stated in relation to the management team of the Cyber Streetwise campaign, "after careful consideration, we judge that the information you request is exempt from disclosure under section 40(2) of the Freedom of Information Act (“FOIA”)."
So much for open Government
No wonder The Register found it so hard to understand who does what.
The campaign from CSW was not about promoting GSOL. In fact they rarely mention GSOL in any of their media.
CSW rarely engages with real dynamic issues and seems to replicate the same mantra on Twitter. Have a look at their feed for example. No doubt a Bot controls the Twitter Feed as their is rarely any discussion. When TalkTalk broke they didn't seem to notice
So its not surprising that the Government's campaign is not working
Its Ok to moan but what should be done
1. Move a substantial amount of the CSW funding to GSOL.
2. Cancel the account with Saatchi
3. Put some of the money into supporting local businesses to engage, particularly through the CiSP. https://www.cert.gov.uk/cisp/
4. Make the civil servants running CSW accountable and let people know who is in charge
5. Create and deliver Public accounts and performance targets for CSW
GSOL has been run on a shoe string for years and the fact that The Register didn't know about CSW is not surprising, albeit poor quality journalism.
Lets hope that Ministers wake up to this saga and help create a more effective strategy for public cyber protection
Tuesday, 1 March 2016
Apple and the FBI some thoughts and judgement pre Farook decision
The Apple FBI saga
The disagreement over Apple
and the FBI has become a microcosm of the world of cyber and digital crime.
Warranty can secure access to homes, cars planes and any premise or item.
However the encryption coding on the iPhone, that is loved by many, seems to be
at the limit of the privacy issue, and not just because of encryption.
Cyber investigators have
mixed views ranging from fully supporting Apple’s right to say no, through to a
total distrust of the state to protect its citizens from digital theft. The
role of private organisations and businesses to support and deliver security or
evidence on behalf of the state seems an unreasonable one to many.
Understanding what has
actually happened legally is also a concern as the media is either
misunderstanding the application made by the FBI or is “bigging” up Apple’s
response.
Either way the legal process
will ensue as Apple appeals the FBI bid. Added to that are side issues such as
whether the password for the San Bernardino shooter's iCloud account (Farook) associated
with his iPhone was reset hours after authorities took possession of the
device, was this an error or a deliberate ploy.
Some questions already posed.
1.
Is Apple right to
stand its ground, balancing personal security and privacy against national
security?
There is also an issue about product confidence and the concern that
the US is not the only country where iPhones sell. Its approach is to appeal
and use its legal route first. This will take time.The below unrelated case gives support to Apple's view
2.
What are the
long-term implications?
If the appeal fails then the FBI will secure what it is after, an
ability to keep trying to crack the encryption without the iPhone losing data.
The question is whether this will stop Apple’s encryption and create a back
door for the FBI/Police. If they do, there is considerable fear it will be
copied by other countries or organisations rendering the security of the iPhone
useless.
3.
Since so much
consumer trust is invested in how we use our phones for the most data sensitive
of operations amongst commerce, mobile money and banking etc will this move
compromise that trust?
If Apple are forced to create a back door it will reduce consumer
confidence in the product on the basis that the techniques are likely to be
copied or replicated elsewhere. Currently the Passcode is part of an encryption
that cannot be broken
4.
If the government
is effectively asking for a back door key, how secure would that process be?
Through human carelessness or leaking could the key be compromised?
Industry doesn’t have a strong sense that the state could protect the
“key”. And there are examples to support that view. What if those with access
are compromised or neglectful? Apple has well-reasoned arguments to consider
the ability of any state to hold that access “key”
However A judgement came yesterday in a not related case which doesnt have binding precedence over the Farook case but contains some some really helpful comments within the 50 page report
A good summary is found below, particularly the call for Legislators to deal with the fast changing technological developments
"In
deciding this motion, I offer no opinion as to whether, in the circumstances of
this case or others, the government's legitimate interest in ensuring that no
door is too strong to resist lawful entry should prevail against the equally
legitimate societal interests arrayed against it here. Those
competing values extend beyond the individual's interest in vindicating
reasonable expectations of privacy – which is not directly implicated where, as
here, it must give way to the mandate of a lawful warrant. They include the
commercial interest in conducting a lawful business as its owners deem most
productive, free of potentially harmful government intrusion; and the far more
fundamental and universal interest – important to individuals as a matter of
safety, to businesses as a matter of competitive fairness, and to society as a
whole as a matter of national security – in shielding sensitive electronically
stored data from the myriad harms, great and small, that unauthorized access
and misuse can cause.
How
best to balance those interests is a matter of critical importance to our
society, and the need for an answer becomes more pressing daily, as the tide of
technological advance flows ever farther past the boundaries of what seemed
possible even a few decades ago. But that debate must happen today, and it must
take place among legislators who are equipped to consider the technological and
cultural realities of a world their predecessors could not begin to conceive.
It would betray our constitutional heritage and our people's claim to democratic
governance for a judge to pretend that our Founders already had that debate,
and ended it, in 1789."
This is the full judgement passed yesterday re the FBI and Apple case in Brooklyn. It will be interesting to see how this is regarded in the main Farook case
Judgement Apple and FBI
Subscribe to:
Posts (Atom)
Popular Posts in last 7 Days
-
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
-
I am helping Leeds University with a business Cybercrime Survey go to www.bit.do/cybersurvey to complete it or use the QR code. Many tha...
-
#SID2016 is a great opportunity for take schools to take stock and consider whether they are meeting current educational online requireme...
-
I know I have just done one blog but there is a phrase in it that I think needs a little explanation as I think it really does sum up the ch...
-
Following last week’s launch of The Cyber Security Breaches Survey which found that one in four large firms are experiencing a cyber br...
-
In the recent drive to create the Big Society there is a risk that we convince ourselves that this is an entirely new concept and so denigr...
-
Fancy climbing a hill at night to take part in an amazing spectacle and raise money for a fantastic charity? I ran a simi...
-
Many people are told when they call the police to report a fraud, especially a cyber based one that they should call ActionFraud or report ...
-
Having experienced a range of public violence in Btistol Bradford Birmingham and Harmondsworth I feel enabled to comment in support of the v...
-
The advice I was given at the start of blogging was to mix it up So what do I listen to at the gym, plug in, turn up the volume and rip it...