Security gurus at the second Security Blogger Summit have highlighted the need to raise awareness of the dangers posed by cyber-attacks and to rethink outdated cyber-crime regulation.
The event, organized by Panda Security in Madrid, was attended by more than 200 people. It was also streamed live and Internet users worldwide could participate through Twitter.
According to Brian Krebs, investigative journalist and cyber-crime expert: “Cyber-crime is becoming more and more similar to drug trafficking. We could talk of organised cyber-crime cartels.”
Paloma Llaneza, a member of Spain’s National Cyber-Security Advisory Council, comments: “Apart from the difficulty of arresting a hacker for illegal activities carried out outside of a country’s jurisdiction, there is the problem of actually making sure that a hacker’s virtual identity actually corresponds to that of the detainee."
Participants also commented on the speed of cyber-attacks and the lack of resources from authorities to stop them. “The law is always one step behind cyber-crooks and this prevents authorities from acting more swiftly,” says Yago Jesús, blogger and author of www.securitybydefault.com.
Joseph Menn, an investigative journalist who has comprehensively covered security issues, indicates that even in countries like the US, there are laws dating back to the 1970s that are no longer capable of stopping present-day Internet attacks.
“There are many legal obstacles that make stopping these groups incredibly hard. If you are a hacker and operate in a country other than your own, it is very difficult to arrest you,” says Menn.
The scale of the problem is daunting. According to cyber-crime expert Brian Krebs, “Cyber-crime is becoming more and more similar to drug trafficking. These organisations are exclusively motivated by money and operate using pyramidal structures. Each group within the organisation has its own responsibilities: some develop malware, others identify banks to attack, and finally some others spread the malicious code.”
“The best thing would be to be able to demand some responsibility from private businesses and public institutions,” suggests Jesús while Krebs recommended drawing up a blacklist of non-recommended sites which he believes could prevent a huge number of attacks by warning users of websites that could infect them.
Krebs also explains the need to demand more responsibility from Internet Service Providers. “If we have laws in the United States that force Internet service providers to shut down Web pages that offer pirate music or video files within 48 hours, there should be similar laws for cyber-crime.”
Education and awareness issues were also discussed at the summit, with several participants speaking in favour of a common sense approach.
“Just as we lock the door after leaving our house or getting out of the car, we should do the same thing with the Internet,” says Alejandro Suárez, an influential Internet blogger in the Networks SL blogging network.
Marcelo Rivero, Infospyware.com’s author, echoes this: “We must be aware of what activities can lead to an infection and what cannot. Common sense is necessary to surf the Web.”
“Unfortunately, young people establish a communication channel that parents many times cannot advice them on. We should act on the Internet in exactly the same way as in real life in order to minimize risks,” adds Rivero.