Computer Crime Research Center


Simon Hendery: Cyber crime gets more spooky

Date: March 27, 2008
By: Simon Hendery

As cyber-criminals become increasingly powerful and better organised, those working against them on the "good" side of IT security seem to be responding with a more cloak-and-dagger approach to their work.

A case in point: Scott Montgomery, vice president of product management at Nasdaq-listed internet security firm Secure Computing, who visited New Zealand last week.

Montgomery's CV lists him as an adviser to a number of Washington DC security consultancies.

Given a major US-led multi-nation cyber-terrorism war games exercise - Cyber Storm II - had wrapped up just days earlier, that seemed like a good topic to quiz Montgomery on.

Unfortunately the security shutters came down very quickly. Montgomery refused to even confirm or deny whether he was personally involved in the exercise, which was aimed at testing defences in the US, UK, Australia, New Zealand and Canada against online attacks.

"That's one area where I really can't comment. The defenders won. That's all I can say".

Probed a bit further, he was willing to admit that, as with Cyber Storm I, the official public debrief on the exercise is likely to reveal there is room for improvement in how the alliance partners worked together to thwart potential online attacks against critical national infrastructure.

"I love this exercise because it shows that we can get a great deal of co-operation among friendly governments."

Montgomery says there are broadly two types of malicious cyber activity: the profit-motivated activities of criminals making money through online scams, such as stealing bank account details, and the "cyber-terrorism" pursuit of trying to bring down vital infrastructure networks through hacking.

All the countries involved in Cyber Storm have some reliance on the internet when it comes to controlling infrastructure for vital services such as telecommunications, water or power supplies, Montgomery says.

"This is, I think, very fertile ground for disruptive attacks."

After Cyber Storm I, New Zealand watchdog the Centre for Critical Infrastructure Protection had its charter enhanced to give it oversight for security of key assets such as the country's power generation, telecommunications, water and gas networks, he says.

Talking up the perils of IT crime and terrorism is obviously a good marketing ploy for a company like Secure Computing, given it is in the business of selling protection against this type of threat. But that's not to say Montgomery is overselling the dangers. The US Department of Justice has estimated online fraud is generating more than US$100 billion ($124.6 billion) in annual revenue for the criminals involved, whereas information security is a US$20 billion market.

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-03-31 03:45:37 - My comment failed according to the page I... Daniella Goldstein
Total 1 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo