E-Crime Wales Summit points way to future
The fourth e-Crime Wales Summit in Newport demonstrated that Wales has made huge progress in the battle against e-crime and is now at the forefront. The summit was opened by master of ceremonies Jamie Owen of BBC Wales, who described the scale of the problem – a third of 1000 Welsh companies and citizens recently surveyed had suffered losses averaging £500 in the last year, almost half do not carry out regular security checks, and one in five victims of e-crime apparently take no action in the aftermath.
However Ieuan Wyn Jones, Deputy First Minister of the Welsh Assembly and Minister for the Economy and Transport, was enthusiastic about the progress that has been made by e-crime Wales – a collaboration between the Welsh Assembly, the four Welsh Police forces, the Home Office, Get Safe Online and nine commercial partners that has provided security guidance and support to businesses in Wales since 2004.
For the first time, the Serious and Organised Crime Agency (SOCA) was represented at the summit. Deputy Director Sharon Lemon disputed that e-crime is a special category, describing it primarily as an extension of conventional crime, merely facilitated by information technology. However, she pointed out how significant such facilitation can be, mentioning virtual criminal gangs who have carried out major fraud without the members ever having met – similarly to the web site defacers recently arrested in Spain. She commented “find the money and you find the criminal”, and indicated that the SOCA considers disruption of e-crime as important a remit as its investigation.
In a presentation on security awareness, Microsoft Security Specialist Thomas Karlsson stressed that the overwhelming problem is not clever technological attacks, but lack of user awareness. He reminded delegates of Kevin Mitnick and quoted some Microsoft research in which 100 per cent of respondents clicked on a link that expressly stated “do not click on this link – it will download a virus”. When asked, they generally said “I wanted to see what would happen”.
Among the breakout sessions was a seminar led by Stefan Fafinski of 1871 Ltd on the place of law in protection against e-crime. A consensus emerged that more and increasingly complex law provides little protection without reliable and consistent enforcement. Fafinski cited two cases: a man who mailbombed his ex-employer who was merely sentenced to a curfew and a security expert who was fined for demonstrating a weakness in a site to which he wished to subscribe. He concluded that the Computer Misuse Act is still not fully perfected and is still subject to conceptual legal problems.
Tony Neate, managing director of Get Safe Online told heise Security that he was very optimistic about the progress that has been made in the four years since e-crime Wales got off the ground. He pointed out that the initiative is not just a talking shop, but that real deliverables are available now to support business and individuals.
In answer to the question: what key attributes have made Wales a leader in the fight against e-crime, e-crime Wales chairman Detective Chief Superintendent Chris Corcoran said it is the wholehearted commitment of all participants including the Welsh Assembly, which has also provided generous funding. To carry this level of success forward to the UK at large, he stated that all participants must have a voice.
The final sessions of the summit were dominated by discussion of awareness and training. In a lively presentation, Martin Smith of the Security Company asserted that lack of user awareness is the biggest barrier to overall security. He compared security breaches with airline disasters, which seldom result from a single cause, but more frequently from chance coincidence of numerous minor contributory factors. The summit ended with a floor debate on the relative responsibilities of ISPs, law enforcement and users, in securing internet usage.