Daily Archives: November 3, 2019

#nationalcybersecuritymonth | Op-Ed: Cybersecurity is Not Just for IT Professionals Anymore

Source: National Cyber Security – Produced By Gregory Evans

October was National Cybersecurity Awareness Month, and as it wrapped up for the 16th year, it’s never been more important. Cybercrime has reached epidemic levels, The University of Maryland found that an attack occurs every 39 seconds on average, affecting one in three Americans every year, and security company McAfee reported there are 480 new high-tech threats now introduced every minute.

No individual or organization is too small or insignificant to be a target and cyberattacks are increasing in frequency, impact and cost, the FBI has said that Business Email Compromise (BEC) is a $26 billion-dollar enterprise, and recent a study by Dr. Michael McGuire from the University of Surrey, UK, put the value of the cybercrime economy at $1.5 trillion dollars.

Sadly, this epidemic shows no signs of slowing down in large part because many attacks are automated, victims often make it easy for the bad guys, criminals are raking in vast sums of ill-gotten gains, and they are difficult to track down and prosecute. 

Let’s start with some widespread misconceptions about cybersecurity that must be dispelled:

  1. My data (or the data I have access to) has no value to anyone else: All data is valuable to someone and the bad guys, sometimes called “Black Hat” hackers, are constantly working to get it.  From identity theft, to fraud, to marketing, there are many ways that your data is valuable, and you must attempt to protect it.

  2. Cybersecurity is a technology only issue: There are key technological solutions that will help you defend against cyberattacks (more on that later), but no technology is fool-proof, and many attacks rely on social engineering and deception to allow hackers to bypass even the best technological solutions. A layered approach to security is necessary, and education and awareness coupled with technology are key to defeating the Black Hats.

  3. Strong cybersecurity is expensive: There are many good technological solutions that can be implemented at little or no cost. Many vulnerabilities (some experts say as high as 95%) are the result of human error, so a little education will go a very long way towards helping you implement practices and configure systems so they are harder to hack.

  4. All hackers are technology geniuses: Some are, but many are using readily available free or low-cost hacking tools and platforms to launch sophisticated, automated attacks. You may not be able to stop a genius hacker that specifically targets you, but you can stop the bulk of these automated attacks.

  5. I need 100% bulletproof security: It’s nearly impossible and very expensive to be impervious to every possible attack. For most people, you merely need make yourself a hard target so that hackers will move on to a softer target. As you will see, this is not as difficult and expensive as you might think.

  6. New software and devices are secure out of the box: Many devices are rushed to market with security as an afterthought. The software they contain may have millions of lines of code that could contain flaws and bugs. Hackers know they only need to find one flaw, but the good guys (sometimes called “White Hat” hackers) must try to find and fix all the flaws. Any device may have security issues straight out of the box and updating the software on it regularly is critical!

Here are some concrete steps you can take to harden your systems and protect yourself, your family and your organization.

  • Ensure that you have anti-virus/anti-malware software on any/all devices that support it, ensure that the virus definitions are updated regularly, and schedule regular malware scans of your devices. There are many excellent low-cost and free options. If you’re a Windows user, Windows Defender is free and competitive with most of today’s quality products. Check this guide to compare products: https://www.pcmag.com/roundup/256703/the-best-antivirus-protection

  • Install software updates regularly, on ALL your devices. All reputable vendors regularly release software updates for their products and it’s critical that you install them regularly. This includes the firmware in your devices, their operating systems (Windows, Android, iOS) and the software on the devices. For example, ensure that you keep your web browser (Chrome, Firefox) updated. In many cases, these updates can be automated, for help Google “automatic updates for ” and fill in the blank for your situation. Don’t forget your “smart” Internet of Things (IoT) devices like TV’s, doorbells, lights, toasters, baby monitors, toys, cameras, etc. Additionally, be sure to change the default configuration. Bad guys can use the Shodan search engine to find and compromise your devices if they are not updated or are still running the default configuration.

  • Use a strong, unique password for each account. While this sounds painful, password manager applications allow you to store strong, unique passwords for each site and make it easy for you to use these passwords across your devices. At Intrust-IT we recommend LastPass, but you can check out other good password manager software here: https://www.cnet.com/news/the-best-password-managers-of-2019/

  • Enable Multi-factor Authentication (MFA) everywhere you can! MFA, sometimes called Two-factor Authentication or Two-Step Verification is a very powerful way to protect your accounts because an attacker requires an additional code to login. The code is typically sent to you via text message and only valid for a short period of time. While MFA is not failsafe, both Microsoft and Google have recently said that enabling MFA will stop nearly 99% of all automated attacks. If you do nothing else, enable MFA on every account you can!  This web site can help you get started: https://twofactorauth.org/

  • Use a Virtual Private Network (VPN) to encrypt your data before it hits the Internet. A VPN provides a certain amount of anonymity and makes it difficult for hackers to access your data because it’s encrypted. While I generally recommend not using free Public Wi-Fi in any case, a VPN is an absolute must if you do. Even if you only access the Internet from a secure, trusted network, a VPN is generally a good thing. This guide can help you select a quality VPN: https://www.techradar.com/vpn/best-vpn

  • Carefully vet any software/app before you install it on any device. I know it’s hard to believe, but most developers don’t build free software out of the goodness of their hearts. If you’re not paying with money, you’re paying with data, you’re the product, not the customer. Many apps are nothing more than thinly veiled malware. Pay attention to the permissions software asks for and provide the least permissions possible. Only install what you really need and vet it first. The sites I’ve linked above have editors and experts that vet software, use them before you download something. Finally, when you no longer use an app, remove it.

  • Backup your data. Device failure, human error and malware such as ransomware can be devasting if critical data is lost forever. A good, secure backup can be the difference between disaster and recovery. Be sure to consider the sensitivity of any data you backup and secure it appropriately with strong passwords, MFA and encryption. There are many excellent low-cost options, here’s a good starting point: https://www.pcmag.com/roundup/226992/the-best-online-backup-services.

  • Don’t forget your mobile devices! Everything above applies here are well. You should use a strong, unique password and enable encryption. Don’t install any apps you don’t need and limit sensitive data on your devices when possible. Enable remote wipe so that if the device is lost or stolen, you can erase it.

  • Consider Identity Theft protection and regularly scan the Dark Web to see if your credentials (user name and password) have been breached. You can use https://haveibeenpwned.com/ to check your credentials.

  • Be skeptical. Take a zero-trust stance and remember, just because you’re paranoid doesn’t mean that they’re not out to get you. They are! The IRS, the FBI and your bank don’t need your password and won’t ask you to pay in gift cards. Many attacks are delivered via Phishing and these attacks are becoming increasingly sophisticated and realistic. Think twice before you click a link in an email, text message, instant message, on social media or even in a voicemail. This is especially true for anything you did not expect. When in doubt, reach out to the organization in question by calling them on the phone or going to their website from information that you lookup, NOT by using any links or information in the message.

  • Stay educated. The bad guys are constantly coming up with new attacks and you must remain vigilant. Here are some excellent resources to help you understand the fast-changing cybersecurity landscape:

A layered approach to security is critical so that the Black Hats can’t simply circumvent any single defensive mechanism. While the list above is not exhaustive, for a small cost and a little work, you will make yourself a very hard target and most bad guys will move along to the next soft target they find.  Stay safe our there and follow me on Twitter where I share a steady stream of relevant and timely cybersecurity information that will help you stay safe.

Dave Hatter is a cybersecurity consultant at Intrust IT and an adjunct instructor at Cincinnati State. He is also the mayor of Ft. Wright.

Source link

The post #nationalcybersecuritymonth | Op-Ed: Cybersecurity is Not Just for IT Professionals Anymore appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#deepweb | From climate mysteries to dead zones, an evolving computer model tackles Puget Sound’s eco-riddles – GeekWire

Source: National Cyber Security – Produced By Gregory Evans

The local population of Puget Sound orcas is in decline, having dropped to 73 animals. A computer model built by Pacific Northwest National Laboratory is helping scientists studying industrial pollutants, one of the key threats to the killer whales’ survival. (NOAA Photo)

Puget Sound — Washington’s inland sea — is a mysterious place. It’s the southern-most fjord in the lower 48 states. It’s fed by rivers that create shallow, mucky tideflats. In other spots it plunges more than 900 feet deep, giving it oceanic traits, but it doesn’t flow freely in and out of the Pacific Ocean. The main entrance and exit into the Sound is relatively narrow and shallow, creating a sort of bathtub that curtails the exchange of seawater and wildlife.

The Sound is facing serious challenges. The beloved local orcas are in alarming decline, the human population and its polluting cars, roadways and buildings is growing, and the damaging effects of climate change loom large.

PNNL program manager Tarang Khangaonkar explains his research into the effects of climate change on Puget Sound. (GeekWire Photo / Lisa Stiffler)

But scientists are employing a sophisticated computer modeling tool to unravel some of the Puget Sound’s complex puzzles and trigger actions that can help safeguard the iconic Northwest waterway.

“We now are in a position where you can address some really important questions in Puget Sound,” said Joel Baker, director of the University of Washington’s Puget Sound Institute.

One of the more surprising and hopeful results comes from a recently published study on climate change. It predicts that the Sound could in many ways fare a bit better than the Pacific Ocean when considering the damaging effects of a warmer world.

The Salish Sea Model was built by scientists at the Seattle office of the Pacific Northwest National Laboratory (PNNL), part of the U.S. Department of Energy. PNNL program manager Tarang Khangaonkar launched the project in 2008 in partnership with the state Department of Ecology. Their goal was to create a model that’s widely useful and built in a collaborative, transparent process.

Scientists can use the model to test theories about how chemicals and creatures move through Puget Sound, tweaking different inputs to understand past and future events. The model has been used to find conditions favorable for native sixgill sharks, guide restoration in the Stillaguamish River delta, and study oyster reproduction.

 We now are in a position where you can address some really important questions in Puget Sound.

Initial work started with a broad riddle. In recent decades, people have observed regularly occurring fish die-offs in Puget Sound. When an event strikes, dead fish litter the beaches, crabs and normally solitary rockfish cluster near shore, and scuba divers report “panting” wolf eels trying to capture enough air with their gills. Scientists knew the cause of death — the level of oxygen in the water was dropping to lethal levels — but the pattern of places experiencing “hypoxia,” or low oxygen, was puzzling.

When scientists tried to understand why some areas were harder hit with the dead zones, Khangaonkar said, “nobody could figure out why.”

Searching for the cause of suffocation

The model encompasses what’s known as the Salish Sea, which spans Puget Sound, the San Juan Islands, a strait running to the northwest tip of Washington and the waters off the east side of Vancouver Island. The researchers also included a stretch of offshore water that extends south along the Washington Coast, past the mouth of the Columbia River.

Early runs of the model could create low-oxygen conditions, but the hypoxia was everywhere, not just the observed hot spots in Hood Canal and other specific inlets and coves. The model included layers of data from multiple sources to create the tides, currents, weather, underwater geographic features, shorelines, water temperature, pH, and salinity. Ecology provided data on nutrients that flowed into Puget Sound from 99 sewage treatment plants, industrial outfalls and other points, plus 161 streams emptying into the sea.

The Salish Sea Model covers all of Puget Sound and waters stretching to the north end of Vancouver Island and past the mouth of the Columbia River. (PNNL Graphic)

But even with all of that information, the Salish Sea Model couldn’t recreate past conditions of hypoxia. Then researchers added data on the muddy, sandy bottom of Puget Sound. The model worked, revealing a key driver of hypoxia.

“Unless you take into account everything,” Khangaonkar said, “it’s not possible to guess at the reason.”

The scientists figured out that algae were reproducing in great blooms that eventually died, sank, and rotted in the sediment at the bottom of the sea. The decaying plants pulled oxygen out of the water. The result wasn’t necessarily intuitive at first. While alive, the algae released oxygen, as plants do, so they weren’t an obvious culprit for hypoxia.

That conclusion “led to quite a bit of debate,” Khangaonkar said.

But it also helped researchers think more strategically about which pollution sources need to be curbed to prevent them from essentially fertilizing the algae with nutrients. That includes sewage treatment plants, leaking shoreline septic systems, and lawn chemicals. The model highlighted the fact that Puget Sound is not well flushed by water from the ocean, trapping and recycling pollutants in the inland sea.

Officials with Ecology are using these results to update pollution regulations based on scientific research.

A red-orange algae bloom in Edmonds, Wash. in 2013. (Washington State Department of Ecology, photo submitted by Jeri Cusimano)

“This model is not a black box,” said Cristiana Figueroa-Kaminsky, a pollution and modeling manager for Ecology.

It’s based on open-source code with input from numerous agencies and academic institutions, she said.

The UW’s Baker agreed that it’s a robust model, and added that the university also has the LiveOcean model that can make limited forecasts addressing different issues in the Sound and Pacific.

“They’re as good as any models in the world,” Baker said.

‘Without the numbers you fear’

With the success of the oxygen-level work, Khangaonkar and his team were ready to tackle a bigger question: What will happen to Puget Sound as the planet keeps warming?

The researchers decided to gaze decades ahead to 2095. They added information from a national model and ran the simulation using a trajectory that assumes humankind follows a worst-case scenario path and does little to reduce global warming pollution.

Again, the model generated some surprising predictions.

Using PNNL’s Salish Sea Model, scientists ran projections for the local impacts of climate change by 2095. While waters are generally warmer, the average surface temperatures in Puget Sound are expected to warm less than the Pacific Ocean (top images). But more shallow areas, such as the mouth of the Snohomish River (lower images), will warm more dramatically. RCP 8.5 refers to the scenario used in the model, which simulates a worst-case scenario for warming. (PNNL Graphic)

Puget Sound’s water conditions are greatly impacted by the melting snowpack of surrounding mountains. That water flows from rivers, flushing the inland sea. Warmer weather is shrinking the annual snowpack and reducing its spring and summer runoff. Experts feared that the circulation of the Sound will be disrupted.

“If in the future the flushing strength were to go down, it would lead to catastrophic failure of our ecosystem,” Khangaonkar said.

Because Puget Sound is a relatively small body of water, one might expect it would fare worse than the Pacific Ocean. But the model, pulling together effects of sea level rise, changes in salinity and other factors, predicted a future where the water in Puget Sound’s deep basins would continue circulating, churning the water. That would keep it cooler, less acidic and more oxygenated than the Pacific.

“Climate change brings in a lot of counterintuitive findings,” Baker said. Flooding, however, is another concern.

Khangaonkar and his team published their climate change results in May in a scientific journal.

“Without the numbers you fear… what is it going do to us?” he said. The model gives a glimpse. “Rather than speculate, you can just run it out and get the answer.”

Solving a toxic riddle

For roughly two decades, scientists Jim West and Sandie O’Neill have been sampling Puget Sound wildlife, tracking the amount of pollution they carry. A main focus has been PCBs, a family of long-lasting industrial chemicals banned 40 years ago. Since then, millions of dollars have been spent scrubbing them from Puget Sound.

And yet they’re still here.

PCBs, or polychlorinated biphenyls, show up in resident wildlife, including Pacific herring, Chinook salmon, harbor seals and orcas. What’s particularly weird about the PCBs is that their levels are holding steady or even increasing in some marine creatures, while other pollutants are declining. Although the concentrations of the PCBs in the sediment and water are so low they’re sometimes undetectable, they’re much higher in the fish, seals and whales. The math doesn’t add up.

“Something is happening where the PCBs are getting into the environment and an awful lot of them are ending up in the pelagic [or marine] food web,” said O’Neill, who works with West at the Washington Department of Fish and Wildlife.

Researchers collecting samples for research on the levels of pollutants in Puget Sound fish. (Washington Department of Fish and Wildlife Photo)

The chemicals can disrupt the growth of Chinook salmon, the local orcas’ favorite food, and are believed to threaten the killer whales directly by harming their immune systems and ability to reproduce.

One of the main theories of how toxics get into the marine food web is that chemicals settle into the sediment, get consumed by microscopic organisms, and move their way up the food chain.

But it seems that something else is happening in Puget Sound.

It appears that upland sources of PCBs found in sources such as industrial caulk, electrical transformers, and contaminated soils are still being washed into the sea. West and O’Neill suspect that some of the PCBs are getting sucked into the food chain straight from the water before they even settle into the mud.

There are a couple of ways the PCBs could move from the open water into marine life. The chemicals are lipophilic, meaning they love to stick to fats, which includes the outside of bacteria and algae. The PCBs can also get sucked up by microscopic zooplankton floating in the water column.

Washington Department of Fish and Wildlife researchers Stefanie Karney (left) and Laurie Niewolny processing juvenile Chinook salmon at the department’s Marine Resources Laboratory in Olympia, Wash. (Dept. of Fish and Wildlife Photo)

As those tiny organisms are eaten by small fish that are eaten by bigger fish that are eaten by marine mammals, the PCBs move through the food chain to larger predators. Their levels build as the toxics are stored in body fat, and mothers can pass PCBs to their babies through their milk. When the animals die and decay, the PCBs are recycled back into the food chain via smaller creatures.

While the hypothesis makes sense, scientists need more data to prove it. They’re eager to pinpoint the pollution sources and pathways of movement in order to close the PCB tap. And for local orcas, whose population has sunk from highs in the 200s to just 73 animals, time is running out.

When Khangaonkar suggested a collaboration, West and O’Neill jumped at the chance. They now have results for the first phase of their research, which included work with UW scientists, and are starting another study correlating the model with pollutants in plankton.

The Salish Sea Model has the potential to “inform us about where the PCBs are coming into the food web, then you can do something about them,” O’Neill said. It could identify hot spots for cleanup that could most benefit marine life. “You can’t clean up the whole of the Puget Sound basin,” she added. “It’s too much.”

It’s just the kind of project that Khangaonkar gets excited about.

“We have developed this [model] for everybody to be able to use,” he said. “And when folks are interested in using it, there is a strong commitment to actually work with them and make it happen.”

Editor’s Note: Funding for GeekWire’s Impact Series is provided by the Singh Family Foundation in support of public service journalism. GeekWire editors and reporters operate independently and maintain full editorial control over the content.

Source link
——————————————————————————————————

The post #deepweb | <p> From climate mysteries to dead zones, an evolving computer model tackles Puget Sound’s eco-riddles – GeekWire <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig

Source: National Cyber Security – Produced By Gregory Evans

rConfig network configuration management vulnerability

If you’re using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you.

A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow unauthenticated remote attackers to compromise targeted servers.

Written in native PHP, rConfig is a free, open source network device configuration management utility that allows network engineers to configure and take frequent configuration snapshots of their network devices.

According to the project website, rConfig is being used to manage more than 3.3 million network devices, including switches, routers, firewalls, load-balancer, WAN optimizers.

What’s more worrisome? Both vulnerabilities affect all versions of rConfig, including the latest rConfig version 3.9.2, with no security patch available at the time of writing.

Discovered by Mohammad Askar, each flaw resides in a separate file of rConfig—one, tracked as CVE-2019-16662, can be exploited remotely without requiring pre-authentication, while the other, tracked as CVE-2019-16663, requires authentication before its exploitation.

  • Unauthenticated RCE (CVE-2019-16662) in ajaxServerSettingsChk.php
  • Authenticated RCE (CVE-2019-16663) in search.crud.php

In both cases, to exploit the flaw, all an attacker needs to do is access the vulnerable files with a malformed GET parameter designed to execute malicious OS commands on the targeted server.

rConfig vulnerability

As shown in the screenshots shared by the researcher, the PoC exploits allow attackers to get a remote shell from the victim’s server, enabling them to run any arbitrary command on the compromised server with the same privileges as of the web application.

Meanwhile, another independent security researcher analysed the flaws and discovered that the second RCE vulnerability could also be exploited without requiring authentication in rConfig versions prior to version 3.6.0.

“After reviewing rConfig’s source code, however, I found out that not only rConfig 3.9.2 has those vulnerabilities but also all versions of it. Furthermore, CVE-2019-16663, the post-auth RCE can be exploited without authentication for all versions before rConfig 3.6.0,” said the researcher, who goes by online alias Sudoka.

Askar responsibly reported both vulnerabilities to the rConfig project maintainers almost a month back and then recently decided to release details and PoC publicly after the maintainers failed to acknowledge or respond to his findings.

If you are using rConfig, you are recommended to temporarily remove it from your server until security patches arrive.

The Original Source Of This Story: Source link

The post Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#deepweb | ‘Britain’s FBI’ set for huge new powers to foil County Lines drug gangs

Source: National Cyber Security – Produced By Gregory Evans

Ministers are planning to give a huge budget boost and sweeping new powers to ‘Britain’s FBI’ to combat the growing threat of online paedophile rings, people traffickers and County Lines drugs gangs.

It comes as the National Crime Agency reveals the frightening scale of organised crime in the UK.

In an interview with The Mail on Sunday, Lynne Owens, director general of the NCA, said her gangbusters ‘need more capability’ to fight soaring levels of organised and increasingly sophisticated crime.

She pointed out that while it was understandable that terrorist threats dominate the headlines, it was ‘chronic and corrosive’ organised crime that ‘kills more citizens every year than war, terrorism and natural disaster combined’.

According to NCA intelligence, a staggering 181,000 criminals – the equivalent of the entire population of Ipswich – are members of the 4,500 organised crime groups that span the length and breadth of Britain.

The NCA, or ‘Britain’s FBI’, can be seen here in action. According to NCA intelligence, a staggering 181,000 criminals – the equivalent of the entire population of Ipswich – are members of the 4,500 organised crime groups that span the length and breadth of Britain

Lynne Owens, Director General of the National Crime Agency, speaking at the talk on crime and security after Brexit, October 30. In an interview with The Mail on Sunday, Lynne Owens, director general of the NCA, said her gangbusters ‘need more capability’ to fight soaring levels of organised and increasingly sophisticated crime

Lynne Owens, Director General of the National Crime Agency, speaking at the talk on crime and security after Brexit, October 30. In an interview with The Mail on Sunday, Lynne Owens, director general of the NCA, said her gangbusters ‘need more capability’ to fight soaring levels of organised and increasingly sophisticated crime

Between them, the gangs bring misery to millions and cost the UK economy at least £37 billion a year.

In response to the threat, Sir Craig Mackey, a former deputy commissioner of the Metropolitan Police, has been asked by the Government to lead a detailed review of the NCA, what new powers it needs and what laws need to change to make it more effective.

On a tour of the NCA’s London HQ last week, Security Minister Brandon Lewis said the review would focus on ‘making sure that these guys have got the tools they need for a change in criminal behaviour. We must make criminals afraid of operating in this country.’

It is understood that the plans, which would fundamentally change how the war on organised crime is fought, include:

  • Streamlining a number of existing crime-fighting organisations and bringing them under the control of the NCA;
  • Substantially increasing the agency’s budget to fund a ‘new phase of growth’ including extra personnel and new technology;
  • Reforming how fraud is investigated, with the NCA taking on work currently assigned to local forces;
  • Introducing new legislation and reforming the Computer Misuse and Theft Acts so they are ‘fit for purpose in the modern age’;
  • Revisiting plans to regulate tech giants and social media firms which Ministers and crimefighters think are still doing too little to fight online paedophiles.

Despite the NCA helping to protect 10,000 children, seizing 2,700 firearms and taking 430 tons of cocaine off the streets since 2015, Ms Owens hinted that the current structure of policing risked giving crimelords the upper hand. ‘Our statutory responsibility is to lead the UK fight against serious and organised crime, yet the response is devolved to at least 43 police forces, Border Force and Immigration enforcement, all of whom operate through different government structures,’ she said.

Sir Craig Mackey, pictured receiving Investiture, a former deputy commissioner of the Metropolitan Police, has been asked by the Government to lead a detailed review of the NCA, what new powers it needs and what laws need to change to make it more effective.

Sir Craig Mackey, pictured receiving Investiture, a former deputy commissioner of the Metropolitan Police, has been asked by the Government to lead a detailed review of the NCA, what new powers it needs and what laws need to change to make it more effective.

‘What capabilities do we need that already exist but are disparate across the 43 forces? Is there a different way of structuring that?’

In addition to paedophiles, drug dealers and traffickers, the NCA is planning to focus on the growing levels of fraud carried out by teams of increasingly sophisticated domestic and foreign scamsters. ‘If you’re an old person whose life savings have been extorted, you don’t get that response and actually that’s just not good enough,’ she said. ‘So we’ve got to find a way to having live-time responses to all of the most serious offences.’

Mr Lewis added: ‘If someone takes away the last £10,000 of savings from a pensioner, that has as much impact on them as some crimes we think of as being more powerful.’

Echoing concerns about a lack of cohesion, he added: ‘There’s the Fraud Office, the City of London Police, every single police force across the country.

‘Each needs to have a fraud squad because they all have residents involved in that, but are we co-ordinating that in the best way, particularly with technology moving and changing how fraud is committed?’

The NCA, which launched in 2013 and currently employs about 4,400 staff, also want changes to legislation which, argued Ms Owens, has failed to keep up with technology.

‘The Computer Misuse Act went through Parliament at a time when cyber wasn’t the tool that it now is to enable all sorts of crimes like fraud,’ she said. As an example, under the Theft Act, data can’t be stolen so there are some places where you probably would want it to look quite different.’

Conservative Party Chairman Brandon Lewis

Conservative Party Chairman Brandon Lewis

The Mackey Review is due in February, but both Mr Lewis and Ms Owens made clear they want more support from technology giants such as Facebook and Google. ‘I don’t think it’s acceptable that all the industry does at the moment is say, “We’ve identified an image of a child being abused.” [They] have a much bigger social responsibility to prevent harm,’ said Ms Owens, who called in May for the NCA’s budget to be more than doubled from the current £424 million a year to £1.1 billion.

‘We wouldn’t accept people designing cars without locks, but for some reason we accept technology companies designing these systems.

‘They spend millions every year on research and development and artificial intelligence tools so they know who to target their adverts at to make a profit. We think a proportion of that should be preventing offending in the first place.’

Mr Lewis added: ‘You wouldn’t dream of a newspaper publisher ever having the ability to say, “I don’t care what an advertiser puts in my magazine or newspaper, it’s going into the public domain.” ’

———————————————————————————————————————

Office heroes battling the gangs and abusers 

Amid the constant clatter of trains, visitors to an unassuming office block near Vauxhall Station in South London arrive at a sparse reception area before passing rows of staff at computers.

NCA director general Lynne Owens said: ‘Technology has many great benefits, but one of the disbenefits is that we used to be taught that victims and offenders were in close geographical proximity, and they absolutely don’t have to be any more. We have many cases of offenders live-streaming and giving instructions’

NCA director general Lynne Owens said: ‘Technology has many great benefits, but one of the disbenefits is that we used to be taught that victims and offenders were in close geographical proximity, and they absolutely don’t have to be any more. We have many cases of offenders live-streaming and giving instructions’

It could be just a call centre, but on the screens the nature of the crimefighting work being done becomes apparent. In one wing, staff compile intelligence on so-called County Lines gangs that use children to distribute cocaine and heroin from cities to provincial towns. In another, workers watch depraved images of sexual abuse to trap predators.

For the latter – part of the Child Exploitation and Online Protection Command team – the content is so disturbing they must take a break every three hours, and counsellors are on hand 24/7.

With an estimated 88,000 active UK paedophiles, the task of bringing them to justice is vast. In one recent case, NCA experts had to trawl 2.2 million images. Each must be logged in the hunt for the perpetrators and to identify victims. NCA IT experts face a constant battle to keep up with sophisticated encryption software.

There is a reward for the hard work. Last year, 552 victims were identified and 700 children brought to safety due to the NCA’s work. 

The NCA scored a greater victory last month when it led a multi-national force to smash a group called ‘Welcome To Video’ which hosted 250,000 child-abuse videos on the dark web. It led to the arrests of 337 suspected paedophiles in 38 countries.

Individuals are pursued as aggressively as gangs. Earlier this year, a team at the NCA brought paedophile Tashan Gallagher to justice by matching trainers he wore when abusing children for videos uploaded to a Russian messaging app to those he was wearing on his Instagram account. Gallagher was jailed for 15 years for the rape of a six-month-old girl and assault of a two-year-old boy.

NCA director general Lynne Owens said: ‘Technology has many great benefits, but one of the disbenefits is that we used to be taught that victims and offenders were in close geographical proximity, and they absolutely don’t have to be any more. We have many cases of offenders live-streaming and giving instructions.’

 

 

Source link
——————————————————————————————————

The post #deepweb | <p> ‘Britain’s FBI’ set for huge new powers to foil County Lines drug gangs <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof