President Obama recorded the following video (also available here) promoting National Cyber Security Awareness Month and reminding all Americans of our shared responsibility to keep the ’net safe.
In addition, Janet Napolitano, Secretary of Homeland Security, will be delivering a live webcast tomorrow (Tuesday, Oct. 20, 11 a.m. EDT) on the issue of cyber security and the role that the Department of Homeland Security is playing in this field. The webcast will be available from DHS.gov
Within the past hour, President Obama addressed the nation from the White House to emphasize the importance of cyber security, to announce the release of the administration’s report of its 60-day cyberspace policy review, and to announce the creation of a new White House position, the Coordinator of National Cyber Security.
This represents an enormous step forward in national awareness of the role cyber security in general and malware in particular play in our economy and our physical security. Having the "leader of the free world" describe the threat of botnets and spyware on national television will expand press and citizen interest in this issue.
As important as the threats, though, are the freedoms that the President discussed. He emphasized the importance of preserving both personal privacy and net neutrality while securing our infrastructure. He also pointed out that this will require a collaborative effort amongst individuals, schools, corporations, and governments from the local level through the national level, not just in the U.S., but internationally, as well.
The attention is an important start, but of course execution is the key. Melissa Hathaway, Cybersecurity Chief at the National Security Council, posted some information about the policy review she led, as well as links to the report (PDF) and to the papers that informed the report. Based on a preview of the report that Melissa Hathaway delivered at the Kennedy School last night, I expect the administration is moving in the right direction. I look forward to reading the report, and I encourage others to do so, as well. Meanwhile, it’s up to all of us to work together to build a safer Internet. StopBadware looks forward to playing a role in bringing together the people, the organizations, and the data that make this possible.
Allysa Myers at McAfee blogged about this FBI press release announcing criminal charges against 38 alleged baddies from the U.S. and overseas.
According to the indictment, the Romania-based members of the enterprise obtained thousands of credit and debit card accounts and related personal information by phishing, with more than 1.3 million spam emails sent in one phishing attack. Once directed to a bogus site, victims were then prompted at those sites to enter access device and personal information. The Romanian “suppliers” collected the victims’ information and sent the data to U.S.-based “cashiers” via Internet “chat” messages. The domestic cashiers used hardware called encoders to record the fraudulently obtained information onto the magnetic strips on the back of credit and debit cards, and similar cards such as hotel keys. Cashiers then directed “runners” to test the fraudulent cards by checking balances or withdrawing small amounts of money at ATMs. The cards that were successfully tested, known as “cashable” cards, were used to withdraw money from ATMs or point of sale terminals that the cashiers had determined permitted the highest withdrawal limits. A portion of the proceeds was then wire transferred to the supplier who had provided the access device information.
It’s great to see that the Romanian and U.S. authorities were able to successfully work together to bring down what sounds like a pretty serious criminal enterprise.
The U.S. Federal Trade Commission (FTC) has a quite good educational site, OnGuard Online, with online and print materials for educating consumers about malware, phishing, identity theft, and other online hazards.
They also just released a few entertaining videos that promote the site while explaining the concept of phishing.
Wired has an article about the U.S. government’s lack of a transparent, responsive process for individuals who are on the terrorist watch list to request removal if they are innocent. According to the article, even the process they do have, which only addresses a subset of the people affected, has resolved only half of its cases since February. Others are left confused, with little information about the process or the individual’s current status.
BBC columnist Bill Thompson recently raised questions about the responsiveness of StopBadware’s own review process that helps site owners flagged by Google get their sites removed from Google’s list. He even suggested that perhaps the authorities should be the ones keeping a URL blacklist and managing the appeals process.
Apart from the jurisdictional issues, which Mr. Thompson acknowledges as being a show-stopper, the example set by the U.S. government isn’t exactly an encouraging sign for the future of a government-run blacklist.
At StopBadware, we believe that transparency and responsiveness are key to the success of our efforts. This is why we explain our review process in our FAQ. It’s why anyone who submits a request for review of their site can return to our site at any time while the review is in progress to see its status. And it’s why the average time for a review to be completed is under three days (typically shorter for sites that are, in fact, clean when they are submitted for review and a bit longer for those that are not).
There’s still more to be done, of course. We encourage all security vendors and blacklist providers to offer a transparent and responsive process. We continue to improve our own process and communications to provide the most information as clearly and quickly as possible. And, over the next several months, we’ll be doing even more to involve the community in our efforts.
Meanwhile, millions of users are being protected from badware every day, all without the bureaucracy that often comes with government security efforts.
