By Munir Kotadia
23 May 2006
The head of eBay Australia's IT security has slammed the wider
security community for making it difficult for users to learn about
using the Internet safely, because they sensationalise online crimes
and keep changing the names of potential threats.
Speaking at the AusCERT 2006 conference in the Gold Coast today,
Alistair MacGibbon, Australian director of trust and safety at eBay,
told delegates that Internet-based crimes are no different to crimes
in the real world.
"There is nothing new about the Internet crimes we see and there is
nothing new in the ways we have to fight them," said MacGibbon.
"Hacking is breaking into someone's computer system and tampering with
data or stealing it. Is it any different from so long ago when people
would break into the store room and steal the files of a company?".
MacGibbon said that in the online space there is obviously an issue
with jurisdiction and also what the victim experiences, but
essentially he said they were exactly the same crimes with the same
motivations as in the offline world.
One prime example of what confuses users is the constant name-changing
when it comes to potential threats - such as phishing.
"Phishing is about tricking someone into giving out details online --
like their password or their personal credentials when we know they
shouldn't. Social engineering was about exactly the same thing.
"We have phishing one day, spear phishing the next, deep sea phishing
and puddle phishing. All of them are variations on a theme and none of
them different to the other crime," said MacGibbon.
"We sensationalise those crimes and make it much harder to educate
consumers," he added.
Even without the added hype, fighting crimes and educating the public
on how to go about their business safely is not an easy task, said
MacGibbon, who is a 15 years veteran of the police force and an
ex-director of the Australian High Tech Crime Centre.
As an example, MacGibbon cited murder rates, of which he said
criminologists spend years trying to collect accurate data so it can
be analysed and checked for trends.
"Even with something as simple as counting murders we have spent years
trying to do it. Why? Because the definition in the legislation is
different. The definition in the forms that get ticked in the various
agencies are different. So our ability to count that crime in the
offline space is difficult," said MacGibbon.
Munir Kotadia travelled to the Gold Coast as a guest of AusCERT.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.