|Heralded industry event brought hundreds of attendees from around the world to engage live via Web stream, Twitter with the top security minds|
Panda Security, the Cloud Security Company, today published event proceedings for its 2nd Annual Security Blogger Summit held in Madrid, Spain last Thursday. The Summit featured a roundtable discussion with ten security experts and bloggers from around the world. Discussion highlights included Internet mafias, the risks they pose to both consumers and businesses, and how law enforcement should be involved to stop cyber-criminals from acting with impunity.
This year’s event was attended by more than 200 security professionals and provided a global forum in which experts could converge to discuss the biggest trends and issues within the security industry. Hundreds more from around the world followed the conference via live Internet streaming and sent their questions and comments through Twitter.
Esteemed roundtable speakers included cyber-crime investigative journalists Brian Krebs (formerly with The Washington Post) and Joseph Menn of The Financial Times. Krebs and Menn detailed the massive amounts of money being moved by these criminal groups and the challenges faced by governments to stop them.
According to Krebs, “Cyber-crime is becoming more and more similar to drug trafficking. These organizations are exclusively motivated by money and operate using pyramid structures. Each group within the organization has its own responsibilities: some develop malware, others identify banks to attack and finally some others spread the malicious code.”
Menn added, “There are many legal obstacles that make stopping these groups incredibly hard. If you are a hacker and operate in a country other than your own, it is very difficult to arrest you.”
Additional roundtable participants included Kurt Wismer (renowned security opinion leader who comments on the cyber-crime situation and its effect on users in his blog anti-virus-rants.blogspot.com); Marcelo Rivero (researcher and author of www.infospyware.com); John Leyden (cyber-crime columnist for The Register); Yago Jesus (blogger and author of www.securitybydefault.com); Marc Cortes (marketing and communication expert and author of www.interactividad.org); Alejandro Suarez (one of the most influential Internet bloggers in the Networks SL blogging network); Javier Sanz (author of www.adslzone.net and expert in new technologies); and Paloma Llaneza (AEDEL lawyer and member of Spain’s National Cyber-Security Advisory Council).
Today, 95 percent of malware is aimed at stealing passwords, which makes users who handle valuable information potential targets for cyber-criminals. Speakers at the Summit expressed their concern about this growing trend and the easy way in which malware is distributed, as well as the difficulty to apprehend those responsible.
Participants also identified Eastern Europe and China as the main sources of malware, and commented on governments’ lack of action to fight this threat. “Apart from the difficulty of arresting a hacker for illegal activities carried out outside of a country’s jurisdiction, there is the problem of actually making sure that a hacker’s virtual identity actually corresponds to that of the detainee,” explained Paloma Llaneza.
Participants also commented on the speed of cyber-attacks and the lack of resources from authorities to stop them. “The law is always one step behind cyber-crooks and this prevents authorities from acting more swiftly,” explained Yago Jesus. “The problem is no longer what happens in other countries. In Spain, for example, there is an alarming lack of resources to act effectively.” Menn indicated that even in countries like the United States there are laws dating back to the 1970s that are no longer capable of stopping present-day Internet attacks.
Education, Awareness and Legal Responsibility
Education and awareness issues were also part of the Summit’s agenda. Several participants spoke in favor of using more common sense. “Just as we lock the door after leaving our house or getting out of the car, we should do the same thing with the Internet,” said Alejandro Suarez. “We must be aware of what activities can lead to an infection and what cannot. Common sense is necessary to surf the Web,” added Marcelo Rivero.
As for legal responsibility and regulation, the speakers agreed on the difficulty of implementing global laws. “The best thing would be to demand some responsibility from private businesses and public institutions,” said Jesus. According to Krebs, “If we could draw up a blacklist of non-recommended sites or sites with a bad reputation, we could prevent a huge number of attacks and warn users of websites that could infect them.”
Krebs explained the need to demand more responsibility from Internet service providers: “If we have laws in the United States that force Internet service providers to shut down Web pages that offer pirated music or video files within 48 hours, there should be similar laws for cyber-crime.”
The panel also addressed security in social networking sites, especially in those aimed at teenagers. “Unfortunately, young people establish a communication channel that parents many times cannot advise them on. We should act on the Internet in exactly the same way as in real life in order to minimize risks,” said Rivero.