– The event, organized by Panda Security in Madrid, was attended by over 200 people and streamed live.  Internet users worldwide could also participate through Twitter

– The speakers highlighted the need to raise awareness of the dangers posed by cyber-attacks and took a look at cyber-crime regulation 

– According to Brian Krebs, investigative journalist and cyber-crime expert, “Cyber-crime is becoming more and more similar to drug trafficking. We could talk of organized cyber-crime cartels”
 

The 2nd Security Blogger Summit held in Madrid last Thursday took a look at Internet mafias and the risks that Internet users are exposed to. A discussion was also held regarding the need to implement law enforcement measures to stop computer criminals from acting with impunity. 

This year’s event was attended by over 200 experts and technology bloggers. Also, Internet users around the world could follow the conference live via the Internet and send their questions and comments from Twitter. The Security Blogger Summit brought together several well-known bloggers and cyber-crime investigative journalists like Brian Krebs and Joseph Menn, who pointed out the huge amounts of money moved by these criminal groups and the challenges faced by governments to stop them.

According to Brian Krebs, “Cyber-crime is becoming more and more similar to drug trafficking.
These organizations are exclusively motivated by money and operate using pyramidal structures. Each group within the organization has its own responsibilities: some develop malware, others identify banks to attack, and finally some others spread the malicious code.”Josehp Menn added, “There are many legal obstacles that make stopping these groups incredibly hard. If you are a hacker and operate in a country other than your own, it is very difficult to arrest you”. 

The following participants attended the roundtable discussion: Brian Krebs  and Joseph Menn, Kurt Wismer (renowned security opinion leader who comments on the cyber-crime situation and its effect on users in his blog anti-virus-rants.blogspot.com), Macerlo Rivero (researcher and author of www.infospyware.com), John Leyden (cyber-crime columnist for The Register), Yago Jesús (blogger and author of www.securitybydefault.com), Marc Cortés (marketing and communication expert and author of www.interactividad.org), Alejandro Suárez (one of the most influential Internet bloggers in the Networks SL blogging network), Javier Sanz (author of www.adslzone.net and expert in new technologies) and Paloma Llaneza (AEDEL lawyer and member of Spain’s National Cyber-Security Advisory Council).  

Unpunished crimes

Today, 95% of malware is aimed at stealing passwords, which makes users who handle valuable information potential targets for cyber-criminals. Speakers at the summit expressed their concern about this and the easy way in which malware is distributed as well as the difficulty to apprehend those responsible.

Participants also mentioned Eastern Europe and China as the main sources of malware, and commented on governments’ lack of action to fight this threat. “Apart from the difficulty of arresting a hacker for illegal activities carried out outside of a country’s jurisdiction, there is the problem of actually making sure that a hacker’s virtual identity actually corresponds to that of the detainee”, explained Paloma Llaneza, lawyer and member of Spain’s National Cyber-Security Advisory Council.

Participants also commented on the speed of cyber-attacks and the lack of resources from authorities to stop them. “The law is always one step behind cyber-crooks and this prevents authorities from acting more swiftly”, explained Yago Jesús. “The problem is no longer what happens in other countries. In Spain for example there is an alarming lack of resources to act effectively”. Joseph Menn indicated that even in countries like the United States there are laws dating back to the 1970s that are no longer capable of stopping present-day Internet attacks.

Education, awareness and legal responsibility

Education and awareness issues were also part of the Summit‘s agenda.  Several participants spoke in favor of using “our common sense”.  “Just as we lock the door after leaving our house or getting out of the car, we should do the same thing with the Internet”, indicated Alejandro Suárez. “We must be aware of what activities can lead to an infection and what cannot. Common sense is necessary to surf the Web”, added Marcelo Rivero.

As for legal responsibility and regulation, the speakers agreed on the difficulty of implementing global laws. “The best thing would be to be able to demand some responsibility from private businesses and public institutions”, said Yago Jesús. According to Brian Krebs, “If we could draw up a blacklist of non-recommended sites or sites with a bad reputation, we could prevent a huge number of attacks and warn users of websites that could infect them”.

Also, Brian Krebs explained the need to demand more responsibility from Internet service providers “If we have laws in the United States that force Internet service providers to shut down Web pages that offer pirate music or video files within 48 hours, there should be similar laws for cyber-crime”. 

Finally, when asked by the audience, the panel talked about security in social networking sites, especially in those aimed at teenagers. “Unfortunately, young people establish a communication channel that parents many times cannot advice them on. We should act on the Internet in exactly the same way as in real life in order to minimize risks”, added Marcelo Rivero.

More information about the 2nd Security Blogger Summit is available at www.securitybloggersummit.com.