A Certain welcome for CERT-UK

CERT-UK was launched yesterday by Francis Maude of the Cabinet Office. It’s the national Computer Emergency Response Team and will take the lead in coordinating the management of national cyber security incidents and will act as the UK central contact point for international counterparts in this field. It will work closely with industry, government and academia to enhance UK cyber resilience.

Whilst this all sound a little esoteric a visit to their website gives a much more practical impression with eg their “Latest Alert” being End of support for Microsoft Windows XP

They list as their four main objectives:

  • The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace
  • The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace
  • The UK to have helped share an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies
  • The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives.

 and their four main responsibilities (which  flow from the UK’s Cyber Security Strategy) as:

  • National Cyber Security Incident Management.
  • Support to Critical National Infrastructure companies to handle cyber security incidents.
  • Promoting cyber security situational awareness across industry, academia, and the public sector.
  • Providing the single international point of contact for co-ordination and collaboration between national CERTs.

The Cyber Security Information Sharing Partnership (CiSP) is also now a part of CERT-UK

 A useful addition to the UK Namespace – for comparison purposes a visit to the US-CERT is worthwhile.

Stay safe on the streets

The Government launched yesterday a timely reminder about security following the results of the spendfest season:

” With more than 11 million internet-enabled devices received as gifts during the Christmas period, Cyber Streetwise will help in the fight against online criminals. People are encouraged to protect themselves and their families online by visiting the website for tips and advice.”

The site is Cyberstreetwise  (dot com rather than .co.uk or .gov which is slightly disappointing) and there is also a collection of 6 admirably short videos (max 41 seconds) with 4 messages. “Findings from the government’s most recent National Cyber Security Consumer Tracker suggest more than half the population are not taking simple actions to protect themselves online.

While 94 per cent of people believe it is their personal responsibility to ensure a safe internet experience, the research highlights:

  • only 44 per cent always install internet security software on new equipment
  • only 37 per cent download updates and patches for personal computers when prompted – falling even further to a fifth (21 per cent) for smartphones and mobile devices
  • less than a third (30 per cent) habitually use complex passwords to protect online accounts
  • 57 per cent do not always check websites are secure before making a purchase”

Well worth a reminder visit.

We’ll leave you with the passwords video which looks to be the most popular!

Chanel v hundreds of domains, (all search engines, and social media sites)

Click to enlargeSome fascinating Court Orders follow a counterfeiting case in Nevada.

Précis – Chanel took action against many domains allegedly advertising and/or promoting and selling Chanel counterfeit branded goods. They proved to the Court partially on a sampling basis  the illegal activities. Per arstechnica the modus operandi was “for the most recent batch of names, Chanel hired a Nevada investigator to order from three of the 228 sites in question. When the orders arrived, they were reviewed by a Chanel official and declared counterfeit. The other 225 sites were seized based on a Chanel anti-counterfeiting specialist browsing the Web.”

The really interesting elements of the court decision were:

  •  the Judge ordered that the domains be transferred to Chanel’s control at GoDaddy – this is the actual order; “(7) The top-level domain (TLD) Registries for the Group II Subject Domain Names, within ten (10) business days of receipt of this Second Temporary Restraining Order shall change the registrar of record for the Group II Subject Domain Names, excepting any such domain names which such Registries have been notified in writing by the Plaintiff have been or will be dismissed from this action, to the United States based Registrar, GoDaddy.com, Inc.”
  •  For all the seized domains a link  to the case was setup detailing the judgement. (Incidentally you can downloads as much of the case as you like and more from this link)
  •  The Judge ordered that ALL search engines & social media sites should de-index the domains – again here’s the text of the actual order “(10) The Group II Subject Domain Names shall immediately be de-indexed and/or removed from any search results pages of all Internet search engines including, but not limited to, Google, Bing, and Yahoo, and all social media websites including, but not limited to, Facebook, Google+, and Twitter until otherwise instructed by this Court or Plaintiff that any such domain name is authorized to be reinstated, at which time it shall be reinstated to its former status within each search engine index from which it was removed”

Well done Chanel – the sheer scale of the counterfeiting is incredible.

Not quite sure how the de-indexing of all the domain names will go!

Probably worth keeping an eye out for further developments!

We, of course, respect & recognise all Chanel trademarks.

The UK’s Cybersecurity strategy

Whilst it’s a bit dry and lengthy for Black Friday we thought we should highlight / provide todays publication by the Government.

We will return to the content at a later stage.

A couple of  frivilous Friday comments are:

  • We prefer  cybersecurity as a single word
  • We prefer forums to fora

The Text of the ministerial statement is as follows:

WRITTEN MINISTERIAL STATEMENT

CABINET OFFICE

25 November 2011

Minister for the Cabinet Office and Paymaster General:  The UK Cyber Security Strategy – Protecting and Promoting the UK in a Digital World
__________________________________________________________________________________________________________________

Francis Maude

I have today published the new Cyber Security Strategy for the United Kingdom. I have placed a copy in the Library.

The growth of the internet has transformed our everyday lives.

But with greater openness, interconnection and dependency comes greater vulnerability. The threat to our national security from cyber attacks is real and growing. Organised criminals, terrorists, hostile states, and ‘hacktivists’ are all seeking to exploit cyber space to their own ends.

This Government has moved swiftly to tackle the growing danger posed by cyber attacks. Our National Security Strategy published last year classed cyber security as one of our top priorities alongside international terrorism, international military crises and natural disasters. To support the implementation of our objectives we have committed new funding of £650m over four years for a transformative National Cyber Security Programme (NCSP) to strengthen the UK’s cyber capabilities.

The new Cyber Security Strategy we have published today sets out how the UK will tackle cyber threats to promote economic growth and to protect our nation’s security and our way of life.

One of our key aims is to make the UK one of the most secure places in the world to do business. Currently, around 6 per cent of the UK’s GDP is enabled by the internet and this is set to grow. But with this opportunity comes greater threats. Online crime including intellectual property theft costs the UK economy billions each year. So we must take steps to preserve this growth, by tackling cyber crime and bolstering our defences, to ensure that confidence in the internet as a way of communicating and transacting remains.

The Government cannot tackle this challenge alone. The private sector – which owns, maintains and creates most of the very spaces we are seeking to defend – has a crucial role to play too. This strategy outlines how we will cement a real and meaningful partnership between the Government and private sector in the fight against cyber attacks, to help improve security, build our reputation as a safe place to do business online, and turn threats into opportunities by fostering a strong UK market in cyber security solutions.

Together with the private sector, we are pioneering a new national cyber security ‘hub’ that will allow the Government and businesses to exchange information on threats and responses. This promises to transform the way we manage cyber attacks and greatly strengthen our security capacity. We will work with the business services sector to raise industry awareness. We will also work with industry to develop private-sector led standards for cyber security that help consumers navigate the market in security products and give firms who are good at security the means to make it a selling point.

The UK is a world leader in cyber security research, development and innovation. GCHQ is the lead in this area and the new strategy aims to capitalise on this through an innovative approach which will explore options with UK industry to harness this expertise and know-how for the benefit of the UK economy.

This strategy also outlines our plans for a new Cyber Crime Unit with the National Crime Agency, to be up and running by 2013. This unit will build on the ground-breaking work of the Metropolitan Police’s eCrime Unit by expanding the deployment of ‘cyber-specials’ giving police forces across the country the necessary skills and experience to handle cyber crimes. We will also ensure that the police use existing powers to ensure that cyber criminals are appropriately sanctioned as well as introducing a new single reporting system to report financially motivated cyber crime through the existing Action Fraud reporting centre.

To defend against significant threats we need to continue the work we are doing to protect and prepare our Critical National Infrastructure. We also need to update our military defence capabilities for a new cyber world; this strategy outlines the creation of a new Joint Cyber Unit hosted by GCHQ which will develop our military capabilities to give the UK a comparative advantage in cyberspace.

We will also strengthen the role of the Centre for Protection of the National Infrastructure to increase its reach to organisations that have not previously been considered as part of
the critical infrastructure thereby augmenting our ability to protect critical systems and intellectual property.

Prevention and education are also crucial. Get Safe Online is a very good example of how government, industry and law enforcement can work together to address this issue and improve the website by early 2012. In addition, we will work with ISPs to seek a new voluntary code of conduct to help people identify if their computers have been compromised and what they can do about it.

Cyber risks are transnational in nature. We will work with other countries to tackle them. Through the London Cyber Conference, hosted by the Foreign Secretary earlier this month, the UK is taking a lead in addressing international discussions on how we can establish a more focused international dialogue to develop principles to guide the behaviour of Governments and others in cyberspace. We will continue to foster this level of international dialogue through various fora and through international cooperation on tackling cyber crime.

This strategy sets out the change that is needed; we now need to work together to deliver it. The Government will update the House in a year’s time on how we are doing.

Was it all about porn?

iPhone 4S

The more observant amongst you yesterday may have noticed that one of the “porn” domains recovered by Apple was in fact simply iPhone4S.com.

So whilst one can imagine that it might annoy Apple that there were several mobile sites that had iPhone as part of their address, it must have been a potential distraction or even  danger to their new flagship product the iPhone4S announcement on 4th October. Imagine the embarrassment  if there was an identically named porn mobile site in operation which got some publicity.

From a little look at some of the history it is clear that the recovery program certainly hotted up in 2011. Of the 96 whois record changes for the domain since its creation on 31 August 2008, 78 occurred this year and during October & November they were occurring on a virtually daily basis.

The domain originally with Moniker as the registrant only changed to one with a Tel Aviv location at the beginning of November by which time we imagine the game was well & truly up!

A cursory look at some of their main product line  registrations seems to reveal that  Apple preregisters/acquires the initial product domain names eg iPod.com  iPhone.com but not necessarily the possible future ones eg iPhone5.com & iPhone6.com link to a forum and are registered to an Australian Privacy Services Pty. iPhone7.com rests in San Marino.

An exception seems to be iPad.com which appears to be under development by its registrant Enero 6 Corp.

So was it all about porn? – not entirely a lot of it was necessarily about the iPhone4S.

 

PS Don’t click the lovely picture above ‘cos will take you to the site where you can acquire it!

PPS A very happy Thanksgiving to all our US visitors.

PPPS Visit our I Commerce Zone to see all those holiday deals

Eight iPhone porn sites & MarkMonitor

It has been reported that Apple recovered, a few days ago, seven eight domains containing iPhone plus pornographic terminology ie of a cybersquatting nature following a complaint made by them to the World Intellectual Property Organization (WIPO).

The seven sites are iphonecamforce.com  iphonecam4s.com iphoneporn4s.com iphonesex4s.com iphonexxxforce.com iphone4s.com porn4iphones.com. Don’t bother searching ‘cos they’ve all been disconnected from their previously, ahem, “interesting” content.

A whois search reveals the predictable MarkMonitor as the registrant. Not only Apple but many other large organisations use their services which got us wondering who they are and why they are so widely used by large organisations.

We nearly used part of their tagline “More than half the Fortune 100 trust ….” As the post title but on balance thought porn would generate a greater number of visitors! Completing their line  “……MarkMonitor to protect their brands online.”

Whilst a scamper round their site reveals that their target market seems to be  organisations with a turnover of greater than $50m there is quite a lot of useful content for the rest of us in their resources section. This ranges from terminology glossaries  through “White papers” (such as Online Brand Protection: A Step-by-Step Guide to Creating a Proactive Strategy)  to case studies newsletters etc etc.

Registration gives access to more goodies and what on a speed read basis seems to be a pretty fascinating Brandjacking Index® Special Edition 2011 on Tablet PCs.

All in all a useful resource for the <$50m turnover companies/organisations.  Oh & they do have their own whois search facility without a captcha!

Update 2.00pm It was eight not seven domains apparently so add sex4iphones.com to the list. It appears as another MarkMonitor registrant on 18 November

 

 

Stay safe on Black Friday & Cyber Monday (& in National Consumer Week)

In a, no doubt timely, reminder of the imminent arrival of Black Friday (25 Nov.) hotly pursued by Manic (or Cyber) Monday (28 Nov) the Met’s Police Central e-Crime Unit (PCeU) have just issued a press release highlighting how they have closed down over 2,000 .co.uk domains who operated illegally by fleecing the general public with bogus goods claiming to be eg Nike, GHD, Tiffany and Ugg.

They also provide the following advice: “

  • Know who you are dealing with – Check manufacturers’ websites to ensure you are buying from an approved and reputable retailer
  •  Be careful how you pay – If the purchase is over £100 consider using a credit card to protect your purchase, buy goods online through secure and encrypted payment systems, don’t be drawn off the site to other forms of payment and consider separate credit cards or accounts for online shopping.
  • Protect your personal details – Don’t give away personal details unnecessarily, don’t ever reveal passwords or PIN numbers.
  • Protect your computer – Ensure you have up-to-date anti-virus software on you computer, use a firewall and update you computer’s software regularly.

Beware of unsolicited or spam email offers.”

On topic-  worth a visit is Getsafeonline for lots of practical advice.

The old & trusted one is also worth reiterating “If it seems too good to be true then it probably is.”

One we’re working on is that if a flashing popup appears claiming “Its really true you’ re the 7 billionth visitor & you qualifty for …………..” then move on to another site!

Take precautions but  Keep clicking!

Update 1.00pm It’s also  National Consumer Week and the Trading Standards people have some additional advice and a poster (with a QR code). Click to enlarge

There’s also allegedly a special Scottish version due imminently. with a medal inscribed Guyde sports dinnae faykit

Update 7.30pm Trading Standards have come up with the following single letter mnemonic or acronym

C Choose your shopping outlets and websites carefully.

H Help yourself. If the deal is too good to be true then it     probably is.

E Ensure you look for authentic branding and holograms.

C Contact the authorities if you are concerned.

K Keep a copy of your order and receipts.

The London Conference on Cyberspace – Conclusion & some quotes

Main links following the Conference are:

The Chair’s (William Hague’s) statement

On demand footage from both days

Latest news

Main website (left sidebar for the most comprehensive menu)

We think there are to be further publications so we will link to them once ascertained.

Not a caption contest but a sort of video contest.  How many times in his presentation did Simon Riggs repeat “Bank of America Merrill Lynch” – in the comments please.

Quotes we rather liked:

William Hague “Government doesn’t own this debate” – “This debate is yours”

Eugene Kaspersky  “C to C & C to B” (that’s criminal of course)

@TalkingMental “No one says cyberspace!”

Certainly the understanding of, and/or the ability to intelligently engage in a discussion on, the internet almost breaks down into those who do/can, and those who don’t/cannot, and clearly age is not the only determinant.

We may return to that one!

The London Conference on Cyberspace 1st-2nd November (Engagement Links & Live stream)

You can follow them on Twitter  http://twitter.com/#!/londoncyber

The hashtag surprisingly is #LondonCyber

How to engage:

Via Twitter:

Tweet your questions in English in advance of the conference, or while it is taking place. Include the hashtag  #LondonCyber for general questions and add one of the following hashtags, corresponding with the relevant theme, so that we can match your question to the right session:
#social, #economic, #crime, #access, #security

Via Facebook:
You can go to the Foreign Secretary’s page on Facebook and ask a question in English there.
If you see a question that has already been asked, you can like it, to help us see what the most popular questions are.

The website is http://www.fco.gov.uk/londoncyber

The conference programme is here http://www.fco.gov.uk/en/global-issues/london-conference-cyberspace/conference-programme

PROGRAMME  -  November 2 (check for updates)

09.00-10.30  Session 4: #LONDONCYBER INTERACTIVE: PROTECTING NATIONAL INFRASTRUCTURE AGAINST CYBER THREATS

 Chair: Robin Niblett, Director, Chatham House

 Speakers to include:

Matthew Kirk, Group External Affairs Director, Vodafone

Erik Akerboom, National Coordinator Counter Terrorism and Security, Netherlands and President Cyber Security Council, Netherlands

Harry van Dorenmalen, Chief Executive Officer Europe, IBM, and member Cyber Security Council, Netherlands

 

10.30-11.00 Break

 

 11.00-13.25  Session 5: OPPORTUNITIES AND CHALLENGES (2)

 IV. Cyber Crime

Chair: James Brokenshire MP, Parliamentary Under Secretary for Crime and Security, Home Office

 Keynote speakers to include:

Scott Charney, Corporate Vice President, Trustworthy Computing Group, Microsoft

Eugene Kaspersky, Chief Executive Officer, Kaspersky Lab

Athalia Molokomme, Attorney General for Botswana

Peter Davies, Chief Executive Officer, Child Exploitation and Online Protection Centre (CEOP)

Hyeon Yu, Cybercrime Investigation Professor, Korea Police Investigation Academy

 

V. Safe and Reliable Access

 Chair: Ed Vaizey, Minister for Culture, Communications and Creative Industries, Department for Culture, Media and Sport

 Keynote speakers to include:

Hamadoun Touré, Secretary General, International Telecommunication Union

Olivia Garfield, Chief Executive Officer, Openreach

Chen Lifang, Senior Corporate Vice President, Huawei

Roger Wilkins, Secretary General, Attorney General’s Department, Government of Australia

Rod Beckstrom, President and Chief Executive Officer, Internet Corporation for Assigned Names and Numbers (ICANN)

 

13.30-14.30  Break – Lunch

 

14.30-14.50  Session 6: SUMMING UP

 Foreign Secretary’s Statement

 15.00-15.30  Press Briefing

 

Live stream one

On Wednesday this stream will cover a Chatham House discussion on the role of private and public sectors, followed by sessions on cyber crime and will finish with the summing up from the chair and press conference.

 

Live stream two

This stream will show video from other events at the #LondonCyber conference including sessions on Internet Freedom, Social benefits of the web and safe and reliable access.

Update 1- Twitter feed in coordinated colours ish added by Live stream

Update 2 – 2 pm Twitter feed moved away from Live streams as its creating interference – apologies if it’s inconvenient but we will have to leave you to your own devices!

Update 3 – William Hague in Summing up statement /  Press Conference  “Government doesn’t own this debate” – “This debate is yours”

The London Conference on Cyberspace 1-2 November (Engagement Links & Live stream)

You can follow them on Twitter  http://twitter.com/#!/londoncyber  The hashtag surprisingly is #LondonCyber

How to engage:

Via Twitter:

Tweet your questions in English in advance of the conference, or while it is taking place. Include the hashtag  #LondonCyber for general questions and add one of the following hashtags, corresponding with the relevant theme, so that we can match your question to the right session:
#social, #economic, #crime, #access, #security

Via Facebook:

You can go to the Foreign Secretary’s page on Facebook and ask a question in English there.
If you see a question that has already been asked, you can like it, to help us see what the most popular questions are.

The website is http://www.fco.gov.uk/londoncyber  The conference programme is here http://www.fco.gov.uk/en/global-issues/london-conference-cyberspace/conference-programme

There’s a live stream which we are putting up below but in our limited experience of watching such streams they are somewhat prone to problems. We would be interested to hear if you have anydifficulties.  In the comments please.

Per the FCO:

LIVE STREAM 1 (stream now available on 2nd November post)

On Tuesday 1 November, this live stream will broadcast a welcome speech (scheduled at 11.40am) from Foreign Secretary William Hague, & all keynote speeches . It covers a session on Economic growth and development.

On Wednesday this stream will cover a Chatham House discussion on the role of private and public sectors, followed by sessions on cyber crime and will finish with the summing up from the chair and press conference.

LIVE STREAM 2 (stream now available on 2nd November post)

This stream will show video from other events at the #LondonCyber conference including sessions on Internet Freedom, Social benefits of the web and safe and reliable access.

 

On the attendance front apparently Hillary Clinton is uanble to attend for personal reasons.

Update 6pm Administratively the stream seemed to work well (with to date no complaints forthcoming). The QEII Conference Centre did OK apart from the simultaneous translation of the Russian Minister for Coms & Mass Medias speech being unfortunately inaudible – as someone pointed out, inexcusable in view of his position, & particularly as he was from the other side!

David Cameron thought the internet was a force for good whereas Joe Biden (delivering Hillary Clinton’s speech as she couldn’t attend for personal family reasons – her mother was taken ill yesterday) reckoned it was neutral.

We thought the commercial/internet speakers in the plenary session outperformed the politicians although William Hague was his usual competent self.

We’ll leave any analysis until after tomorrow’s session.

Were going to put up a separate post for that later tonight or early tomorrow with principal speakers (although this is somewhat dynamic – judging from today’s substitutions) as well as the live streams.