Blog in Retrospect

For my blog this semester I intended to stick to a basic pattern of providing relevant information to any interested persons based on what I was learning in class.  I wanted to try and relate the lessons throughout the chapters to scenarios and discussion that the average person could understand.  I didn’t necessarily achieve this week to week in my opinion, but I think I did an acceptable job.  As I look backwards at my postings I see that towards the latter half of the semester I was definitely using my blog to educate myself on the weekly topics with real world examples.  This type of research was very helpful to me in understanding many of the lessons.  Researching different sources each week to gain a different point of view broadened my understanding of each topic.

I made an attempt to use a different source each week, and I was successful in doing that.  I actively sought out different opinions each week, sometimes they made the blog, but most of the time they went into my favorites to be referenced later down the road.  I do wish I could have spent more time with the blog, it was generally the last thing I did each week and it served to bring it all together for me.   I think with a little more care and feeding this type of blog could really be useful to provide lessons learned to future students.  Taking the information learned in the lessons and text book and relating them to current cyber events could be invaluable in tying the concepts in InfoSec to the real world applications.

Who to call for cybercrime

After discussing and researching laws pertaining to cyber crime this week I wanted to dive a little deeper on what an individual can do to get help if they are victims of a cyber crime.  Banks and financial companies are generally able to return money to individuals rather quickly, but as for prosecuting the perpetrators, this is a much tougher process.    Thankfully I have never been victimized, but I know those who have and have seen their fruitless efforts to contact the local and federal law enforcement agencies.  The local police are not trained properly, and the perpetrator generally doesn’t live within their jurisdiction.  The federal law enforcement agencies have more capability to catch cyber criminals, but an individual losing money in a scan just isn’t high on their list.  This article from the Huffington Post highlights this scenario quite well.  In the article Mike Sena, president of the National Fusion Center Association, an organization that represents state and local intelligence centers around the country, recalled a case in which a California business was the victim of a cybercrime and lost $40,000. Sena said the theft wasn't great enough for the federal government to take up the investigation, and there was confusion about where to turn at the local level.

Things look pretty bleak for the individual.  If reimbursement of stolen funds doesn’t happen through the financial institution or other service, then there is little hope of seeing restitution through law enforcement.  This is not to say that things aren’t improving, because they are, I just think we are a long ways away from being able to feel confident that cyber crime will be prosecuted at a level close to that or other crimes.  The Secret Service, who I didn’t realize was a key player in combatting cyber crime, is doing positive things to track down cyber criminals and proliferating advanced techniques to local agencies.  From the Electronic Crimes Task Forces homepage”:  While the Secret Service leads this innovative effort, the agency believes in partnerships with strong emphasis on prevention and education, in addition to traditional law enforcement measures. The task forces provide a productive framework and collaborative crime-fighting environment in which the resources of its participants can be combined to effectively and efficiently make a significant impact on electronic crimes.”

I do applaud their efforts here, they seek to establish a solid framework of education and training to help local law enforcement agencies tackle cyber crime.  I think that is the appropriate solution here; establishing more competent agencies at the local level.  If $40,000 isn’t enough to move the football at the federal level, I must have a mechanism to combat this injustice at the local level.

Personal Use Biometrics

I don’t store sensitive personal information on my phone.  If my phone were to be compromised my loss would be the cost of the device plus the time it took to change a few passwords…fairly minimal.  In an increasingly connected world, new technologies are becoming available that change the impact of losing devices such as a smartphone.  The new Apple iPhone leverages Apple Pay, an app that can scan your credit or debit cards and store the information on the phone allowing you to pay using near field communications and a finger print scanner, more can be read here.  This is a neat feature that will almost undoubtedly be used by millions in the coming years, but I suspect the security behind using this feature may not be where it needs to be, and I am not alone.  Frost & Sullivan ICT global program director Jean-Noël Georges issued a statement saying:“

“Due to existing hardware capabilities across devices, most of the growth is expected from facial and voice authentication technologies. While the uptake of biometric technologies will get a boost from the proliferation of new devices with fingerprint authentication capability, their acceptance will be tepid until the market develops more sophisticated and accurate authentication software.”

Mass implementation of biometrics in this fashion is something I am not ready to place my trust in just yet.  I don’t know the false rejection rate, and more importantly, the false acceptance rates of the technology, nor could I find it.  How easily could my fingerprint be spoofed on this device?  Is there a chance I could be locked out of my device due to software problems?  Don’t know the answer to these questions.  There is no way I will be placing my financial information on my phone with the current maturity of personal biometrics.

With all this said, I believe this type of technology is the way of the future for simple transactions and other day to day activities.  The tech will eventually catch up, but I feel becoming an early adopter right now is not worth the risk.