[ISN] Interpol's Virus Site Too Fluffy?

From: InfoSec News (isnat_private)
Date: Tue May 15 2001 - 11:16:45 PDT

  • Next message: InfoSec News: "[ISN] Yet another IIS exploit reported"

    By Michelle Delio 
    2:00 a.m. May 15, 2001 PDT 
    Computer viruses are often illegal immigrants of the worst kind,
    e-mailed anarchists that, unbound by international treaties or
    domestic laws, can sneak across borders easily and infect machines
    around the world in a matter of minutes.
    Given the global nature and effect of computer viruses, many experts
    believe that only an international partnership among security
    companies and law enforcement agencies would have any hope of stopping
    the ever-increasing threat of geopolitically disinterested viruses.
    Security experts were excited, therefore, when the international
    police organization, Interpol, announced on Monday that it intended to
    step up its battle against cybercrime with a new section on its
    website offering advice on how to combat computer viruses.
    "Computer viruses are a real threat. Our virus alert section will
    enable all computer users to keep up to date," Interpol's
    Secretary-General Ronald Noble said in a statement released by the
    organization's headquarters in Lyon, France.
    But after reviewing the new security section on Interpol's site, many
    security experts said the agency had simply cobbled together a
    superficial overview of security issues, and had not provided any
    truly useful information to help businesses and governments combat
    viruses or attacks by malicious hackers.
    "The absence of detailed information makes this site like a drop of
    water on a hot stone," said Roland Mueller, CEO of security firm
    Seculab, and chairman of the German Standardization Body on Security
    The computer virus section of Interpol's site is nothing more than a
    non-hyperlinked list containing the names of two viruses that were
    active in April, with equally skimpy entries for previous months.
    There is no information offered on how to detect or protect systems
    from the mentioned viruses, or how to repair systems that have been
    infected -- information that is routinely provided at virtually all
    independent security sites.
    "Simply reporting the names of selected (viruses) is not enough to
    help users lower the risk of infection," said Ken Dunham, a senior
    analyst at security firm AtomicTangerine.
    But some experts felt that the agency's effort should be applauded,
    even if the site isn't as useful as it could be.
    "The fact that agencies such as Interpol are getting involved in
    creating awareness on the latest virus threats shows how seriously
    police agencies today are taking the threat and impact of these
    viruses," said Vincent Weafer, director of security at Symantec's
    Anti-Virus Research Center.
    "The value that (Interpol) has may be more in the creation of
    awareness rather than having the most up-to-date information on the
    latest threat," Weafer said.
    Weafer also said that one of the major challenges with cybercrimes
    like virus creation is that they often transcend international
    boundaries, involving countries where cybercrime laws may, in some
    cases, be nonexistent.
    Weafer said that virus writers often use permissive countries or
    regions as hosts for websites featuring their nasty, downloadable
    creations or propagate their viruses via e-mail addresses from inside
    these permissive countries, thereby avoiding prosecution under the
    stronger cybercrime laws in their home countries.
    "If an agency such as Interpol can aid individual countries to
    strengthen their cyberlaws or help police agencies there understand
    how to detect and capture information related to virus crimes, that
    would be a most effective way to help combat viruses," Weafer said.
    Interpol already collects and distributes information about
    cross-border crimes such as art thefts. It had also recently said it
    will be expanding its international intelligence efforts to include
    cybercrime, focusing specifically on stopping malicious hackers as
    well as virus writers.
    But the Interpol website's information on how to secure networks and
    computers from hack attacks is only slightly more detailed than that
    provided by the site's virus section.
    In a list of frequently asked questions on security, Interpol
    recommends running a firewall to block intrusions by hackers, but
    gives no details on how to select, configure or maintain that
    firewall, beyond cryptically noting that "it is necessary to
    administrate the system every time."
    The FAQs section also answers the question, "What shall I do if a
    hacker is attacking my system right now?" with the rather unhelpful
    advice: "With an Incident Handling System you will be prepared to
    handle the incident."
    "Frankly, the Interpol site looks like someone's class notes after
    attending a weekend workshop on network security," said Kenneth
    Vander, CIO of British security consultancy TechServ.
    "They provide a sketchy outline of what you should do, but absolutely
    no hard information on how to do it," he said. "The whole thing is
    rather a waste, really. At best it might get people to explore
    further, but they haven't provided any links to facilitate that,
    Seculab's Mueller believes the Interpol site is "definitely a step in
    the right direction" but agreed that while the site does a good job of
    telling companies what to do, it does not tell them how to do it.
    Mueller also noted that some of the information provided on the site
    reflects the "highly politicized nature" of discussions on Internet
    "There's a lot of political maneuvering in their discussions on
    cryptography and privacy, for example," Mueller said. "These subjects
    are more politically charged and divisive than the site's discussions
    on child pornography or trafficking in human beings."
    Vander said it was a pity Interpol had not provided more in-depth
    information on security, because despite the political issues that
    arise in any international effort, he felt Interpol is "perfectly
    positioned" to help governments and business deal with cybercrime.
    Interpol was established in 1917, and now includes representatives
    from 178 nations. Only 15 of those countries currently have laws in
    place that criminalize malicious hacking or the spreading of
    destructive viruses.
    Some security experts said the only effective plan to combat viruses
    would require the full cooperation of private industry and government
    "It would be great if Interpol, or a similar agency, could act as a
    unified one-stop global center for distributing real-time alerts on
    security issues and viruses," said Vander.
    Alex Shipp, chief antivirus technologist at security firm MessageLabs,
    agreed with Vander. He said that MessageLabs and a few other antiviral
    companies already have technology that provides real-time information
    on virus threats, but no way to quickly communicate that information
    to law enforcement.
    "We look forward to working with agencies that are committed to
    stopping cybercrime," Shipp said. "We can do the legwork of
    information identification, from viruses to spam, but the last step in
    crime fighting must be done by the long arm of the law."
    Interpol did not respond to a request for comment on the agency's
    future plans for the computer security section of its website.
    But Dave Kroll, director of security research at security software
    firm Finjan, said his company has been asked to work with Interpol to
    expand their website.
    Finjan's suggestions to Interpol, according to Kroll, will include
    offering more detailed information about viruses, including real-time
    security alerts.
    "(Interpol) has been very responsive to our comments and are
    interested in adding as much breadth and depth to their site as
    possible," Kroll said. "Stay tuned, because I think we'll see good
    things from Interpol soon."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed May 16 2001 - 00:45:00 PDT