http://www.bangkokpost.com/Database/16Nov2005_data83.php DON SAMBANDARAKSA 16 November 2005 Thai law still does not recognise the ``stealing'' of data, allowing cyber criminals go unpunished when caught, according to Rom Hiranpruk, assistant president of the National Science and Technology Development Agency (NSTDA). He also noted that it was a misconception that most cybercrime is carried out by someone on the outside attacking an organisation's systems. In fact, two-thirds of security incidents come from internal sources, he said. Dr Rom was speaking at a press event to announce the 5th Annual Cyber Defence Initiative Conference 2005 (CDIC 2005), which will be held at the Bangkok Convention Centre, Sofitel Central Ladprao on 23-24 November. The event is jointly hosted by Software Park Thailand, the National Intelligence Agency, the Thai Webmaster Association and security specialists ACIS Professional Centre. Dr Rom used the example of a high-profile case a few years back regarding TrueType fonts, which was only accepted by the courts at all because TrueType fonts have some programming logic in them. This was deemed by the courts as being a computer program _ something which was protected by law. He also said that Thailand was sorely lacking in a national security infrastructure, most notably a certificate authority (CA) for digital signatures. Without the passage of cyber laws, there is no business case for any commercial CA operators. Without CAs, banks and financial institutions that should now be relying on digital signatures will not be able to expand or interact with confidence. Mr Somya Patanaworapan from the National Intelligence Agency told the media that information warfare was now a major threat to the stability of the country. Misinformation from organizations such as PULO had to be filtered out to protect the public, he claimed. ``The only way to control them is to keep tabs on their leaders,'' Somya explained, noting that when you close down one web site another derivative will pop up. For instance, the latest variant of PULO is the Pattana-Malayu Human Rights Organization (PMHRO), which tries to conceal damaging separatist talk amid human rights rhetoric. Somya said that the Internet was only one small channel of disseminating information _ PMHRO regularly distributes video CDs throughout the south to spread its message. Meanwhile, Police Colonel Yanaphon Youngyuen, director of the Department of Special Investigation's Hi-Tech Crime Bureau, also noted that most crime was in fact internal, and that there were few laws in place to prosecute. He also explained how real cyber-crime was quite different from the popularised image of the ``hacker geek'' stereotype. A lot of cyber crime dealt in information _ pimping, girlfriend-for-rent and spam spoofing _ or where a competitor sends out commercials in a rival's name so that their email is eventually blacklisted. Yanaphon spoke of one case where an engineer moved from Orange to DTAC and then to AIS, leaving back doors in the computer systems as he moved. The person then used this to gather insider information for project bidding. Prinya Hom-Anek, from ACIS, a leading local security consultant and trainer, said that there was a growing need to keep information as forensic evidence due to the passage of the Sarbanes-Oxley Act in the US. Any company dealing with US partners automatically needs to comply. All four experts will be speaking at the two-day CDIC 2005. Details: www.acisonline.net/cdic2005 _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Tue Nov 15 2005 - 23:49:17 PST