Friday, June 24, 2005

Getting women into top IT posts

The British Computer Society has launched a new group, women@CL, aimed at getting more women into top information technology research posts.
"We aim to shatter the frosted glass ceiling that prevents many women reaching the top of the IT research profession," says campaign director Ursula Martin, computer science professor at London University’s Queen Mary College.

"We call it the frosted glass ceiling because it is not unbreakable but we have historically had difficulty seeing through it.

"Women@CL has been formed to encourage, support, inform and celebrate women who are or plan to work in computing research or academic leadership in industry and academia."



Wednesday, June 22, 2005

Where have all the women gone?

A San Jose Mercury News story, buttressed by statistics from the ITAA, reiterates what many in the field have been saying: Women are leaving (or not joining) the information technology field, and the solutions tried so far are not working.
The percentage of women in information technology has dropped sharply since 1996, according to a report being released today.

Women held 32.4 percent of IT jobs in 2004, down from 41 percent eight years earlier, despite holding steady in the overall workforce. And the percentages of Latinos and African-Americans in IT jobs still lag far behind their representation in the workforce, according to the report by the Information Technology Association of America...

Carolyn Leighton, chair of Women In Technology International, is surprised at the loss of ground.

"IT is such a critical piece of every single industry, every size business," she said. "Normally when there's such a high demand, it motivates people to move into that field."

But there are still persistent barriers, such as the lower enrollment of girls in math and science classes and stereotypes that women are less able at math and science. At Silicon Valley's High Tech U this week, an introductory computer science program for high school students, only eight of the 28 participants are girls...

When it comes to racial diversity, the presence of African-Americans in IT slid from 9.1 percent in 1996 to 8.3 percent in 2004. They held steady in the overall workforce.

The Latino presence increased slightly in both IT and the workforce. But Latinos made up only 6.4 percent of IT workers, compared with 12.9 percent of the workforce.

The reasons may include barriers such as a lack of mentors and role models in corporate management, negative perceptions of IT work as isolating and geeky, and again, the lack of student enrollment in math and science classes...

The report showed that on average IT workers are getting older. The percentage of IT workers 45 and older jumped from 25.3 in 1996 to 35.1 in 2004. It could be that IT employers have come to appreciate the value of more seasoned employees. Or it could be that employees now feel the need to work to a later age.



The Big One: At New Madrid?

A story by CNN points out that West Coasters aren't the only ones in peril from massive earthquakes.
Doomsayers have warned about the Pacific Coast for years. But only a few have raised concerns about an area with the potential to be more dangerous than California -- the New Madrid seismic zone in the center of the country.

It's a 120-mile-long system of three to five faults stretching from 40 miles northwest of Memphis to southern Illinois, near Cairo...

Scientists know little about how the New Madrid seismic zone works, but in the early 19th century, it was the source of the most violent series of earthquakes known in North American history...

Three large quakes happened in the winter of 1811-1812, and strong rumbles hit several times until near the end of the 19th century.

These quakes were felt keenly over more than 2 million square miles -- people in Boston, Massachusetts, felt one or more of the three main quakes, the first of which struck in three shocks on the morning of December 16, 1811.

Two more large shocks struck the area -- on January 23, 1812, and the largest and most devastating of all hit February 7, 1812, destroying the town of New Madrid.

By contrast, the 1906 earthquake in San Francisco, California, was felt over 60,000 square miles...

The stronger quakes lifted parts of the land high or dropped them down, and drew the Mississippi's waters in and threw them back far over the river banks. In some areas, the upheaval beneath the surface was so violent that it caused the mighty river to flow backward.

Whole islands in the river -- and entire towns -- disappeared.



Snoozing about security

A story on CNET by Charles Cooper is pretty downbeat about the prospects of the Department of Homeland Security doing anything meaningful to improve cybersecurity any time soon.
No doubt these are tough times for the folks charged with securing the nation's cyber front lines.

Everyone, from government watchdogs to bloviating columnists, has a bright idea about how they should do their job better.

But there also is a statute of limitations on the public's patience. Two years ago this month, the Department of Homeland Security established a cybersecurity division to shore up the nation's defenses. The results to date include three cyberczars, millions of dollars in taxpayer expense, and thousands of worm and virus attacks.

Hardly a sterling record of accomplishment...

You don't need be an alarmist to imagine some pretty hairy stuff. A couple of years ago, the Slammer worm disabled a nuclear power plant's safety monitoring system for nearly five hours. This fast-propagating worm also affected five other utilities. No lasting damage was recorded, but that was through sheer luck.

So, what needs fixing at DHS? The better question is: What doesn't need fixing? ...

At this point, I would point you to the memorable line uttered by Strother Martin in the movie "Cool Hand Luke": "What we've got here is failure to communicate." ...

In the meantime, Powner and others live in dread of the nightmare scenario: a combined terrorist attack against a physical asset like a power grid, paired with a devastating attack against the nation's cybernetworks and communications systems.

"If you look at the recovery plans (DHS has in place), more work needs to be done," he says. "If you look at reconstituting the Internet if there were an event that took down the network, there's still not a plan in place."

Labels: , , ,


Quis Custodiet Ipsos Custodes?

An article in Business Week discusses the insecurity of computer security products.
Think you're safe because your computer has the latest antivirus program, complete with daily updates via the Web? Or maybe you figure the firewall you have installed will stop malicious software from reaching your machine.

Well, you may not be as secure as you think. Hackers are increasingly finding flaws in the very programs designed to prevent attacks -- computer-security software.

A new Yankee Group report, to be released June 20, shows the number of vulnerabilities found in security products increasing sharply for the third straight year -- and for the first time surpassing those found in all Microsoft products. The majority of these weaknesses are found by researchers, academics, and security companies. Trouble is, hackers then take those findings and use it for nefarious purposes.

Labels: ,


Are Class Actions the Only Solution?

An article in the Washington Post discusses the reasons why 2005 is "the year of the data breach." Mostly just a re-hash of previously-discussed information, but there's an interesting suggestion at the very end.
Thomas F. Holt Jr., an attorney who represents companies involved in breach cases, said he expects things to change when large class-action suits begin to get filed against firms for improperly protecting information.

"When that game is afoot ... companies will begin to redouble their security efforts and reexamine a lot of assumptions they have regarding the gathering and storing of sensitive data," Holt said.

Labels: ,


Friday, June 17, 2005

UK Critical Infrastructure being Attacked

A report by the United Kingdom's National Infrastructure Security Co-ordination Center warns of a pattern of ongoing attacks. Key points (none surprising):
• A series of trojanised email attacks are targeting UK Government and companies.
• The attackers’ aim appears to be covert gathering and transmitting of commercially or economically valuable information.
• Trojans are delivered either in email attachments or through links to a website.
• The emails employ social engineering, including use of a spoofed sender address and information relevant to the recipient’s job or interests to entice them into opening the documents.
• Once installed on a user machine, trojans may be used to obtain passwords, scan networks, exfiltrate information and launch further attacks.
• Anti-virus software and firewalls do not give complete protection. Trojans can communicate with the attackers using common ports (e.g HTTP, DNS, SSL) and can be modified to avoid anti-virus detection.

Labels: ,


Thursday, June 16, 2005


The Center for National Software Studies has issued a report on the 2nd National Software Summit (May 10-12, 2004), entitled SOFTWARE 2015: A National Software Strategy to Ensure U.S. Security and Competitiveness.
With the nation now in the early years of the twenty-first century, it is fair to say that we have become exceptionally dependent on information systems technology, and the linchpin of that technology is clearly software. For all of the many advantages and enormous benefits that information technology has brought and continues to bring us, it has also subjected us to increasing risks that demand attention at the highest levels of government, industry, and academia.

Indeed, the state of software today exposes the nation to risks in several key areas, such as:
• Risk of critical infrastructure failures
• Risk of sudden and severe economic loss
• Risk of loss of life and limb
• Risk of loss of public confidence
• Risk of loss of our technological edge and leadership

To bring these risks into clearer focus we need only remember a few major incidents: the general collapse of a major portion of the long distance telephone network traced to inadequate design of the underlying software; the enormous disruption of business and government on multiple occasions due to computer viruses and worms, all exploiting defects in software; and software deficiencies that have allowed medical equipment to release fatal doses of radiation during routine usage. As if to add emphasis to the point, an airline’s entire fleet was recently grounded and thousands of passengers were stranded over the 2004 holiday season thanks to a relatively simple software bug involving the overflow of a counter.

With this as background, over 80 senior executives and thought leaders convened in Washington in 2004 at the 2nd National Software Summit (NSS2) to assess where the nation is today with regard to software and the progress that has been made in the past 30 years since the Department of Defense declared that it faced a software crisis. The conclusion of the summit participants was two-fold. First, enormous progress has definitely been made on many fronts in combating the problems associated with software. Significant advances have been made and continue to be made in software technology, tools and practices. That was the good news. The bad news is that in the same period of time, the growth in pervasiveness and complexity of software has significantly outpaced
that progress

The vision for this strategy includes two mutually supporting and complementary goals: Achieving the ability to routinely develop and deploy trustworthy software systems, while ensuring the continued competitiveness of the U.S. software industry.

The proposed National Software Strategy is intended to spearhead a ten-year national effort designed to bring this vision to reality by 2015. The strategy includes four major programs with the themes listed below, each consisting of one or more initiatives which are further detailed in the report.
• Improving Software Trustworthiness
• Educating and Fielding the Software Workforce
• Re-Energizing Software Research and Development
• Encouraging Innovation Within the U.S. Software Industry...



Wednesday, June 15, 2005

Congress Must Deal With ID Theft

An article in Wired is so sensible that I fear its suggestions have no chance of being adopted. :-(
On Thursday, the Senate Committee on Commerce, Science and Transportation will hold a hearing on identity theft with members of the Federal Trade Commission. The purpose is to gather information to determine whether more federal legislation is necessary to protect consumers from identity theft.

We'd like to save the Senate some time and tell them the answer is yes...

Recent high-profile data security problems at companies like ChoicePoint, LexisNexis, Bank of America and Citibank make it clear that companies are doing little to protect sensitive data, despite assurances years ago that voluntary industry guidelines they established would pre-empt the need for government regulation.

Realizing that self-regulation isn't going to work anymore, several lawmakers have proposed piecemeal solutions to address the problem of identity theft. But many of them don't go far enough.

Following are the fixes we think Congress should make:
Require businesses to secure data and levy fines against those who don't...
Require companies to encrypt all sensitive customer data...
Keep the plan simple and provide authority and funds to the FTC to ensure legislation is enforced...
Keep Social Security numbers for [only] Social Security...
Force credit agencies to scrutinize credit-card applications and verify the identity of credit-card applicants...
Extend fraud alerts beyond 90 days...
Allow individuals to freeze their credit records so that no one can access the records without the individuals' approval...
Require opt-in rather than opt-out permission before companies can share or sell data...
Require companies to notify consumers of any privacy breaches, without preventing states from enacting even tougher local laws...



Tuesday, June 14, 2005

Lost My Secrets? Pay Up, Buddy!

A Newsweek column by Steven Levy puts it squarely.
If you had something extremely valuable to ship—a bundle of cash, a bag of diamonds or the plotline for "Mission Impossible 3"—would you just pack it in a cardboard box and hand it over to the United Parcel Service for delivery? My guess is that you would take extraordinary precautions. Hire an armored car for the valuables. Encode the story line with bulletproof encryption. So why did Citigroup use unencrypted computer tapes for a UPS run to transport personal financial information on nearly 4 million of its customers? ...

Certainly one factor for these recent data debacles is that securing information is hard. But security experts and privacy advocates make sense when they argue that there's another reason. And that is that when disaster happens, it's other people who suffer the disaster. The companies vow to do better—and the victims are faced with years of financial vulnerability.

"Since the companies themselves don't suffer any loss, it's considered an external problem," says Bruce Schneier, chief technical officer of Counterpane, a security company...

Surely one remedy for this outbreak is to hit these companies where it hurts—in the pocketbook. Congress should go beyond disclosure laws and pass sanctions that make losing someone else's credit card, Social Security number or mom's maiden name such a costly proposition that companies will spare no expense to prevent such losses. We can't expect absolute perfection. But citizens should demand that companies protect their secrets as zealously as they protect their cash reserves. If not, those reserves should be drained considerably.



Sunday, June 12, 2005

National Academies tackle "Intelligent Design" head on

An article in Wired discusses an effort by the US National Academies (of Science, Engineering, and Medicine) to help science teachers deal with attacks by proponents of ID.
Seeking to quell a growing movement to teach creationism in U.S. schools, the National Academies has unveiled a new section of its website dedicated to teachers' resources on evolution.

"The theory of evolution is one of science's most robust theories, and the National Academies has long supported the position that evolution be taught as a central element in any science education program," said a statement released by the organization Thursday.

The site was designed "to confront advocates of intelligent design, which is not a science," according to National Academies spokesman Bill Kearney.

Labels: ,


Wednesday, June 08, 2005

Dawkins on Creationism

An article in the [London] Times online by Richard Dawkins explains the mendacity of Intelligent Design promoters.
Science feeds on mystery. As my colleague Matt Ridley has put it: “Most scientists are bored by what they have already discovered. It is ignorance that drives them on.” Science mines ignorance. Mystery — that which we don’t yet know; that which we don’t yet understand — is the mother lode that scientists seek out. Mystics exult in mystery and want it to stay mysterious. Scientists exult in mystery for a very different reason: it gives them something to do.

Admissions of ignorance and mystification are vital to good science. It is therefore galling, to say the least, when enemies of science turn those constructive admissions around and abuse them for political advantage. Worse, it threatens the enterprise of science itself. This is exactly the effect that creationism or “intelligent design theory” (ID) is having, especially because its propagandists are slick, superficially plausible and, above all, well financed. ID, by the way, is not a new form of creationism. It simply is creationism disguised, for political reasons, under a new name...

The deceitful misquoting of scientists to suit an anti-scientific agenda ranks among the many unchristian habits of fundamentalist authors. But such Telling Lies for God (the book title of the splendidly pugnacious Australian geologist Ian Plimer) is not the most serious problem. There is a more important point to be made, and it goes right to the philosophical heart of creationism.

The standard methodology of creationists is to find some phenomenon in nature which Darwinism cannot readily explain... Creationists mine ignorance and uncertainty in order to abuse [Darwin's] challenge...

Notice the biased logic: if theory A fails in some particular, theory B must be right! Notice, too, how the creationist ploy undermines the scientist’s rejoicing in uncertainty...
Read the whole article. The examples are telling.

Richard Dawkins, FRS, is the Charles Simonyi Professor of the Public Understanding of Science, at Oxford University. His latest book is The Ancestor’s Tale

Labels: ,


Tuesday, June 07, 2005

RealID--Too late to fix?

A note in the USACM Technology Policy blog, covers EPIC's meeting and USACM's press release.
The Electronic Privacy Information Center (EPIC) convened a meeting today to look into the range of policy, technical, and social issues surrounding national identification systems in light of the recently passed Real ID Act, something we’ve been quite active on recently. In April, USACM sent the Senate a letter outlining its concerns about the security aspects of the database provisions and its national ID implications. However, Congress ultimately left many of the concerns of USACM and the privacy community unaddressed.

In light of today’s EPIC event, USACM issued a press release calling for a reconsideration of Real ID’s provisions...

ACM’s US Public Policy Committee (USACM) added its voice to other organizations meeting in Washington today to express deep concerns over the recently passed Real ID Act, which USACM believes will create a de facto national identification system that erodes individuals’ privacy protections.

Addressing the impact on individual’s privacy protections, USACM Chair Eugene Spafford, a renowned cybersecurity expert, said, “The act’s stated goal is to reduce terrorists’ ability to travel, but it does little to actually inhibit a dedicated terrorist from securing a valid ID. At the same time, it vastly increases the risk that an average citizen’s personal data will be stolen. This is ill-conceived security strategy and one that should be reconsidered” ...
Marc Rotenberg, EPIC’s executive director, began the meeting by pointing out how the Real ID Act had worked its way through the legislative process without any meaningful debate – even before affected communities had time to begin educating policymakers about some of the dangers and implications of the act. Rotenberg went on to suggest that the privacy and civil liberties communities have not given up the fight against Real ID. Accordingly, EPIC’s Real ID event was intended to promote the kind of debate that never really occurred before the act became law.

Labels: , , ,


White House censored global warming warnings

A New York Times story by Andrew C. Revkin reports the White House interference.
A White House official who once led the oil industry's fight against limits on greenhouse gases has repeatedly edited government climate reports in ways that play down links between such emissions and global warming, according to internal documents.

In handwritten notes on drafts of several reports issued in 2002 and 2003, the official, Philip A. Cooney, removed or adjusted descriptions of climate research that government scientists and their supervisors, including some senior Bush administration officials, had already approved.

Mr. Cooney is chief of staff for the White House Council on Environmental Quality, the office that helps devise and promote administration policies on environmental issues. Before coming to the White House in 2001, he was the "climate team leader" and a lobbyist at the American Petroleum Institute, the largest trade group representing the interests of the oil industry. A lawyer with a bachelor's degree in economics, he has no scientific training.

The documents were obtained by The New York Times from the Government Accountability Project, a nonprofit legal-assistance group for government whistle-blowers...

Climate experts and representatives of environmental groups, when shown examples of the revisions, said they illustrated the significant if largely invisible influence of Mr. Cooney and other White House officials with ties to energy industries that have long fought greenhouse-gas restrictions.
"Uncertainties in the science," my ---!

Labels: , ,


More Science Inaction from Bush

As reported in the CRA blog, the President has just let the President's Information Technology Advisory Committee expire, despite the valuable work it had been doing.
After two productive years in which they produced three important reports on various aspects of the federal IT R&D portfolio, the President's Information Technology Advisory Committee (PITAC) ceased to be on June 1st after the President's executive order establishing the most recent committee expired and the committee member's terms were not renewed. The committee had completed three reports requested by the Administration -- on IT in the health care sector, cyber security R&D, and the state of computational science -- and appeared ready to take what they had learned in that process and apply it to a review of the overall federal IT R&D portfolio when their charter lapsed. Despite prodding from a number of different sources, including questions at a recent hearing by House Science Committee Chairman Sherwood Boehlert (R-NY) to the Director of the White House Office of Science and Technology Policy, John Marburger, the President opted to allow the review to stop and the committee memberships to expire.

This is very disappointing for the computing research community, which endured two years after President Bush was elected in which the statutorily-madated committee was chartered but was without members (the President didn't name the most recent PITAC members until May 28, 2003)...

As Congress continues to demonstrate its concern with the current state of computer science research in the U.S., the one advisory body most well-suited to the task of assessing that state shouldn't be allowed to lapse.
Maybe he's mad because they didn't come out with a report attacking global warming predictions, stem cell research, or evolution? Or he thinks all computer scientists are Democrats?

Labels: ,


Academies call for greenhouse gas reductions

According to an AP article on CNN, the top scientific groups of the top countries have denounced US inaction.
LONDON, England (AP) -- Science academies of the G-8 countries joined Tuesday in a call for prompt action to reduce greenhouse gas emissions and warning that delays will be costly.

Lord May, president of Britain's Royal Society, said in releasing the statement that U.S. President George W. Bush's policy on climate change was "misguided" and ignored scientific evidence.

The statement published by the science academies of Britain, France, Russia, Germany, the U.S., Japan, Italy and Canada, along with those of Brazil, China and India, called on G-8 countries to "identify cost-effective steps that can be taken now to contribute to substantial and long-term reductions in net global greenhouse gas emissions."

The statement called on the G-8 nations to "recognize that delayed action will increase the risk of adverse environmental effects and will likely incur a greater cost."

Labels: ,


Monday, June 06, 2005

Lost data on 3.9 Million

An AP story by Eileen Alt Powell reports another massive data loss. "Get over it."
CitiFinancial, the consumer finance division of Citigroup Inc., said Monday it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts -- including Social Security numbers and payment histories -- have been lost.

Citigroup, which is based in New York, said the tapes were lost by the courier UPS Inc. in transit to a credit bureau.

The bank said the tapes contained information about both active and closed accounts at CitiFinancial's branch network. It said they did not contain information from CitiFinancial Auto, CitiFinancial Mortgage or any other Citigroup business...

Kevin Kessinger, executive vice president of Citigroup's Global Consumer Group and president of Consumer Finance North America, told The Associated Press that the tapes left CitiFinancial on May 2 and were discovered missing on May 20...

Hopkins said that most Citigroup units send data electronically in encrypted form and that CitiFinancial data will be sent that way starting in July.

Labels: , ,


Sunday, June 05, 2005

A Life

My great great great grandfather, Johann Hinrich Butt had a remarkable life.



Saturday, June 04, 2005

Is Persuasion Dead?

A very thoughtful and thought-provoking op-ed piece by Matt Miller in today's New York Times questions whether there are still enough leaders trying to persuade, and enough Americans willing to be persuaded, to continue an effective democracy. Or are we stuck with punching "hot buttons"?
Speaking just between us - between one who writes columns and those who read them - I've had this nagging question about the whole enterprise we're engaged in. Is persuasion dead? And if so, does it matter? ...

Is it possible in America today to convince anyone of anything he doesn't already believe? If so, are there enough places where this mingling of minds occurs to sustain a democracy?

The signs are not good. Ninety percent of political conversation amounts to dueling "talking points." Best-selling books reinforce what folks thought when they bought them. Talk radio and opinion journals preach to the converted. Let's face it: the purpose of most political speech is not to persuade but to win, be it power, ratings, celebrity or even cash...

There's only one problem: governing successfully requires influencing how people actually think. Yet when the habits of persuasion have been buried, the possibilities of leadership are interred as well...

If you believe that meeting our collective challenges requires greater collective understanding, we've got to persuade these folks to try.

Labels: ,


Friday, June 03, 2005

Women in Computing:
CRA-W wins award

A post in the Computing Research Association blog reports that CRA-W has won another award for its dedication to increasing the number and success of women participating in Computer Science and Engineering research and education. This time the award is from the National Science Board.

The shrinking proportion of women in the computing field has been a concern for more than a decade, and CRA-W has been one of the most effective groups working to reverse this trend.



Thursday, June 02, 2005

Hacker Hunters

An article in Business Week discusses the attack on ShadowCrew. The whole article is interesting, and an indication of why cybersecurity isn't going to get a lot better anytime soon. Excerpts:
There's a new breed of crime-fighter prowling cyberspace: the hacker hunters. Spurred by big profits, professional cyber-criminals have replaced amateur thrill-seeking hackers as the biggest threat on the Web. Software defenses are improving rapidly, but law enforcement and security companies understand they can no longer rely on technology alone to deal with the plague of virus attacks, computer break-ins, and online scams...

While the FBI and other investigators have been criticized for fighting each other almost as fiercely as the criminals on traditional cases, they cooperate more than ever when it comes to cybercrime. Local, state, and federal agencies regularly share tips and team up for busts. The FBI and Secret Service, which received jurisdiction over financial crimes when it was part of the Treasury Dept., have even formed a joint cybercrime task force in Los Angeles. Public agencies also are linking with tech companies and private security experts who often are the first to discover crimes and clues...

There's a clear reason for this newfound collaboration: The bad guys are winning. They're stealing more money, swiping more identities, wrecking more corporate computers, and breaking into more secure networks than ever before. Total damage last year was at least $17.5 billion, a record -- and 30% higher than 2003, according to research firm Computer Economics Inc...

Part of the problem is that cops don't have all the weapons they need to fight back. They clearly lack the financial resources to match their adversaries' technical skills and global reach. The FBI will spend just $150 million of a $5 billion fiscal 2005 budget on cybercrime -- not including personnel -- in spite of its being given the third-highest priority. (Terrorism and counterintelligence come first.)...

The wiliest of the hackers still run rings around the cops. A Russian gang called the HangUp Team has been pummeling e-commerce Web sites and taunting its pursuers for two years, police say. The gang plants software bugs in computers that allow it to steal passwords, and it rents out huge networks of computers to others for sending out viruses and spam. HangUp Team hides in plain sight. Its Web site -- -- is decorated with a red-and-black swastika firing off lightning bolts. Its blog discusses hacker tactics and rails against Americans. Its motto: In Fraud We Trust. "We think we know what they've done, where they are, and who they are," says Nagel. But authorities haven't been able to nab them so far. The Secret Service won't say why...

The bust yielded a treasure trove of evidence. So far the Secret Service has uncovered 1.7 million credit-card numbers, access data to more than 18 million e-mail accounts, and identity data for thousands of people including counterfeit British passports and Michigan driver's licenses. They say the ShadowCrew pillaged more than a dozen companies, from MasterCard Inc. to Bank of America Corp. (BAC ) The bust has yielded evidence against more than 4,000 suspects and links to people in Bulgaria, Canada, Poland, and Sweden. "We will be arresting people for months and months and months," says Nagel...

Despite these successes, cops face major hurdles as they try to get cybercrime under control. The biggest? Their global scope. Gang members hide out in countries with weak hacking laws and lax enforcement. They can even shelter servers in a separate country, snarling the trail for investigators. Their favorite hideouts: Russia, Eastern Europe, and China...
A usually informed source has said that several billion dollars a year are transferred from the US to the Russian economy through cybercrime, which might account for less than enthusiastic enforcement by the Russian government. But that doesn't explain why the US spends so little on preventing it.

Labels: ,


FTC rule on data destruction

A Washington Post article reports a small, but significant, step towards curbing fraud by impersonation.
A new federal rule that took effect yesterday requires all businesses and individuals to destroy private consumer information obtained from credit bureaus and other information providers in determining whether to grant credit, hire employees or rent an apartment.

Issued under orders from Congress, which was trying to crack down on identity theft, the Federal Trade Commission's new rule requires that personal information be burned, pulverized, shredded or destroyed in such a way that the information cannot be read or reconstructed. The rule also applies to electronic files, which must be erased or destroyed, and covers credit report data, credit scores, employment histories, insurance claims, check-writing histories, residential or tenant history and medical information.

Labels: ,