If you think Ukraine is bad, have you considered the state of fraud in the UK, asks Ed Gibson.
I still feel chilled thinking about my plane ride from Kiev to London. Nothing to do with what we discovered in Ukraine ... although that was chilling, to be sure. Ukraine is a country of unknowns and criminal intrigue. Few of us will soon forget the September 2004 poisoning of then Ukrainian presidential candidate Victor Yushchenko, allegedly at the hands of political opponents. So when I told you last month about Ukraine's unwitting and unwilling cyber extortionists, it likely came as no surprise.
But the chill came not from where we had been, nor the return flight, but when I thought about how SC readers were going to feel when I told of the state of e-crime ... in the UK. A member of the G8; home to the most restrictive spam legislation on the planet; the world's financial centre and home to more than 60 million residents. But what would Bill Bryson, who wrote Notes from a Small Island, say were he to write a book titled Cyber crime on a Small Island? Is this country a safe place for cyber criminals and fraudsters?
As the chief (cyber) security adviser at Microsoft, I am often asked whether the UK is becoming a safe haven for fraud and e-crime.
Fortunately, we now have more than anecdotal information about the state of cyber crime and fraud. Recent research shows that, in monetary terms, the harm fraud causes is on a par with Class-A drugs - around £330 for every man, woman and child in the country per year.
And for the first time in history, we have a Fraud Act (passed in January 2007). And the Fraud (Trial Without a Jury) Bill is before Parliament. Furthermore, on 15 March, the UK Attorney General, Lord Peter Goldsmith, unveiled a package of anti-fraud measures (www.attorneygeneral.gov.uk/sub_news_press.htm) in response to the Fraud Review.
However, we must presume the results of the Fraud Review to be based on anecdotal information. Why? Because there is no single point of contact or reporting centre for fraud or cyber crime. In fact, one of the points Lord Goldsmith made was the need for a "fraud reporting centre".
Recently, at a parliamentary event, a member of industry asked me: "Wouldn't it be best if we dropped the 'e-crime' label when discussing crime on the internet?" In reply, I urged the senior officials in the audience to consider the state of fraud and e-crime in the UK, and decide whether we really want to categorise and address e-crime as "just regular crime".
So - is the UK a safe haven for cyber crime and fraud? Or, to put it another way, does the UK impose meaningful penalties for fraud? Does it have a single centre for victims or potential subjects to report a fraud on the internet? I'm not suggesting that we do not have meaningful laws - quite the contrary. The Computer Misuse Act 1990, as amended, has plenty of teeth in it. However, the police have priorities set by the Home Office and local communities. We all want to be able to live without fear of mugging, burglary or car-jacking. But with only finite policing resources, should prevention and detection be the priority, or should we focus on the prosecution of e-crime or fraud on the internet? And if it is an area of criminality that is "not counted", a chief constable could be sanctioned for allocating resources to combat e-crime, or at the very least subject to outcry by local citizens who will want to know why police are not available to react to quality-of-life crimes. Maybe we should be a bit more sensitive to our constabularies when they say they do not have the resources to address a £4,000 internet fraud; and, by the way, is this e-crime or fraud?
So where are we in the UK when it comes to "e-fraud"? What would I do? Well, that is the subject of next month's column. In the meantime, don't just whinge about the problem, send me an email and give me your suggestions.
See you next month as we continue on our journey into my cyber world.
- Ed Gibson is the chief security adviser to Microsoft UK. Prior to this, he was a special agent with the FBI. You can contact him at EdGibson@Microsoft.com.