Thursday, October 22, 2009

FBI and SOCA make a media splash at RSA Europe

I'm returned, sleep-deprived and jet-lagged, from back-to-back conferences in the Seattle area. First there was the Microsoft-hosted Digital Crimes Consortium, which combined three prior conferences - Law Enforcement Tech, Digital PhishNet, and the Botnet conference, into one. With some 400 attendees from more forty different countries, many great international law enforcement collaborations will come from that event. Microsoft was a fantastic host, as always, and the law enforcement folks got a special "badges only" day at the beginning of the conference to learn about new tools from Microsoft to help in the fight against cybercrime.

Next was the Anti-Phishing Working Group / IEEE eCrime Researchers Summit, where UAB students Brad Wardman and Gaurang Shukla and I presented a paper on analyzing phishing URLs to reveal underlying website vulnerabilities being exploited by cyber criminals. Many great papers were presented by academics from around the world, and encouraged by some great corporate and law enforcement participants to continue this growing area of research. The APWG staff, and Randal Vaughn from Baylor, and the whole gang from Internet Identity put together a great conference! Friends from Citibank, Google, PhishLabs, SilverTail, eBay, Affilias, SupportIntelligence, Cyveillance and others shared great industry perspectives to help inform the academics of their pain points that could benefit from research, as well as sharing research of their own. I was especially excited to learn of some fellow dataminers at University of Ballarat, Australia, and to see what they are doing with phishing email detection, but there was a great crowd of researchers presenting from Mississippi State, Texas State, Carnegie Mellon, University College Dublin, University of Konstanz, and University of Buffalo. You'll be able to read all the papers in the near future through the IEEE Proceedings.

But I have to say, despite the jet-lag, I really wish I was at RSA Europe right now. The big news today was a presentation by FBI Supervisory Special Agent Keith Mularski and Andy Auld from the Serious and Organised Crime Agency (SOCA).

I'm tired, so I'm going to let the media tell the story . . . please read the articles below and accept my apologies for not writing my own.

Some of the articles had to take the mud-slinging side of the story:

"Russian Police and Internet Registry Accused of Aiding Cybercrime" (eweek Europe)

"SOCA: Russian Cyber Gang Bribed Police" (ZD Net)

Still, the important points did make it through the hype machine:

"FBI and SOCA need help" (Computer Weekly)

where Keith Mularski says "A partnership with the IT Security industry is important" and Andy Auld, head of intelligence and e-crime at SOCA says "The US, UK, Germany, Netherlands, and Australia have all joined forces to form a taskforce to tackling this international problem."

"FBI and SOCA Seek Help From Security Teams" (V3)

Some saw it as painting a gloomy future:

"Experts See Forecast Worsen for Cybercrime" (PC World)

While others painted it in a more sensational positive light:

"FBI and SOCA plot cybercrime smackdown: White hats get proactive on e-crime" (The Register)

I've worked with both guys in the past, and I know how I'm interpreting the presentation: We've got a big problem we are facing, and only through global cooperation by law enforcement AND industry can we solve it. That's the same messages we heard at Digital Crimes and the same message we heard at APWG eCrimes, but unlike the past, the current round of conferences wasn't just talk. It was presentation after presentation of how the cooperation is actually working!

I have to give one shout-out while I'm blogging. It was great to make a new Russian friend, Pavel, who came all the way to Tacoma to share the message that there are plenty of "good guys" in Russia. Thanks for making the trip, Pavel!

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.