Yesterday saw the “opening” of the National Crime Agency that will centralise crime investigation and fighting, and tackle all types of misdemeanours.
The concept was originally proposed as part of the government’s Cyber Security Strategy, announced in 2011, and with this latest move it is positive that the actions are still being completed. The plan then was for a cyber crime unit within the National Crime Agency that will build on the Metropolitan Police’s eCrime Unit, giving police forces across the country the necessary skills and experience to handle cyber crimes. As you would expect, this wasn’t universally welcomed, as the Labour Party called it a rebranding exercise from the Serious Organised Crime Agency (SOCA) that was in itself, a rebrand of the National Crime Squad that was opened by Labour in the late 1990s.
According to a report in the Telegraph, just a day after its public opening the agency has collared its first criminals, nabbing four men who were apparently involved with the dark web site Silk Road. Unless the capabilities are miraculous and this work was done in the last 24 hours, I think it is safe to say that this agency has been operational for some time, well either that or the work was done by SOCA and this is a rebranding exercise!
Staying with the Silk Road, the concept of The Onion Ring (TOR) has barely been out of the headlines in the past few days and according to a report (authored by some serious names) in the Guardian, the NSA and GCHQ are both targeting the Tor network to access data of users and bypass its seemingly impenetrable security.
Details of the “access”, revealed by Prism whistleblower Edward Snowden,
reveal that the agency’s current successes against Tor relies on identifying users and then attacking vulnerable software on their computers. Though the software is primarily funded and promoted by the US government itself, you would imagine that they know of its failings and vulnerabilities already and are not just taking their chances with surveillance and keystroke monitoring tactics.
A story that broke at the end of last week was the news that software giant Adobe had suffered a second attack in a year, with 2.9 million user details accessed, but the scarier news that source code had been illegally accessed. This has led to fears that the code for some its main products is in the wrong hands and is either being repackaged as malware, or scanned for vulnerabilities which will allow for new zero-days to be discovered.
I think it is a shame for Adobe as in my experience, they have begun to do a lot of things right in the last few years. As Microsoft mark 10 years of releasing regular patches, Adobe has become a lot clearer on its patching and in conversation with chief security officer Brad Arkin three years ago, he was very concise about its reasons for updating quarterly and I feel in that time it has removed itself from the bad books of vulnerabilities in plug-ins.
Finally if vulnerabilities are your thing, then it was very interesting to read that in just a month of online beta testing, flaws were found in Internet Explorer 11. According to Threatpost, Microsoft paid out $28,000 (£17,400) in bounty payments to a small group of researchers. While none of the researchers came close to the maximum reward of $11,000, the highest payment being $9,400 to James Forshaw for four vulnerabilities discovered in IE and a bonus for finding some IE design vulnerabilities, it does show that nothing is built perfectly and maybe IE11 will be the most secure yet. Maybe.