Interpol's Virus Site Too Fluffy?

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/politics/0,1283,43787,00.html

By Michelle Delio 
2:00 a.m. May 15, 2001 PDT 

Computer viruses are often illegal immigrants of the worst kind,
e-mailed anarchists that, unbound by international treaties or
domestic laws, can sneak across borders easily and infect machines
around the world in a matter of minutes.

Given the global nature and effect of computer viruses, many experts
believe that only an international partnership among security
companies and law enforcement agencies would have any hope of stopping
the ever-increasing threat of geopolitically disinterested viruses.

Security experts were excited, therefore, when the international
police organization, Interpol, announced on Monday that it intended to
step up its battle against cybercrime with a new section on its
website offering advice on how to combat computer viruses.

"Computer viruses are a real threat. Our virus alert section will
enable all computer users to keep up to date," Interpol's
Secretary-General Ronald Noble said in a statement released by the
organization's headquarters in Lyon, France.

But after reviewing the new security section on Interpol's site, many
security experts said the agency had simply cobbled together a
superficial overview of security issues, and had not provided any
truly useful information to help businesses and governments combat
viruses or attacks by malicious hackers.

"The absence of detailed information makes this site like a drop of
water on a hot stone," said Roland Mueller, CEO of security firm
Seculab, and chairman of the German Standardization Body on Security
Techniques.

The computer virus section of Interpol's site is nothing more than a
non-hyperlinked list containing the names of two viruses that were
active in April, with equally skimpy entries for previous months.

There is no information offered on how to detect or protect systems
from the mentioned viruses, or how to repair systems that have been
infected -- information that is routinely provided at virtually all
independent security sites.

"Simply reporting the names of selected (viruses) is not enough to
help users lower the risk of infection," said Ken Dunham, a senior
analyst at security firm AtomicTangerine.

But some experts felt that the agency's effort should be applauded,
even if the site isn't as useful as it could be.

"The fact that agencies such as Interpol are getting involved in
creating awareness on the latest virus threats shows how seriously
police agencies today are taking the threat and impact of these
viruses," said Vincent Weafer, director of security at Symantec's
Anti-Virus Research Center.

"The value that (Interpol) has may be more in the creation of
awareness rather than having the most up-to-date information on the
latest threat," Weafer said.

Weafer also said that one of the major challenges with cybercrimes
like virus creation is that they often transcend international
boundaries, involving countries where cybercrime laws may, in some
cases, be nonexistent.

Weafer said that virus writers often use permissive countries or
regions as hosts for websites featuring their nasty, downloadable
creations or propagate their viruses via e-mail addresses from inside
these permissive countries, thereby avoiding prosecution under the
stronger cybercrime laws in their home countries.

"If an agency such as Interpol can aid individual countries to
strengthen their cyberlaws or help police agencies there understand
how to detect and capture information related to virus crimes, that
would be a most effective way to help combat viruses," Weafer said.

Interpol already collects and distributes information about
cross-border crimes such as art thefts. It had also recently said it
will be expanding its international intelligence efforts to include
cybercrime, focusing specifically on stopping malicious hackers as
well as virus writers.

But the Interpol website's information on how to secure networks and
computers from hack attacks is only slightly more detailed than that
provided by the site's virus section.

In a list of frequently asked questions on security, Interpol
recommends running a firewall to block intrusions by hackers, but
gives no details on how to select, configure or maintain that
firewall, beyond cryptically noting that "it is necessary to
administrate the system every time."

The FAQs section also answers the question, "What shall I do if a
hacker is attacking my system right now?" with the rather unhelpful
advice: "With an Incident Handling System you will be prepared to
handle the incident."

"Frankly, the Interpol site looks like someone's class notes after
attending a weekend workshop on network security," said Kenneth
Vander, CIO of British security consultancy TechServ.

"They provide a sketchy outline of what you should do, but absolutely
no hard information on how to do it," he said. "The whole thing is
rather a waste, really. At best it might get people to explore
further, but they haven't provided any links to facilitate that,
either."

Seculab's Mueller believes the Interpol site is "definitely a step in
the right direction" but agreed that while the site does a good job of
telling companies what to do, it does not tell them how to do it.

Mueller also noted that some of the information provided on the site
reflects the "highly politicized nature" of discussions on Internet
security.

"There's a lot of political maneuvering in their discussions on
cryptography and privacy, for example," Mueller said. "These subjects
are more politically charged and divisive than the site's discussions
on child pornography or trafficking in human beings."

Vander said it was a pity Interpol had not provided more in-depth
information on security, because despite the political issues that
arise in any international effort, he felt Interpol is "perfectly
positioned" to help governments and business deal with cybercrime.

Interpol was established in 1917, and now includes representatives
from 178 nations. Only 15 of those countries currently have laws in
place that criminalize malicious hacking or the spreading of
destructive viruses.

Some security experts said the only effective plan to combat viruses
would require the full cooperation of private industry and government
agencies.

"It would be great if Interpol, or a similar agency, could act as a
unified one-stop global center for distributing real-time alerts on
security issues and viruses," said Vander.

Alex Shipp, chief antivirus technologist at security firm MessageLabs,
agreed with Vander. He said that MessageLabs and a few other antiviral
companies already have technology that provides real-time information
on virus threats, but no way to quickly communicate that information
to law enforcement.

"We look forward to working with agencies that are committed to
stopping cybercrime," Shipp said. "We can do the legwork of
information identification, from viruses to spam, but the last step in
crime fighting must be done by the long arm of the law."

Interpol did not respond to a request for comment on the agency's
future plans for the computer security section of its website.

But Dave Kroll, director of security research at security software
firm Finjan, said his company has been asked to work with Interpol to
expand their website.

Finjan's suggestions to Interpol, according to Kroll, will include
offering more detailed information about viruses, including real-time
security alerts.

"(Interpol) has been very responsive to our comments and are
interested in adding as much breadth and depth to their site as
possible," Kroll said. "Stay tuned, because I think we'll see good
things from Interpol soon."




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.