ITU Corporate Strategy Newslog - Friday, October 19, 2007

Friday, October 19, 2007

SWITCH discontinuing ENUM trial as per 30 September 2007

Over the past four years, SWITCH has acted as the registry for the ENUM trial in Switzerland.

Universities and IP telephony providers took part in this trial, which was made possible by the Swiss Federal Office of Communications (OFCOM). Key technical and administrative findings were established in this way. The issue of validation was examined in detail and, following this, standardised within the IETF in RFC 4725.

The authorisation granted by OFCOM expires on 30 September 2007. On the basis of the framework conditions it is not possible for SWITCH to continue in the role of ENUM registry. The ENUM trial in Switzerland is thus being discontinued.

SWITCH still considers the ENUM technology to be promising, however, and, together with the Swiss Universities and partner networks in Europe, SWITCH will be continuing to use the technology for innovative services in the university environment (nrenum.net).

ENUM | Internet

Friday, October 19, 2007 3:08:08 PM (W. Europe Standard Time, UTC+01:00)

Wednesday, October 17, 2007

Cyber-Crime Hits $100 Billion in 2007, Out-earning Illegal Drug Trade

Cyber-Crime has outstripped illegal drug sales worldwide, and analysts estimate online fraud will bring in $105 billion in 2007. Despite the fact that most people know going online poses a risk for becoming a victim of crime, few individuals, companies or even government agencies truly understand the massive scope of the problem. Favorite ways of defrauding 'Net users include "phishing," or using trickery to get a person to reveal their personal data, stealing bank account numbers, appropriating credit cards, and many other means.

Read full story

Wednesday, October 17, 2007 11:09:00 AM (W. Europe Standard Time, UTC+01:00)

Wednesday, October 10, 2007

Experts meet to promote cybersecurity and fight cybercrime

Global cybersecurity roadmap for international cooperation

Geneva, 8 October 2007 — Experts from around the world gathered in Geneva to lay the foundation for a global response to the constantly evolving nature of cyber-threats and the increasing level of sophistication of cybercrimes.

"Confidence and security in using information and communication technologies (ICT) are fundamental in building an inclusive, secure and global information society," said Dr Hamadoun Touré, Secretary-General of the International Telecommunication Union. "The legal, technical and institutional challenges posed by cyber-threats and cybercrime are global and far-reaching, and can only be addressed through a coherent strategy taking into account the role of different stakeholders and existing initiatives, within a framework of international cooperation." Dr Touré explained that the ITU Global Cybersecurity Agenda provides such an international framework.

Read full ITU Press Release

Other related links to the First Meeting High-Level Experts Group of the Global Cybersecurity Agenda

Experts meet to promote cybersecurity and fight cybercrime - Turk Internet
Experts At UN-Backed Meeting Lay Foundation for Global Cybersecurity - Newsblaze
ITU pools experts to thwart cybercrime - Theregister
Experts at UN-backed meeting lay foundation for global .. - United Nations
Global Cybersecurity Roadmap Unfolds - Mediacastermagazine
Experts use ITU to promote roadmap to cyber-security, fight cyber ... - Developingtelecoms
Experts meet to promote cybersecurity and fight cybercrime - International Telecommunication Union

Highlights | International Cooperation

Wednesday, October 10, 2007 2:50:04 PM (W. Europe Standard Time, UTC+01:00)

Friday, September 28, 2007

India advocates global agency to tackle cyber-crime

Sep. 15--NEW DELHI -- India has suggested setting up of a monitory agency on the lines of International Civil Aviation Organisation (ICAO) and International Telecommunication Union (ITU) to curb the menace of cyber crime. In a paper presented at the seventh Interpol conference in the town, the Central Bureau of Investigation has also asked for legal and procedural standardisation to tackle the global problem. CBI said standardisation of harmful conduct involving computer and Internet is a pre-requisite as dual criminality is essential for any international cooperation.

CBI is the representing agency for the Interpol in India. The premier investigation agency has also asked the world community for increased capacity building in the area of technical know-hows to tackle the hi-tech crime. The agency has suggested that countries across the globe could be divided into three categories based on computer and internet penetration -- those which are already on the information super highway, those which are in the process of doing so and those which are yet to participate in this revolution -- and then chart out specific programme for each type of countries.

CBI also advocated the need for a comprehensive multilateral treaty or a model law akin to UNCITRAL law on e-commerce in the field of cyber crime. The CBI paper blamed the private sector for not reporting cyber crimes and patching the vulnerabilities with quick fix solutions.

Meanwhile, the government on Friday announced an assistance of Rs 3.5 crore to CBI for developing expertise in tackling cyber crime. "The ministry of communications and IT will give Rs 35 million to CBI for procuring latest software and tools for tackling cyber crime," IT and communications minister A Raja said at the valedictory ceremony of the Interpol cyber crime conference. The ministry would also help CBI in training their officials to deal with issues involving cyber crime.

More at http://economictimes.indiatimes.com

Highlights | International Cooperation

Friday, September 28, 2007 12:19:16 PM (W. Europe Standard Time, UTC+01:00)

Tuesday, September 18, 2007

Symantec Reports Cyber Criminals Are Becoming Increasingly Professional

New Internet Security Threat Research Reveals That Hackers Are Adopting New Business-Like Strategies to Successfully Perform Malicious Activity.

The latest Internet Security Threat Report (ISTR), Volume XII released today by Symantec Corp. (NASDAQ: SYMC) concludes that cyber criminals are increasingly becoming more professional -- even commercial -- in the development, distribution and use of malicious code and services. While cybercrime continues to be driven by financial gain, cyber criminals are now utilizing more professional attack methods, tools and strategies to conduct malicious activity.

"As the global cyber threat continues to grow, it has never been more important to remain vigilant and informed on the evolving threat landscape," said Dan Lohrmann, chief information security officer, State of Michigan. "Symantec's Internet Security Threat Report continues to provide us with critical information on the most current online security trends, helping us better protect our state's infrastructure and citizen information."

Some key findings of the Symantec Internet Security Threat Report, Volume XII covers the reporting period of Jan. 1, 2007, through June 30, 2007 include:

-- Credit cards were the most commonly advertised commodity on
    underground economy servers, making up 22 percent of all advertisements;
    bank accounts were in close second with 21 percent.
-- Symantec documented 237 vulnerabilities in Web browser plug-ins. This
    is a significant increase over 74 in the second half of 2006, and 34 in the
    first half of 2006.
-- Malicious code that attempted to steal account information for online
    games made up 5 percent of the top 50 malicious code samples by potential
    infection. Online gaming is becoming one of the most popular Internet
    activities and often features goods that can be purchased for real money,
    which provides a potential opportunity for attackers to benefit
    financially.
-- Spam made up 61 percent of all monitored e-mail traffic, representing
    a slight increase over the last six months of 2006 when 59 percent of e-
    mail was classified as spam.
-- Theft or loss of computer or other data-storage medium made up 46
    percent of all data breaches that could lead to identity theft.

Read full story

Cybercrime Legislation | Emerging Threats | Highlights | International Cooperation

Tuesday, September 18, 2007 4:30:26 PM (W. Europe Standard Time, UTC+01:00)

Saturday, September 15, 2007

India says it fully supports the mission of ITU to strengthen cybersecurity

India doubled its financial contribution to the International Telecommunication Union from five 'contributory units' to 10, amounting to CHF 3.18 million per annum.

Announcing the increase at the ITU Council meeting in Geneva today, D.S. Mathur, secretary, Ministry of Communications and Information Technology, government of India said, "India fully supports the mission of the International Telecommunication Union to connect the world and, in particular, to develop online resources and strengthen cybersecurity. The Global Cybersecurity Agenda launched by ITU this year is a significant step in ensuring confidence and security in the use of information and communication technologies around the world."

Read full story

Highlights

Saturday, September 15, 2007 12:03:18 PM (W. Europe Standard Time, UTC+01:00)

Friday, September 14, 2007

One in 28 e-mails reaching India has virus, a study reveals

With the Internet becoming the order of life for more and more Indians, who depend on e-mails to stay in touch, their computers are facing an increasing virus threat with one in every 28 e-mails being infected, says a recent study.

A study by the messaging security and management services provider, MessageLabs, reveals that malicious websites are on the rise.

In August, India was the most vulnerable region in virus attacks, with one in every 27.8 e-mails having been infected.

Read full story

International Cooperation

Friday, September 14, 2007 7:31:06 PM (W. Europe Standard Time, UTC+01:00)

Monday, September 10, 2007

ITU Council opens with high-level segment: Focus on cybersecurity and ICT infrastructure

Focusing on cybersecurity and building telecommunication and ICT infrastructure, ministerial representatives of seven countries addressed ITU’s annual Council meeting, in session 4−14 September.

Italy’s Under-Secretary of State, Ministry of Communication, Professor Luigi Vimercati, said that his country considered the ITU Global Cybersecurity Agenda, launched by the Secretary-General in May, a very important initiative for building international cooperation and for helping to develop technical and regulatory solutions "to guarantee higher data and user protection in cyberspace".

Addressing national concerns, H.E Sultan Bin Saeed Al Mansoori, Minister of Development for the Government Sector of the United Arab Emirates said, "The key elements to be considered in formulating a national strategy plan for cybersecurity in order to prevent cybercrime is by enhancing the current UAE Cybercrime Law and by closely working with the ICT sector in the country to secure ICT infrastructure."

In Cameroon, the greatest cyberattacks range from piracy, the spread of illicit content such as paedophilia, pornography, money laundering and drug trafficking, as well as identity fraud, commented H.E Maïgari Bello Bouba, Minister of Post and Telecommunications. He added that Cameroon plans to develop by 2012 an optical fibre-based next-generation network to meet the chronic lack of broadband.

Brochures for the ITU Global Cybersecurity Agenda were distributed in 6 languages during ITU Council.

عربي - 中文 - English - Français - Español - Русский

Read full ITU Press Release (also quoted in an article by the Computer Crime Research Center (CCRC), a non-profit and scientific research organization)

Highlights

Monday, September 10, 2007 10:11:00 AM (W. Europe Standard Time, UTC+01:00)

Thursday, September 06, 2007

Phillipines - E-courts pushed for cybercrimes

According to INQUIRER.NET, the Department of Justice (DoJ) of the Phillipines will push for the creation of at least three e-courts soon, the chairman of a newly created task force on cybercrime and cybersecurity said. The e-courts will oversee all cases that deal with high-tech cases of hacking or crimes committed by using technology, State Prosecutor Geronimo Sy said in an interview.

Sy said the DoJ had previously designated him as chairman of the DoJ Task Force on e-government, cybersecurity and cybercrime.
He further added that the task force will work closely with the Council of Europe, a private organization, to ratify the Budapest Convention on Cybercrime.

"We hope to align our domestic legislation with international norms and standards. Because of the nature of cybercrime, where it usually happens in one country and the offenders are in another country, there is a gap. And you cannot successfully protect the Internet," Sy said.

Read full story

Cybercrime Legislation | Highlights | International Cooperation | Organizational Structures

Thursday, September 06, 2007 4:35:13 PM (W. Europe Standard Time, UTC+01:00)

The German government looks to protect IT systems with security plan

The German government has agreed to implement a sweeping set of security measures aimed at protecting critical IT infrastructure in the country.

The measures are part the National Plan for Protection of Communications Infrastructure approved more than two years ago by the German federal government and applicable to all federal departments and agencies.

The move to implement the plan follows last week's German media report about continued efforts by Chinese hackers to plant Trojan horse programs on government computers.

Read full story

International Cooperation | Organizational Structures

Thursday, September 06, 2007 4:14:01 PM (W. Europe Standard Time, UTC+01:00)

Tuesday, September 04, 2007

Middle East financial firms under phishing attacks

The RSA Anti-Fraud Command Center (AFCC) of the RSA, the security division of EMC, reported a number of phishing attacks in July, with banks in Saudi Arabia and Dubai, as well as a major financial services provider being targeted. The vendor will be promoting the benefits of an information centric approach to security during GITEX.

RSA's information-centric approach addresses moves away from simply protecting the network perimeter and instead looks to protect critical data wherever it resides. Identity management to authenticate users and determine which data they can access is another element of the approach, as is the need to manage any data which is required for regulatory compliance and to manage the security policy.

Digital Identity | Highlights | International Cooperation

Tuesday, September 04, 2007 8:54:26 AM (W. Europe Standard Time, UTC+01:00)

Thursday, August 30, 2007

Symantec Rolls Out Internet Security 2008

With the release of Norton Internet Security 2008 and Norton Antivirus 2008, Symantec is highlighting the behavioral-detection capabalities of both software packages to detect and block zero-day malware. Both Norton Internet Security and Norton Antivirus offer this zero-day malware protection in a software module called Sonar.

The growing problem of identity theft is a key focus of the 2008 versions of Symantec's Norton Internet Security and Antivirus programs, released on Tuesday. The Cupertino, California-based company said that the packages, designed for Windows XP and Windows Vista, feature enhanced protection against identity theft and other online security threats.

Read full story

Digital Identity | Highlights

Thursday, August 30, 2007 10:03:45 AM (W. Europe Standard Time, UTC+01:00)

Thursday, August 23, 2007

Online security and banks

Online security is one of the key requirements by financial customers today as they increasingly use the Internet to not only manage their financial transactions online but also to buy financial products. According to a consumer attitude study by Jupiter Research, banks that invest in and promote the security of their online websites stand to differentiate themselves from their competitors and win customers. This combined with the rapid growth in online phishing and identity scams and increasing regulatory pressure has ensured that online security is a critical concern among banks today.

Just like how there are global standards such as SWIFT, J2EE etc, there should be a central standard body that prescribes guidelines for banks to adopt with respect to security and also encourage banks to adopt these standards.

More at IndianTimes

Digital Identity | Highlights | International Cooperation

Thursday, August 23, 2007 11:04:38 AM (W. Europe Standard Time, UTC+01:00)

Wednesday, August 22, 2007

Virtualization security needed now!

For years, Inttra, an e-commerce logistics provider to the world’s largest cargo-shipping organizations, has been using virtualization on its back-end IBM mainframe and Citrix Systems servers in a secure environment. Now the Parsippany, N.J., company primarily uses IBM blade servers running virtual Linux machines. VMware’s virtualization technology on an Intel platform powers this New Data Center infrastructure.

Experts say it’s only a matter of time before malware writers weasel their way into the core of a virtual server platform. The article by By Deb Radcliff at Network World explains how to stop them.

Emerging Threats

Wednesday, August 22, 2007 5:07:56 PM (W. Europe Standard Time, UTC+01:00)

Tuesday, August 21, 2007

Identity attack spreads; 1.6M records stolen from Monster.com

The 46,000 people reportedly infected by ads on job sites may be only a fraction of the victims of an ambitious, multi-stage attack that's stolen data belonging to several hundred thousand people who posted resumes on Monster.com, a researcher said this weekend.

According to Symantec Security Analyst Amado Hidalgo, a new Trojan horse the company calls Infostealer.Monstres has stolen more than 1.6 million records belonging to several hundred thousand people from the job search service Monster.com. That data is then used to target the Monster.com users with credible phishing mail that plants more malware on their machines.

Read full story

Emerging Threats | Software Vulnerabilties

Tuesday, August 21, 2007 12:52:33 PM (W. Europe Standard Time, UTC+01:00)

CyberSecurity Malaysia launched as part of four initiatives to boost nation's ICT industry

KUALA LUMPUR: The country's information communication technology industry has been given another boost with the launch of four new initiatives to enable Malaysia to compete in the global technology-led environment.

The initiatives – the Malaysia Animation Creative Content Centre, CyberSecurity Malaysia, KnowledgeGRID Malaysia and eContent Fund Awards – are also expected to help reduce what Prime Minister Datuk Seri Abdullah Ahmad Badawi has described as "digital poverty".

CyberSecurity Malaysia is the result of the rebranding of the National ICT Security and Emergency Response Centre, to reflect the services and solutions the organisation provides for its clients and the public.

Read full story

Highlights | Watch, Warning and Incident Response

Tuesday, August 21, 2007 12:41:35 PM (W. Europe Standard Time, UTC+01:00)