« Time to Consider Quantum-Immune Cryptographic Solutions | Main | Security and the Great Game of Fly-Fishing »

We Give Our Enemies Too Much Credit

Thinking back on last week's NISC8 Conference, I have to admit to an uncomfortable feeling that we've been giving far too much credit to criminals, terrorists and spies. It's bad enough using respectable-sounding labels such as high-tech or white-collar crime. But I also heard several speakers making remarks such as "these people are smart" and "you need a holistic approach because they'll find your weakest point". This is not my experience, nor of leading authorities such as Donn Parker, who spent many years interviewing convicted computer criminals. They are rarely smart and seldom versatile, tending to operate with a narrow modus operandi. So let's not give them the respectability they don't deserve.

Tags:

Posted by David Lacey on May 25, 2007 9:40 AM |

TrackBack

TrackBack URL for this entry:
http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/6951

Comments (1)

Edward P Gibson:

Hi David,
Once again it is a pleasure to read an item that evokes the need for a response - I always enjoy reading about people who become experts because they 'have interviewed' criminals. To believe this, one must presume the 'criminal' is telling the interviewer the truth. Hmmmm....there is a reason the person is a 'criminal', and that generally involves a bit of deceit (i.e., LIES), but let's not get sidetracked, nor do I wish for my note to be derogatory towards Mr Parker or anyone else who seeks to find the holy grail by interviewing criminals. For if it weren't for such interviews, we would all be the worse for knowledge. Some criminlas actually 'must' tell someone everything, even more than everything . . . some distort the truth . . .and some don't know the truth because it has been part of their nature to deceive.

My point, David, it is dangerous to presume an interview of someone convicted of a crime is the truth, and even more dangerous to presume the reporter reports what was actually said, or what was 'heard' (you may have heard what you thought I said, but what I said is not what you heard). Again, not being critical - but providing what I know to be true based on experience having 'done this work on the street' as an FBI Agent.

I appreciate your providing space to respond - and more importantly, am grateful you report what you know to be the truth.

Most sincerely,

Ed
Edward P Gibson
Chief cyber Security Advisor
Microsoft Ltd UK
EdGibson@Microsoft.com

Posted by Edward P Gibson | June 2, 2007 3:06 PM

Posted on June 2, 2007 15:06

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on May 25, 2007 9:40 AM.

The previous post in this blog was Time to Consider Quantum-Immune Cryptographic Solutions.

The next post in this blog is Security and the Great Game of Fly-Fishing .

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type