About Me

Bay Area, CA, United States
I'm a computer security professional, most interested in cybercrime and computer forensics. I'm also on Twitter @bond_alexander All opinions are my own unless explicitly stated.

Thursday, August 26, 2010

On the intersection between politics, law, and computer security

One major annoyance on the internet is spam.  Much of the spam that's out there are either phishing emails (attempts to get users to divulge sensitive information), viruses, or pharmaceutical advertisements.  Now, the White House is calling a meeting with the top internet domain registrars (the companies that sell domain names (such as http://www.google.com) to companies.  If Obama can get the major registrars to stop selling domain names to criminal organizations like these rogue pharma companies (which sell fake drugs for cheap), it would do much to cut down on their profits and thus the amount of spam they can pay people to send on their behalf.  This would cut down the amount of spam sent and the amount of hacking being done in order to subvert mail servers to send out spam.

Based on the email that Brian Krebs posted, it seems that they're only talking about voluntary measures so far.  Obviously, voluntary measures are only effective when everyone ignores the money that can be gained by violating them.  For a current example, see how effective the voluntary safety inspections at egg farms are.  These rogue pharma operations seem to be able to toss around a decent amount of money, so I doubt voluntary measures would do more than raise the price of the domain names they register for their illegal businesses.

Still, having such a high-level meeting at all and getting political attention to internet security issues like this one is a major first step.  Hopefully it'll eventually lead to global regulations that are effectively enforced with significant punishments for violation.  Until then, don't buy drugs advertised in misspelled emails.  Seriously, why would anyone buy something advertised like that ... and then swallow it?

And yet, people do.  As I'm writing this post, I stumbled across an FBI press release about a Canadian, Hazim Gaber, sentenced to 33 months in prison for selling fake drugs to cancer patients.  Although he is Canadian, he was arrested in Germany.  The international nature of these internet crimes makes enforcement quite difficult.  Interestingly, the press release mentions specifics about his crime.  Apparently he was advertising DCA, and experimental cancer drug.  He was charging $45.52 for 20 grams, but actually shipping a white powder containing starch and sugars (dextrose or lactose).  Absolutely medically useless, and his 65 known victims are incredibly lucky they didn't get something toxic.  Good job, FBI.

No comments:

Post a Comment