Interpol's Virus Site Too Fluffy?

May 15, 2001

By Michelle Delio

http://www.wired.com/news/politics/0,1283,43787,00.html



Reader's advisory: Wired News has been unable to confirm some sources for a number of stories written by this author. If you have any information about sources cited in this article, please send an e-mail to sourceinfo[AT]wired.com.

Computer viruses are often illegal immigrants of the worst kind, e-mailed anarchists that, unbound by international treaties or domestic laws, can sneak across borders easily and infect machines around the world in a matter of minutes.

Given the global nature and effect of computer viruses, many experts believe that only an international partnership among security companies and law enforcement agencies would have any hope of stopping the ever-increasing threat of geopolitically disinterested viruses.

Security experts were excited, therefore, when the international police organization, Interpol, announced on Monday that it intended to step up its battle against cybercrime with a new section on its website offering advice on how to combat computer viruses.

"Computer viruses are a real threat. Our virus alert section will enable all computer users to keep up to date," Interpol's Secretary-General Ronald Noble said in a statement released by the organization's headquarters in Lyon, France.

But after reviewing the new security section on Interpol's site, many security experts said the agency had simply cobbled together a superficial overview of security issues, and had not provided any truly useful information to help businesses and governments combat viruses or attacks by malicious hackers.

"The absence of detailed information makes this site like a drop of water on a hot stone," said Roland Mueller, CEO of security firm Seculab, and chairman of the German Standardization Body on Security Techniques.

The computer virus section of Interpol's site is nothing more than a non-hyperlinked list containing the names of two viruses that were active in April, with equally skimpy entries for previous months.

There is no information offered on how to detect or protect systems from the mentioned viruses, or how to repair systems that have been infected -- information that is routinely provided at virtually all independent security sites.

"Simply reporting the names of selected (viruses) is not enough to help users lower the risk of infection," said Ken Dunham, a senior analyst at security firm AtomicTangerine.

But some experts felt that the agency's effort should be applauded, even if the site isn't as useful as it could be.

"The fact that agencies such as Interpol are getting involved in creating awareness on the latest virus threats shows how seriously police agencies today are taking the threat and impact of these viruses," said Vincent Weafer, director of security at Symantec's Anti-Virus Research Center.

"The value that (Interpol) has may be more in the creation of awareness rather than having the most up-to-date information on the latest threat," Weafer said.

Weafer also said that one of the major challenges with cybercrimes like virus creation is that they often transcend international boundaries, involving countries where cybercrime laws may, in some cases, be nonexistent.

Weafer said that virus writers often use permissive countries or regions as hosts for websites featuring their nasty, downloadable creations or propagate their viruses via e-mail addresses from inside these permissive countries, thereby avoiding prosecution under the stronger cybercrime laws in their home countries.

"If an agency such as Interpol can aid individual countries to strengthen their cyberlaws or help police agencies there understand how to detect and capture information related to virus crimes, that would be a most effective way to help combat viruses," Weafer said.

Interpol already collects and distributes information about cross-border crimes such as art thefts. It had also recently said it will be expanding its international intelligence efforts to include cybercrime, focusing specifically on stopping malicious hackers as well as virus writers.

But the Interpol website's information on how to secure networks and computers from hack attacks is only slightly more detailed than that provided by the site's virus section.

In a list of frequently asked questions on security, Interpol recommends running a firewall to block intrusions by hackers, but gives no details on how to select, configure or maintain that firewall, beyond cryptically noting that "it is necessary to administrate the system every time."

The FAQs section also answers the question, "What shall I do if a hacker is attacking my system right now?" with the rather unhelpful advice: "With an Incident Handling System you will be prepared to handle the incident."

"Frankly, the Interpol site looks like someone's class notes after attending a weekend workshop on network security," said Kenneth Vander, CIO of British security consultancy TechServ.

"They provide a sketchy outline of what you should do, but absolutely no hard information on how to do it," he said. "The whole thing is rather a waste, really. At best it might get people to explore further, but they haven't provided any links to facilitate that, either."

Seculab's Mueller believes the Interpol site is "definitely a step in the right direction" but agreed that while the site does a good job of telling companies what to do, it does not tell them how to do it.

Mueller also noted that some of the information provided on the site reflects the "highly politicized nature" of discussions on Internet security.

"There's a lot of political maneuvering in their discussions on cryptography and privacy, for example," Mueller said. "These subjects are more politically charged and divisive than the site's discussions on child pornography or trafficking in human beings."

Vander said it was a pity Interpol had not provided more in-depth information on security, because despite the political issues that arise in any international effort, he felt Interpol is "perfectly positioned" to help governments and business deal with cybercrime.

Interpol was established in 1917, and now includes representatives from 178 nations. Only 15 of those countries currently have laws in place that criminalize malicious hacking or the spreading of destructive viruses.

Some security experts said the only effective plan to combat viruses would require the full cooperation of private industry and government agencies.

"It would be great if Interpol, or a similar agency, could act as a unified one-stop global center for distributing real-time alerts on security issues and viruses," said Vander.

Alex Shipp, chief antivirus technologist at security firm MessageLabs, agreed with Vander. He said that MessageLabs and a few other antiviral companies already have technology that provides real-time information on virus threats, but no way to quickly communicate that information to law enforcement.

"We look forward to working with agencies that are committed to stopping cybercrime," Shipp said. "We can do the legwork of information identification, from viruses to spam, but the last step in crime fighting must be done by the long arm of the law."

Interpol did not respond to a request for comment on the agency's future plans for the computer security section of its website.

But Dave Kroll, director of security research at security software firm Finjan, said his company has been asked to work with Interpol to expand their website.

Finjan's suggestions to Interpol, according to Kroll, will include offering more detailed information about viruses, including real-time security alerts.

"(Interpol) has been very responsive to our comments and are interested in adding as much breadth and depth to their site as possible," Kroll said. "Stay tuned, because I think we'll see good things from Interpol soon."


main page ATTRITION feedback