The security minister Lord West has been slammed for hinting that former hackers are being recruited by Britain’s security forces to help protect IT infrastructure from malicious online forces.
Lord West unveiled the UK government’s cybersecurity strategy last week, and announced the new Cyber Security Operations Centre that would begin functioning in September. Britain has a grim catalogue of health data breaches.
During interviews, West said the centre would need the expertise of former “naughty boys”, but the government would not employ any “ultra, ultra criminals”. He said: “You need youngsters who are deep into this stuff. If they have been slightly naughty boys, very often they really enjoy stopping other naughty boys
A similar strategy in the U.S. also met with criticism.
In Canada, a group of five Canadian IT associations have recently joined forces to launch a national security research group in an effort to advance the country’s cyber security strategies.
However former hackers such as Micahel Calce of Montreal, aka Mafiaboy, have always been sought by enterprise and government organizations to provide them with a better understanding of the underground hacker community.
Britain’s plan has met with derision from security vendors.
Rik Ferguson, senior security advisor at Trend Micro, wrote in his blog:
“This sounds like the kind of people that have been disparagingly referred to as script-kiddies for many years now and I really can’t see their value to national security or law enforcement. Would it be fair to paraphrase this as ‘We have hired some hackers, but don’t worry, we didn’t hire the successful ones’?”
Rob Cotton, chief executive of independent security consultancy firm NCC Group, commented:
“You have to wonder whether this is actually some kind of huge joke. Recruiting criminals to defend the country from potential cyber terrorism is ludicrous. Putting these amateurs, who have no formalised knowledge or training, in charge of national security beggars belief.”
Cotton said a national cyber security outfit should be made up of “professionals … not a bunch of criminals who get their kicks from undermining national security.”
“This response to a much needed service serves to highlight the amount of thought the people at the top are putting in to cyber defence strategies – none.”
Graham Cluley of Sophos questioned the focus , and called on the government to help raise awareness about internet security for businesses and citizens. According to Cluley, governments around the world should not just focus on ‘cyberwarfare’ but also “clean up their own back yard” to shut down botnets run by criminals.
“There can be a tendency for governments (and Barack Obama’s recent speech on computer security was guilty of this) to emphasise the threat posed by other countries and terrorist groups who might use the internet for their own purposes. My belief, however, is that there is a significant problem much closer to home. Over per cent of all spam is being sent from botnet computers owned by regular members of the public. Those computer users don’t know that their PCs have been hacked into, and are under the control of cybercriminals who are using them to spread spam, distribute malware, steal identities and launch distributed denial-of-service attacks.”
Christopher Boyd, director of malware research for FaceTime Security Labs, also blogged his opinions :
“UK law enforcement tackling cybercrime is like Stevie Wonder playing Dance Dance Revolution. And all these ancient Government type guys who are older than the telephone need to get out of the way and stop talking about computers, technology and (most of all) script kiddies, because they have absolutely no idea what they are talking about.”