Category: Computer Crimes

Posted on

How Do Cameron and Obama Are Going to Forbid This?

cipherThis is – the news is as recent as today – what the Italian Polizia di Stato found during a Ndrangheta (organized crime from Calabria) related investigation.

Although the cipher, in this case, is not that hard to handle for an expert codebreaker it shows that “old school” systems still work.

So, following the announced ban of side-to-side encryption application made by US Presidente Obama and UK Prime Minister Cameron (coupled with the statement by Italian Home Affair Ministry) I wonder how they’re going to fight this “new”, dangerous way to exploit the encryption.

Maybe outlawing paper and pencil?

Posted on

Does the French Intelligence Actually Have Such Big Gaps?

A significant part of the aftermath of an event is the so called “post mortem”: a thorough analysis of ? what went right, what wrong and why.

While “post-mortem” is a common practice within complex organizations and helps detecting flaws to be fixed or positive actions to be standardized, it must not be confused with the “rolling-barrell” attitude of putting the load of a (ex-post proven wrong) choice on somebody else’s shoulders.

As everybody outside the intelligence’s ? “inner circle” should, I neither claim to own the knowledge nor the expertise to assess the work’s quality and the assumed weakness of the French security system. But what I can say – relying upon my criminal trial lawyer experience – is that is always easier to find an explanation for something that happened once it happened, while it is very hard to “foresee” an event.

This is to say that once you know where to look for, the needle in the haystack is fairly easy to find. Or, put in other words, those who came late always look smarter than those who were there earlier: they already know where not to look at.

Whether the French intelligence services did a mistake or not, then, is of poor importance. Mistakes happens (much too) often and it wouldn’t be a surprise to discover that in the Charlie Hebdo massacre mistakes have been done.

But the best we can do is to learn from it, instead of publicly blaming people in the line of fire just for the sake of looking “smart”.

Posted on

The Italian Home Affair Minister To Call For Another Internet Crackdown

In the aftermath of the Charlie Hebdo massacre, as a way to improve the “safety” of the citizen, the Italian Home Ministry Affair, Alfano (a right-winger) ? called for:

  • a “registration” of “dangerous” websites,
  • a further enhancement of the ISPs duty to block access to
    (terrorism-related) Internet resources,
  • an exception to the data-protection regulation, to allow the law
    enforcement agencies to easily access “sensitive” data.

This is an exploitation of the recurring rhetorical locus: “enhance safety needs the fundamental rights to be weakened”.
It is easy to answer with an often quoted statement by Benjamin Franklin:

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

But this is not the point.

From a “terrorism” fighting point of view, what Alfano is calling for is simply useless.

If the target is to gather as much information as possible to prevent new attacks, blacklisting websites obviously doesn’t help. It neither stops terrorists from talking each-other, nor allows to spot upcoming threats.

If the target is to gather advance information to run “pre-emptive actions”, it is useless to “weaks” the data-protection regulation to ease the law enforcement agencies access to “sensitive” (i.e. political-related) information. Those who need a fast and direct access to such king of information, in fact, are the secret services (whose activities are neither handled nor reported to a magistrate) and not the law enforcement bodies, that can only act, in Italy, AFTER a crime has been committed (having, in this case, full access to everything they need, under the control of the public prosecutor.)

Then, a couple of questions:

  • why does Alfano calls for measures that don’t help fighting terrorism, but allow a crackdown against normal citizens?
  • why the ISPs should be burdened to act as censors and central scrutinizer on behalf of the government?
Posted on

Child Pornography And Computer Crime Still a Criminal Offense in Italy

Several misinformed Italian blogs are currently claiming that the Renzi-led government just passed a draft-legislative decree making child pornography and computer crimes no more a criminal offense.

This is not true because what the government actually did was setting the principle that as soon as a crime is punished with a jail term up to five years AND the judge thinks that the crime is of “minimum damage” then either the prosecution or the trial must end. To put it different: only “serious crimes” are going to be tried in court.

One may argue over the ethic or legal acceptance of the notion of “petty-vs-serious” difference (as Cicero use to said, what matters – and deserves the maximum punishment – is the act of killing, not the fact that you killed one man or hundred people) but this legislative decree only turns into a law what already happens on a daily basis in the Italian courts: a confession of failure, in other words.

 

Posted on

Our Digital Health And Electronic Money. IT Security Gets Tough

Let’s say the truth: IT security is just a bubble that no “serious” manager cares of. There is no possible explanation for the fact that today we keep talking about the very same things I’ve heard back in the early nineties, sold by somebody who wants to re-invent the wheel. But the indirect Paypal attack against Apple targeted at the upcoming Applepay platform and the spin put on the health-related application ? might change the situation: a (very)personal computing device allowing to manage the two most critical things of a (Western) human kind: health and money.

Can a company really afford to market software pre-release as “final” just to meet a marketing-set deadline? Or lure people into trusting a payment platform, risking to become liable in case of problems caused by a poorly implemented security?

It is really (still) possible to discharge any liability with a “simple” contract and put the barrel on the users’ shoulder when serious issues are involved?

IT companies should carefully think about it before entering into a sector where people aren’t so keen in just waiting for the next fix or hardware upgrade. They might be dead or bankrupted, in the meantime.