CNAIPIC… a borderless center

On May 19, 2009 Italian news services announced the creation of a new governmental entity named CNAIPIC (Centro Nazionale Anticrimine Informatico per la Protezione delle Infrastrutture Critiche – National Center Anti-Computer Crimes for the Critical Infrastructure’s Protection. Sorry, still no website up to present.)

While CNAIPIC members will surely use their brains’ computing power to figure out how fight these hideous hacker out there, I wonder if they’re aware that “old school techniques” such as war dialing, still work against big infrastructure even after thirty years or so.

Instead of thinking how to build taller “chinese walls”, they’d better step back and check critical infrastructure default passwords or (supposedly) non connected modem and RAS.

Towards the ban of encryption

A BBC report pushed Italy into international hype, for Mr. Maroni (Lega Nord) Ministry of Home Affairs, backed by a group of public prosecutors, started an aggressive campaign against Skype, claiming that ?organized ?crime uses this software to protect their illegal ?activities. This is a clear shift towards encryption’s outlawing – or limitation of its use – that will negatively affects both human rights and private sector activities.

Italy has a “strong” tradition in trying to ban encryption. Key recovery and/or Key Escrow related issues were debated at least since 1995 A draft of one of the many amendments (not included in the final text) of copyright law known as “legge Urbani” tried to establish the principle that using encryption to protect P2P connection deserved a stronger punishment. If passed, this would have been the first provision outlawing the use of encryption.

The problem, nevertheless, is not limited to Skype. Mr. Maroni, launched a global initiative to “seize” technology from users. He first asked Telcos to provide their customers with static IP only (to better identify persons), then he pushed for the adoption of a National DNA Database because he got “reliable information” that in Italy there is a criminal mob dealing with human organs selling, then – all of a sudden – he become concerned about Skype…

It is unlikely that Mr. Maroni claims hide a “global plot” to kill human right. The truth is more sad: magistrates have scarce investigative resources, untrained law enforcement officer (not all, of course), insufficient monies, an erroneous belief that technology-based investigation is a good shortcut.
Basically, they’re scared by technology and – in a Pavlovian mood – their automated reaction to things like Skype is “forbid”, “ban”, “takeover”.

Does “Corporate Security” read “Espionage”?

After the investigation started by the Milan Public Prosecutor Office, another case of alleged rogue corporate security and law enforcement officer case hits mainstream media. Former Corporate security head of the Internationally known luxury firm Gucci, together with private investigators and law enforcement officers have been involved into a criminal investigation ran by Florence Public Prosecutor, with charges of computer illegal trespass.

Italian banks are not “victim” of phishing money laundering-side

On Oct. 10,02008 the Criminal Court of Milan issued an Order related to the criminal trial Docket Number 24919/05 RGNR stating that a bank whose customers were “affected” by successful phishing attacks, can seek for damages only against the phisher itself, while no civil action can be started against those who laundered the monies coming from the theft.

The people accused of money launderers, said the Court, had no part into the phishing attack, since they play their role only after the monies are stolen.

Another website preemptive seizure

On Oct. 10 the Justice for preemptive investigation of the Court of Milan issued a decree of preemptive seizure against a couple of websites charged of trading cigarettes. [ 1. That in Italy is a State monopoly activity, thus forbidden to everybody but those that applied for a special license]

This decree is a replica – but a smarter one – of the decree issued (and ovverruled) by the Justice of preemptive investigation of the Court of Bergamo, in the notorious Piratebay case. No clear order of DNS hijacking has been issued, but fact is that ISP’s have to “obscure” a network resource that is far too away from their reach. Thus, if they cannot remove the “charged” files, the only alternative is… yes, you’re right: DNS hijacking.