Eric Freyssinet is responsible for cyber crime projects to the general direction of the national gendarmerie. He gave, Thursday, April 7, the opening of Hackito ergo sum, in Paris, an international conference on computer security. He returned on the reports of the gendarmerie with hackers, a term that refers to "hackers" who are passionate about computer security.
Is not it a bit strange that a policeman who makes the keynote address at a conference of hackers? Not at all, just look at the program of these three days: this is a conference that evoke in detail issues which concern the security police. This morning, for example, one of the conferences dealt with how systems are secure remote opening found on the car keys: this has direct relevance to the investigation of vehicle theft.
The latest research advances in computer security is very important. The work done by researchers who come to these conferences, they work in a company, university or at home for pleasure is a form of investigation. The British call it forensic, research evidence, which is also the mission of the police.
You've explained them how your services and said that the French law on information security. What message did you want to go? First explain what we do. I'm not here to encourage vocations, but rather to break the ice. I think it is also important to convey a message about the limits defined by law, and how we apply it in France.
There are flaws in how the hacker community, broadly defined, is expressed. For example, there is no word in French to describe the "white hat hackers" [hackers "virtuous", motivated by the scientific research of the fault, opposed to English "black hat hackers are motivated by the greed or the desire to exploit the vulnerabilities discovered].
The community plays with this ambiguity, but also complains that the press not to make a difference. In general, we would like to see more of codes of conduct displayed and highlighted, for example at conferences: we need a certain ethic. And I am also present at conferences to hear what the community has to say, simply, understand their desires, their problems and constraints.
This ambiguity also exists on forums and sites where the community sharing experiences, findings and tools, which are often a gray area where crooks are trying to recruit partners. It has everything: we have seen recently where a forum where the stated goal was to commit crimes. Even if it was more like a school yard than anything else, there was no debate on the nature of participants' intentions.
There must be places of exchange, but beware of the infiltration and manipulation. Everyone should have clear boundaries: for example, we do not test directly on the servers of a company that did not ask! Similarly, fully disclose the existence of a security flaw and how to exploit it, the so-called "full disclosure" is irresponsible in my opinion, today, this type of information flows extremely quickly, and will be utilized by people driven by bad intentions.
These infiltrations and these manipulations are they the result of crooks isolated or organized crime? The two scenarios exist. These people who try to recruit hackers for crimes exploiting loopholes in their own way they deceive people. The motivation of those recruited in this way is not always money: they may have been misled, or see these "missions" as a way to develop their skills.
The risk states infiltrate and manipulate members of the community also exists, we must not close our eyes. The police practice she herself infiltration? No, because today we do not have the legal tools that we allow. The investigation is a pseudonym for the time reserved for minor violations and the field of play, of course, when these forums or sites are completely open, we can consult for information.
This tool is missing, especially when we investigate fraud involving credit cards. We would like to dispose, so framed, namely to control the judiciary, and without "cause offense". Somehow, when police investigators posing as children online to unmask potential predators, they "cause offense" ...
Unfortunately, the situation is so bad in France that we do not need to bring anything. We most often deal with criminals who think they are completely free, motivated by an obsession and operate in a pattern that has no limits. We are faced with few instances of handlers perverse, most often these are people who act on impulse.
Of course, the investigation under a pseudonym has its limits and we have not fully answered all the questions it raises. But it can also identify people who escape to other modes of inquiry, such as those that do not exchange or few images of child pornography, and are therefore difficult to detect by this means.
Given the number of its missions, the number of cybercrime division seem weak. We are approaching our target of 250 investigators, which in turn form the gendarmes volunteers across the country, according to the requests and profiles. Of course, we would be more numerous in the central, but the state must make choices and balance between all the missions of the gendarmerie.
And computer security is everyone's business: the fight against networks of zombie computers (botnets) or holes also requires companies and the protection of children by the vigilance of parents.
Is not it a bit strange that a policeman who makes the keynote address at a conference of hackers? Not at all, just look at the program of these three days: this is a conference that evoke in detail issues which concern the security police. This morning, for example, one of the conferences dealt with how systems are secure remote opening found on the car keys: this has direct relevance to the investigation of vehicle theft.
The latest research advances in computer security is very important. The work done by researchers who come to these conferences, they work in a company, university or at home for pleasure is a form of investigation. The British call it forensic, research evidence, which is also the mission of the police.
You've explained them how your services and said that the French law on information security. What message did you want to go? First explain what we do. I'm not here to encourage vocations, but rather to break the ice. I think it is also important to convey a message about the limits defined by law, and how we apply it in France.
There are flaws in how the hacker community, broadly defined, is expressed. For example, there is no word in French to describe the "white hat hackers" [hackers "virtuous", motivated by the scientific research of the fault, opposed to English "black hat hackers are motivated by the greed or the desire to exploit the vulnerabilities discovered].
The community plays with this ambiguity, but also complains that the press not to make a difference. In general, we would like to see more of codes of conduct displayed and highlighted, for example at conferences: we need a certain ethic. And I am also present at conferences to hear what the community has to say, simply, understand their desires, their problems and constraints.
This ambiguity also exists on forums and sites where the community sharing experiences, findings and tools, which are often a gray area where crooks are trying to recruit partners. It has everything: we have seen recently where a forum where the stated goal was to commit crimes. Even if it was more like a school yard than anything else, there was no debate on the nature of participants' intentions.
There must be places of exchange, but beware of the infiltration and manipulation. Everyone should have clear boundaries: for example, we do not test directly on the servers of a company that did not ask! Similarly, fully disclose the existence of a security flaw and how to exploit it, the so-called "full disclosure" is irresponsible in my opinion, today, this type of information flows extremely quickly, and will be utilized by people driven by bad intentions.
These infiltrations and these manipulations are they the result of crooks isolated or organized crime? The two scenarios exist. These people who try to recruit hackers for crimes exploiting loopholes in their own way they deceive people. The motivation of those recruited in this way is not always money: they may have been misled, or see these "missions" as a way to develop their skills.
The risk states infiltrate and manipulate members of the community also exists, we must not close our eyes. The police practice she herself infiltration? No, because today we do not have the legal tools that we allow. The investigation is a pseudonym for the time reserved for minor violations and the field of play, of course, when these forums or sites are completely open, we can consult for information.
This tool is missing, especially when we investigate fraud involving credit cards. We would like to dispose, so framed, namely to control the judiciary, and without "cause offense". Somehow, when police investigators posing as children online to unmask potential predators, they "cause offense" ...
Unfortunately, the situation is so bad in France that we do not need to bring anything. We most often deal with criminals who think they are completely free, motivated by an obsession and operate in a pattern that has no limits. We are faced with few instances of handlers perverse, most often these are people who act on impulse.
Of course, the investigation under a pseudonym has its limits and we have not fully answered all the questions it raises. But it can also identify people who escape to other modes of inquiry, such as those that do not exchange or few images of child pornography, and are therefore difficult to detect by this means.
Given the number of its missions, the number of cybercrime division seem weak. We are approaching our target of 250 investigators, which in turn form the gendarmes volunteers across the country, according to the requests and profiles. Of course, we would be more numerous in the central, but the state must make choices and balance between all the missions of the gendarmerie.
And computer security is everyone's business: the fight against networks of zombie computers (botnets) or holes also requires companies and the protection of children by the vigilance of parents.
- New Vegan Biscuit Mix Shipping Tomorrow! (28/03/2011)
- Building Professionals Back CertainTeed Vinyl Siding for 15 Years Running, Give Top Rankings to Insulated Siding and Decking (05/04/2011)
- Reporting Hackers (06/04/2011)
- Tatouage : le droit d'auteur dans la peau (07/04/2011)
- Le train - Mumbai (Bombay), India (30/03/2011)
No comments:
Post a Comment