MPs warn of rise of identity-stealing bank-robbing malware

Filed Under: Featured, Law & order, Malware

PortcullisIdentity-stealing bank-robbing malware is a growing threat to Britain.

That's the conclusion not of the anti-virus industry, but of the UK Parliament's Science and Technology Select Committee who have published a report today calling on the Government to launch a "prolonged awareness raising campaign to increase public understanding of personal online security".

The problem, believe the MPs, is that the typical consumer is either clueless about where to look for information about securing themselves online or is bamboozled by the complicated jargon and buzzwords frequently used.

I strongly believe that greater awareness and education regarding internet threats is an essential part of fighting the problem, and it's encouraging to see the committee's report not only back this idea, but also to recommend that messages need to be customized carefully for the different generations of people using the net.

After all, a message designed for my 12-year-old niece is probably going to be different from the one we should give my wife's grandmother, who is in her nineties.

Sophos and Naked Security have long held the belief that using simple, easy-to-understand language to help computer users understand how to best protect themselves online is important, and we have - in the past - extolled the virtues of the government-backed GetSafeOnline website.


A key challenge, however, is that GetSafeOnline and other similar resources, tend to be known about only by those already involved in IT security, rather than the average person in the street. Frankly, that's preaching to the converted.

The only way to change this is by a properly funded broad awareness campaign.

In addition, we would hope that more resources be put in place to support the international fight against cybercrime. A computer crime committed in Solihull could be perpetrated by hackers based in St Petersburg.

ReportInvestigating crimes with an often international element is inevitably costly and complicated - but as this is a common attribute in criminal activity today, it must be addressed.

Greater training for the wider police force as to how cybercrime works would make many computer users more comfortable in reporting online crime to their local police.

I would like to make one note of caution about the committee's report. Much of the data referenced is supplied by security vendors, who - one can argue - could have a vested interest in hyping up the internet threat.

To avoid such accusations, proper systems must be put in place to make it easy for citizens to report internet crimes and malware attacks. If we have no independent way of measuring the threat, we have no way of telling if we are winning the fight, or if there is a need to put more resources into battling it.

For more information download a PDF version of the Science and Technology Select Committee's report.

, , ,

You might like

2 Responses to MPs warn of rise of identity-stealing bank-robbing malware

  1. edward desrochers · 1306 days ago

    people definitely need to be educated concerning the threat and scope of cybercrime-i have recently been a victim of identity theft and need all the actionable intel i can get about protecting myself and impart anything helpful to others.

  2. Nigel · 1306 days ago

    Good point about the difference between messages designed for a 12-year-old girl and a 90-something granny. I would add that there's an even more fundamental problem than how the message content is structured -- namely, how to communicate to clueless users that they should even pay attention to the message in the first place.

    I'm a sys admin for a geographically widespread network that comprises folks of all different ages, backgrounds, and levels of technical skill. Some of them are, for all practical purposes, technophobes. Others are just so busy with other things that it's a challenge to get them even to read security-related news or messages. They all say they recognize that security is an important issue, but they don't realize that "important" requires an investment of their time and awareness.

    I don't know the solution. I've tried everything, so I know how difficult it is to get folks to pay attention to security. Alas, I suspect that for most folks, what it will take is a serious security breach that compromises their systems, their data, their identity, or some other aspect of their property. They close the barn door after the horse has escaped.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley