MPs warn of rise of identity-stealing bank-robbing malware


PortcullisIdentity-stealing bank-robbing malware is a growing threat to Britain.

That’s the conclusion not of the anti-virus industry, but of the UK Parliament’s Science and Technology Select Committee who have published a report today calling on the Government to launch a “prolonged awareness raising campaign to increase public understanding of personal online security”.

The problem, believe the MPs, is that the typical consumer is either clueless about where to look for information about securing themselves online or is bamboozled by the complicated jargon and buzzwords frequently used.

I strongly believe that greater awareness and education regarding internet threats is an essential part of fighting the problem, and it’s encouraging to see the committee’s report not only back this idea, but also to recommend that messages need to be customized carefully for the different generations of people using the net.

After all, a message designed for my 12-year-old niece is probably going to be different from the one we should give my wife’s grandmother, who is in her nineties.

Sophos and Naked Security have long held the belief that using simple, easy-to-understand language to help computer users understand how to best protect themselves online is important, and we have – in the past – extolled the virtues of the government-backed GetSafeOnline website.


A key challenge, however, is that GetSafeOnline and other similar resources, tend to be known about only by those already involved in IT security, rather than the average person in the street. Frankly, that’s preaching to the converted.

The only way to change this is by a properly funded broad awareness campaign.

In addition, we would hope that more resources be put in place to support the international fight against cybercrime. A computer crime committed in Solihull could be perpetrated by hackers based in St Petersburg.

ReportInvestigating crimes with an often international element is inevitably costly and complicated – but as this is a common attribute in criminal activity today, it must be addressed.

Greater training for the wider police force as to how cybercrime works would make many computer users more comfortable in reporting online crime to their local police.

I would like to make one note of caution about the committee’s report. Much of the data referenced is supplied by security vendors, who – one can argue – could have a vested interest in hyping up the internet threat.

To avoid such accusations, proper systems must be put in place to make it easy for citizens to report internet crimes and malware attacks. If we have no independent way of measuring the threat, we have no way of telling if we are winning the fight, or if there is a need to put more resources into battling it.

For more information download a PDF version of the Science and Technology Select Committee’s report.