CeCOS II – Co-operation and Education is Key

I was at the APWG CeCOS II conference in Akasaka, Tokyo, Japan the last two days. It was encouraging to see many members from not only academics, security vendors, and anti-phishing groups but also many law enforcement agencies including Interpol, Kyoto Prefacture Police amongst others. There were also several presentators from the Online Gaming community.

Having such a diverse turn-out certainly helps push the greater awareness of a multinude of cyber crime issues. It was very encouraging to see everyone are agreeing on better co-operation in shutting down rogue sites, tracking the bad guys and protecting the users. There was also the video crew from NHK, to bring the CeCOS message across to Japanese TV viewers.

Dr. Uchida-san from The Institute of Information Security and Steve Sheng from Carnegie Mellon University (CMU) also presented a different angle of the issue, from the psychological and educational aspects. Both of which compliment the policy and technology countermeasures.

Shinsuke Honjo and I gave a presentation on Monday to highlight on how malware authors are now going all out to attack on victims from all cultures. They can craft spam, phishing sites or malware to target diverse cultures and groups of Internet users in the Asia Pacific region. It was interesting for us to have our research corroborated with data from other speakers at the event. Terence Park, researcher from KrCERT/CC, in particularly demonstrated how a Korean document viewer was used as a bait, to install a password stealer. This was another classic example of how malware authors, can be using different localized techniques to get their victims.

Overall, the message that seems to be very consistent throughout are – co-operation and education. In tackling a global issue like cyber crime, these are both important factors not only in tracking and prosecuting the criminals, but also in better protecting Internet businesses and users.