EU Hi-Tech Crime Agency Created

Gori writes "The European Union is setting up an agency to co-ordinate work to combat the rising tide of cybercrime. The European Network and Information Security Agency will help educate the public about viruses, hacker attacks and other security problems. It will also act as a co-ordinator for Europe-wide investigations into virus outbreaks or electronic attacks. ENISA has a budget of 24.3m euros (17m), will start work in 2004 and will initially be based in Brussels."

I hear

They've already exployed Inspector Gadget and his niece Penny. Go go Gadget-hacking!

Re:I hear

[larry+bagina]

I'd like to inspect her gadget.

Re:I hear

[advocate_one]

Is that a dongle in your pocket or are you pleased to see me???

No let-up for MS within the EU

[Space+cowboy]

Well, given that the EU are taking viruses seriously, perhaps MS will start to get some less-than-wonderful press over here.

Perhaps the EU can hold seminars, teaching MS employees what's good and bad about virus protection. Hint: the 'execute' bit has a fair old say in the matter :-)

Simon

Re:No let-up for MS within the EU

[wagemonkey]

Perhaps the EU can hold seminars, teaching MS employees what's good and bad about virus protection. Hint: the 'execute' bit has a fair old say in the matter :-)

What execute bit? There's no such thing on windows.
And MS haven't made any l?[iu]n[ui]x software that I can recall.
I think suggesting that the EU execute MS employees is a bit extreme - I'm as anti-MS as most reasonable people but that's a bit extreme. If you'd said stocks, pillories, that sort of thing then well, that's a different matter. :-)

Re:No let-up for MS within the EU

Hint: the 'execute' bit has a fair old say in the matter :-)

No worries, executions only happen in US and other savage parts of the world. EU is too civilized for capital punishment. And I hear that in US, they only execute you if you share music and video files, but not if you spread viruses. Viruses help the anti-virus and system administration industries thrive, so they're ok by the gobment.

Re:No let-up for MS within the EU

[Space+cowboy]

You know, that puts a whole new spin on things. We haven't had a bloody uprising in Europe in ages. Madame la guillotine stands gaunt from lack of sustenance.

Oh all right, but I think viruses would be somewhat more prevalent if something got chopped off for every 1 million infections :-))) Choice of "bit" to chop done to be decided by (non-electronic) vote of thos infected :-))

Simon

Re:No let-up for MS within the EU

[sosume]

And MS haven't made any l?[iu]n[ui]x software that I can recall

Well, I guess you haven't been around long enough... remember Microsoft Xenix? Microsoft was actually one of the largest UNIX vendors in the early eighties.

Re:No let-up for MS within the EU

MS made IE for Solaris, for a start.

Re:No let-up for MS within the EU

[Shinobi]

No, but in 2k/XP/2k3 there are ACL's instead, and included there is the permission to execute.
Quite functional, and do everything permissions do, plus some more.

If you bother to learn it. Which most normal users and all too many Unix and Linux users don't(And then whine about how Windows doesn't have permissions)

Re:No let-up for MS within the EU

I haven't met any actual Linux users who say anything of the sort about (NT) windows. In fact, it's widely acknowledged within the serious linux community that linux's traditional-unix user/group security is underpowered and in need of augmentation/replacement with ACLs (commercial unix moved ACL-wards many years ago) - there are patches available for ACLs already, they will be part of the official kernel (and including filesystem support for ACLs in ext3) in the Linux 2.6 release, AFAIK.

Re:No let-up for MS within the EU

[Ianoo]

Also they produce lots of Mac OSX software. There's also Internet Explorer for UNIX, although I've never seen it in action, it's very very rare.

Re:No let-up for MS within the EU

[Shinobi]

Unfortunately, I've met quite a bunch, and seen enough posters here on Slashdot go on about it.
I know that Linux will be getting official support for it in ext3 etc, and I've been trying out the posix-acl's on my box here. I've been using ACL's with XFS on Irix a lot, and some with XFS for Linux.

Re:No let-up for MS within the EU

[belroth]

Yep, you can even script it if you dig a bit.
ACLs are a finer-grained solution than the unix permissions, but ideally I'd have a combination the two.

Education is key...

[shakamojo]

This is refreshing, instead of primarily focusing on making restrictive laws and "cracking down on hackers" they're doing what should have been done a long time ago, putting the priority on educating people about actual and potential security threats. I hope it works well, and I hope that the U.S. takes notice of this, since an educated public would be the best defense against viruses and cracking (and would hopefully shut down the media's "chicken little" syndrome when it comes to viruses)

Re:Education is key...

[Tsali]

We have a privately funded group called the RIAA to handle such matters.

Thank you for your consideration.

T.

Re:Education is key...

[jpmahala]

Smells like the BSA. They have no legal or judicial authority, yet they sound important and brandish a Big Stick to make people believe that they have some power. While I think that this agency can do some good, they are little more than an educational institution.

Because they are multinational, they will have no power whatsoever within any single country.

Re:Education is key...

Unfortunately, what it REALLY seems to be is Arlene McCarthy (yes, the bitch who is pushing for european software patents) trying to get the European Union to fall into line behind Mcirosoft's NGSCB/TCPA/Palladium crap.

i.e. Betrayware-in-silicon required in all computers in the EU.

This is pure evil. Well, at least if MS or Intel rather than you the owner of the damn computer holds the keys.

for slow US readers like myself...

[wwest4]

17 m GBP, not dollars... for a minute there, i thought the euro got a lot weaker real fast. good thing i didn't order plane tickets before realizeing my mistake.

Re:for slow US readers like myself...

[edubarr]

Yeah, I just noticed it myself...
24m Euros is actually close to U$28.5m

What kind of "hackers" will they catch?

[LeoDV]

Not to sound like ESR, but "hackers" is too widely used as a blanket statement for anyone who does things with computers that you don't understand. "Hackers" can be people who infiltrate networks, write/spread viruses, launch DDoS attacks, but also spammers, or even filesharers.

So I'm wondering what kind of "hackers" this agency is going to go after, the people behind virus attacks, DDoS attacks, spammers, etc., or are they just going to nab a few filesharing teenagers to make the headlines?

Re:What kind of "hackers" will they catch?

[potcrackpot]

Fool!

The article says:

"[ENISA] will help educate the public about viruses, hacker attacks and other security problems. It will also act as a co-ordinator for Europe-wide investigations into virus outbreaks or electronic attacks."

Seems clear enough to me: virus writers, denial of service attackers, but not spammers.

Re:What kind of "hackers" will they catch?

terrorists?

Re:What kind of "hackers" will they catch?

Only the bad ones.

High tech Bobbies to nab cyber hooligans!

[Kenja]

They'll just send an email saying stop, or I'll say stop again.

Yeah, tell me about it...

[heironymouscoward]

My Brussels company is actually involved in a cybercrime case (one of our ex-employees woke up one day and decided he wanted to trash our CVS).

The EU has had a cybercrime convention that was passed into law in Belgium in 2000, three years ago. The very first case is currently appearing in court. Until today, cybercrimes have mostly been classified under random sections of the criminal act such as "theft of electricity", "abuse of confidential information", and so on.

Belgium actually has a specialized cybercrime cell in the prosecutor's office. But it's still a very new area and could do with some better coverage. Few people know, for instance, that hacking one's own company is actually considered much more serious than hacking from "the outside", in the case of our departed hacker, worth between 18 months and 3 years in prison.

No-one really knows what counts as "evidence" either, and since laws in most European countries are not based on court cases but on statutory definitions, we don't even know if emails and expert's reports count as evidence.

I think cybercrime will be very important in the years ahead, as more and more business-critical information is stored in databases that can be accessed from the other side of the world if one knows the correct passwords.

Re:Yeah, tell me about it...

[a126]

Can we talk about this (in private)? exchange mails? meet or telephone? I am located in Brussels. I am new to this site and not sure how this postings work.

Re:Yeah, tell me about it...

Theft of electricity?

But you have to send all the electrons right back! That isn't theft!

[insert mindless mis-analogy about copyright violation here]

Re:Yeah, tell me about it...

[heironymouscoward]

:) Posting a phone number, or even an email address to Slashdot would be rather indiscrete.

Reply to my latest journal posting, we will continue the discussion there.

This smells fishy !

[Katchina'404]

This smells fishy already... Apparently the parliament rapporteur is none else than the infamous Arlene McArthy (of Europen Softwre Patents fame). And she's already making propositions to have the Agency support TCPA / "Secure Computing" stuff...

Check it here...

Re:This smells fishy !

you know what smells fishy? fish. You know what else smells fishy? the pink that winks and stinks

Re:This smells fishy !

get her to eat lots of strawberrys. it helps.

Re:This smells fishy !

Or, tell her to quit shoving tuna up her pussy.

(I've heard of 2 girsl that did that in order to get the cat to play with her...ugh)

Re:This smells fishy !

[Elektroschock]

http://lists.ffii.org/mailman/listinfo/enisa/index .html - ENISA Mailing list

Hang on...

They said "cracking down on hackers"? The correct way of putting it would be, cracking down on crackers, as I'm sure most of you know.

Re:Hang on...

Crackers and hackers. Crackers for removing the protection of computer software, and hackers for unlawfully entering peoples computer systems without permission.

cybercrime..

[flipo]

Fine they want to educate people. I just dont see most people understanding. In the end it'll probably just turn into a waste of money for the tax payers. Thank god I live somewhere else.

Re:cybercrime..

[wa1ter]

Yes, it's terrible wasting money on education when we could use it to make our armies so much stronger. Glad to see his tax money wasted on education, W.

24.3m euros (17m)

[sonoluminescence]

17 million pounds?

That should just about pay for the coffee.

exchange rate is wrong

[JeffSh]

whoever wrote up this article must be using really old exchange rate tables. 24.3 million euros is worth closer to 29 million US Dollars, not 17 million

Re:exchange rate is wrong

[JeffSh]

*sigh*

read the article on BBC and noticed they quoted it as 17 million POUNDS.

why was the pound symbol left out of the slashdot posting? weird..

Re:exchange rate is wrong

[cwernli]

And why should it be in pounds anyway, when it's an EU project AND based in Brussels ?

Re:exchange rate is wrong

BBC is a British website, course they are going to convert it to Pounds!

Re:exchange rate is wrong

[DAldredge]

Because the article was written by a BRITISH news outlet?

Re:exchange rate is wrong

[wagemonkey]

And why should it be in pounds anyway, when it's an EU project AND based in Brussels ?

Perhaps because it's a BBC website?
As in British Broadcasting Corporation - it's fairly normal for a site to give local equivalents for amounts in foreign currencies.

Re:exchange rate is wrong

[cwernli]

Sorry for replying to my own comment, but that's the best way to clear it up. I rather intended to say: Why does it get referred to on /. in pounds ? The usual euro/dollar pair would make much more sense.

Re:exchange rate is wrong

[drinkypoo]

Want to ask a better question? Why was the word "anti" left out of the headline "EU Hi-Tech Crime Agency Created"? It makes it sound like a new criminal organization has been spun up by the government (well, that's the way it works here in the US, I can't imagine the UK who we learned all our behavior from is any different.)

Re:exchange rate is wrong

[baaa]

If you notice, the article is from BBC, therefore, being in pounds make perfect sense to me!
Also, probably Gori is british, so pounds make perfect sense to him too!

Re:exchange rate is wrong

why was the pound symbol left out of the slashdot posting?

Because michael couldn't figure out how to display it in HTML, of course.

In other news...

Businessweek reports that Bill Gates has already given away half of all that money he has to charity.

Maybe Microsoft isn't that evil..

European Security Agency?

[mashx]

When I first read this, my first thought is that it seems to be a sneaky way to introduce a European equivalent of the NSA, without the security concerns that would involve on each member nation of the EU. It might only have a small budget now, but if the general idea is not to be too obvious that makes sense. The fact that its role will be up for reassessment in four years time could be used as an indicator for that.

I'll put my tinfoil hat back in the cupboard for another day.

Re:European Security Agency?

[scorilo]

Good point. I actually wondered why they haven't simply called it EuNetPol, but I guess that would've been too simple and obvious. Or, maybe simplicity in an public organization's name it's a sign of accountability which is why it needs 2 b obfuscated :)

Agents' ID to be glowing wrist-lens

[StefanJ]

Well, not really, but that's the first thing that popped into my head when I read "Hi-Tech Crime Agency."

Stefan

Re:Agents' ID to be glowing wrist-lens

[junior]

I like that one. I guess Virgil Samms would head it up? Junior

Is this agency going after real crime?

[spidergoat2]

Or is this going to be the EU version of the Software Business Alliance, whose idea of crime is copying software?

Re:Is this agency going after real crime?

[Elektroschock]

In fact that is true. It was initiated by the BSA and its Eu-Parl servants Plooij van gorsel and McCarthy

And the headline will be...

[sczimme]

"John Plod's Boffins Nab Daft Hackers' Kit - Wary Punters Shed Crap OS, Naff Situ Goes All Pear-Shaped"

This has been an excerpt from the new book "All I Needed to Know about English I learned from The Register".

PS Not Brit-bashing at all. I find the UK historically and linguistically fascinating.

P,ENISA

I sure hope the President of this organisation doesn't abbreviate his business card as above... ;)

Wait...

Crackers do both. Hackers are quite different.

Only partly

[phorm]

Education helps protect people against your average dummy-attack (email trojan, open share, etc). Doesn't do much against the latest RPC vulnerability etc, or perhaps a DDOS.

Law enforcement does need to deal with this situation. It also needs a body that understands it clearly and doesn't view anyone proficient with a computer as a "mysterious hacker/cracker capable of being a threat."
br Even with education, you'll only reduce dumb slip-ups, not totally remove them. For the rest, we need an easier way of dealing with crackers. When it gets to the point of threats such as "pay us $50000 or we'll see your servers DDOS'ed into hell," I'd say that technical crime is just as bad as physical, and it does need to be dealt with.

Re:Only partly

[Jugalator]

Education helps protect people against your average dummy-attack (email trojan, open share, etc). Doesn't do much against the latest RPC vulnerability etc, or perhaps a DDOS.

Well, the latest RPC outbreak could be prevent if Windows users was aware of the risks of not keeping their operating systems up to date by applying critical updates from Windows Update, preferrably through the service you can activate that auto-downloads critical fixes and alerts you when some patch should be applied.

I agree about DDOS attacks though. These are nasty. However, as I understood it, that was the other part of this new crime agency's purpose.

Teach me to 'preview'...

[Space+cowboy]

Doh! That should be 'less prevalent'...

Simon.

how many pages will their charter have?

[ChipMonk]

After all, the EU constitution has 230 pages. All it needs are a better plot, and some character development...

Only 17m?

[Seby123456]

Lovely, 17m to help educate the people of europe about computer security problems, except that most of that will be swallowed up in translation costs for all the different european languages...

Re:Only 17m?

It's "educate" in the propaganda sense, not actual teaching - this is a drive from the Arlene McCarthy/ pro-Microsoft camp, and will presumably include extolling the wonders of TCPA/Palladium/Whatever the hell they're calling it now.

Re:Only 17m?

[smg_mrBlonde]

Translation costs?

You just wanted to point out something negative about the EU, right?

IMO even if 10% is swallowed up in translation, it wil be more efective then puting a bounty of $250,000 on hackers.

Amusing tale about currency conversion

[NickFitz]

As most people are aware, newspapers have a house style which dictates such matters as how dates are shown, whether to have a full stop after "Mr", and such-like details.

The Daily Telegraph house style dictates that, when an amount is given in a foreign currency, it should be followed by the equivalent in GBP, in brackets.

Sometime in the '70s, this led to a front-page photograph appearing with the caption:

Mrs Elizabeth Taylor arriving at Heathrow Airport yesterday. She told waiting journalists, "I feel like a million dollars! (647,000 GBP)"

(Out of curiosity, does anyone know why /. doesn't allow the pound sterling symbol in posts?)

Re:Amusing tale about currency conversion

[Carewolf]

(Out of curiosity, does anyone know why /. doesn't allow the pound sterling symbol in posts?)

Slashdot doesnt allow anything unamerican in its posts. Try to write foreign names for example, or anything using letters other than a-z.

Kind CEO.

[Pebble]

Dear CEO.

My reserch has proved you to be a persons of trust on whome we can trust.

I represent the offices of Jhon Ashcroft. A recent internet sting operation was over funded by $37,600,000 (Thirty seven point 6 missions USD). You may have read about this. This was deliberate. We now seek a persons of trust for whome we can reliy. We need a persons to set up a zero balance offshor account whos name we can put the money in. And for this service we are willing to pay 20% of the $37,6000,000.

Please God willing you a safe person who knows how to keep a secret. Please the sake of my sister who is in a refrugee camp and mother is dying. This monye will save our lives. God be with you kind CEO.

Dr Romeo Tango. (Minisry of internet fraud).

(Yeah I know it should be all caps but i wanted to save your eyes!).
(sorry couldnt resist posting it again!).

Brussels, Brussels

[claes]

Almost every EU agency seems to end up in one of a few places: Brussels, Strasbourg, Frankfurt. In Sweden, we have, as far as I know not a single EU agency. Not surprising that EU is so unpopular here when everything is centralised like this. I have been a supporter of EU , and still am, but if it continues like this, I wonder what is the point. Decentralise!!!

Enisa is a trap

[Elektroschock]

Initators of ENISA are software patent lover Arlene McCarthy (UK labour) and the doubtful European Internet Foundation (see disinfopedia).

Association Electronic Libre (Belgium) has monitored the ENISA situation .

It is probably initiated by Business Software Alliance. Many observers regard the EIF as a parliaments prostitution camp. This may be a strong comment. However, I guess ENISA will promote Digital Rights Magemenent, Palladium and so on. It will not compare to well respected security institutions like German BSI.

I know the key persons and we knwo the aganda.

This bears watching

[Mr.+Dop]

To see if two things happen;

Cooperation between the US and EU instead of what happened with Data Privacy and Safe Harbor.

See if they advocate education route with security or regulation route with licensing users for access to the public arena

I see a Scott Bakula show in the works

[serutan]

Soon as Enterprise folds up.

A veteran American police detective, forced out of his New York job by a scandal he didn't cause, moves to Brussels to head up a special, babe-filled division of ENISA that tackles the cases the rest of the agency can't crack.

oh..

yeah, stop those evil horrible hackers! they're just and evil injustice to humanity!

Seriously, I find it funny that europe sees hackers as more of a threat than Saddam was.

I guess killing masses of people is not as bad as hacking.. hmm.. maybe this'll give me the chance to ethically cleanse the world of stupid people.

wish me luck.

Re:oh..

[mrtroy]

Hacking is the worst crime ever!

Killing people is ok, as long as its not in your country. Its easy to turn a blind eye.

But HACKING? It crosses borders!

One American losing 20$ == 10,000 foreigners killed in political eyes

EU Agenciencies are quite distributed...

[Kinniken]

According to the official list (http://europa.eu.int/agencies/index_en.htm), the 15 current agencies are located in:

THESSALONIKI, Greece
DUBLIN, Ireland
COPENHAGEN, Danemark
TORINO, Italy
LISBON, Portugal
LONDON, UK
ALICANTE, Spain
BILBAO, Spain
ANGERS, France
LUXEMBOURG, Luxembourg
VIENNA, Austria
THESSALONIKI, Greece (again!)

The last three are new and do not have fixed locations yet. So it looks like the EU agencies are in fact concentrated in... THESSALONIKI, Greece! At least one of the new agencies will probably end up in Finland - not quite Sweden but not too far out either ;-)
Note that those are EU agencies, working in a specific field, and not EU institutions, like the Commission, the Parliament, or the ECB. The first two belong in Brussel IMHO - placing one in Portugal and the other in Finland would be good "decentralisation", but it would simply multiply traveling expenses.

more to come

Just like the Chinese are going to embarass the US into getting off their ass in space exploration, the EU is going to show the US that something can actually be done about Cybercrime. It's about time. Too bad someone will probably have to figure out a way to blow up a federal building over the Internet before the American government decides it's worth looking into.

It's funny....

[micaiah]

How in all of these articles from the BBC concerning security they use a picture of someone's inbox at support@microsoft.com