This post first appeared in the San Jose Mercury News
PARIS — The National Cyber Security Alliance, or NCSA, is a Washington, D.C.-based organization that promotes online security and safety. Its board consists of representatives from Microsoft, Google, Facebook, Comcast and other U.S. companies, and it works closely with the Department of Homeland Security to provide security advice for American businesses and consumers. I’ve attended meetings in Washington, Pittsburg and Silicon Valley with NCSA staff, and the agenda has always focused on U.S. security issues.
NCSA, along with the Anti-Phishing Working Group, is the main force behind the “Stop. Think. Connect.” campaign, at StopThinkConnect.org, that seeks to raise awareness by encouraging people to pause and think about what they do before they “connect.” It’s kind of the cyber equivalent of the “buckle up for safety” campaign that promotes safety for motorists and passengers.
So I was a bit surprised when NSCA invited me to participate in an international online safety awareness meeting in Paris, attended by representatives of nonprofits, governments, universities and companies from several countries. The event was hosted by Microsoft and took place at its Paris office.
But I was reminded of the global nature of cyberthreats on the day we convened our meeting last Tuesday as news broke that the Justice Department, with the help of law enforcement agencies from other countries, issued indictments in connection with the Blackshades Remote Access Tool (RAT) “that enabled users around the world to secretly and remotely control victims’ computers,” according to the Manhattan U.S. attorney’s office, which said the bust involved more than 90 arrests in 19 countries.
The Blackshades RAT is malicious software, or malware, that has been used by criminals in more than 100 countries to “infect computers throughout the world to spy on victims through their Web cameras, steal files and account information, and log victims’ key strokes,” according to the Justice Department. The alleged co-creator of Blackshades, Alex Yucel, who is from Sweden, was arrested in Moldova and is awaiting extradition to the United States. Brendan Johnson, who is charged with helping to market and sell malware, including the RAT, and provide technical assistance to its users, was arrested in Thousand Oaks, California.
Blackshades provides a good example of how you could be sitting in your home in Palo Alto and be victimized by a criminal on another continent or vice versa. Thanks to botnets, where malicious software spreads itself from computer to computer without the knowledge of the machine’s owners, it’s possible for a computer from Estonia to infect your home PC and for your home PC to then infect someone else’s PC in Germany.
There are plenty of other examples of international cybercrime. I’m on the board of the National Center for Missing and Exploited Children, which regularly cooperates with counterparts in other countries to try to stem the tide of illegal child pornography across borders. John Carr, a child safety adviser to the United Kingdom government, told me that a “substantial proportion” of the illegal images that make their way to the UK come from the United States.
Privacy is also a global issue, as we were reminded last week when the European Court of Justice in Luxembourg ruled that search engines (the biggest two being U. S.-based Google and Microsoft’s Bing) can be required to delete search listings of posts, including stories in newspapers, that may be dated or irrelevant, even if they happen to be true. This ruling could not only affect U.S. companies that offer search, but also those of us in the United States and other countries who use these services, even though the delete order was issued by a court on another continent.
At the Paris meeting, the discussion turned to international cooperation, and it was generally agreed that it’s a good idea for organizations in countries around the world to coordinate at least some of their messaging because of the similarities of the issues that we all face. That doesn’t mean that a campaign that works in Istanbul will necessarily resonate in Indianapolis. But in our increasingly globally connected world, there are plenty of common themes and practices that we can share.
In an interview, NCSA Executive Director Michael Kaiser summed up the purpose of the meeting. “We are trying to reach everyone on the globe because we’re all connected to the same Internet and, unless we’re all safe and secure, we won’t have a safe and secure Internet.”