Schneier on Security
A blog covering security and security technology.
« Microsoft Has Developed Windows Forensic Analysis Tool for Police |
| What to Worry About »
May 1, 2008
Heroin vs. Terrorism
A nice essay on security trade-offs:
The mismatch between the resources devoted to fighting organised crime compared with those directed towards counter-terrorism is unnerving. Government says that there are millions of pounds in police budgets that should be devoted to dealing with organised crime. In truth, only a handful of British police forces know how to tackle it. The ridiculous Victorian patchwork of shire constabularies means that most are too small to tackle serious criminality that doesn't recognise country, never mind county, borders.
The Serious Organised Crime Agency (Soca) was launched two years ago as Britain's equivalent of the FBI, with the remit of taking on the Mr Bigs of international crime. But ministers have trimmed Soca's budget this year. Far from expanding to counter the ever-growing threat, the agency is shrinking and there is smouldering unhappiness in the ranks. Soca's budget for taking the fight to the cartels and syndicates is £400 million -- exactly the same amount that the Government intends to spend overseas in countries such as Pakistan on workshops and seminars to counter al-Qaeda's ideology.
Posted on May 1, 2008 at 6:56 AM
• 21 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
From the essay:
"There are,  security officials keep telling us, 30 active plots against Britain - although keen observers might note that the number never seems to change no matter how many conspiracies are foiled.
"The intelligence services and Scotland Yard's Counter-terrorism Command are swelling in size, absorbing the great bulk of the £2.5 billion security budget [...]"
Reading between the lines...
Is it reasonable to infer that £2.5 billion buys 30 active investigations, at any one time? That is, the 30 "active plots" actually refers to 30 active investigations? And the number of active investigations is constrained by resources allocated?
"The Serious Organised Crime Agency (Soca) was launched two years ago as Britain's equivalent of the FBI"
Coming next, the little brother of that agency, "The Trivial Organized Crime Agency".
Picking on names aside, it certainly seems that tehre are two things at play with these things. One is the inevitable need to justify the new agency's right to exist to the public. Another is the other, already existing agencies being territorial and clamoring for the same slice of the financial pie.
"Coming next, the little brother of that agency, 'The Trivial Organized Crime Agency.'"
It investigates things like undertipping.
No, I think next would be the Comedic Organized Crime Agency. Don't forget the British sense of humor. Dry as powder....
Certainly, fighting cyber-crime in the UK is a joke if nothing else. You can't go to the Cyber-crime unit directly here anymore since the "kill all the terrorists" hoopla started up. You have to go to your local station - insert your laughter here - then try and explain your problem to the desk sergeant and hope he
1) knows what an Internet is and
2) actually passes on your findings to the cyber-crime unit, which we all know won't generally happen. And of course, because you can't talk to them directly after it's been passed on they won't come back to you for more information either.
As an example: Currently had a hacking / cracking website taken down (that was trading in hacking tools, credit cards, the usual) something like seven times now. The kid running the site (a 16 year old in England) was so desperate to keep his site going, that he currently hosts it on his laptop via his DSL connection. He regularly posts up his name, photographs of himself, all sorts of incredibly useful data.
All of this information was passed onto the police, and basically (after a bit of feigned interest) they've made it clear they couldn't be bothered doing much (if anything) about it. The kids ISP won't do anything unless the police approach them directly - which isn't likely to happen now - even though they've recently been in the press declaring war on copyrighted / illegal content crackdowns. The company used to register the domains - another reputable UK company - don't want to know either, compounding the problem.
It won't be long before our 16 year old pal decides to get more ambitious and moves up the ranks of online cyber crime. If nobody is clamping down on him now, what will he be like in 3 years or so?
Never mind organised crime, in the UK, we can't even tackle disorganised and brainless script kiddies.
Sad to say, but I've actually worked more with US law enforcement, had more response from them and obtained better results than my own countries police service.
Every active plot requires active investigation. For otherwise, surely, there would be serious and embarrassing questions from the ministers and the opposition. An active plot without an active investigation might even lead to a parliamentary inquiry!
Every active investigation requires an investigating team, and a chief investigator.
On the flip side, every chief investigator requires an active investigating team--else he would be chief investigator in name only.
Further every active investigating team must actively investigate--or else stand accused of lazily laying down on the job!
An active investigation must actively investigate an active plot--otherwise resources are misused and wasted. Why there might even be a parliamentary inquiry!
An active chief investigator, with his active team, might actively investigate more than one active plot. But then he should be overworked and require an acting assistant chief investigator....
In the fullness of time, an active (acting) assistant chief investigator shall actively desire actual promotion: First to assistant chief, and then to (acting) chief and chief.
It's all natural.
Oh, as to how I managed to get the police to take *any* interest in the above in the first place? I knew they wouldn't be interested if an English citizen contacted them about dubious cyber antics, so I had an American colleague ring them for me. Surprise surprise, they took an initial interest because they thought it was a "bid deal" due to being called from overseas.
So to anyone in the UK frustrated with the lack of response in relation to reporting cyber crimes, get an American to phone them up instead. I guess the police here find it more exciting when they think they're taking part in an episode of the X-Files.
Despite this seeming wall of contradiction between the amount of resources dedicated to so-call 'terrorism' and 'regular crime', I can't help the feeling that in five years time what we're seeing happening now in Iraq and Afghanistan could be occuring on the streets of the US and the UK; not because we aren't spending enough money on so-call 'terrorism', but because we've forgotten that terrorism is a form of crime, was fought successfully in the 1970s by treating it as crime, and by the application of crime-fighting techniques is the only logical and effective countermeasure.
It occurs to me that terrorism is a much more attractive target than narcotics because one can claim to be winning.
Thirty plots is a nice number, menacing but not overwhelming. Only three? What are they, when are they going to be thwarted, and why is it costing so much and taking so long? Three hundred? Well then I suppose they're just something we'll have to live with, like... drugs.
Wot - they're spending money trying to fight alQueda's ideology in Pakistan? Better they should do that on the home front....
The article doesn't mention where it comes from. But Soca surely knows most it travels the "Balkan route", which means through Kosovo. The PM of Kosovo (Thaci) is himself a drug baron and UK/US recently gave him that country. Soca rule#1 should be: Don't give drug barons their own countries!
Is organized crime so deeply entrenched in government such that the war on terror is a manufactured incident just so organized crime is ignored?
Be careful what you wish for. Pretty soon, us Americans will figure out the profit potential of calling your constabulary and start charging you to report these hackers.
Then the hackers will get into the game and start recruiting Americans to their payroll to phone in their rivals.
Then organized crime will get in and start extorting money from you'se guys as protection to NOT phone in innnocent bakeries and what-not.
Pretty soon, you'll be right back to complaining about the Soca.
I know that this isn't necessarily the right place to say this, but thanks for the afterword in Cory Doctorow's "Little Brother". I know a lot of kids who can use that sort of encouragement, and I appreciate having something to show them-- from a respected, notable security expert, no less-- to let them know that they have a valuable and wonderful skill.
You did good, Mr. Schneier.
(P.S.: The main text of "Little Brother" is being CC-licensed. Is the same true of your comments?)
@Paperghost: It gets worse. The British police are apparently no longer interested in investigating credit card fraud. They won't even accept a crime report from someone whose credit card details have been stolen and used by criminals. Instead, they tell you to complain to the bank that issued the card.
"Pretty soon, you'll be right back to complaining about the Soca."
And it'll cost twelve dollars a minute instead of six!
"The British police are apparently no longer interested in investigating credit card fraud. They won't even accept a crime report from someone whose credit card details have been stolen and used by criminals. Instead, they tell you to complain to the bank that issued the card."
I've heard a similar tale quite a few times. The wonderful world of tackling cyber-crime in the UK...
The war on drugs CREATES the gangs and thugs.
The only solution is to STOP the war against NATURE by legalizing plants which man has no business culling and calling "illegal".
No country is free if they restrict use of certain plants for whatever reason.
Big pharma, LEA, and fatcats in Washington are the ones who benefit from the war on drugs, not WE THE PEOPLE.
The real drug dealers is big pharma, with their ties to DEA and the doctor who pushes the drugs to you.
A big drug bust usually scoops up a skidload of cash. Whatever fraction of this that is actually logged into evidence eventually winds up in government hands. The War On Drugs gets the big budget because it's *profitable*. In the United States, we have a nasty little secret called "civil forfeiture." If you get stopped by a cop and have a conspicuous amount of cash, it can be presumed to be proceeds of crime and confiscated. The confiscation stands even if you are never convicted of *or even charged with* any crime. A look at Federal court records shows many civil cases with strange titles of the form "United States v/s fifty thousand dollars." The triggering amount seems to be about $10K, as several art and antiques dealers have discovered. Of course, one could appear in court to justify ones possession of that much cash, but your legal fees would likely exceed the amount stolen. Just why the Supreme Court has not acted to stop this gaping hole in the Fourth Amendment is a mystery.
As always "Follow the money". Organized crime is - well; organized. Like any other profit-seeking organization they feed politicians with political lifeblood - ie money. Organized crime will always be tolerated by government (if not actually part of government like in Chicago) because they have more money to donate in big lumps than "normal" people.
This is the legacy provided by Prohibition as that is what provided the bootstrap money for organized crime in the US. Drugs and prostitution are the current cash crop in the US for OC and as long as it is unlawful it will be commonplace.
I find it kind of ironic that the people who claim to be for Free Market Economies are so eager to stamp out one of the purest forms of Capitalism, that of the recreational pharmaceutical dealer. I guess it depends who owns the market.
And if it wasn't for bootlegging, we wouldn't have NASCAR.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.