Speaking at the RSA , author Mischa Gleeny highlighted key arguments and examples from his book 'Dark Market: Cyber thieves, cyber cops and you'. Highly entertaining and sobering - it's not often that the personalities and faces behind cybercrime are shown as human, not just money grabbing monsters.
The sheer scale and audacity of cyber crime, cyber warfare, and cyber industrial espionage has exploded over the past decades - and identifying and prosectuing the perpetrators is becoming harder and harder in spite of the digital trails they often leave behind.
The current situation is this - we're in an arms race, and the manufacturers of the 'weapons' we face - malware, virus, skimmers etc. have the same or better access to development resources and mental muscle as the law enforcers. Above all, a hacker is a hacker is a hacker - and white hat and black hat can depend on your viewpoint.
Protecting the public from cybercrime is mostly a matter of education in digital and information hygiene - and that applies to corporations and governments too.
I do wonder whether the wider adoption of open source technologies - as seen in the Russian Federation and internally in Microsoft might not go a long way to protecting states and corporations too. Let me explain how.
The open source development model requires self assembling teams to join together online and contribute code for addition to a common 'core'. Though any person who is skilled enough may add code, and without their identity being confirmed, contributions will only be 'committed' to the core once they have passed scrutiny - on technical, aesthetic, performance and security grounds.
Hiding a trojan in open source code would be like trying to smuggle an elephant into a stadium - you could do it, but you'd need a lot of people to conspire in order to even attempt it - and unless they were a complete newbie to the game, the fans would see that something very odd was going down.
It is of course possible for malicious code to be spread through *any* file - but downloading of recognised 'stacks' of open source software from major distributors such as Ubuntu, Red Hat and others should give a clear margin of safety, and contributed plug ins and add ons can be fully scrutinised before being installed - beacuse the code is truly open.
Tellingly enough, on coming down to the RSA library to write this post - I found this PC with browser windows open and logged into another person's Hotmail account. It's such a good job I'm honest..