Tech boffins: Spend gov money on catching cyber crooks, not on AV - The Register Tech boffins: Spend gov money on catching cyber crooks, not on AV - The Register

Monday, June 18, 2012

Tech boffins: Spend gov money on catching cyber crooks, not on AV - The Register

Tech boffins: Spend gov money on catching cyber crooks, not on AV - The Register

The UK government should be spending more on catching cybercriminals instead of splurging taxpayers' money on antivirus software, tech boffins have said.

Blighty goes through around £639m a year trying to clean up after attacks or prevent threats – including £108m it spends on antivirus – but the country is only spending £9.6m on techy law enforcement, a University of Cambridge study found.

"Some police forces believe the problem is too large to tackle," Ross Anderson, professor of security engineering at the University of Cambridge’s Computer Laboratory, said in a canned statement.

"In fact, a small number of gangs lie behind many incidents and locking them up would be far more effective than telling the public to fit an anti-phishing toolbar or purchase antivirus software."

The Cabinet Office said it welcomed "this latest contribution to the debate on cybercrime".

"The government believes the threat is serious and needs to be tackled and that is why we have rated cyber as a Tier 1 threat. Raising awareness and building capacity to resist threats continues to be our focus," a spokesperson told The Reg in an emailed statement.

"That includes investing in law enforcement capability to detect and apprehend cyber criminals. But we also think it is important to make sure people have the information they need to take steps to protect themselves."

The study, which was started after a request from the Ministry of Defence, also said that the amount of money the UK was losing as a result of cybercrime was being exaggerated.

"For instance, a report (PDF) released in February 2011 by the BAE subsidiary Detica in partnership with the Cabinet Office’s Office of Cybersecurity and Information Assurance suggested that the overall cost to the UK economy from cyber-crime is £27 billion annually," the research said.

"That report was greeted with widespread scepticism and [was] seen as an attempt to talk up the threat; it estimated Britain's cybercrime losses as £3bn by citizens, £3bn by the government and a whopping £21bn by companies. These corporate losses were claimed to come from IP theft (business secrets, not copied music and films) and espionage, but were widely disbelieved both by experts and in the press."

Using figures ranging from 2007 to 2012, including some which are "extremely rough estimates" based on data or assumption for the reference area, the study reckoned that all the costs of cybercrime both direct and indirect came out at around £11.7bn. – Cybercrime is expensive

The Cabinet Office spokesman said that Detica was best placed to explain its own methodology, but still disagreed somewhat with the study's conclusions.

"The Cyber Security Strategy was clear that a truly robust estimate would probably never be established, but that the costs are high and rising," he said.

"That said, we think there are grounds for believing that the true cost is higher than the £11bn quoted by Cambridge University.

"For example, the authors say that they can't find any hard evidence of the cost of IP theft and have therefore concluded this doesn't impose any costs beyond the defensive measures they refer to elsewhere in the paper. However, there are suspected cases of IP theft in the public domain and the costs are not nil.”

Aside from differing opinions on the cost of cybercrime, the research team also reckoned that some existing meatspace crime was moving online and being tallied up as part of the cyber cost.

The study pointed out that fraud in the welfare and tax systems, which now often takes place online, is probably costing Brits a few hundred pounds a year on average while card and bank fraud cost a few tens of pounds a year per citizen.

However, what they call 'true cybercrime', scams that completely depend on the internet, are only costing a few tens of pence a year, while the cost of antivirus software can be hundreds of times that.

Basically, the indirect costs of folks trying to protect themselves from cybercriminals actually end up costing them more.

"Take credit card fraud," said Richard Clayton, expert in the econometrics of cybercrime in Cambridge’s Computer Lab. "Direct loss is clearly the monetary loss suffered by the victim.

"However, the victim might then lose trust in online banking and make fewer electronic transactions, pushing up the indirect costs for the bank because it now needs to maintain cheque clearing facilities, and this cost is passed on to society.

"Meanwhile, defence costs are incurred through recuperation efforts and the increased security services purchased by the victim. The cost to society is the sum of all of these," he explained.

The research team concluded that there should be less spent on antivirus and firewalls and other preventative measures and "an awful lot more" on catching and punishing the perpetrators.

The study (PDF, 346KB) is due to be presented at the 11th annual Workshop on the Economics of Information Security (WEIS), which takes place in Berlin on 25 and 26 June. ®

MONEY MARKETS-Spanish bond shortage distorts repo - Reuters UK

Mon Jun 18, 2012 2:57pm BST

* Spanish bond shortage distorts repo market

* Italian rates rise but market still functioning

* Interbank cash rates fall on rate cut expectations

By Kirsten Donovan

LONDON, June 18 (Reuters) - A lack of available Spanish government bonds, due to so many being used to obtain funding at the European Central Bank, is distorting pricing in repo markets and causing investors headaches as they seek to cover hefty short positions.

As international investors sold Spanish government bonds this year, domestic banks bought them and parked them at the ECB in return for funds - particularly during the two recent three-year funding operations.

As a result, investors who need the bonds because of their own short positions must pay a premium for the paper.

When this happens in repo markets - where banks commonly use government bonds as collateral to raise funding - bonds are said to be trading "special".

Effectively, the investor who needs the bonds pays a premium to their counterparty in the trade - the opposite of a typical repo trade where the party borrowing cash pays the premium.

"There's some good evidence of a collateral shortage out there," said ICAP rate strategist Chris Clark. "Quite a lot may be being used at the ECB and the market short (positions) out there will be increasing the demand for specific bonds."

It is the opposite of what might be expected when a country's debt comes under pressure. Then counterparties are usually more reluctant to be left holding the bonds.

"The collateral just isn't there. That's one of the problems and the few bonds that are still available are highly sought after by people who want to cover their short positions," said Commerzbank rate strategist Benjamin Schroeder.

Ten-year Spanish government bond yields have risen more than 130 basis points since the start of May, while two-year yields are up over 2 percentage points.

That prompted international clearing house LCH.Clearnet SA to increase the cost of using Spanish bonds to raise funds via its repo service last month. Analysts said their trading desks had since seen volumes over the platform drop.

"It's a further segregation of European money markets, where banks are retreating from central clearing houses and going back to domestic clearing or bilateral agreements," Schroeder said.

As the euro zone debt crisis intensified this month, mainly due to worries about Spain's banking sector, Italian general collateral (GC) repo rates, paid to borrow funds against a basket of government bonds, have been pushed higher.

There is little trade in the Spanish general collateral market but banks are still able to borrow using Italian bonds as collateral, despite Italy being seen as vulnerable to contagion from worries about Spain.

Three-month Italian GC rates rose to 0.42 percent at the end of last week, compared to the Eonia overnight rate at around 30 basis points, according to ICAP. The Italian rate had traded below Eonia from the time of the ECB's second three-year funding operation at the end of February until the end of May.

"There's been a rise in Italian general collateral rates, both outright and relative to the Eonia OIS curve," ICAP's Clark said. "Despite a reduction in the amount of term activity that goes on, the Italian market is still very much functional."


Three-month Euribor interbank lending rates eased again, hitting their lowest since the second quarter of 2010 as speculation grew the ECB may cut interest rates.

ECB president Mario Draghi heightened expectations the bank could cut interest rates or take further policy action soon after saying on Friday that the euro zone economy faced serious risks and no inflation threat.

September and December Euribor futures contracts rallied to contract highs, pushing implied rates lower.

Markets are pricing in a 50 percent chance of a 12.5 basis point cut in the ECB's 0.25 percent deposit rate this year, and a 25 percent of the rate being cut to zero, according to RBS.

No comments: