Crushing the Web's dark forces

Updated 5 August 2005 4:20PM



On the Internet and in enterprises, keeping clandestine forces at bay is an uphill battle. In this special report, ZDNet Australia profiles five leading security experts who pursue cyber criminals for a living.

"I would definitely recommend Firefox," says Denis I. Pankratov when asked which browser he would recommend for Internet banking.

Pankratov, co-founder and technical director of the Computer Crime Research Center in Ukraine, told ZDNet Australia that users should use Firefox for all commercial transactions and regular surfing.

In our final installment, Pankratov shares his views on whether Linux is more secure than Windows.

Robert McAdam, our fourth profile featured yesterday, was attached to the New South Wales Police for many years. After a stint with IBM, he finally realised his dream of running his own company and founded Pure Hacking, a Sydney-based security consultancy.

Our third profile featured Jo Stewart-Rattray, director of Information Security at Vectra, an Australia-based security consultancy and IT specialist.

When asked what keeps her awake at night, she said: "The idea of acceptable risk in the banking and finance sector when it comes to online and credit card transactions!" And personally, she doesn't recommend Internet banking.

Ex-FBI consultant Laura A. Chappell was the second profile. A member of the High Technology Crime Investigation Association (HTCIA) and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989, one of Chappell's biggest achievements is creating the Internet Safety for Kids program in conjunction with her company, Protocol Analysis Institute.

Alastair MacGibbon, Trust and Security director for eBay Australia and New Zealand, was first on the list. He spent 15 years at the Australian Federal Police and served as Australian High Tech Crime Centre director prior to joining eBay.

Writers: Fran Foo and Munir Kotadia
Design: Petter Carlweitz
Production: Chris Duckett
1 2 3 4 5 6 Next >

Talkback 24 comments

    cool dr G -- 01/08/05 (in reply to #120119713)

    this is awesome! well done!

    fghjk Anonymous -- 28/05/08 (in reply to #120119714)

    My favorite megaupload files search engine is http://megauploadfiles.com
    it’s the most powerful and easy to use.

    <a href="http://megauploadfiles.com "> megaupload files</a>
    provides relevant search results.

    open abt stats marketing guru -- 02/08/05 (in reply to #120119723)

    surprising to see how open AM is abt stats given ebay is a listed company. interesting...

    this guy is so PR tony -- 02/08/05

    for a veteran of 15 years, he has some really good marketing skills/speak

    Please choose a better interviewee for the others Craig Burton -- 02/08/05

    It is pretty clear this security person is executing the policy "don't give away more information than you have to".
    This doesn't make for a very useful or interesting article as it has neither a human element or any technical value.
    In fact, this approach is rather dubious as the world moves rapidly to open systems and standards. Can I ask if you can interview someone who provides security for a more "open" organisation?
    Best,
    Craig.

    Just PR for eBay Anonymous -- 02/08/05

    This might be interesting for people who know nothing about security.

    I felt it was more about making people "warm and fuzzy" about eBay and their online auctions.

    Where's Alastair MacGibbon? He's departed to don his Superman Cape and undies!

    pirated software - ebay security? PS -- 02/08/05

    Check this thread on ebay's forums about their allowing of masses of pirated software sold on ebay, and they call this security?
    http://forums.ebay.com.au/thread.jspa?threadID=100071539&tstart=0&mod=1122954689382

    New Zealanders know more than Australians Anonymous -- 02/08/05

    "eBay recognises the importance of educating Australians on shopping safely online"

    That must mean eBay doesn't think they need to educate New Zealanders. Which does fit the statistics.

    How the hell did Alastair get choosen as no.1 or at all... Craig S Wright -- 03/08/05

    I have known and dealt with Alistair from his time in the Feds, from the high tech crime days etc

    And.. Sorry Alistair, but you are ok-good as a manager, but there is no way I would ever think of classifying you as a security person in any sense of the word.

    Being an Ex cop has not given you the necessary skills in security.

    I agree. Anonymous -- 26/08/05 (in reply to #120119789)

    You'll notice that these guys seem to stay in a position for about 2 years.

    That's the length of time that passes until their BS starts to catch up with them and.. hey presto!, it's off to the new job!

    I know this guy too, from the AHTCC.... he is absolutely clueless.

    His skillset seems to consist of "Buzzword generation 101" and "Get as many tickets to present at conferences as possible so Industry thinks I know what I'm talking about and hire me for the big bux".

    Same goes for the Vectra woman... CLUELESS, it's all PR-speak, smoke and mirrors!

    Only decent one out of the lot is the ex FBI woman.

    Alistair email request David Jason -- 26/10/06 (in reply to #120119789)

    I need to contact Alistair MacGibbon Urgently and would ask for his email address or contact phone number.
    Thanks

    Why oh why. Anonymous -- 09/08/05

    Jo Stewart.
    Top 5 .. Missing 8%.
    There's down to 1% listed, so missing 8% is quite alot....
    "dont use internet banking"... How many internet banking transaction are there each second, and just how many are corrupted?
    See things in perspektive please.

    McAdam - Thank you. About time that there is some more focus on the ignorance problem in all of IT. No matter how good a security company, banking what ever you are, you cant really do anything about a user that opens malicious code from a email.
    Basicly the email asks
    "Is it Ok to open this potentielle computer deadly virus"
    And without giving it a second thought users presses
    "I'll give it a try"
    ........

    Soon the biggest threat is not crackers(Not hackers), but those wannabee IT "professionels" selling expensive solutions to unknowning companies.
    ........

    heh Anonymous -- 26/08/05 (in reply to #120119986)

    soon this is the biggest threat? this is what IT is based on. now give me some money.

    Crushing the Web - Day 3 Anonymous -- 10/08/05

    Support comments from anon on Aug 9 - especially the comment "those wannabee IT "professionals" selling expensive solutions to unknowning companies".

    I dont think Rattray has much experience based on the quesiton responses, it sounds more like marketing speak and look at me than real security speak.

    Yep. Anonymous -- 27/08/05 (in reply to #120120015)

    Ratray would have no idea.

    In fact, only Day2 and DAy5 appear to have any idea at all.

    This story is a farce.

    None of these clowns would be permitted into the carpark of where I work.

    And yes, we do know of 3 of those people, and their reputations amongst those "in the know" are very poor.

    ZDnet, next time try to find some real IT Security experts, not jst the first 5 glossy brochures you got in the mail that morning.

    Agreed Jane B -- 12/09/05 (in reply to #120120464)

    I work within the B&F industry and it appears like many service providers, Jo and the others interviewed have limited practical security experience. The responses given appear to be very research orientated not experience based. Agree with other comments, Please consider better people for interviws ZDNet.

    what a load of cynical PR speak!!!!! Anonymous -- 19/08/05

    what a load of cynical PR speak!!!!! This is why we have all learned to mistrust the talk from big business.....its so predictable and like the complaint mechanisms on Ebay it just goes around in every diminishing circles.

    Oh Please...... Michael Davies -- 15/09/05

    Dont use the internet for banking or credit cards for purchases....Oh please....You must not sleep at all then....

    Her recommendation must be to go back to non technology based businesses and use piggy banks and bank books for saving our money and no doubt use cash for everything.

    Why not discuss how to manage the risk then? That would be more interesting.

    Dissappointing artcle.

    Laura Chappell is one of the most talented security experts - Great Interview Robert Becker -- 24/10/05

    I have had the pleasure to attend a few of Laura Chappell's training sessions, and can tell you that she is by far the most knowledgeable and experienced Digital security professional I have ever met. If you ever get the chance to attend one of her sessions, do - Laura is an experience. If you need to learn how to protect your computer infrastructure, Laura's training is invaluable, and the best bang for your buck. If Laura is fighting against Internet predators and child pornography, then you can bet that she will make a difference.

    Ms. Chappell Ron L Jennings -- 25/10/05 (in reply to #120122394)

    I want to extend a huge thank you to MS.Chappell. I have tried to start a group called Kid Safe Internet for two years. That is why the article caught my eye. I hate people who abuse kids and pets and I will do everything within my power to stop or catch anyone who abuses them.
    Perhaps I should tell a little about my self so this post will have all the dots connected when I am done.
    This post may be a bit long, so if you are one of those who can't stay intrested for more than 60 seconds, you might want to stop reading now. Otherwise, I would like to thank you for reading my post on how I helped catch a sexual predator. I will do my best to describe months of work in as few words as possible.
    I am not as well trained as some but I have worked hard to train myself and find the best books on computer crimes.
    I belong to CSI and I have Microisoft, Cisco, etc. training in computer security. In the mid seventies my Uncle owned a bounty hunting business. He thaught me how to think like the people we were hunting.
    It was that training that lead me to this scum bags favorite place to lure children. It started out with me tracking a hack in my system. I was very new to computers at the time and my hack knew this. He would leave a trail just to show me I was unable to catch him.
    I had a lot to learn if I was going to get anything on this guy. His vaintiy and lack of respect was enough to keep me going. I found he would hide his program in MSFT Office file downloads and wait for e-mails to be sent to certain businesses. I never tried to just get him out of my system .I needed to learn how he was getting the data he wanted. He would even send email and IM's to me bragging on how he could steal information from Doctor lists, Drug Stores, CPA firms etc. Thats when I decided to try to befriend him. I told him gthat being a goodguy was not paying well and that I would like to learn from someone as good as him about how to steal information. He was so blind in his vainity that he never suspected a thing. To make a very long story short, he lead me to an underground part of the net I had never seen before. There were rooms for trading children pics doing anything and everything. Rooms were parents wanted to trade kids and would describe the child they had to offer and what they were looking for. I was shocked at how many members these rooms had. The biggest shock was how many members were women.
    I called the police deparment and was only told that I was eithier a part of it
    or I should just stop going there. I could not believe what I was hearing.
    My hacker would ask me if I had ever "caught fresh white meat?"
    That is when I knew I had to do something. I knew I should CMA, so I told a few people what I was doing and why. Then I logged on onto a different computer, went to where I thought this creep would be "trolling" as he callled it. I then prented to be a shy young girl who was unhappy with my homelife. He fell for it.
    He asked me to go into a private chat that was hosted by a well known ISP.
    Thats when I used what little computer protocols I knew to contact the milatry or anyone with authourity that was listening. He is now in a federal prision. Believe it or not that creep was in the service.
    I hope to one day be half as good as Ms. Chappell. Working toghter we can keep our kids safe
    they count on us to protect them. Let's not let them down.

    Dull read Anonymous -- 27/07/06

    This story was dull, and the questions terrible lame.
    It gave us no information at all, and security 'experts' just stonewalling with 'no comments' is not worth the pixels it is written on.
    Do better than this PLEASE!

    You are arguing the other party's case! Anonymous -- 21/04/08

    If fraud makes up only 1/100th of 1%, why are you breaching trade practices? You talk about stamping out wrongdoings, yet you yourself have set in motion a serious violation of law... third line forcing is unlawful, and no amount of sabre-rattling will change the fact that you are attempting to operate outside the law!

    So what happened to ethics? Anonymous -- 26/06/08

    I see fraud does little to stop notoriety. Ms Steward Rattray should learn to write her own material and not steal copyright.

    The article “by” Jo Stewart-Rattray titled “Information Security Governance: the nuts and bolts”.
    http://www.net-security.org/dl/insecure/INSECURE-Mag-14.pdf is a perfect example.

    I quote “by” as this publication is significantly plagiarized. Over 25% of the document is directly copied and a large amount is paraphrased without accreditation. I have read the majority of it as the article in Information Systems Control Journal, Volume 5, 2001, “Harnessing IT for Secure, Profitable Use” by Erik Guldentops, CISA. Basically, the article is stolen. She has claimed the work of another as her own. So much for running a security company.

    Whatever happened to ethics in IT Security?

    Plagiarism is theft. It is a criminal copyright breach. This is fraud.

Add your opinion

Back to top

Featured