How to Punish Cybercriminals

[labbe5]

https://www.schneier.com/blog/archives/ ... ish_c.html

There is a burgeoning cybercrime wave

There is a stunning cyber enforcement gap

There is no comprehensive US cyber enforcement strategy aimed at the human attacker

Despite the recent release of a National Cyber Strategy, the United States still lacks a comprehensive strategic approach to how it identifies, pursues, and punishes malicious human cyberattackers and the organizations and countries often behind them. We believe that the United States is as far from this human attacker strategy as the nation was toward a strategic approach to countering terrorism in the weeks and months before 9/11.

There is a need for a comprehensive enforcement strategy that makes a fundamental rebalance in US cybersecurity policies: from a heavy focus on building better cyber defenses against intrusion to also waging a more robust effort at going after human attackers.

Further reading :
How Law Enforcement Agencies Investigate Cybercrime
https://www.sunnyhoi.com/how-law-enforc ... ybercrime/

[nosystemdthanks]

what would be nice is a response to cybercrime that isnt a thinly-veiled reacharound for total surveillance, and which updated the cfaa to not make it a federal case to "have wires showing." or "using wget."

unfortunately, law is more about fashion than fixing things. not that it has to be, but unfortunately laws are sponsors by politicians and lobbyists.

considering the confluence of hollywood and congress, im surprised they dont lock people up just for being unattractive. but why would we have a reasonable policy on cybercrime when the vast majority of politicians (and voters) are proud to be computer illiterate? better education = possible though unlikely = (slightly) better laws. until then, we get updates on fashion and more spying. also loads of ai no matter what we do.

[s243a]

considering the confluence of hollywood and congress, im surprised they dont lock people up just for being unattractive. but why would we have a reasonable policy on cybercrime when the vast majority of politicians (and voters) are proud to be computer illiterate? better education = possible though unlikely = (slightly) better laws. until then, we get updates on fashion and more spying. also loads of ai no matter what we do.

On a related note, I wonder how cyber-litterate the majority of law enforcement, lawyers and judges are.

[nosystemdthanks]

its pretty endemic. add to that the sheer percentage of tech literate that underestimate the challenge of basic knowledge about the subject for average people (based/biased on their own personal experience) and their complete lack of interest in making educating the masses a priority--

because the think its easy, and therefore all they have to do is try. but how easy it is can be checked on, starting with the people that dont think it is. how would you convince them otherwise?

sure, if they did try it would help a lot. its not like it was hard to learn to code in the 80s. but even on this very forum i encountered people already getting defensive-- who knew how to code already, but didnt think bash counted. bash! its a lot harder than coding itself (and yet, not so bad.)

bash relevance to most windows users... "what is this good for?" and its not just case sensitive (fine for the filesystem, less for the commands-- which admittedly, are files too) its sensitive to spaces. p = 5 is not the same as p=5.

so theres a lot of challenges ready for people who want to learn.

optional challenges.

find | tail -500 | var t
echo %t | leafpad
# less sensitive to spaces...

theres a lot we could do to create a tech-literate public, but just like with voting, people dont want to try to fix the problem. they want to vote for someone who makes false promises and hope for the best.

bash is a good first "language" (its more of a shell environment, though it has everything in common with coding) if youre using gnu/linux already. if you learn bash, there, you know how to code.

but for everybody else, we dont show that we care about society understanding computers.

"logical thinking" is still a boring route around the topic that mostly avoids the topic, and thus fails to demonstrate relevance. you dont want the benefits to be less obvious, if youre trying to teach lots of people. school does enough of that already.

its easier to learn logic from knowing computers, than learn computers from knowing logic-- unless youre designing circuits. thats not easier than coding for most people.

if we really want a tech literate society, if we understand the benefits, we should be working towards that. teachers can help, actually. someone needs to bring more teachers and devs together.

[s243a]

If people spent the time that they wasted waiting for windows to updated then maybe they would be be better off if they learned bash.

As for a first programming language though, I recommend python.

[belham2]

If people spent the time that they wasted waiting for windows to updated then maybe they would be be better off if they learned bash.

As for a first programming language though, I recommend python.

I am sorry, but I couldn't let this slide.....I've been using a test version of Windows 10 Enterprise over the past 7 months, mainly just to manage iPhone stuff since Apple is still at war with Linux & letting us install it there, but sometimes I am staring at the router watching it blink helplessly as over an hour or two (a few times longer) will pass as the "updates" trickle in. Damn, if you're from Linux world, this is worse than pulling your own teeth. I realize it is a function of MSFT's massive size and downloads that yearly dwarf all downloads that Linux has had over its lifetime, still, it is just gawd-awful.

Now, as far as a 'programming language', I am wondering why you guys don't send people straight to C++, then on to python and/or bash or ??? I've heard people say C++ focuses your mind, and if a person makes it through that, python, java, bash et all are all like having candy afterwards

[nosystemdthanks]

I am wondering why you guys don't send people straight to C++

this debate has gone on since before compilers existed, and i am going to side with the side ive always been on-- the one that attracted me to programming in the first place.

it comes from the desire for success. if you send everyone to c++, the success rate will be lower and fewer people will learn how to program or want to program if they learn how. none of this is anything against c++ as a language. its against c++ as a first language for the purposes of educating large numbers of people.

mit wasnt using either of these for education, for reasons i can barely understand, they chose java (edit: i read java somewhere, it was scheme) for their intro to programming. since the purpose of the course was to make as many people familiar with programming concepts in general, not implementation details, they chose a language that got into concepts faster and didnt require implementation to be as high of a priority. mit has since switched to python.

i could ask why c++ over c, but i think that would have a similar answer. which makes it a strange question. i would note that torvalds feels the same way about c++ (for kernel work at least) that you seem to feel about python, but c++ is important to windows development even though microsoft has c# and f#.

python is much easier to teach and get people into programming. of course, its also easier. the keyword-based languages wouldnt exist though, if not for a navy programmer and university math professor who wanted commercial programming environments to appeal to their customers.

she knew that these businessmen didnt want symbols , they wanted commands. granted the syntax was horrible, even if it was a huge step forward. it refuses to completely die, even to this day.

but more than that, it influenced all the educational languages. c and c++ owe their identifiers to grace hopper, who endured the same rhetorical questions about how practical (or impossible) it was to give such tools to users.

the original version of this debate was machine code vs low level semantics, low level semantics vs real abstraction, c vs c++, and now c++ vs python.

its not really a debate, its "the right tool for the job" and the undying assertion by people who use the right tool for the harder job that we should make it harder for the more common tasks as well-- because then everyone will be a better coder.

maybe they would be better, but then there would be fewer people who understand programming, and its better to have fewer people that understand c++ instead-- while programming (as an introduction) is something almost anybody can do.

sooner or later, the debate tends to get elitist and compares the language that runs youtube and a good portion of google (in the server functions, not necessarily the operating system) that mit uses to teach programming-- to some kind of toy.

of course thats speaking generally, which is appropriate for a pattern or debate that spans a history of programming that predates not only the pc but most mainframes as well.

people who teach python already get this. people who think c++ is a great first language, dont. but c++ is great as a powerful, general purpose language. a broader perspective would make those confused aware of the fact that lower-level coders feel the same way about c++ fans that c++ fans feel about python fans-- that if everyone was a low-level coder, they would be better programmers.

for people who want to be better researchers in their field-- rather than experts in programming itself-- python has useful, easy-to-utilise libraries for graphics, web development, multimedia and machine learning, with less time required for things like compiling and dependency tweaking.

https://www.quora.com/I-want-to-use-C++ ... ne?share=1

there are so many reasons to start with python instead, all you have to do is figure out which one appeals to you the most.

when i was about 10, i dreamed of learning c++. i already knew how to code. i still havent gotten around to it though-- its a relatively tedious language, and the things i wanted to use it for? those needs are being met now, by languages that do just as much with less effort.

im not saying c++ is impossible to learn. its just significantly harder, for most people. if you want to succeed at teaching lots of people to code, if that is your priority, this is an extremely relevant justification.

[s243a]

I think that if someone is in either electrical engineering, physics or "computer science" than C++ as a first language at university is fine. However, C++ would be a horrible choice of first language for a business student, high-school student or perhaps even a bad choice of first language for a data scientist or mathematician.

Java is an okay fist language for a computer science students but a bad choice as a first language for just about any other discipline. Java is easy and good for teaching concepts in object oriented programming but its too verbose for small projects and most non-computer since people will not be working in large programming teams.

Python is a good first language for just about anyone. While some people teach python as an object oriented language, python is more of a multi-paradigm language and you can do with closures in python a lot of things that one would use classes and objects for in java.

Also in python you don't need to know all the formalities about object oriented programming as you do in Java due to the dynamic nature of python. This makes python a simpler way to teach people about object oriented programming without forcing people into an object oriented design paradigm when it doesn't fit well.

[Burn_IT]

Well that went off topic quickly!!!

I think it needs to be looked at as an international problem not just the US.
The internet does not have definable borders.!!

[musher0]

Well that went off topic quickly!!!

I think it needs to be looked at as an international problem not just the
US. The internet does not have definable borders.!!

I'll plus that.

Also, I think cybercriminals' should be punished in "eye-for-eye, tooth-
for-tooth" style.

E.g.:
-- you stole other people's Web Identity?

Well now we retire yours -- you won't have an identity ever again.

The sentence could be: wipe out of the guilty person's credit card, health
card, voting card, whatever. Even forbidden to have an identity card in
his/her wallet.

-- you flooded sites with DOS's?
Now all you'll ever experience on your computer is DOS's. (I mean the
Denial Of Service type, not the old OS!)

I'm running out of imagination, but you get the idea.

BFN.

[nosystemdthanks]

you won't have an identity ever again.

thats funny, you seemed more like a basic human rights type. here for example, we explicitly abolished slavery EXCEPT as a punishment, and as a result it is profitable to rebuild the nation as a giant prison complex. the more we criminalise, the more profit there is.

how far will that go? deny aaron swartz the right to read science articles? (obviously moot at this point, but seriously) but you were probably kidding though. canadian humour is just a little too bizarre sometimes.

a note about capital punishment, sociology and the history of pre-revolutionary france:

there was once a gruesome execution method used against piracy of fabric patterns. it did not deter illegal copying.

youll only make it worse, and give people more incentive to become criminals. capital punishment raises murder rates. your idea will advance cybercrime-- it belongs in a theocracy, you might as well be arguing for sharia law.

muslim extremists would love the idea. at least in the states, there are amendments against such things.

udhr? or haha jk? either way, it wont work.

just prosecute for damages. why does everyone want to rewrite all the laws with something backwards from an era bc? society has learned nothing.

but if you were joking-- ha, good one! if you werent-- then good lord, why do socialists turn to fascism so long before its even implemented? you know thats why so many people treat it like some kind of disease, right?

id be against crutches too, if everybody that had them went around using them to attack people (true story, some hoser in school tried to hit me with his crutch once. if i were meaner id have pulled it away and pushed him over with it.) civilisation borders on mythology, until it descends into the usual dogma and crusades.

[Burn_IT]

I think, and it is just an initial thought, that rather than lock these people away we should do exactly the opposite and publicise everything we know about them so that ALL their activities are known to everyone and can therefore they can be avoided.
Obviously that would only work if everyone participated else they could just start a new identity.