Cyber cop going, going, gone
By Patrick Gray
July 20, 2004
Alastair MacGibbon fears our money, privacy and even our identities are all soft targets for a new breed of criminal. MacGibbon, who this week takes up the post of cyber security boss of the Australian arm of online auction house eBay, fears organised syndicates will win the online crime war unless internet users take personal responsibility for the security of their information.
While corporations use vast financial resources to side-step online threats, individuals are left out in the cold, he says.
"Individuals cannot leave it to corporations or governments to protect their interests, they have to protect themselves," MacGibbon says.
MacGibbon rose through the Australian Federal Police ranks over 15 years to become the inaugural director of the Australian High Tech Crime Centre in July last year. The centre was established by the AFP to bring together law enforcement officers from multiple jurisdictions to fight online crime and support investigations of traditional crime types that may have included a technical element. But this month he walked out after only a year. He's traded his badge and gun for a senior role in one of the world's most successful dotcoms.
It was just the right time to go, he says. Moving back to his home town of Sydney was one reason, as was his desire to tackle something new. "It was a really bittersweet thing to leave ... the AFP was my adult life," he says.
In his new role as director of trust and safety with the online auctioneer, MacGibbon will be responsible for educating eBay users and fighting auction-related fraud. The former police officer says it's a leap of faith into what he hopes will be a continuation of his work with the AFP.
"I would describe it as walking off a precipice but believing there's something underneath you. It's about going out into the unknown. It's about doing something that you don't know you can," he says. "I like to think that I can, and I'm sure eBay likes to think that I can, too."
It will be MacGibbon's job to protect eBay users against online scams, focusing primarily on prevention. He says educating users can eliminate 97 per cent of scams, but even then there are no guarantees. It's like wearing a seatbelt, he says. It will make you a lot safer, but it can't provide 100 per cent protection.
It's not just simple eBay scams, such as selling an item the listing advertiser doesn't own, that worry MacGibbon. Organised crime syndicates are using internet worms to compromise end-user systems and load them with key-logging agents designed to capture internet banking passwords and other sensitive information.
As well as updating their operating system with security patches and installing anti-virus and firewall software, internet users should "follow safety instructions when dealing with businesses online".
Usually, he says, businesses with an online presence make security information and advice available to their users. "People should follow the particular advice of businesses online," he says, and employ "a good dose of common sense, which is don't do online what you wouldn't do in the real world. If a deal seems too good to be true online, then it probably is."
It was when MacGibbon was working in the US as an AFP liaison officer in Washington DC that he first got a taste of online crime investigations. "I did a reasonable amount of work with US agencies looking at computer-related evidence," he says.
When he returned to Australia, he became the first high-tech crime co-ordinator within the Australian Federal Police. Before the position was created, investigative arrangements were a little loose. "There was a high-tech crime capacity, but the AFP was in the process of expanding it," he says. "It started off as a computer forensics area, looking at evidence."
Traditional investigations - into anything from drug or terrorism-related crime types - may include a high-tech element, MacGibbon says. His team provided technical support to the investigation of the Bali bombings. Nicholas Klein, who left the private sector to join the AFP's high-tech crime unit, was among the first Australian witnesses to testify at the trial of the bombing suspects. He gave evidence about data found on Imam Samudra's notebook computer.
It's the blurring of the lines between new crimes and old crimes that MacGibbon finds particularly interesting. "Anything that looked at the nexus between crime and technology was to me an exciting thing," he says.
Graham Ingram, general manager of AusCERT, an analysis centre that provides information to business and government about security threats, says MacGibbon's excellent work has left behind a world-renowned policing unit.
"He turned rhetoric into action," Ingram says. "He set a standard that is absolutely exceptional. The whole idea of involving private and public-sector agencies into the one centre working together ... I've only heard of people talking about it. Other people are looking at it and saying, 'My God, how did he do it?'."
It was under MacGibbon's direction that the AHTCC began hosting private-sector investigators from major Australian banks to help fight online banking fraud. According to Ingram, pushing a policy like that through a government agency is a remarkable feat.
"Alastair was a visionary, and his style was to inspire others. Just the audacity of his vision set him apart," he says. "Government agencies tend to be rather conservative by nature. It is all the more outstanding that he could not only deliver, but he could get the backing of his senior management - like Commissioner (Mick) Keelty - to support him."
A former colleague of MacGibbon's, who does not want to be named, says the former director would be "not only a loss to the AHTCC, but a genuine loss to the AFP". Having worked with MacGibbon for 10 years, the AFP officer says the whole AHTCC team will miss their "extremely effervescent and outgoing" boss, who he describes as "a very quirky ideas man who thinks very much outside the square and isn't afraid to challenge the status quo".
Despite his shift into the private sector, MaGibbon still regards himself as a servant of the people. His father, who he describes as "the most honest man in my life and someone I try to replicate", instilled a deep sense of community spirit in him. "He taught us honesty, hard work and community service. The concept of giving to the public."
MacGibbon's wife, Ainslie, who he met while working on the Wood Royal Commission into corruption in the NSW Police in the mid-'90s, says it's not a desire for recognition and money that has driven him into such a high-profile job. "He's got more energy than most normal people I know," she says. "He's not actually ambitious. He looks day by day about what he can do for the community."
After finishing high school, MacGibbon studied a political science degree at Sydney University and started a postgraduate diploma in criminology, which he never finished, before moving on to a masters degree in international studies. He says effective police officers need to understand sociology, politics, history and economics to put crimes into context.
Despite all his energy, the directorship of the AHTCC took its toll on MacGibbon. "I don't know whether it was something I could have kept up for too long," he says. "I think it was not necessarily a good long-term thing for me, healthwise, if I were to keep it up. I'm now trying to start an exercise regime and eat better and sleep. It wasn't a sustainable lifestyle."
Another AHTCC staffer, Brian Diplock, filled MacGibbon's shoes for a month last year. As a bread-and-butter policeman, he loathed the work. "I wouldn't wish Alastair's job on my worst enemy," he says.
MacGibbon remains guarded when discussing his wife and three children, having investigated everything from illegal drugs to the role of government officials in child sex offences during the Wood Royal Commission. "You don't ever know who you may have upset over time. My family is really important to me - it's the most important thing I've got," he says. "But I don't think there's any animosity out there."
Working with Justice Wood - who MacGibbon describes as "really a man of enormous integrity and insight" - on the Royal Commission was one career highlight, MacGibbon says, but there were others. "I really enjoyed our work in the Royal Commission, particularly on the child sex offender side ... it had a lot of social utility," he says.
MacGibbon will now set about contributing to the security of the online community. "The key with high-tech crime is volume; the compromise of end-user computers, whereas in the past there was a focus on breaking into the big computers," he says. "The last year has shown that it's the compromise of end users that will inflict the most damage."
MacGibbon's role as the director of the AHTCC will be filled by federal agent Kevin Zuccatto, who is currently the AFP senior liaison officer to Washington DC.
The Australian High Tech Crime Centre was opened in July last year, roughly two years after a police commissioners' conference identified the growth in serious crime involving complex technology as a problem.
Although the centre is hosted and administered by the Australian Federal Police in Canberra, one of its aims was to bring state police from all jurisdictions under one roof. Bank-employed investigators with ffederal agents and state police.
The explosive growth in "phishing" scams - in which fraudsters send spam email purporting to come from a bank, designed to solicit usernames and passwords out of its recipient - led to the public-private partnerships negotiated with the Australian Bankers Association, Credit Union Services Corporation of Australia Limited.
IT and telecommunications security lawyer Andre Stein says the involvement of the private sector is "a great idea", particularly in investigating "people who want to steal customers' usernames, passwords and money out of their accounts".
"The private sector owns and operates these information networks and it's essentially their responsibility to protect them - there's a limited amount the government can do in that regard."
The centre supports investigations into terrorism, drugs and child sex offences. This may include technical advice, or evidence gathering.
Computer-based offences are covered by state and federal legislation: "There is an increasing need for co-ordination, particularly as cyber crime knows no state or national borders," Stein says.
The centre also liaises with law-enforcement agencies overseas when investigating online crimes.
The bazaar threat
When eBay was founded in Pierre Omidyar's San Jose living room in September 1995, the web was a much safer neighbourhood than it is today.
Almost a decade later, eBay has become the grand bazaar of cyberspace. The online auction site has 100 million registered members from around the world, making it one of the most popular shopping destinations on the internet. It has localised sites in more than 17 countries, including Australia, with combined revenues of more than $1 billion last year.
Around the world, eBay runs more than 2 million auctions each day and more than 250,000 new items join the For Sale list every 24 hours.
It is one of the few dotcoms that can honestly call itself a household name - late-night talk-show hosts can even sprout it as a one-word punchline.
But its success has come at a price. To some, eBay's underbelly has become a wretched hive of scum and villainy, with everything from Nazi memorabilia to a British teen's virginity available for the right price.
As with most market places, trading on eBay is often a case of "buyer beware". The site has struggled to fight fraudsters, with upmarket jeweller Tiffany suing eBay for allegedly allowing counterfeit Tiffany goods to be sold on the auction site.
The popularity of eBay has attracted the usual suspects looking to cash in on its success, such as spammers spruiking methods to "make huge profits on eBay" using the "Total Turnkey eBay Business Kit".
Along with Citibank and PayPal, eBay is one of the organisations most targeted by online con artists looking to trick users into handing over details such as credit card numbers, according to the Anti-Phishing Working Group - an industry association with 400 members from more than 250 organisations.
eBay publishes safety tools and resources to protect its users, including the Feedback Forum (1996) to monitor the reputation of registered buyers and sellers. In 1998, eBay's SafeHarbour program began working with law-enforcement agencies to investigate, arrest and convict fraudulent buyers or sellers.
Under its Fraud Protection Program, the maximum eBay will reimburse members who pay for an item and never receive it, or receive an item that is "less than what was described", is $375. - Adam Turner
http://www.theage.com.au/articles/2004/ ... click=true
2 posts • Page 1 of 1