The book that wannabe Jihadists order before going to Syria or Iraq is, apparently, Islam for Dummies and The Koran for Dummies. According to an article at NewRepublic.com by Mehdi Hasan, the self-confessed terrorists Yusuf Sarwar and Mohammed Ahmed were not religious zealots, just disaffected young men looking to do something “cool”.
Hasan says that it’s wrong and dangerous to characterise all Jihadists as having strong religious beliefs. He provides many examples of terrorists who led a life that was far removed from Islamic ideals and makes the point that strongly held religious beliefs can actually protect people against radicalisation.
He quotes a report from MI5’s behavioural science unit which was leaked to the Guardian in 2008: “far from being religious zealots, a large number of those involved in terrorism do not practise their faith regularly. Many lack religious literacy and could … be regarded as religious novices.” The analysts concluded that “a well-established religious identity actually protects against violent radicalisation”.
The conclusion? Failure to understand the profile of those most prone to radicalisation is dangerous. The evidence is there, but if we ignore it, if we focus our attention on the “Muslim community” as a whole as some newspapers and government ministers would have us do, we risk missing the real threat and alienating a whole sector of our society.
The news that Apple’s iCloud storage service may have been hacked – it’s not been confirmed yet but the company is conducting an “urgent” investigation – is disturbing if true. If the iCloud service was left open to a brute force attack, by allowing infinite log-in attempts and by not implementing two-factor authentication, it suggests a certain level of naivety in the company’s approach to security.
Naivety is of course a big problem in security: Users who take intimate photos of themselves, apparently unaware that those images would be automatically stored in the cloud; people who fall for phishing attacks and give their passwords away; using the same password for all your online services; failing to make a distinction between public and private networks, especially when connecting to Wi-Fi; and ignoring the insider threat.
However, you don’t expect it from a big technology firm like Apple.
Another type of security naivety is the distinction between recoverable risks and irrecoverable risks. If my bank account gets hacked, I’m effectively insured against that provided I haven’t been grossly negligent, and I’ll (eventually) recover my money. If I put sensitive data in the cloud, be it mission critical business information or nude pictures of myself and my significant other, that’s an irrecoverable risk – once it’s out, it’s out there forever.
Cloud storage companies need to operate on the assumption that their risks are irrecoverable. It could be a painful lesson for Apple, especially as it attempts to recover its reputation.
It’s worth remembering that despite it being everywhere, the Internet is still a new thing. As technology develops rapidly, so too do the opportunities for exploitation. As Sadie Creese, Professor of Cyber Security at the University of Oxford said in July at the SAMI conference on Cybersecurity in the maritime industry, always assume you can be hacked. After all, even the most sophisticated security system is vulnerable to an inside attack, let alone the sort of attack that Apple may have naïvely fallen foul of.
On the advice of Richard Thompson, CEO of Facewatch, I have started reading the new Business Crime Strategy which has been produced by the Mayor of London’s Office for Policing and Crime.
Covering the period 2014-2016, the strategy identifies a lack of business confidence in the police response to crime which is what prompted the development of this strategy.
The mayor apparently wants London to be known as the most secure city in the world in which to do business, and the aim of the strategy is to get police, local government, businesses and others to work together to share information and put the criminals on the back foot.
My initial impression is that the report focuses quite heavily on cybercrime and fraud, areas that will be of more concern to larger businesses than smaller ones but I’m only halfway through the document, so perhaps I don’t have the full picture yet.