安卓下的攻击 （【作者】Eddy Willems 【刊名】Computer Fraud CPNI and GCHQ have got regular contacts with the biggest companies and this is something they have been I wouldn t say harping on about for some time. But it s the belief threshold until companies have the belief threshold that this is happening to them and it s a problem they need to tackle, its really hard to get the traction.” He adds: “I honestly think that what government is doing now is the right approach. I think theyve been doing it correctly for a long time. The last bit is the boards taking it seriously. I think only by going out and telling them theyve got a problem, that s the only way theyre going to sit up and take notice.” However, direct help and advice for SMEs has not yet appeared and a number of participants feel they remain neglected by the scheme. As ISFs Durbin comments: “The Government is never going to win,it s always going to be criticised by somebody, but I do think that it has a responsibility to inform, to educate. And maybe it should be doing that more through the smaller businesses networks up and down the country expressing these things in terms business leaders understand, as opposed to viewing it more as a technical issue or an audit- based issue, as that will turn some people off. But if you talk practically about how do you go about things in a sensible way, that will help. ” Conclusion 结论 Now nearing its halfway stage, the Governments four-year Cyber Security Strategy is ambitious and wide-ranging. Mainly driven by GCHQ working for the Cabinet Office, it has launched initiatives against state-sponsored cyber- attacks and cyber-criminals, created new apprenticeships in cyber-security, made changes to school teaching, funded more university research and improved international governmental cyber-security co-operation. It has guided UK commercial companies about what they can do to prevent cyber-attacks and it has launched a scheme to help firms deal with attacks if they do suffer them. Those involved recognise that with a programme of this scale and importance, its unrealistic to expect everything to go right. But a number of commercial firms now working with government are currently unhappy at the lack of co-ordination and co-operation they re getting, and the difficulty of working with the numerous government agencies involved. They are also calling for more targeted help for SMEs. The private-sector partner who said of the Government “There are too many people involved and there isnt a great deal of co-ordination ”is by no means a lone voice. Motive动机 Cybercrime started with Microsoft Windows. The reason for this is not, as many people tend to think, because Windows is a weak system, with many security holes. If any talented hacker were to look closely at any operating system, he/she would find vulnerabilities. The reason why so many leaks have been found in Windows versions over the years, is because millions of work hours are spent searching for them. This time investment is only done because there is a positive pay-off. About 90% of computer users use Windows, which translates into approximately 1.62 billion people around the world (estimating that there are about 1.8 billion active computers in the world today).1,2 Finding a good security hole and writing some efficient malware to exploit it, means a potential market of all those computers. With the right malware, it is possible to grab control of those computers, by hooking them to a botnet, and browsing through the computer to search for personal and financial data that can be used for either selling in the underground market, or using the found identity for all kinds of criminal activities. The money that is made by cyber-criminals per year is estimated to be of a bigger volume than the turnover of the drugs industry. In short: it pays to invest time into writing malware for Windows. Of course there have been, and still are, other popular platforms besides Windows. Apples OS X and Linux for instance, are still growing in popularity. Many people believe these systems to be far safer than Windows.However, that is a conclusion that can only be reached with certainty after putting as many work hours into searching for weaknesses as has been done with Windows. This, of course, has not happened, so we refrain from celebrating the safety of one system over another. This theory also applies to mobile platforms. Smartphones have been around for many years and have gradually grown in popularity. But up until 2010, a mobile counterpart of Windows did not surface. Many different operating systems co-existed, no one much more popular than the others for many years. The theory that all of these systems have their weaknesses, but not many people were looking for them because it would not be worth their time investment, held up for a long time. But this situation ha now changed. “The possibility of reaching a large public with Android, and to steal money from 75% o