Univ of Brighton research paper - bunchof lies !

I had forgotten this so called research paper but an article in the Economic Times prompted me to seek answers from the "researchers" at the Univ of Brighton.

These guys have a shallow paper based on heresy, misplaced / racist perceptions of the developing world and they pass judgement.

Then they do not have the decency to respond to any objection to their "paper" ... is it a problem to face up to your mistakes!

Phishing study: Bunch of lies

Kamlesh Bajaj / November 05, 2009, 0:46 IST

A team of researchers including professors of University of Brighton published a report in July 2009 titled “Crime online — Cybercrime and illegal innovation”. It was picked up by online news channels and quoted in news items to propagate lies about so-called cybercrimes in the business process outsourcing (BPO) industry of India. The report tries to present data from the annual reports of the Indian Computer Emergency Team, and Symantec in a way that suits its story, of India being a centre of cybercrimes and in general being a weak state. We want to set the record straight............... Read More

Now this is Dr Bajaj blasting them above and they deserve it.

I had written to them in August but they did not bother to reply, so now I am forced to put my email in the public domain:

Dear Messrs Howard Rush, Chris Smith, Erika Kraemer-Mbula and Puay Tang I am writing to you with reference to your research report "Crime Online - Cybercrime and Illegal Innovation" This report has been quoted as the source that states "India emerging as major cybercrime centre" and has obviously raised many doubts about the veracity of your study. A very alarming statement in your report says that cyber crime has increased 50 fold in India during the period three year period from 2004 - 07 and this is pure conjecture since you are referring to statistics for security incidents and not cyber crime and there is a BIG difference between these two. A small search would have brought you to the Natoinal Criminal Record Bureau of the Government of India and you can easily get the cyber crime statistics. While you are publishing your report in 2009 you are relying on news articles that date back to 2005 and your report uses these isolated incidents to irresponsibly pronounce judgement ! Sad, to say the least. Especially when you folks are living in the UK which is a "cybercrime-incident-a-day" country. As I write to you I have this window open http://www.out-law.com/page-10309 which is not something to be proud about. I am also taking the liberty of forwarding a digest of discussions (# 1171 of Aug 21) between people on the India Infosec mailing list relating to this report. Brickbats all around for you, sadly, for trashing the BRIC countries. Do join this list to know more about the opinions of the security community. Your papes has been quoted here : http://timesofindia.indiatimes.com/news/india/India-emerging-as-major-cybercrime-centre-UK-study/articleshow/4911097.cms http://www.livemint.com/2009/08/20000730/India-emerging-as-centre-for-c.html?h=B http://www.ndtv.com/news/world/india_emerging_as_major_centre_for_cybercrime_uk_study.php My final word here is that there are so many "experts" sitting in their lofty citadels who are driven by the need to generate copy. Information Security trends, issues etc cannot be judged on the basis of old articles and researchers must first understand the subtle differences in the jargon used in the business. For example, as every IS professional knows there is a big difference between problem management or incident management ! In any case, with the large number of white papers, content, research on the net it is important that one is cautious about what to accept as true :)