Current Event: The Internet Is Unsafe
The BBC reports that a group of experts at the World Economic Forum in Davos, Switzerland met to discuss the increasing pervasiveness of organized cybercrime and cyber warfare. One expert claimed that the past year saw more malicious internet activity than the previous five years combined (the expert asked to remain anonymous in order not to be compelled to substantiate this claim).
There have been increasing findings of botnets being used by networks of professionals, including computer experts and lawyers, to steal credit card information–and in some cases channel it to other countries. Such activities serve to delegitimize the internet as a safe place for transactions, and as businesses have become increasingly integrated with the Web, this is a grave threat to their economic viability. Furthermore, as the internet has become “part of society’s central nervous system,” the health of entire economic systems may be at stake.
Perhaps even more unsettling are recent DoS attacks by Russia against the web infrastructure in Estonia and Georgia, as well as an accidental DoS against YouTube caused by state censorship in Pakistan. These attacks, which can take effect in a matter of minutes, show that the danger extends beyond the economy, as they are clearly of extreme import to national security as well.
What makes the internet so unsafe? The panelists observed that it was originally “organised around the principle of trust,” and that this has led to inherent vulnerabilities. Some panelists asked whether drastically increased measures for quarantining infected computers would be necessary; one suggested the formation of a “World Health Organization for the internet,” which would do just that by implementing a strategy against botnets similar to that employed against the more dangerous contagions.
On the other hand, some expressed concern that such measures would too severely compromise the privacy of users, in addition to requiring immense resources to implement. It would be better, they argued, to “foster the civic spirit of the web,” promoting organizations built on mutual aid and development.
I agree with the latter group that this issue cannot be resolved simply by throwing more experts and money at it (although that might not hurt). The problem has to be understood in a larger social and economic context. I don’t claim to know what would make lawyer decide that it was worth it to turn to organized cybercrime to make more money, but I think an effort to understand and remove these motivations might prove more cost-effective over time than only addressing the security aspect of the problem. Perfect security is impossible; if someone is resourceful enough, they will always be able to find vulnerabilities in the internet to exploit (if nothing else, the human element makes this true). It is definitely worth it to try to make these vulnerabilities harder to find, but this cannot be the entire solution. The causes of internet criminality must also be taken into account.
And yet, when multiple nations become involved, more drastic measures may be the only ones that remain viable. An article a little over a year ago in the Guardian reports on an organization known as the Russian Business Network (RBN)–which is suspected of being involved in approximately 60% of all internet crime–and provides evidence suggesting that the Russian government has little interest in stopping it. In this case, as the article indicates, nothing short of an international body of law and an organization to enforce it can really address this. The job of this organization should not be to contain all internet attacks, but to prevent them from being used as an instrument of coercion by one country against another. This kind of cyber warfare should be understood in the same way as a conventional attack, and dealt with accordingly. Only an international effort can accomplish this.