Current Event: The Internet Is Unsafe
The BBC reports that a group of experts at the World Economic Forum in Davos, Switzerland met to discuss the increasing pervasiveness of organized cybercrime and cyber warfare. One expert claimed that the past year saw more malicious internet activity than the previous five years combined (the expert asked to remain anonymous in order not to be compelled to substantiate this claim).
There have been increasing findings of botnets being used by networks of professionals, including computer experts and lawyers, to steal credit card information–and in some cases channel it to other countries. Such activities serve to delegitimize the internet as a safe place for transactions, and as businesses have become increasingly integrated with the Web, this is a grave threat to their economic viability. Furthermore, as the internet has become “part of society’s central nervous system,” the health of entire economic systems may be at stake.
Perhaps even more unsettling are recent DoS attacks by Russia against the web infrastructure in Estonia and Georgia, as well as an accidental DoS against YouTube caused by state censorship in Pakistan. These attacks, which can take effect in a matter of minutes, show that the danger extends beyond the economy, as they are clearly of extreme import to national security as well.
What makes the internet so unsafe? The panelists observed that it was originally “organised around the principle of trust,” and that this has led to inherent vulnerabilities. Some panelists asked whether drastically increased measures for quarantining infected computers would be necessary; one suggested the formation of a “World Health Organization for the internet,” which would do just that by implementing a strategy against botnets similar to that employed against the more dangerous contagions.
On the other hand, some expressed concern that such measures would too severely compromise the privacy of users, in addition to requiring immense resources to implement. It would be better, they argued, to “foster the civic spirit of the web,” promoting organizations built on mutual aid and development.
I agree with the latter group that this issue cannot be resolved simply by throwing more experts and money at it (although that might not hurt). The problem has to be understood in a larger social and economic context. I don’t claim to know what would make lawyer decide that it was worth it to turn to organized cybercrime to make more money, but I think an effort to understand and remove these motivations might prove more cost-effective over time than only addressing the security aspect of the problem. Perfect security is impossible; if someone is resourceful enough, they will always be able to find vulnerabilities in the internet to exploit (if nothing else, the human element makes this true). It is definitely worth it to try to make these vulnerabilities harder to find, but this cannot be the entire solution. The causes of internet criminality must also be taken into account.
And yet, when multiple nations become involved, more drastic measures may be the only ones that remain viable. An article a little over a year ago in the Guardian reports on an organization known as the Russian Business Network (RBN)–which is suspected of being involved in approximately 60% of all internet crime–and provides evidence suggesting that the Russian government has little interest in stopping it. In this case, as the article indicates, nothing short of an international body of law and an organization to enforce it can really address this. The job of this organization should not be to contain all internet attacks, but to prevent them from being used as an instrument of coercion by one country against another. This kind of cyber warfare should be understood in the same way as a conventional attack, and dealt with accordingly. Only an international effort can accomplish this.
Comment by suskizor
February 1, 2009 @ 2:30 pm
Every time I hear about such internet crime, it becomes increasingly clear that cyber equivalents of some organizations should exist. One of the readings which is part of the 584 curriculum outlines the structure and responsibilities of a virtual Center for Disease Control. The internet environment would certainly benefit from crime-oriented organizations, such as a virtual police force, or even virtual vigilantes.
Of course, there are a few problems with forming them. First: who will actually do it? To be effective, it would have to be a government or someone with approximately the resources and power of a government. As internet crime isn’t exactly new, and we haven’t even the roots of an internet anti-crime organization, I don’t see this happening soon. Besides, governments already have enough to worry about with all of their non-virtual organizations to bother with some silly internet threat. Perhaps we could leverage the fury of content companies over internet piracy to convince them to form a generalized anti-crime organization.
Another problem is motivation. Money motivates the criminals, but what will entice the anti-criminals? Well, nothing, at first. Just that do-good feeling. Mmm, yeah. But that won’t pay the bills. So for most people, fighting internet crime would just be a waste of time or something that you tinker with while focusing on your real job.
And even if you do go after an internet criminal and catch one, what happens next? There’s no reward. Yet. And chances are that the criminal will be in a different country from you, which puts him (or her) safely out of your jurisdiction. The way laws from different countries interact doesn’t account for global communication and crime through the internet, and would need to be significantly restructured to deter cyber criminals. Anti-piracy organizations have already discovered this while trying to take down The Pirate Bay, which is protected by Swedish law from such attacks.
In short, yes, the internet is unsafe, but no, I don’t see anyone doing anything about it any time soon. The payoff just isn’t there, and international law would likely foil them most of the time. Criminals were quick to adapt to the internet, and law hasn’t quite gotten there yet.
Comment by eyezac
February 2, 2009 @ 11:50 am
You point out that internet criminals are likely to be in different countries from their victims. This is exactly the problem an international body would address by holding countries accountable for the internet crime that originates within their borders. Of course you’re right that until the motivation exists this won’t happen.