Home > Articles > Security > General Security and Privacy

Crime, War, and B.S. in the Electronic Universe

  • Print
  • + Share This
Unlike Chicken Little (and plenty of people in the media), Michael Kemp doesn't believe that the sky is falling and our electronic connections will soon evaporate under attack by terrorists, criminals, and hackers. But he does warn of a more insidious threat: By pandering to these fears, industry professionals may drive themselves right out of business.
Like this article? We recommend

"Fear grows in darkness; if you think there’s a bogeyman around, turn on the light."

—Dorothy Thompson

For a number of years, academicians, the media, and all manner of private, governmental, and military organizations have pondered the rise in the use of communications technology, sometimes with what can only be described as an attitude bordering on the hysterical. We stand—or so we are informed—on the verge of all-out electronic warfare that will reduce our comfortable modern existence to ashes and see us all staggering back to the stone age.

Since the 1990s (and prior to that, but with much less press coverage), many branches of the military have considered the use and abuse of information warfare. If much of the news media is to be believed, terrorists routinely utilize the Internet as a communications channel, and will undoubtedly unleash an "electronic Pearl Harbor" [1] at some undetermined point. Legislators tell us that the Internet, rather than being a series of interconnected computer networks, actually resembles a seedy bar in some far-off clime, inhabited by criminals, terrorists, and the seemingly ubiquitous computer hackers.

A lot of what’s said about the threats presented by the use and abuse of Internet technologies is nonsense; but, sadly, a lot is being said. This article attempts to clear up some of the haze by doing the following:

  • Discussing some of the statistics being bandied about
  • Taking a sober look at the threat landscape
  • Examining how industry professionals who choose to pander to populist illusions do themselves a huge disservice

The State of Play

According to current statistical data, organizations of all shapes, sizes, and budgets face an increasing array of attacks. In its semiannual report for the first half of 2007, the Reporting and Analysis Centre for Information Assurance (MELANI) made a number of claims that are backed up by other vendors, [2] including a significant rise in "targeted" malware attacks and the use of sophisticated botnets and malware-distribution channels. According to MELANI (quoting Sophos), up to 30,000 websites daily were infected with some strain of malware (usually JavaScript droppers) in the latter part of 2007, and 938 senior financial executives received targeted malware. In November 2007, Jonathan Evans, Director General of the UK Security Service (MI5), took the unusual step of writing to 300 UK private-sector chief executives and directors, warning of an influx of malware for espionage purposes.

So, according to vendors and government agencies alike, the threats are real, tangible, and growing in sophistication. But from where do these threats arise or evolve? One oft-mentioned source is China. As with many rapidly developing nations, the Chinese don’t have a great track record for computer security, but threat activities may not have anything to do with them. Any experienced attacker knows the old stage magician’s trick of misdirection—in this case, employing open proxies as a route to the end target. As well as having a criminal element and possibly very dubious security services, China has a number of open proxies, which makes it useful to attackers around the globe.

Another alleged suspect is terrorist cells, which receive the lion’s share of press and political attention—rightly so, if the threat were as real as many people seem to think. Undoubtedly terrorists are utilizing the Internet as a communications, promotions, and PR tool, but they’re not directly attacking anything (other than ideologies) by constructing web pages. The use of modern communications technology by terrorist groups is a concern, certainly, but our reaction to it should be considered and implemented with caution.

The last group blamed by vendors and media alike for rapid stratospheric collapse is criminals. This makes sense, actually. Increasingly, attacks have focused not upon the rewards of kudos, but on tangible financial gains. Computer criminals (as opposed to incorrectly labeled hackers) have become increasingly greedy for financial gain. Knowledge that once may have been utilized to test system weaknesses or prove an elegant electronic point is being used to turn a quick buck, both legitimately and illegitimately. The tools of the trade have altered, but so has the trade itself.

  • + Share This
  • 🔖 Save To Your Account