Listen to the chatter from top officials, and you'd think thatWorld War III was about to break out on the Internet. The defensesecretary is warning about a digital "Pearl Harbor." Former directorof national intelligence Mike McConnell declares that the UnitedStates is "fighting a cyber war, and we're losing." Every new hackbrings more pronouncements of network doom.
The scare talk, however, is misplaced. Yes, we're facing enormouscybersecurity problems - just look at the high-profile penetrationsof such companies as Sony and Lockheed or the millions of Americanswhose personal information has been stolen online.
But these aren't signs of some impending cataclysmic showdown.They're markers of a rising tide of online crime that, in its ownway, could be more dangerous than a cyberwar. According to theBritish government, online thieves, scammers and industrial spiescost U.K. businesses an estimated $43.5 billion in the past yearalone. Crooks-for-hire will infect a thousand computers for $7 -that's how simple it's become. Sixty thousand new malicious softwarevariants are detected every day. Forget "Pearl Harbor"; if we're notcareful, the Internet could be in danger of looking like the SouthBronx circa 1989 - a place where crooks hold such sway that honestpeople find it hard to live or work there.
Could there be some online conflict in the future? Maybe. Butcrooks are draining billions from the legitimate global economyright now. Even the Pentagon's specialists are worried, noting intheir new cybersecurity strategy that "the tools and techniquesdeveloped by cyber criminals are increasing in sophistication at anincredible rate."
Those tools also are becoming easier to use. The latest crimewaremakes stealing passwords about as simple as setting up Web pages.One gang, recently arrested, used it to drain $9.5 million in justthree months.
More sophisticated are corporate spies, who've tricked executivesinto giving away intellectual property worth billions. Many of thesecriminals are believed to be state-sponsored - part of a campaign toturn industrial-age economies into information-age ones with ourknow-how. Sen. Sheldon Whitehouse (D-R.I.), who chaired a classifiedtask force on the subject, called it "the biggest transfer of wealththrough theft and piracy in the history of mankind."
But there are ways to begin stemming this online crime wave.First and foremost: Target the relatively small number of companiesthat support the criminal underground. There are more than 5,000Internet service providers around the globe; according to theOrganization for Economic Cooperation and Development, half theworld's spam traffic comes from just 50 ISPs. A recent study of masse-mail campaigns showed that three payment companies processed 95percent of the money those scams generated. When the Silicon Valley-based McColo hosting company was taken down, worldwide spam dropped65 percent overnight.
These companies facilitate criminal enterprises, whetherknowingly or not. And, unlike the criminals themselves - who hidebehind disposable e-mail addresses and encrypted communications -it's no mystery who these firms are. The independent research groupHostExploit, for example, publishes a list of the worst of the worsthosting companies and networks; 20 of the 50 most crime-friendlyhosts in the world are American.
Yet Internet service providers and carrier networks that movedata across the globe continue to do business with these crookedfirms. There's no economic incentive to do otherwise. After all, thehosting company that caters to crooks also has legitimate customers,and both pay for Internet access.
That's where the federal government could help. It couldintroduce new mechanisms to hold hosting companies liable for thedamage done by their criminal clientele. It could allow ISPs to beheld liable for their criminally connected hosts. It could encourageand regulate ISPs to share more information on the threats theyfind.
Government could also require more businesses to come clean whenthey are victimized. Today, just three in 10 organizations surveyedby the security firm McAfee report all of their data breaches. Thatnot only obscures the true scope of cybercrime; it also preventscriminal trends from being identified earlier.
Taking these steps would signal that America will no longertolerate thieves and con artists on its networks.
As the United States gets serious about cybercrime, it could askmore from - and work more closely with - other countries. China, forinstance, sees itself as the biggest victim of cybercrime, even asit remains a hotbed for illicit activity. Not coincidentally, Chinais also only partly connected to the global community of ISPs.Dialogues to draw the Chinese further into the fold would not onlymake it easier to marginalize cybercriminals; it also would buildmomentum for broader negotiations on all sorts of Internet securityissues. In other words, tackling today's cybercrime wave could helpstop tomorrow's cyberwar.
Noah Shachtman is a contributing editor at Wired magazine and anon-resident fellow at the Brookings Institution. His study forBrookings, "Pirates of the ISPs: Tactics for Turning Online Crooksinto International Pariahs," is to be published this week.
Комментариев нет:
Отправить комментарий