Digital crime wave: the growing problem.The Internet has created a new level of worldwide communication and information sharing See data conferencing. as e-commerce has flourished and e-mail has become a ubiquitous means of nearly instant communication while emerging as a critical database itself. Almost one billion of the world's 6.4 billion people now use the Internet, and the vast amounts of readily accessible information, data and valuable research material available to them is unparalleled. Despite the many benefits and "all the good things" the Internet brings us, challenges are rapidly mounting for this global network. The Internet's dark side has appeared in the form of its lack of built-in security. "We are at an inflection point Inflection Point An event that changes the way we think and act. -Andy Grove, Founder of Intel. Notes: For example, the fall of the Berlin Wall was an inflection point in global politics and the commercialization of the Internet was an inflection point in technology. , a revolution point." Internet elder statesman and onetime chief protocol architect David D. Clark For other notable people of the same name, see . David Dana Clark (b. April 7, 1944) is an American computer scientist. He graduated from Swarthmore College in 1966. now argues. This is particularly true since there are trillions of dollars of value continuously floating all over the place unprotected. Internet Architecture Simply put, the Internet has no inherent security architecture and nothing to stop viruses, worms, or spam and all the other digital diseases. Protections like firewalls and anti-spam software are add-ons or security patches at best in what is becoming a digital arms race. The Internet's original protocols were developed in the late 1960s and were designed to do one thing very well: facilitate communication between a few hundred academic and government users. These protocols efficiently break digital data into simple units called packets and send the packets to their destinations through a series of network routers. Both the routers and PCs, also called nodes, have unique digital addresses known as Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. or IP addresses. The Internet's design didn't care whether the information packets added up to a malicious virus, a hello, or a meeting notice and it had no provisions for doing much besides simply getting the data to its final destination. Nor did it anticipate the large number of mobile nodes such as PDAs, Blackberry's, cellular appliances and even RFID tags that can connect to the Internet from almost any location. The original internet architecture assumed that everything was machine to machine rather than people to people. It's now time to rethink the Internet's basic premises and to potentially start over with a fresh design with a realistic strategy for proving the design's viability so that it stands a chance of implementation. This is not about building a technology innovation that changes the world, it is about network architecture. The original internet design also assumed that all users (people) on the network could be trusted and that the computers linked by the Internet were mostly fixed, unmovable objects. No one envisioned that a wave of digital terrorism, scam artists, sexual predators and identity thieves that would emerge based on these original assumptions. Internet Statistics * Intrusion cost the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. $17.5B in 2004. (CSI-FBI Survey) * Spam cost United States workers 22.9 million hours of lost productivity in 2004 totaling $21.5B in lost wages (U. of Maryland survey) * 118 terabytes of spam delivered in the last 6 months (CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. Magazine). * Over 3.5 billion spam emails delivered every 30 days (Postini) * As much as 70-80% of all e-mail messages are spam * ~40% of spam comes from hijacked (zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. ) computers Types of Digital Diseases Botnets or Zombies Zombies Companies that continue to operate even though they are insolvent. Also known as living dead. Notes: It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. are possibly most threatening of all Internet diseases. These are collections of computers subject to remote deployment that are hijacked to do remote-control tasks like sending spam or bombarding Bombarding is the process of 'pumping' a Cold Cathode Lighting tube (otherwise called Neon Signs). Information A detailed process of bombarding can be found here, Bombarding. websites with so many requests that no one else can access the site. This kind of behind the scenes hijacking hijacking Crime of seizing possession or control of a vehicle from another by force or threat of force. Although by the late 20th century hijacking most frequently involved the seizure of an airplane and its forcible diversion to destinations chosen by the air pirates, when has been made more potent by wide adoption of always-on broadband connections that has sadly has spawned hard-core crime and digital extortion. Adware and Spyware These are unwelcome programs which install themselves on your computer without your permission and then send your personal information to the originator. Adware tends to be more annoying than destructive, although it may set you up for lots of spam emails and unwanted junk advertising. Spyware is more damaging in that it will search your computer and transmit to the originator (a form of data theft) items of personal information, such as addresses of web sites you've visited, bank account information or your credit card details. Most people are unaware that adware and spyware is installed and running on their computer. Spyware represents another form of data theft, much like stealing an optical disc or tape cartridge See cartridge. , except the media is not physically stolen, only the data. Theft by spyware further encourages encryption for stored data since encrypted data is useless without the keys. Viruses and Worms Virus writers depend on good people's inexperience, helpfulness, curiosity and naivety na·ive·ty or na·ïve·ty n. Artlessness or credulity; naiveté. naivety or naïveté Noun the state or quality of being naive Noun 1. . A virus is a computer program which arrives on your computer and which, when activated, destroys your system by deleting important files. If your computer becomes infected with a virus you are likely to lose all your files and will have to rebuild your computer as if you'd just taken it out of the box. A worm is a type of virus which may not delete any files, but instead raids your email address See Internet address. book and replicates itself to every address contained in your email address book. Most viruses and worms arrive as attachments to an email which contains an appealing subject line, an intriguing invitation or personalized request in the body of the email. Viruses take the cowardly approach when they arrive. When you open the attachment the virus is automatically installed and activated without you knowing it. These days most viruses cloak themselves by using names raided from the infected computer's address book. Always have the latest anti-virus software anti-virus software n → Antivirensoftware f installed. Spam Spam or digital junk mail See spam and junk faxes. is the name given to unsolicited emails, advertising products and services you don't want from people you don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. . Once considered as merely annoying, spam ranges from loans, insurance, so-called health products to less tasteful pornographic offerings. Spam emails and viruses are often indistinguishable. Many spam e-mails have a "Remove" or "Unsubscribe To cancel a service. It is often possible to unsubscribe to an e-mail service by typing the word "unsubscribe" into a reply message. Contrast with subscribe. See opt-out. here" option but these are also fraudulent because when you click on them all they do is confirm to the sender that your email address is active and can be sold to other spammers. As e-mail archiving Retaining e-mail messages for historical purposes or to be in compliance with many industry regulations. The file structure of e-mail is different than other data formats, and message archiving software is specialized for e-mail retention and searching. becomes a serious data management discipline, make sure that archival storage strategies don't include spam as you will be storing a lot of worthless data. In just the 5 month period between July 1 and December 31, 2004, spam surged 77 percent at companies that Symantec monitored. The raw numbers are staggering as weekly spam totals on average rose from 800 million to more than 1.2 billion messages, and 60 percent of all e-mail was spam, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Symantec. Other estimates show spam as high as 80% of all e-mail traffic clogging our digital arteries Noun 1. digital arteries - arteries in the hand and foot that supply the fingers and toes arteria digitalis arteria, arterial blood vessel, artery - a blood vessel that carries blood from the heart to the body worldwide. If all the spam and cookies, virus and worm code were stopped, there would be over 75% more available bandwidth! Unfortunately, spammers refer to themselves as legit le·git adj. Slang Legitimate. e-mail marketers, since to them spamming is perfectly legitimate e-mail marketing Email marketing is a form of direct marketing which uses electronic mail as a means of communicating commercial or fundraising messages to an audience. In its broadest sense, every email sent to a potential or current customer could be considered email marketing. . They obviously fail to see the damages they cause others. Scams Phish--"Recently our customers have reported receiving fraudulent e-mails that appear to be from Bank One," begins one e-mail that looks like it's from Bank One. "Please log in and learn more about what's happening and how to protect yourself." It sounds convincing enough. But recipients who follow the link will be taken not to Bank One's website but to a look-alike set up to gather user names and passwords. It's the latest kind of Internet scam, one that's known as "phishing." They're fishing for passwords. Companies need to remind customers that they will never ask for personal information via e-mail. Some of the scams, which you can find documented at www.antiphishing.org, can be obviously identified by their misspelled words or ridiculous claims. Others are more sophisticated. Graphics and wording are copied straight from official company correspondence and websites to fool the user. Though Internet users need to be skeptical of where an e-mail appears to come from, it's also getting harder to identify fake URLs. A recently discovered bug in Microsoft Internet Explorer See Internet Explorer. allows scam artists to blank out Verb 1. blank out - be unable to remember; "I'm drawing a blank"; "You are blocking the name of your first wife!" draw a blank, forget, block slip one's mind, slip - pass out of one's memory 2. portions of Web addresses, thus making phony URLs appear legitimate. Chain mail Chain mail is a form of spoof spam containing promises such as "if you forward this email to five people within five minutes your life will immediately be blessed with rewards", or they may contain the opposite with warnings such as "if you don't pass this email to ten people today you will suffer ten years of bad luck". The only bad luck you are likely to incur is the wrath of all the people whose email in-boxes you clutter by forwarding these junk emails. Delete them immediately and don't propagate them along with your e-mail address See Internet address. e-mail address - electronic mail address . Possible Solutions It's worth remembering that despite all of its flaws, all of its architectural complexities, inherent insecurity and the costs associated with patching it, the Internet still gets the job done. Any effort to implement a better version faces enormous practical problems. All Internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. would have to agree to change all their routers, addressing schemes and software, and someone would have to foot the bill, which will likely come to many billions of dollars. And of course, if a "Digital Pearl Harbor Pearl Harbor, land-locked harbor, on the southern coast of Oahu island, Hawaii, W of Honolulu; one of the largest and best natural harbors in the E Pacific Ocean. In the vicinity are many U.S. military installations, including the chief U.S. " does occur, the federal government is liable to respond with strict controls. Today there are just over 400 ISPs and they resist censorship. For ISPs to be successful they need high traffic volume and the elaborate resources required to filter the digital disease deluge impacts their bottom line. ISPs may not be able to get away with doing relatively little for much longer since pressure from industry, governments and consumer groups is mounting rapidly. When freedoms are widely abused, they are no longer freedoms and will get taken away. Taxing the internet is an option but it probably won't stop much crime since it addresses none of the security problems. Regulation has more momentum and putting all the porn and garbage on its own backbone, with its own domain, might be a good start but not enough. Commercial interests should be aggressively blocking the known spam-friendly domains, and the pill-vendors should be held responsible for their commercial spam overload too but it is a slippery slope 'slippery slope' Medical ethics An ethical continuum or 'slope,' the impact of which has been incompletely explored, and which itself raises moral questions that are even more on the ethical 'edge' than the original issue . In any case, the end user shouldn't be required to support the digital terrorists that perpetrate per·pe·trate tr.v. per·pe·trat·ed, per·pe·trat·ing, per·pe·trates To be responsible for; commit: perpetrate a crime; perpetrate a practical joke. disease, scams and spam. Strict regulations are another option. When basic privileges personal freedoms are abused, they often get regulated or taken away completely. The changes in airport security are a good example of this. Passengers used to be scanned for security threats by individual airports using their own guidelines. The results of this approach changed airport security forever. Just as terrorists have taken advantage of the weak points in the nation's airport screening processes, the Federal Government created an agency, the Transportation Security Agency (TSA TSA See tax-sheltered annuity (TSA). ). to tighten a heavily abused system. Expect stricter regulations and changes in the way governments and ISPs collectively deal with unwanted traffic to be a probable solution. There is little accountability for internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. beyond your own personal measures today and the damages are mounting. This is getting ready to change. The National Science Foundation has spent over $50 million on research towards a better Internet. New ways to authenticate users are under study. Software that "sniffs" Internet traffic Internet traffic is the flow of data around the Internet. It includes web traffic, which is the amount of that data that is related to the World Wide Web, along with the traffic from other major uses of the Internet, such as electronic mail and peer-to-peer networks. for diseases is another possibility. Other software activities underway can sense traffic jams and re-route the message traffic. These ideas could become the foundation of a new or parallel Internet development with dramatically improved security measures that would phase out the current porous Internet structure over time. In any case, those working on the next phase or a new Internet need to develop a "mainframe-like, bullet-proof mentality" when it comes to security. It's no wonder that security has become the newest and most important storage management discipline. The Root Cause Like the airport security example, these strategies only address the symptoms but not the root cause. The root cause of these problems is the growing number of malicious people intentionally creating the diseases. Cyber attacks are shifting from masses of attention-seeking youths to selfish, greedy professionals who are developing an assortment of digital diseases for their personal gain without regard the damages they cause others. These people and their "me first" attitudes represent the root cause of the digital crime wave and a new criminal element for society to deal with in the information age. Why do none of the proposed solutions address the malicious people? Where did all the digital terrorists come from? What were they doing before this? How do they have so much idle time The duration of time a device is in an idle state, which means that it is operational, but not being used. on their hands? Digital terrorists of course don't identify themselves in pubic attacking in a cowardly "behind the back style" typical of other terrorists. Why can't people in general be trusted anymore? If every computer user could effectively protect his or her own personal computer or mobile information appliance, virus and worm writers, the spammers, sexual predators and the scam artists and would have to pursue another form of harmful entertainment. The probability that there will be a solution to the malicious people problem in the near future is low. The probability that a very different Internet will appear in your future is high. References. Technology Review. "The Internet is Broken." pp 63-68. Dec. 2005-Jan 2006. CIO Magazine. "Seeing No Evil." Pp 69-75, Nov. 1, 2005 http://www.bullyonline.org/action/newuser.htm Fred Moore is president of Horison, Inc. (Boulder, CO). www.horison.com Subject of Spam received by E-mail Users Products Financial Adult Scams Health 25% 20% 19% 9% 7% Internet Leisure Spiritual Other 7% 6% 4% 3% Source: Jupiter Research |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion