http://www.cbsnews.com/stories/2006/06/07/opi
nion/main1690428.shtml
By Tom Kellerman
CBS
June 7, 2006
In today's age of digital everything, one can reminisce
about the days
of true privacy. Much of the discussion of late has centered
upon the
NSA's domestic spying program. Americans from the deep red
states to
the blue have felt betrayed by Uncle Sam as a result of his
anti-terror efforts. The naiveté exhibited by privacy
advocates
everywhere stems from a lack of appreciation that the world
is truly
flat - privacy has been traded for convenience. True privacy
has
become pure nostalgia in this age of digital everything. All
the
fretting about the National Security Agency's domestic
spying program
is understandable, but it misses one spectacularly big
point: domestic
privacy in America simply does not exist anymore. Those who
use
e-commerce most are at greatest risk. The Privacy Rights
Clearinghouse
reported that more 80 million Americans have had their
personal
information jeopardized by data breaches since Feb. 15,
2005. A more
recent study conducted by IBM claimed that three times more
Americans
thought they were more likely to be victimized by cybercrime
than
physical crime.
Most Americans are unaware that government Big Brother no
longer has a
monopoly on domestic spying. There are in fact thousands
upon
thousands of Big Brothers in cyberspace and on the digital
airwaves.
These Big Brothers are intent upon criminal gain rather than
national
security. These Big Brothers exist in the underground hacker
community, among other places. Since the wide spread
adoption of
e-commerce and e-finance the burgeoning hacker community has
evolved
into a force to be reckoned with on the world stage.
An entire subculture of highly educated and sophisticated
cyber
criminals exists. Much as the Italian Mafia in the U.S.
moved into
narcotics trafficking in the 1970's, other organized
criminal
syndicates have realized that identity theft, funds transfer
and
extortion are the most lucrative business models in the
information
age. A recent FBI study determined that 9 out of 10 American
businesses fell victim to cyber crime last year. The FBI
Director,
Robert Mueller, declared cyber crime his number one criminal
priority.
According to the Organization for Economic Cooperation and
Development
one in three computers is compromised — remotely controlled
by someone
other than you.
The virtual takeover of Americans' privacy has been largely
due to the
proliferation of Trojan Horse programs. Trojan Horse
programs are
smaller, digital, and far more prolific than in the days of
Troy.
Trojans cloak malicious code by appearing as innocuous
attachments in
order to gain access inside a user's computer system. Once
a Trojan
Horse has been introduced into a user's computer system, it
plants a
program that listens for a variety of user communications
and secretly
installs secret passageways into a user's computer. Through
these
backdoors, remote hackers can launch malicious code and
vandalize,
alter, steal, move, or delete any file on the infected
computer. They
can also harvest sensitive user information such as
financial account
numbers and passwords from the data in local files, and then
transmit
them through backdoors.
Most Americans think that one must be very technical to
invade someone
else's privacy in this fashion. That belief is dangerously
misguided.
Much as one need not understand the inner workings of a
handgun to use
one, you don't need to be a sophisticated programmer to be
an adept
cyber crook. By merely running query in a search engine for
Trojan
horse programs or keyloggers one will find tens of thousands
of
relevant downloadable programs at their fingertips. One
merely needs
to comprehend the lexicon associated with hacker tools to
launch cyber
attacks. The Internet has become a virtual arms bizarre. The
free
distribution of cyber weapons takes place millions of times
every day.
Underground Internet Relay Chat rooms and Web sites like
http://astalavista.box.sk have mirrored the American gun shows; the
only exception being that all the guns and ammo are free.
Some examples might shock you:
Did you know that the Pentagon the most secure
infrastructure in the
world was hacked for over eight months by a network of
Chinese
computers named Titan Rain? These computers were implanted
within the
DOD's internal networks so as to steal our aeronautical
specifications
for advanced jets and space craft.
Did you know that the greatest threat facing our banks is
not armed
robbers but cyber thieves stealing your identity and setting
up
fraudulent lines of credit in your name? Only 2 percent of
mounting
bank crime losses are from physical robberies now. Today's
bandits now
hide safely in a hotel room halfway around the world while
they steal
your financial futures.
Did you know that the 202 deaths of foreigners in Bali in
2002 were
financed by cyber crime? Imam Samudra was convicted of
engineering the
devastating Bali nightclub bombings four years ago. Samudra
published
a jailhouse autobiography that contained a chapter titled
"Hacking,
Why Not?" Samudra urged fellow Muslim radicals to take
the holy war
into cyberspace by attacking U.S. computers, with the
particular aim
of committing credit card fraud online.
Today's' digital world has become a boon to an illegal
underground
economy that trades in our secrets. Governments no longer
have a
monopoly on technology and thus no longer have a monopoly on
being Big
Brother. Indeed, the proliferation of criminal, digital Big
Brothers
far exceeds the government's ability to protect citizens in
cyberspace.
A good place to begin reclaiming privacy and real cyber
security in
vital areas of life and commerce is with the banks and
corporations
that we do business with. Just as some corporations do a
better job at
protecting the environment there are those who do a better
job at
ensuring our privacy and cyber security. There is no way
government
can do the job itself; the resources and resourcefulness of
the entire
private sector are necessary.
In cyberspace privacy cannot exist without cyber security.
You might
attempt to protect your computer and the information on it.
But you
can't protect the security of every institution that holds
information
about you. Much like the concept of "rewind" the
concept of personal
privacy is becoming ancient history.
-=-
Tom Kellermann is a cyber security consultant who formerly
held the
position of Senior Data Risk Management Specialist for the
World Bank
Treasury Security Team. He was responsible for cyber
intelligence and
policy management within the World Bank treasury and
regularly advised
central banks around the world. He is a Certified
Information Security
Manager (CISM).
©MMVI, CBS Broadcasting Inc. All Rights Reserved.
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|