Crime dramas in Internet-land
Wednesday July 11, 2007 at 1:53 pm CST
Posted by Allysa Myers
Security news lately is starting to sound like an episode of CSI these days. Death, muggings, theft rings, racketeering, rogue phone taps… it’s the juiciest of evening news fodder!!
Today brings three articles pertaining to the real effects of cybercrime and its implications for the future. The first article discusses arrests that have been made due to the TJX and Polo Ralph Lauren data breaches, and why this was such a lucrative target. The second is a detailed account of a rogue wire-tap in a Greek cellphone provider’s network. The third deals with virtual muggings and the possibility of very real racketeering in Second Life.
To me, there are two things that stick out as particularly important messages:
- Technology is far outpacing our ability to deal with its implications.
- Cybercrime is simply crime and should be treated accordingly.
It’s been said a million times, but it bears repeating: The internet is very much the new “Old West”. We’re in a state of almost total lawlessness, because we have not yet found efficient ways to find and bring criminals to justice. And it’s not just Netizens who’re being harmed by cybercrimes. The victims of the TJX data breach were people who’d visited their brick and mortar stores. So, why is it that security has become such a monumentally complicated issue?
- Incredible financial incentive
- Lack of knowledge
- Lack of data retention
- Lack of cooperation
Put simply, the return on investment for cybercrime is enormous. The chance of being harmed in the process of crime is little to none, the time-span before the crime is noticed is longer, and arrests are still reasonably rare.
Both hardware and software change on a rapid basis. Being an expert on even one operating system is a never-ending learning process, and as a result the number of true experts is very few (especially when you consider how many are truly needed). Few governments, corporations or individuals adequately understand or prepare for cybercrime incidents. The “Athens Affair” and TJX incidents illustrate this in living color.
Because it is simply unfeasible to be an expert on more than a narrow range of computing knowledge, it’s of utmost importance for us to cooperate. E.g. Security companies working with ISPs and Law Enforcement, different departments within government bodies, companies or law enforcement agencies working with each other, etc. It’s the knowledge that comes through this cooperation which will be the most vital piece of the puzzle in finally getting cybercrime under control.
For every person reading this blog, here are some questions I put to you:
What is it you are doing, or could be doing, to share information to help end cybercrime? Do your friends and neighbors, your family, your political officials, or your company understand the importance of preparing for or dealing with cybercrime?