💾 Archived View for gmi.noulin.net › mobileNews › 1022.gmi captured on 2023-09-08 at 18:55:30. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
2009-02-02 11:39:30
By Tim Weber
Business editor, BBC News website, in Davos
The threat of cybercrime is rising sharply, experts have warned at the World
Economic Forum in Davos.
They called for a new system to tackle well-organised gangs of cybercriminals.
Online theft costs $1 trillion a year, the number of attacks is rising sharply
and too many people do not know how to protect themselves, they said.
The internet was vulnerable, they said, but as it was now part of society's
central nervous system, attacks could threaten whole economies.
The past year had seen "more vulnerabilities, more cybercrime, more malicious
software than ever before", more than had been seen in the past five years
combined, one of the experts reported.
But does that really put "the internet at risk?", was the topic of session at
the annual Davos meeting.
On the panel discussing the issue were Mozilla chairwoman Mitchell Baker
(makers of the Firefox browser), McAfee chief executive Dave Dewalt, Harvard
law professor and leading internet expert Jonathan Zittrain, Andre Kudelski of
Kudelski group, which provides digital security solutions, and Tom Ilube, the
boss of Garlik, a firm working on online web identity protection.
They were also joined by Microsoft's chief research officer, Craig Mundie.
To encourage frank debate, Davos rules do not allow the attribution of comments
to individual panellists
Threat #1: Crime
The experts on the panel outlined a wide range of threats facing the internet.
There was traditional cybercrime: committing fraud or theft by stealing
somebody's identity, their credit card details and other data, or tricking them
into paying for services or goods that do not exist.
The majority of these crimes, one participant said, were not being committed by
a youngster sitting in a basement at their computer.
Rather, they were executed by very large and very well-organised criminal
gangs.
One panellist described the case of a lawyer who had realised that he could
make more money though cybercrime.
He went on to assemble a gang of about 300 people with specialised roles -
computer experts, lawyers, people harvesting the data etc.
Such criminals use viruses to take control of computers, combine thousands of
them into so-called "botnets" that are used for concerted cyber attacks.
In the United States, a "virtual" group had managed to hijack and redirect the
details of 25 million credit card transactions to Ukraine. The group used the
data to buy a large number of goods, which were then sold on eBay.
This suggested organisation on a huge scale.
"This is not vandalism anymore, but organised criminality," a panellist said,
while another added that "this is it is not about technology, but our economy".
Threat #2: the system
A much larger problem, though, are flaws in the set-up of the web itself.
It is organised around the principle of trust, which can have unexpected
knock-on effects.
Nearly a year ago, Pakistan tried to ban a YouTube video that it deemed to be
offensive to Islam.
The country's internet service providers (ISPs) were ordered to stop all
YouTube traffic within Pakistan.
However, one ISP inadvertently managed to make YouTube inaccessible from
anywhere in the world.
But in cyberspace, nobody is responsible for dealing with such incidents.
It fell to a loose group of volunteers to analyse the problem and distribute a
patch globally within 90 minutes.
"Fortunately there was no Star Trek convention and they were all around," a
panellist joked.
Threat #3: cyber warfare
Design flaws are one thing, cyber warfare is another.
Two years ago, a political dispute between Russia and Estonia escalated when
the small Baltic country came under a sustained denial-of-service attack which
disabled the country's banking industry and its utilities like the electricity
network.
This was repeated last year, when Georgia's web infrastructure was brought down
on its knees during its conflict with Russia.
"2008 was the year when cyber warfare began.. it showed that you can bring down
a country within minutes," one panellist said.
"It was like cyber riot, Russia started it and then many hackers jumped on the
bandwagon," said another.
This threat was now getting even greater because of the "multiplication of
web-enabled devices" - from cars to fridges, from environmental sensors to
digital television networks.
The panel discussed methods that terrorists could use to attack or undermine
the whole internet, and posed the question whether the web would be able to
survive such an assault.
The real problem, concluded one of the experts, was not the individual loss.
It was the systemic risk, where fraud and attacks undermine either trust in or
the functionality of the system, to the point where it becomes unusable.
What solution?
"The problems are daunting, and it's getting worse," said one of the experts.
"Do we need a true disaster to bring people together?," asked another.
One panellist noted that unlike the real world - where we know whether a
certain neighbourhood is safe or not - cyberspace was still too new for most of
us to make such judgements. This uncertainty created fear.
And as "the internet is a global network, it doesn't obey traditional
boundaries, and traditional ways of policing don't work," one expert said.
Comparing virus-infected computers to people carrying highly infectious
diseases like Sars, he proposed the creation of a World Health Organisation for
the internet.
"If you have a highly communicable disease, you don't have any civil liberties
at that point. We quarantine people."
"We can identify the machines that have been co-opted, that provide the energy
to botnets, but right now we have no way to sequester them."
But several panellists worried about the heavy hand of government. The
internet's strength was its open nature. Centralising it would be a huge threat
to innovation, evolution and growth of the web.
"The amount of control required [to exclude all risk] is quite totalitarian,"
one of them warned.
Instead they suggested to foster the civic spirit of the web, similar to the
open source software movement and the team that had sorted the YouTube problem.
"Would a formalised internet police following protocols have been able to find
the [internet service provider] in Pakistan as quickly and deployed a fix that
quickly?" one of them asked.