Cyber-Theft, Economic Espionage, Privacy Loss – Humans Through The Internet Looking-Glass

ISN Security Watch has reported that “2008 will see an expansion of economic espionage in which nation-states and companies will use cybertheft of data to gain economic advantage in multinational deals.” Is this so much an expansion of a social-ill, or a facilitation? 

As with many unsavoury issues related to the internet, such as cyber crime or bullying, this latest threat has its roots firmly planted outside of the cyber-world in physical reality. Contrary to what many would like to believe, insider trading and corporate espionage are nothing new, they didn’t just appear as a one-off Enron fiasco and they continue to occur in the U.S. and elsewhere every day. In fact, the bigger the business the more likely such grey-area techniques are used to gain an advantage over the competition. In many resource-rich developing countries, it’s common practice for some foreign-nationals to bug the meeting rooms and offices of potential clients in order to rig bids for lucrative contracts, guaranteeing success over competitors. That such tactics should be transferred to a cyber-world should come as no surprise.

Quite possibly because it makes better news, we have a tendency to splash our headlines with the latest technological scare. We are constantly warning the public of the dangers lurking everywhere in an e-environment: Mind your on-line behaviour facebook isn’t as private as you think, Cyber-bullying will destroy your child, Beware of cyber-crime, your identity is at risk! As a result, our focus is always directed on the technology, rendering the internet and other tools the risk as opposed to what actually is the threat.

Unfortunately, the fault is not to be found with technology, but with humans. If anything, something like the internet should be considered as somewhat of a mirror or looking-glass that only reflects the behaviour and flaws of humans, magnifying those tendencies back at us. Thus, old scams that prey on human weaknesses, such as greed, are facilitated through e-mail increasing the rate of such crime. Likewise, bullying which for so long has been ignored in our schools is only aggravated, becoming pervasive and unrelenting for victims. Economic espionage, like any other business process, is more accessible and streamlined. These threats aren’t new, however, they are just being facilitated through advancing technology.

Until we shift our focus away from the technology and onto the underlying threat that is human nature, these problems will only continue to worsen. As with many security related issues, our attention is misplaced on the immediate consequences – the tools, the victims or the crimes. As a result, we don’t dig beneath the surface of the situation to address the true source of the problem. Behind every issue undoubtedly stands a human. Our approach to security must begin to accept this fundamental principle if we are ever to achieve stability.

Government to Protect You From Cyber-Attacks – That’s Ironic.

The Wall Street Journal has reported that “President Bush has promised…an estimated $6 billion to build a secretive system protecting U.S. communication networks from attacks by terrorists, spies and hackers.” Coming from the same government that enlisted the help of communications service providers to unlawfully spy on its own citizens, this plan seems more than a little questionable. Moreover, governments, like most big bureaucracy, tend to be the least effective at countering cyber-threats.

It will be interesting to watch this initiative as it moves forward. At least when it fails to protect against external cyber-threats, the government will have a fairly decent dossier built on the activities of those companies remaining in the U.S.

A Simple Question, Can Someone Please Answer?

CBC News has reported that “Stéphane Dion has apparently apologized Thursday for saying the prime minister’s spokesman was involved in extortion, the same day the spokesman accused the Liberal leader of defaming him.” In a country where most of the political debate centres around stories of personal attacks or false porn allegations and the House of Commons, well, is just what its name suggests, leads to the question, who is running the country anyway? Does anyone care or is the melodrama emanating from the Hill more than enough to keep the people entertained? It certainly keeps the media distracted…

Why new border crossing measures won’t increase security

The Province has reported that “Canadians driving into the U.S. or arriving by sea are now required to have government-issued photo ID and proof of citizenship” as part of the new regulations under the Western Hemisphere Travel Initiative driven by the U.S. The changes mark a renewed focus on border issues between Canada and the U.S. and the pressure on provincial, state and federal governments to adopt enhanced identity-based security measures.  

Unfortunately, no one seems to be asking whether enhanced measures actually enhance national security. In fact, the rush to implement costly technologies with no analysis of identity as the fundamental basis for security should be alarming. With reoccurring claims that biometrics and self-scanning kiosks will not just nab criminals but prevent terrorism, further analysis of what identity is and how it is established should be conducted and publicly disclosed.

Of course, the findings of such a study would likely go against prevalent thinking in the field of security and would directly lead to a grinding halt on billions being spent on measures that can’t fulfill the promises attached to them. Many might ask, how would asking questions about security that threaten to turn an entire industry upside down help increase security? Simple, continuing blindly promising false-security to millions of people, spending billions of tax-payer dollars on faulty measures will undermine security in ways that rethinking security never could. The good-faith of the masses once lost will be lost forever. As we have reported before security is dependent on co-operative citizenry – lose that symbiosis, and lose security.

The flaws of an identity-based proactive national security scheme are simple and obvious: 

1.) Individuals who pose a threat but have no previous criminal record will pass undetected,

2.) False official identities can be established, particularly if the official identity was established in or the supporting documents used to establish the official identity come from another country; and

3.) The intent of an individual to commit a crime cannot be determined through automated identity based systems, whereas a border guard might detect some nuances in an individual’s behaviour.

As a result, the argument, that biometrics and electronic documents are solutions that prevent terrorism, is faulty.  If we continue to ignore this fact, implementing ever-more measures based on faulty-reasoning, our state of security (and public faith in the system) will be damaged beyond repair.

For more information on the problems with identity as a basis for security read Identity in Security: The Problem With Billy.

CIA says hackers pulled plug on power grid – why is that even news?

According to Computerworld, “criminals have been able to hack into computer systems via the Internet and cut power to several cities”. The source of this revelation was CIA analyst Tom Donahue speaking at a conference last Wednesday.

The vulnerabilities of the power grid should come as no surprise to any thinking person, after all, it only takes a downed tree to knock out power to thousands. Furthermore, the North American power grid is a complex machine, as an article entitled “What’s wrong with the electric grid?” suggests the world’s biggest machine, riddled with the usual political wrangling, economics-above-security and resultant mass vulnerabilities. Who needs internet hackers to disrupt service, when any number of “natural” causes can do the trick?

This is not to say that hackers using the internet (why are power grids even connected to something as vulnerable as the internet anyway?) should not be considered a real threat. However, this eternal obsession in security with complex bogey-threats (such as terrorists with shoe and liquid bombs sneaking past airport security) suggest a misplaced focus in the field. After all, why would a terrorist who really wants to achieve what the term suggests risk having his or her plot being foiled by low-level security if a plane can be brought down with simpler means outside the airport or power to millions can be disrupted by trees?

Perhaps it’s time to start looking at the system as a whole as opposed to being blinded by the rare sensationalist threat.