[ISN] Internet needs law enforcement, author says

From: William Knowles (wk@private)
Date: Wed Jun 09 2004 - 03:01:42 PDT

  • Next message: InfoSec News: "[ISN] Microsoft releases monthly security patches"

    By Grant Gross
    IDG News Service, 06/08/04
    The Internet is a "god-awful mess," but few U.S. government officials
    are willing to take action against virus writers, spammers and other
    scammers, author Bruce Sterling said at the Gartner IT Security Summit
    Tuesday in Washington, D.C.
    Disorder and corruption are winning on the Internet, and computer
    users need the U.S. government to crack down on the thieves preying on
    the Internet, said Sterling, author of futuristic novels Heavy Weather
    and Islands in the Net and the nonfiction book The Hacker Crackdown:  
    Law and Disorder on the Electronic Frontier.
    "We had a digital revolution in the 1990s -- now we've slid into
    digital terror," Sterling said during his hour-long critique on the
    state of cybersecurity. "Today's Internet is a dirty mess -- it's
    revolution failed. E-commerce was extremely inventive for a while, but
    the financing model was corrupt. There was poor governance in the
    financial systems, there was worse industrial policy; the upshot was a
    spectacular industry-wrecking boom and bust."
    Most of the advancements in Internet commerce since the dot-com bust
    have been illegal, Sterling noted, including spamming, identity theft,
    and "phishing," which is theft of credit card numbers or other
    personal information by directing customers to bogus Web sites to
    change their account settings. "If you advance into mayhem, that's not
    advancement, that's driving into a ditch," he added.
    Sterling offered what he called a little good news about
    cybersecurity, the recent arrests of a handful of virus or worm
    writers, including the arrest in May of the 18-year-old German man who
    allegedly wrote the Sasser worm. "The world is never going to run out
    of disaffected teenagers," he said.
    But Sterling said he's not overly worried about bored 18-year-old worm
    writers who are unsophisticated enough to get caught; instead he's
    concerned about the authors of such malicious code as Slammer, Code
    Red, and Witty because they haven't been caught.
    The authors of the Witty worm targeted users of Internet Security
    Systems' products, while the Bagel and Mydoom virus authors attempted
    to turn infected computers into spam-sending machines, Sterling said.  
    "Bagel and Mydoom are the future of virus-writing because they have a
    business model," he said. "Those are organized crime activities. ...  
    These are crooks."
    Virus and worm writing will grow as a weapon for terrorists and
    warring nations, he predicted. Terrorists operating in places with
    little central government control will begin to see cyberterrorism as
    an effective weapon because of a lack of international cooperation on
    cybersecurity enforcement, he said. He listed a dozen such countries,
    including Somalia, Bosnia and the Philippines.
    "This is the birth of a genuine, no-kidding, for-profit ...  
    multinational criminal underworld," he said. "I don't see any way it
    can't happen. We're going to end up getting pushed around by bands of
    international electronic thieves in a very similar way to the way
    we've been pushed around by gangs of international Mafia and
    international Mujahideen terrorists."
    The new tools of terrorists and criminals will be "oil, narcotics,
    guns and broadband," he said.
    With cyberthreats likely to rise, the U.S. government needs to focus
    on enforcement of existing laws, including antifraud laws, Sterling
    said. He praised New York Attorney General Eliot Spitzer, who
    prosecuted Buffalo spammer Howard Carmack earlier this year, as well
    as other white collar criminals. Although virus writers and many
    spammers break existing laws, most prosecutors seem reluctant to take
    on computer cases, Sterling said
    "In my opinion, we need a thousand guys like (Spitzer)," Sterling
    said."We've got a ridiculous amount of computer laws."
    Efforts such as the Controlling the Assault of Non-Solicited
    Pornography and Marketing Act, passed by Congress in late 2003, are
    "phoney-baloney gestures," Sterling said.
    Instead of weak laws, the U.S. government needs to sponsor a
    multistate computer crime task force that enforces existing laws, he
    said. He also recommended that the U.S. post names of spammers and
    other Internet scammers on a Web site for everyone to see.
    Sterling also praised parts of the National Strategy to Secure
    Cyberspace, released by the Bush administration in February 2003,
    calling it "modest and feasible." The document recommended that
    nations work together to combat cyberthreats, and such cooperation is
    needed to fight borderless cyberterrorism, Sterling said. But the
    strategy is likely to go nowhere after former Bush cybersecurity chief
    Richard Clarke criticized his former boss' counterterrorism efforts in
    a book released earlier this year, Sterling said.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    ISN mailing list
    Sponsored by: OSVDB.org

    This archive was generated by hypermail 2b30 : Wed Jun 09 2004 - 03:49:49 PDT