[ISN] Privacy Lost
InfoSec News
isn at c4i.org
Thu Jun 8 05:04:39 EDT 2006
http://www.cbsnews.com/stories/2006/06/07/opinion/main1690428.shtml
By Tom Kellerman
CBS
June 7, 2006
In today's age of digital everything, one can reminisce about the days
of true privacy. Much of the discussion of late has centered upon the
NSA's domestic spying program. Americans from the deep red states to
the blue have felt betrayed by Uncle Sam as a result of his
anti-terror efforts. The naiveté exhibited by privacy advocates
everywhere stems from a lack of appreciation that the world is truly
flat - privacy has been traded for convenience. True privacy has
become pure nostalgia in this age of digital everything. All the
fretting about the National Security Agency's domestic spying program
is understandable, but it misses one spectacularly big point: domestic
privacy in America simply does not exist anymore. Those who use
e-commerce most are at greatest risk. The Privacy Rights Clearinghouse
reported that more 80 million Americans have had their personal
information jeopardized by data breaches since Feb. 15, 2005. A more
recent study conducted by IBM claimed that three times more Americans
thought they were more likely to be victimized by cybercrime than
physical crime.
Most Americans are unaware that government Big Brother no longer has a
monopoly on domestic spying. There are in fact thousands upon
thousands of Big Brothers in cyberspace and on the digital airwaves.
These Big Brothers are intent upon criminal gain rather than national
security. These Big Brothers exist in the underground hacker
community, among other places. Since the wide spread adoption of
e-commerce and e-finance the burgeoning hacker community has evolved
into a force to be reckoned with on the world stage.
An entire subculture of highly educated and sophisticated cyber
criminals exists. Much as the Italian Mafia in the U.S. moved into
narcotics trafficking in the 1970's, other organized criminal
syndicates have realized that identity theft, funds transfer and
extortion are the most lucrative business models in the information
age. A recent FBI study determined that 9 out of 10 American
businesses fell victim to cyber crime last year. The FBI Director,
Robert Mueller, declared cyber crime his number one criminal priority.
According to the Organization for Economic Cooperation and Development
one in three computers is compromised remotely controlled by someone
other than you.
The virtual takeover of Americans' privacy has been largely due to the
proliferation of Trojan Horse programs. Trojan Horse programs are
smaller, digital, and far more prolific than in the days of Troy.
Trojans cloak malicious code by appearing as innocuous attachments in
order to gain access inside a user's computer system. Once a Trojan
Horse has been introduced into a user's computer system, it plants a
program that listens for a variety of user communications and secretly
installs secret passageways into a user's computer. Through these
backdoors, remote hackers can launch malicious code and vandalize,
alter, steal, move, or delete any file on the infected computer. They
can also harvest sensitive user information such as financial account
numbers and passwords from the data in local files, and then transmit
them through backdoors.
Most Americans think that one must be very technical to invade someone
else's privacy in this fashion. That belief is dangerously misguided.
Much as one need not understand the inner workings of a handgun to use
one, you don't need to be a sophisticated programmer to be an adept
cyber crook. By merely running query in a search engine for Trojan
horse programs or keyloggers one will find tens of thousands of
relevant downloadable programs at their fingertips. One merely needs
to comprehend the lexicon associated with hacker tools to launch cyber
attacks. The Internet has become a virtual arms bizarre. The free
distribution of cyber weapons takes place millions of times every day.
Underground Internet Relay Chat rooms and Web sites like
http://astalavista.box.sk have mirrored the American gun shows; the
only exception being that all the guns and ammo are free.
Some examples might shock you:
Did you know that the Pentagon the most secure infrastructure in the
world was hacked for over eight months by a network of Chinese
computers named Titan Rain? These computers were implanted within the
DOD's internal networks so as to steal our aeronautical specifications
for advanced jets and space craft.
Did you know that the greatest threat facing our banks is not armed
robbers but cyber thieves stealing your identity and setting up
fraudulent lines of credit in your name? Only 2 percent of mounting
bank crime losses are from physical robberies now. Today's bandits now
hide safely in a hotel room halfway around the world while they steal
your financial futures.
Did you know that the 202 deaths of foreigners in Bali in 2002 were
financed by cyber crime? Imam Samudra was convicted of engineering the
devastating Bali nightclub bombings four years ago. Samudra published
a jailhouse autobiography that contained a chapter titled "Hacking,
Why Not?" Samudra urged fellow Muslim radicals to take the holy war
into cyberspace by attacking U.S. computers, with the particular aim
of committing credit card fraud online.
Today's' digital world has become a boon to an illegal underground
economy that trades in our secrets. Governments no longer have a
monopoly on technology and thus no longer have a monopoly on being Big
Brother. Indeed, the proliferation of criminal, digital Big Brothers
far exceeds the government's ability to protect citizens in
cyberspace.
A good place to begin reclaiming privacy and real cyber security in
vital areas of life and commerce is with the banks and corporations
that we do business with. Just as some corporations do a better job at
protecting the environment there are those who do a better job at
ensuring our privacy and cyber security. There is no way government
can do the job itself; the resources and resourcefulness of the entire
private sector are necessary.
In cyberspace privacy cannot exist without cyber security. You might
attempt to protect your computer and the information on it. But you
can't protect the security of every institution that holds information
about you. Much like the concept of "rewind" the concept of personal
privacy is becoming ancient history.
-=-
Tom Kellermann is a cyber security consultant who formerly held the
position of Senior Data Risk Management Specialist for the World Bank
Treasury Security Team. He was responsible for cyber intelligence and
policy management within the World Bank treasury and regularly advised
central banks around the world. He is a Certified Information Security
Manager (CISM).
©MMVI, CBS Broadcasting Inc. All Rights Reserved.
More information about the ISN
mailing list