Internet security warnings from my Tech Net News column in the last few days. This is only a small sampling of the hundreds of cyber criminal activities I’ve posted to Tech Net News so far this year.
Fake VirusTotal site serves malware
Hotmail flaw allows attackers to exfiltrate emails
LinkedIn security flaws allow account hijacking
Sony online store hacked and user information published
Black Hole Exploit Kit Available for Free
Cybercrime statistics show widespread phishing problem
Not Even Security Managers Immune to FakeAV Infection
Major weapons makers see networks breached by hackers
Apps with dangerous permissions pulled from Chrome Web Store
Security researcher finds ‘cookiejacking’ risk in IE
Norwegian Military Hit by Cyber Attack in March
Google Patches Critical Chrome Bugs
Newest MacDefender Scareware Installs Without a Password
The question:
Why should it be necessary for me to run FIVE security applications on my home machine – including Zemana AntiLogger, WinPatrol, Microsoft Security Essentials, PC Tools Firewall Plus, and ThreatFire – to guard against cyber crime ? On top of that, in order to maximize security potential, I have to run in a virtual environment (BufferZone Pro), while surfing the Net.
It doesn’t stop there though. In addition to all of the above, I have to load up my Browser (Firefox), with TEN security/privacy add-0ns including – Adblock Plus, Better Privacy, WOT, Ghostery, GoogleSharing, HTTPS-Everywhere, NoScript, Perspectives, Qualys BrowserCheck, and Search Engine Security.
Reality:
The reality is – we are immersed in a mess that has reached virtually unmanageable proportions. We are now at a full blown crisis stage vis a vis Internet security.
The tech speak, which this situation engenders, reminds me in a sense of the political rhetoric we are constantly exposed to – everyone has identified the problem/no one has identified the real problem; everyone has a problem solution/no one has a solution, everyone seems to discuss it/no one truly discusses it.
The end result? It appears as if no one seems to give a damn. So, we just keep on piling up the victims of cyber crime.
Finger pointing, and finger wagging, is the order of the day. It’s the developers fault; it’s the users’ fault; it’s the very nature of the backbone of the Internet (as if the Internet was a parallel universe not subject to laws, or moral and ethical consideration); it’s the lack of effective law enforcement; it’s the lack of truly effective security applications; Internet security is a business, so it’s unlikely anyone is going to kill the goose that lays the golden egg; …………… Round and round it goes.
What a mess! Are you as tired of been forced to deal with this seemingly never-ending escalation in cyber crime, as I am?
Something to consider – cyber criminals are not the only ones who find Internet security a lucrative field. I’ll admit that I’m a cynic – but, I’ve never yet met a problem solver who worked himself out of a job. Something to think about the next time you purchase a security application, or appliance.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
Hi Bill
I don’t feel quite as put upon as you do. We live in a hyper-connected world & I think educators need to update their lesson plans to account for that fact – how it impinges on privacy. How it can enable or hinder freedom depending on context. How you can lose everything if you are trusting & stupid. How to cope.
In the last five years I estimate that of the top 50 new people that I’ve communicated with I’ve only physically met 14 of them. It’s easy to fall into the trap of (say) not joining a cinema club because you can sit in your cell & stream movies. I try to have a balanced life & make sure I feel something real every day. 36 new friends I would not have met without the internet & an extraordinary range of new ideas passing through my brain – far more than is possible at any university
I’m smart enough to cope with malware & I’ve taken measures to limit the risk I take from engaging in essential internet financial transactions. If my system went up in smoke tomorrow I can be up & running again in six hours
My prime internet annoyance is spam & my leading concern is privacy.
Hi Michael,
Yes, the Internet is all that you say, and more. And, as an educated user, you have a good feel for it’s limitations. On top of that, should you suffer a malware infection, not only can you cope – but, you can recover in good time (there’s that education thingy, again). But, you’re in a miniscule minority in this last.
I’m not put upon – in a real sense, I couldn’t give a fiddler’s fu*k since the worse it gets, the more money I make. The users who are “put upon” are those (and, they’re certainly in the majority), who get sucked down into the vortex of Internet crime – created by diseased minds who prey upon the un/undereducated.
Both enterprise users, and average typical users, who use the Internet in ways that meet their needs, are entitled to have a reasonable expectation that doing so should not place their property, their privacy, or their financial well being, at risk. As I said earlier – the Internet is not a parallel universe which is not subject to laws, or moral and ethical considerations.
Your position that educators must recognize the impact of the hyper-connected world we live in, and proceed accordingly, is a good one. We need less talk and more action, in this regard.
As always a thoughtful and considered comment. Thank you.
Best,
Bill
Hey Bill,
I feel your frustration. I’m sick of having to be on guard all the time. I pretty much run the same apps as you, and I still don’t feel secure. I think the only time anyone will pay attention is when a whole country’s cyber infrastructure is taken down, as so many countries rely on the internet as part of their economy. Even then, the finger pointing will start.
Cheers
Hey Mal,
I agree. There’s always that “what if” feeling at the back of my mind, as well. It’s one of those, the more you know – the “more you know”, states of mind. All-in-all, a good thing – but, it has its aggravations. 🙂
You’re right, until this impacts us at an economic level (or until the lights go out as they did last year in Brazil following a cyber attack), the gloves won’t come off. Frankly, by that time we’re likely to be past the point of no return, in my view. Sad really.
Forrest Gump had it right – “Stupid is as stupid does”.
Best,
Bill
Hey Bill
I agree we need more action but where do you start?
Laws protecting people from this stuff would be great but then you get the government or some overseeing body doing too much overseeing and invading your privacy for what they deem “In your best interest”
If not that, then we have to continue in this “free market” type scenario relying on these security companies, where your right, the security people make bundles of money and you are never truly protected.
I believe it comes down to the people themselves. We live in a time today where people are only concerned about themselves. If it doesn’t hit them personally or hit them where it hurts….their wallet, they don’t care.
Somebody got hacked into, or ruined by a malware\cyber attack…….ho hum, what are we having for dinner? People don’t care anymore, really care. Care enough to be in an outrage to demand changes that are needed.
I don’t lump everybody into this but for the most part, the people that care are in the minority.
So we end up this discussion, back where it started, with people themselves.
It seems like a big circle to me
Hey TeX,
Even the free market is not “free” in the larger sense. Regulatory bodies – governments, if you like, exercise some degree of control – particularly where these controls impact consumer rights and protection. But, you’re right – we’ve certainly learned that governments can over-reach, and that good intentions can lead to unforeseen consequences.
And yes, I agree we live in a time “where people are only concerned about themselves”. But, it seems to me that if we consider the sheer number of breaches that have taken place just in recent days, the numbers of effected people is significant. So, it’s no longer a question of just “themselves”. I suspect that all of us knows someone, or knows someone who knows someone, who’s been directly effected by cyber crime. We’ve all been effected in one way or another.
Your point that this is a circular argument is well made. Unless people take it upon themselves to take responsibility for their own Internet security, we’ll just continue to pile up the bodies. Education/knowledge is the only sure solution.
Best,
Bill
Hey Bill,
Your article is well stated indeed. It seems no one, except us, takes the problem seriously enough to fix it. But I will say that after the US government, including the Defense Department, was ransacked by hackers, they seem to be taking the problem more seriously. They’re making more demands on the bureaucrats to pay more attention to protecting their computers, and recently the FBI and others have started to go after the organized cybercrime botnets by fighting fire with fire, so to speak, using what I’ll call “white hat bots”, etc. However, that having been said, I don’t expect a cleaner Internet anytime soon, maybe never. But I’m somewhat encouraged that our governments are finally taking up the fight. And as I’ve said many times before, we must keep up the good fight to educate the uneducated, uncaring, oblivious masses to help fix the problem from the ground up too. I know you’re doing your part in this and I’m thankful for that.
Best,
Paul
Hi Paul,
You’re right – it is encouraging to see Microsoft, the FBI, and others, target some of the more aggressive offenders. Still, I’m not sure that fighting a forest fire with a teaspoon of water is likely to be successful.
Best,
Bill
The problem is Bill – things like this.
How this guy didn’t get 5 years in jail for destroying someone else’s life work and property totally is beyond me
http://www.dailymail.co.uk/news/article-1387564/Hacker-Zachary-Woodham-ruined-strangers-web-business-game-spared-jail.html?ITO=1490
Hey Marcus,
Thanks for this – a truly frightening story! Unbelievable to think this criminal can continue to study Law.
Bill
For me TeX has nailed it
Suppose the internet could be organised so that the source of any data can be determined…
What happens then when a repressive government uses the information to ‘neutralise’ dissidents ?
I have this half idea though
** We need a new internet running parallel (and UNCONNECTED) to the existing one which anyone can opt into for a rental fee – a licence per user scheme (& volume licences & corporate licenses). This fee can be adjusted based on the average living wage in your country for non-business users. Also you can get a discount if you accept ads as part of your viewing.
** it would need an international inspectorate to set & maintain standards regarding privacy & security, but no censorship powers. No morality control (I can see problems here though)
** It would have an architecture engineered for security
** All data encrypted & sent as anonymous packets (like token ring ?)
** It would use only licensed server farms built especially for the task & these farms would not have any connection to the existing internet & would not be allowed to host anything except internet-2.
** internet-2 subscriber PCs have to run a software that prevents a connection to the internet-1
** Blogs, Google, Wiki, Amazon etc would have to mirror their sites over to internet-2 in real time. The right to mirror a site onto internet-2 would require a security-based inspection test
** User internet-2 email would be a propriety product that can allow the inspectorate (and not the user) to locate the source of spam & malware in the system & kill the responsible machine(s). The user would email a sample to the inspectorate who would then deal with the problem
** users can choose to be as anon as they wish. Only the inspectorate would have the potential to identify the user
Drawback: A perfect environment for criminal activity since all data is encrypted – but that’s how smart criminals operate now on internet-1. However it would be impossible (?) to set up bulletin boards buying/selling credit card details, porn etc because the BB’s could only be hosted on the users PC’s & thus create an unusual traffic pattern.
Maybe the user internet-2 software could be designed to prevent this
or…
Internet-2 user terminals are ‘dumb’ with all apps & user data in the internet-2 cloud ??
Hi Michael,
An interesting proposal but, the Internet is not the problem (although there a number of fundamental structural issues that could stand improvement). At the risk of sounding facetious – the Internet doesn’t create cyber crime, cyber criminals do. Throwing the baby out with the bathwater is not a cost effective solution.
In the 20+ enterprise engagements I’ve been involved in so far this year, not a single breach/penetration could be assigned to a breakdown in endpoint security. Other than the least efficient endpoint – the user.
Best,
Bill