« IPD: Blurry Screenshot #1 | Main | Why full disclosure is bad »
Tuesday, August 31, 2004
Surfing the big wave goodbye
The internet is killing itself slowly.
Ironically, the biggest advantage of the internet is the one that's slowly killing it. The internet allows anyone, anywhere to do what they want in total anonymity. That's great and very liberating. Now what about those of us stuck on the sharp end?
The internet isn't owned or regulated by anyone one body so all we have are a curious set of governing rules as set out by different countries which are largely amended from out-of-date computer misuse acts. Most of these governing bodies aren't actually interested in tracking down internet abuse as it's so hard to do and even more difficult to prosecute and near impossible to convict as the data you can collect from an internet user is at best circumstantial and at worst completely fabricated.
This is a very fertile breeding ground for anyone who wants to cause trouble but doesn't want to be caught. It's the perfect medium to annoy others in almost total security. You don't have to be particularly clever either. All you need is a newsgroup subscription and others will do all the hard work for you. Just as long as you know your ass from your elbow (goodbye 60% of the internet population) you can exploit known vulnerabilities, deface websites and on occasion scam your way into other peoples bank accounts. You don't need fake ID, a ski-mask or a getaway car. Just a proxy account will do - or better yet; a dial-up account with an ever-changing IP address (thanks AOL!).
Since the internet boom and bust of the 90's, the internet has become a viable option for start-up businesses. On face value it's perfect as there are little to no start-up costs, no building to pay rent on or to heat and light and if you're good with photoshop you can have a great looking "store front" for little outlay. Unfortunately you're also pretty easy prey for just about anyone who fancies making your life difficult. Armed with a little knowledge and a penchant for writing little computer programs you can quite effectively knock a webserver out of service with a distributed denial of service attack (DDoS). Putting that into context, it's like someone nailing shut your store door and there's nothing you can do about it - even if you catch them. The best you can do is sit there knocking the nails back out hoping you're doing it faster than they are going in.
DDoS is the most common type of attack and accounts for potentially millions in lost revenue a day. Unless you suffer losses more than $250,000 you can forget about getting help from the police or just about anyone else. Ironcially, DDoS is only possible due to vulnerabilties exposed by crackers which are then written up and posted for others to use thanks to the wonders of full disclosure.
This leads us to a very interesting question. Do we, as humans, have the right to do what we want? Sure - freedom is one of the main benefits of western culture. The freedom to do what you want is something we all take for granted. However, that freedom is tempered with good old cause and effect. You have the right to rob a bank but you understand that it's against the law and as such you'll be punished. This stops most people doing what they want. In effect we have social restrictions in place which limits our own freedom by our own choices. The internet doesn't have these restrictions as there is no real threat of punishment. Without these restrictions you have to solely rely on people's good will and their nature. Historically that's a one way ticket to disaster.
What's the answer? I don't have any unfortunately. Whilst I don't mind being "tagged" with some sort of global internet user ID I can see the reluctance by some people to sign up. We all have a right to privacy and I can see why people don't want big brother watching our every step but I'd prefer that to what we have now. I have nothing to hide. My emails are largely boring and I'm not up to anymore more illegal than seeing the BitTorrent top 10 every now and again. It's usually those with something to hide that protest the loudest.
Unfortunately, it's highly unlikely that we'll see any such system any time soon. If our governments can't agree on how to save the planet they aren't going to start saving the internet from itself anytime soon.
In the mean time we have to suffer the consequences of highly stacked odds. With a ratio of 1 computer programmer for every 10,000 people trying to compromise their program, it's just a matter of time before another vulnerability is exposed and posted onto a so-called security website for others to read and digest so that they can find vulnerabile websites to exploit without fear of recrimination.
August 31, 2004 | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83423035953ef00d83463f1bc69e2
Listed below are links to weblogs that reference Surfing the big wave goodbye:
Comments
I recently found a really good solution to the problem of bad guys invading my bank account: by not having any money, I have made myself immune to them.
Posted by: Fat Guy | Aug 31, 2004 4:27:41 PM
I've heard of security through obfuscation before. Security through poverty is a new one. It might even lead to a cure one day.
Posted by: Matt | Aug 31, 2004 4:30:44 PM
Sure the internet is bad and theres a lot of things people can do without getting caught... but supervised internet is just not the answer. Definetly not. Tagged a global internet user id? No. I would rather it be this way than that. More security yes, but in a different way. I do not know how. But supervised internet is just definetly not the direction I would want. Just like the "mark of the beast" Have you heard of that Matt? Anyone who hasn't look it up. Its prophecy last time I checked. Humans tagged with a global ID, everything we do is watched. A one world government. I believe that is going to happen some time.
Posted by: Logan | Sep 1, 2004 12:38:04 AM
Most people on the world have already some sort of unique ID, check your national ID card/passport. There you'll find a unique string which contains your country's ID and often also your social security number or other national unique person number. The combination of the two make your ID unique all across the world and has connections with your government's databases (i.e. the taxes, driverslicense, etc). I think some day static IP adresses will be directly connected to the ID on your passport, but before the world takes that step the governments first need to proof that they do care about privacy which is still often not the case :(
LOL @ Fat Guy
Posted by: Franklin | Sep 1, 2004 1:34:34 PM
