Bruce Scheiner is talking about a great post at the Boston Review about the new age of cyber-warfare, and how cyber-warfare is greatly exaggerated. I couldn’t agree more. Granted, the US government has a cyber-warfare problem. All governments do, however, the bigger problem that is more real today is cyber-crime. I spoke at the Federal Reserve last week on this exact topic.
Small businesses are now being targeted because they have more money in their accounts and it is easier to transfer larger sums of money out of their accounts without fraud detection going off at banks.
A quote from the review sums it all up:
So why is there so much concern about “cyber-terrorism”? Answering a question with a question: who frames the debate? Much of the data are gathered by ultra-secretive government agencies—which need to justify their own existence—and cyber-security companies—which derive commercial benefits from popular anxiety. Journalists do not help. Gloomy scenarios and speculations about cyber-Armaggedon draw attention, even if they are relatively short on facts.
I try very hard not to do what they describe when I speak but it can be difficult especially to those that are not familiar with the problem.Cyber-crime is the death by a thousands cuts type of problem. $3,000 here, $5,000 there, but it all adds up pretty quickly. Cyber-warfare is much bigger and easier to point at than these small little fraud issues.
If you have 10 minutes of time, read the Boston Review article and give me some feedback. Are we in a situation where we as citizens have to be concerned about cyber-warfare like we were concerned about nukes in years past?
Tagged cyber security, cyber terrorism, cyber warfare, fraud, fraud detection, fraud issues, government, IT, scheiner, security companies, small businesses
Dimitry SnezhkovSeptember 2, 2009 at 9:32 am
Mike,
The statement that “Much of the data are gathered by ultra-secretive government agencies which need to justify their own existence and cyber-security companies which derive commercial benefits from popular anxiety” is not entirely correct. Short on facts? Look at what Project Grey Goose has done and does in OSINT gathering and analysis effort. It’s non-profit, it’s driven by volunteers and it gets better and clearer results on some of the topics. For those who want to read updated information should subscribe to Intelfusion.net FlashTraffic feed.
There’s media hysteria,and there are facts beyond the chewed-to-death-by-media topic of the US electrical grid penetration, or 1 million-a-day direct attacks on Pentagon which I think from the real, well funded and state-backed attacker perspective is kind of ridiculous anyways.
Yes, noone argues that cybercrime is largely driven by financial gain on the first place. However looking at Russian Federation state of the affairs for example I would not dismiss the ties between the RF underground criminal force and the government on top of the financial base.
The realtionship is bidirectional, too long to respond in the post, ranging from “hooking” hackers with the promise of not procecuting them after a breach if they cooperate ( read : work for FSB ), to involving patriotic feelings and propaganda as in case with Georgia CyberWar. “Nashi” is just the ideological driver behind technical skill, nothing more.
Yeah, noone cares for small fish from the state perspective – go hack international small businesses, steal money by cyber extortion via virus or malware, whatever. It does not affect the big picture as long as it works in the interest of the government.
But look at the level of cybercrime prosecution in RF with respect to international activities, it is next to null.
- Look at RBN. Who would have allowed a large rogue ISP to operate largely unsupervised knowing that most of the business is crimeware if no “kick-back” or on-demand services can be used by the other party.
- Look at what is hapenning in RF social networks. It’s literally a testbed for crimeware experiments which will eventually spill into Facebook and others, especially with RF moguls pouring 200 million dollars into development of common search engine between RF social networks and Facebook.
- Look at recent Facebook, Twitter, Google DDoS – what would you do as an attacker if you are given a cart blanche to develop and test attack concepts for future use by someone else without much recourse?
- Search for pay-per-use databases of collected information on individuals for personal dossier creation.
Cyber-armageddon – no. There is not going to be a frontal assault, who needs it if they can own everyone of us individually when the time comes.
I do believe state sponsored cyberwarfare exists and kicking but it is not how media portrays it.
Dimitry SnezhkovNovember 19, 2009 at 9:07 pm
Mcafee just released Virtual Criminology Report for those interested in that subject:
http://resources.mcafee.com/content/NACriminologyReport2009