I was ecstatic when I read that Twitter Inc.
was taking action against accounts that were clearly infected with the Koobface worm.
Specifically, when an account posts messages that are indicative that the user’s computer is infected with the worm, it suspends the account. This is exactly the type of action I have been advocating for years.
While people claim there is a right to connect to the Internet, it is ridiculous to claim that the right comes without responsibility. There are few other venues where people would even tolerate claims that participants aren’t responsible to not be a danger to others.
For example, only a drunk himself believes that he should be allowed to drive drunk. Nobody questions that an unsafe car should be taken off the road. It is likewise ridiculous to tolerate computers that present a danger to others.
It is very serendipitous that the recent Korean DDOS attacks resulted from improperly protected computers. Specifically, computers not running updated antivirus software were the source of the attacks.
Similar attacks are used for extortion and the sending of spam that enables fraud, and countless other computer crimes. Again, the criminals are using unprotected computers throughout the Internet for their own purposes.
While the current Korean DDOS attacks may or may not be a cyberwar strike, they are a clear indication that any real cyberwar attacks will exploit the millions of unsecure computers throughout the Internet. Consider that the current DDOS attacks that are significantly impairing government Websites only involved 50,000 compromised computers.
Given the potential damages vulnerable and infected computers present to others, Twitter’s action should be a model for other Internet services and sites. Not only does it protect the integrity of the site, it protects the site’s users.
It also reduces the operations costs of the site. When you consider that 90 percent of email is spam, you can assume that 90 percent of the money spent on forwarding, storing, processing, and backing up email is spent on spam. Consider what would happen if Twitter had to deal with the growth associated with a similar proportion of Tweets being the equivalent of spam.
To me, it is ridiculous that we allowed the situation to get as bad as it is. This likely results from the fact that negligent users rarely have incurred any repercussions -- unless the resulting computer attack directly affects them.
For example, if someone loses all of their data because of a computer virus, they will sometimes learn to use antivirus software in the future.
Unfortunately, criminals have become sophisticated to the point that they are no longer purely malicious. They use compromised computers as part of botnets to further their other crimes.
Even when victims experience a loss, such as identity theft, it is rarely clear to the victims that bad computer security is the cause of the loss.
Even when the source is clear to the victim, they are frequently reimbursed any out-of-pocket losses. This minimizes the repercussions.
Twitter’s actions, in contrast, deliver clear and immediate repercussions. While I never understood the majority of Twitter use, it is clearly important to people. By suspending accounts, Twitter is doing more for Internet security than any other company has done in a long time. I just hope that more popular Internet sites will do the same.
— Ira Winkler, Former National Security Agency analyst and author of Spies Among Us
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
