Although the Internet may be considered the greatest achievement of the past 50 years, the technology behind it has created a sanctuary for various types of computer criminals. The unfortunate and ugly truth is that the Web is providing a brand new “world” where international cyber criminals can thrive, and the world’s numerous criminal justice systems just aren’t ready to address these crimes in their entirety.
Cyber criminals don’t necessarily need to leave the comfort of their homes to commit their crimes. Today, for example, bank robberies can be committed in Southeast Asia via a computer that’s being controlled by an individual in Russia. Identity theft is achieved through a complex network of individuals residing in North America, Europe, and Africa, all effectively working together on the Internet to profit from shared information. And organized crime has ties to spam campaigns, identity theft, denial-of-service attacks, and organized hacking rings.
The fact is that Internet crimes are almost always international crimes. When you read about a bank system being hacked in order to steal 100,000 accounts, more than likely this crime was committed by perpetrators overseas, and there will almost definitely be a connection to organized crime. This part of the story is rarely conveyed to the everyday reader, but it is critical to understand this fact if we are going to fix the problem.
In the world of cyber crime, law enforcement officials in most countries have recognized that they must move much faster than the average investigator due to the fact that computer evidence can “disappear” rather quickly. These same cyber investigators realize they must be willing and ready to cooperate with law enforcement officials in other countries if they actually plan to capture the Internet criminals.
Laws, treaties, and conventions, such as the Convention on Cybercrime, have attempted to address the international cooperation issue. Although the Convention on Cybercrime is an outstanding step in the right direction, is not a “law” that applies to all countries. Regardless of whether the country is a member of this Convention, the punishments levied are based on the local laws of the land.
But the problem with investigating international cyber crimes and capturing criminals on the Internet is not necessarily due to lack of cooperation among international law enforcement bodies. The issue has much more to do with the fact that the legal systems throughout the world vary greatly and take a very long time to change. These two facts make it extremely difficult for law enforcement to cooperate, investigate, capture, and ultimately prosecute the cyber criminals today.
If we accept the fact that the greatest hurdle in arresting international cyber criminals is that various legal systems just aren’t prepared to address the speed at which these crimes occur or the various nuances that are unique to computer crimes, then the question is: What can we do to fix the problem?
It’s obvious that the Internet requires some type of governance. But it is just as obvious that trying to establish this governance through the numerous legal systems might not be practical. The other possibility for governing the Internet, and, more specifically, the criminal activity that occurs on the Internet, would be to change the structure of the Internet. Although I don’t support ideas like the “national firewalls” put in place by some countries, this type of solution does afford some level of control over Internet traffic flowing through said country.
However, knowing all the possibilities with disguising or “spoofing” one’s information on the Web, I’m not sure that there is a way to truly “protect our borders” when it comes to the Internet. The solution might be to establish two Internets -- the current Internet and a new, more secure Internet where users would be required to register prior to gaining access. Once again, though, we’re confronted with the issue of what would be the governing body that would manage the user registrations? Would it be an organization similar to the IANA (Internet Assigned Numbers Authority) or InterNIC that would manage user registrations on the “new” Internet, or do we need to establish an entirely new entity to manage a more secure Internet?
The fight against international cyber crime is going to take a concerted effort from large and small corporations, law enforcement in all countries, as well as the governments and legislative bodies of those same countries. Most importantly, the average end user will have to join the fight to bring about change on the Internet, or create a “new” Internet using the lessons we’ve learned.
— Patrick J. Dempsey, Chief Information Security Officer for Janney Montgomery Scott and former FBI agent
With or without a 2nd Internet, crime will exist online as it does offline. Indeed, working with victims of any crime drives home just how damaging crime is to the individuals affected as well as to the community in general.
W3C is already working on re-architecture of Internet, and there already exists a "2nd internet" for academic institutions. In the end though, as others have pointed out, we could have 30 Internets and we'd still have crime problems.
International enforcement and codifying common definitions of cybercrime is critical, and it's in its infancy now. As the judge who attempted to shut down Wikileaks last week lamented, technology has already far outrun existing law.
It would, I think, be helpful if a consortium of law schools around the globe worked together to create model laws that could, and would, be enforced in their countries. Similarly, we need to develop common trial procedures and punishments. We need to clearly define whose reponsibility it is to investigate and prosecute cybercrime in all countries (including our own).
Influencing the next Administration will be critical if we are to make progress on these issues. It would be best if law enforcement and intelligence leaders (past and present) would start establishing those relationships with the advisors of all the candidates now so as to be prepared to start work in those first 100 days.
I agree with Mr. Dempsey that the Internet is a new world but like everything else in our previous world it has two sides and may end up being used for good inspite of itself. I feel strongly about the improved communications that it has already made possible for everyone yet there remain many that it has not been able to reach, even indirectly. Those connections to everyone are fundamental to both the Internet’s overall success and our collective future as well. Unfortunately I do have some general concerns about the Internet’s evolution and the control-versus-openness issues, not to mention security and the differences between legal systems throughout the world. That’s like trying to define the fine line between love and hate and will undoubtedly take a very long time to resolve.
Since I consider myself to be a 'greater-than-average' user of its technology, I have published a fact-based novel about the Internet in an attempt to demystify it and connect with the non-technical people out there. By combining fact and fiction and positively showing how such technology might change the world, I am trying to stimulate thoughts within the minds of the public at large and with those in particular who have already chosen political or technical careers and are shepherding these technologies.
The Last Transition..., the ultimate Internet adventure, is a free web download that is also available in paperback for connecting with those that you want to include in your world. It might also provide you with some food for thought about the politics of technology, which is no small factor in today’s world. Bear that in mind the next time you hear terms like 'Internet regulation', 'electronic surveillance' and 'GWOT' being used in the same speech.
I agree that a second web is not necessary. Especially when those who really want access for criminal means will find access.
I am also one who tracked a spammer right down to his address a few years back, but when I tried to turn it in, no one wanted it. The person hijacked my email address and used it as a return. I had over 2000 returned emails in my box at one point. And the email provider wasn't even interested, much less the FTC. Even the rather large, prominent mortgage company who's name they were using to promote their scam wasn't interested. (And it was a scam I believe as they were saying the was from this mortgage company. But when you went to the site, definitly looked wrong and the company name was no where there. The "mortgage company" listed tracked to the spammer. AND as stated, they used MY email address for all their returns.) Funny...they (mortgage company whose name spammer stole) are now in financial trouble.... And when I googled the spammers name at the time, I found he was quite well known and big trouble. But, as I said, no one bothered to do anything about him.
I do wholeheartedly believe that more could be done if only the various offices would actually pay attention when something is reported. With the African scams, those could be stopped or at least slowed. If a reporter can meet in person with the scammer and quite easily, with a hidden camera at that, so could law enforcement. If someone like myself could track a scammer in less than 2 days, with no background in doing this sort of work, then what could the experienced law enforcemen agent do? Much better than me, I would expect.
I've gotten to the point where I don't report anything any more. When things are handed over on a silver platter, and there is no interest, then why bother?
It really makes me mad to read something like this from a former FBI man. Again a government offical trying to come up with an idea to cover up their own short commings. Building a second internet will solve nothing. I suggest that the FBI get off their lazy a** and enforce the laws that are on the books. The same goes with the FTC in regards to spam.
I have been a Systems and Network Engineer for over 30 years. I have been involved with several cases of network intrusions and called the FBI in on the case but to no avail. The case was not their concern. When talking with the agents you could tell they had no idea about the technology involved with the case. In short. "Where were you when I needed you?" Laws are meaningless without enforcement.
You talk about how your heart broke when a business owner lost his business in a breakin. Well I have set in on one of those meetings and handed the agent proof of who did the breakin all the trace routes and logs to hang to guy but did the FBI arrest him? No.
Send the FTC enough proof on a spammer to put him away for years and see what they do. Nothing! Since the CANSpam Act spam has risen 40% now 92% of all email traffic is spam.
A second Internet will solve nothing. Any system can be hacked. It is just a matter of time, effort and a little talent. So it would just be a mattter of time before that system was as screwed up as the one we have now.
If the government reall wants to fix things then why doesn't it pressure Microsoft into fixing their broken by design operating system? This in itself would cure most of the ills we have on the network today. Why? Well Microsoft puts lots of money into the pockets of your friends in the "Public Sector" Why doesn't MS fix the problem. They are making too much money from it being broken and sellling you Band-Aids to fix it. You know... Greed!
I suggest that you talk with your former buddies in the "Public Sector" and tell them to do their jobs and yes part of the job is to learn the technology involved with the case. When someone breaks in a network you need to have an idea what a netowrk is and what a server is before you can presue a case. The laws are in place so.... Just fix it!
We don't need a second mess to keep up with. Lets just fix what we got.
It's an interesting idea. The bad news is: It's been tried, in many forms. But the core problem isn't technical; it's economic. As long as fraud is cheaper than non-fraud, there will be fraud.
The good news is: There are people working on this. I'm one of them. The time is ripe, and we have answers.
I'd love to talk more; please e-mail me at jay@responsibilid.com.
Unfortunately, my reason for writing this article has been overshadowed by the focus people are putting on my suggestion of a second, more secure Internet.The main catalyst for writing this article was to bring to everyone's attention the fact that the same positives that the Internet provides for information sharing, also create negatives in terms of "bringing to task" those that wish to use the Internet for illicit purposes.I am certainly not talking about revamping the current Internet, nor do I think we should.I am not talking about taking away a person's freedom of speech or their anonymity on the Internet, nor do I think we should.I am also aware that the official "Internet 2" has been around for quite some time and I have had the privilege of being brought up to speed on exactly what the purpose of that "Internet 2" is.I do realize what a daunting task something such as "Internet #2 (for public use)" would be and that is why it was only a very small part of my article.
What I am suggesting, if anything, is to provide people with a choice.In other words, you can access "Internet #1" if you so choose, but you can also access "Internet #2" for a more secure experience. My main concern is how do we design a more secure Internet where the average user doesn't have to worry about losing their identity with every email they open, or finding out their PC is part of a 100,000 node army of bots?And beyond all of that, how do we address Internet crimes from an "international law enforcement" perspective?
In my short time with the FBI, I sat across the table from countless victims of senseless crimes; for me it was cyber crimes. Unless you've had the unfortunate task of sitting there and explaining to a weeping, 65 year old business owner that the last 40 years of his work just went down the drain because some 17 year old from overseas thought it would be "fun" to destroy all the company records...or sit there with the single mother of three and explain that her credit is completely destroyed because a group of 19-20 year olds decided to open 15 credit cards using her identity...or talking with the son, father and grandfather that passed down the family business through three generations, until a denial of service all but bankrupted them...then you probably have no idea why I would suggest a more secure Internet.But to be honest, conveying this idea was not my goal.What I wanted to bring to everyone's attention is, regardless of the technology we have or will have, and no matter whether we can track individuals activity or not, we still run into the issue of legal process between countries.If you take a minute to step away from the "freedom of speech" line of thinking and consider what your city, state, country would be like if the law enforcement organizations and legal bodies didn't have the ability to apprehend a thief, a murderer, etc simply because they stepped outside a certain jurisdiction, then you might understand where I am coming from with this article.
True, but all of the spec testing doesn't mean anything if someone uses a debugger and breaks your software, or if they inject code, or hook into a dll... there are a ton of ways to make perfect code turn into not-perfect code. This is especially likely because (this statistic may no longer be accurate) something like 75% of computer crime involves an inside man who has access to computing resources directly, or utilizes social engineering to get direct access. Sadly, there is not now, nor will there ever be a patch for human trust, gullibility, and general stupidity when it comes to security. Its something I have to work with all the time as a network admin, much to my chagrin. It may not be easy for the criminals, but it can be done. Where there is a will, there is a way, especially when the little bit of effort can reap a profit much greater than the cost.
I'll allow you that we might not be able to write "perfect" code. But we can write correct code where correct code is code that meets specification.
You have to test it one instruction at a time to do it but that is what is required by the "all branch tested" requirement in the original Notes on Structured Programming.
I have played with the concept myself personally and by my own experience I will say that code which has been tested and verified 1 instruction at a time is different from code that has only been regression tested
the difference is that where the code has been verified one instruction at a time the program will be correct whereas when regression testing is used the best we can say is that the program "seems to be OK, for the most part".
how many people are buying GM units with "On Star" included?
On Star even calls the cops and send yer location for ya if ya crash into something. You can get a remote unlock if ya lock yer key in the car, and yes -- the car can be turned off by remote control
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Social media has been with us for a decade -- but employer policies and the law are anything but firm about the most appropriate usage of this powerful tool.
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
I've been writing about how the next evolution of the Internet might just be an advertising revolution, and how corporate IT can stay involved as the enablers and providers of the technologies that make this possible.
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
