The Internet Luddite Inversion
November’s Wired magazine (14.11) contains a lengthy and interesting article about cybercrime, botnets and DDos attacks (Distributed Denial of Service). We are all familiar with email spam and its yearly increase despite the proliferation and increasing intelligence of anti-spamware and bayesian filters. According to many pundits, 60-70% of all email traffic world wide is spam, increasing by 10% a year. So by the year 2010, email will cease to become a viable method of communication. Theoretically. It’s not that simple of course.
Now spam is the benevolent side of cybercrime. Many web sites if not entire companies have been driven out of business after bot attacks on their web servers. To many companies today, their web portal is their life blood. What’s Amazon going to do, for example, if attacks swamped their web servers and forced them offline? And what about identity theft, a topic the media has ceased on and probably blown out of all proportion. But it does happen. Often. What about keyboard logging trojans that sit on your machine and look over your shoulder as you enter your supposedly secure login and passwords.
Phishing is another big problem, particularly fake emails and web sites. I’m sure you’ve seen those fake security warnings from eBay or Paypal or AOL: We suspect your account has been compromised, please click here to login and verify your identity. Except that the nice web site is NOT whom it claims to be and instead these fake sites are stealing logins and passwords. This is such a prevalent and sophisticated method of cybercrime that the latest wave of browsers (IE7 and FireFox 2.0 for example) have built in anti-phishing detectors that try to warn you of fake web sites. Other anti-phishing methods include the increasingly popular image verification. Banks are - thankfully - beginning to adopt this method. You get to choose an image when you create your account and it is presented to you when you try to login. If it isn’t your image then you know the site is fake.
I could go on and on, but the point is that no one yet has come up with any real solutions for cybercrime. There is no United Nations of the Internet, and one could argue how effective would it be anyway. How are the legislators of, say America, going to enforce laws in Romania or Russia or even worse unstable republics in Africa. I am convinced there are solutions and they might be easier than we think, but so far no large enough governing body or legislature has really cared enough to solve the problem, despite the billions it must be causing world economies yearly. Even if we have to rebuild the infrastructure of the internet entirely and its base protocols - which are definitely due for an overhaul - it would be worth it to make it secure. The worrying outcome of this could be the infamous “information toll-road” where we, the end-user, are exorted to be a member of this safe, elite internet. The walled-garden approach doesn’t usually work on the internet, so I hope we don’t take that route.
Of course, we might just ignore the problem and bring on the Internet Luddite Inversion. Once ecommerce becomes insecure, and email too spammy and time-wasting and web sites inundated with banal comments and meaningless social tagging, we might just abandon it altogether. We survived without it once. Perhaps the future is one where the young and hip adopt the old ways of cash, snail-mail and libraries and its cool and socially acceptable to be Offline. That would leave the sleazy, back-alley black marketeers to ply the internet freely. Picture it: Illegal drug deals conducted online on sophisticated Ajax-enabled web sites with computerized packing and shipping, whilst teenagers trade textbooks for cash on the street.
Likely? No. But fun to imagine.
