Pandora’s box has been opened and the explosion of information both personal and non-personal seems to be limitless and increases exponentially. And according to the National Opinion Poll taken in January of 2007 half the UK harbors a “deep mistrust” due to security concerns. Not only is there a deep public mistrust but, the House of Lords Select Committee on Science and Technology are inquiring into the need for personal Internet Security because of the growing use of home computers, expansion of broadband, internet banking and commerce (Brent MacLean “A new look at Internet Security” Monday September 10, 2007).
Every one is talking extensively ( ISP Associations, Richard Clayton of the Cambridge Security Lab, John Carr of the Children’s Charities Coalition on Internet Safety, as well as Johnathan Zittrain of the Oxford Internet Institute and many others), gathering evidence of information and compiling it all for what? Sadly, most businesses and citizens still do not take the threat posed by cyber-insecurity seriously.
You would think with dependency of economies relying on certain infrastructures involving the Internet and information exchange between key service providers, that a disruption would certainly result in loss of lives, loss of property, and the collapse of public confidence globablly. Today simple domestic hacking is not the issue that will bring on devastating destruction like those designed by terrorist activities directed at nuclear plants, banking systems, hospitals, air traffic control as well as domain name servers, the possibilities are limitless. However, it is imperative to remove these personal and public computers from the arsenal of cyber terrorists as well as cybercriminals. With 225 million Internet users in North America (Nielson-Netratings), the personal computer dominates the Internet and at the same time is the most vulnerable. Millions of PCs are under the control of “zombie masters”. Red Herring, the technical business journal, estimated that in 2005 a 172,000 computers were hijacked and taken over each day and became “zombies” and under the control of a hacker. By 2007, Secure Computing, which tracks the Internet landscape, identified more than 500,000 new zombies per day that were hijacked and under the control of “bot” herders. Triple the level only two years earlier. The FBI says that because of their wideley distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.
The total number of compromised computers on the Internet is not known; however, Vince Cerf, Father of the Internet, estimates that about 150 million PCs currently connected to the Internet and are part of botnets. Based on FBI reports and other independent researchers the aforementioned number may be significantly higher. The typical home computer is attached to “always on” broadband facilities, severely compromised with malware (viruses, spyware, Trojans, keyloggers, etc.), usually without degradation of their ordinary capabilities and doing the bidding of their “zombie master”. Hacking, virus dissemination, denial od service (DoS), theft of personal data, ID fraud, keyloggers, spamming, distribution of pornography, spying through webcams, click fraud and many other cyber exploits are all now almost wholly orchestrated via zombie networks.
Computers weren’t designed for security; they were designed to perform complex work. As complex as computers are, each computer has 65,000 open ports (doorways) to the Internet; a simple element that leaves them vulnerable. You might wonder why an individual would want control of a herd of zombies, there are several reasons. For exploits whether it’s a denial of service, to bring down the servers of banks, major corporations, or a competitor. Inherently, whenever a computer says “hello” to another computer, that computer must respond with a “hello” back. A “bot herder” with tens of thousands of computers under their control has all of them say hello at the same time to your computer or a network of computers, what do think happens. Most likely the responding PC or server is overwhelmed and crashes, it simply can’t respond to that many hellos. A botnet can be purchased on the black market to carry out attacks. Zombie-making virus kits can be purchased on the net, requiring little or no technical knowledge and which provides the breeding ground for future international cybercriminals and the training ground for cybergangs (terrorists).
What are we to do? Implementing new laws when it’s already difficult to pursue and in some cases unenforceable and with cross-border criminal investigations not to mention the resources needed are vast and costly with little results.
How do we secure the Internet now? One idea is to improve administrative, regulatory, and technical solutions to produce a safer Net and then apply resources to fortify banks, airports, power plants from the insecure internet we have allowed to develop. It begins with securing the end-user and creating an awareness that we are all responsible for the safety of the Internet and we all need to “Become Responsible Cybercitizens”.
We the people have to make an effort to make sure our machines run clean and free of malware (viruses, spyware, trojans, etc.). That involves current patches, updates, upgrades, and professional software technologies. It also obligates everyone of us to make sure that we have not been compromised by having our computers serviced by a security technician and assured that there is no malware present. There is a service, the Invisus PC security service, that will provide a fully managed computer security service including unlimited security technical support plus several additional benefits that will earn you the title of a “Responsible Cybercitizen”.
Requiring ISPs to scan data traffic going to and from computers attached to their networks for unusual patterns of traffic and then deny them Internet access until it has been determined they are not zombies. We can also ask the ISP to provide remote patches, updates and software updates. However, the ISPs will bulk at the cost, liability, autonomy, support, and delivery. Or have our ISPs provide a value-added service similar to subscription-based services offered by the Invisus PC security service which not only provides for a hassle-free computing experience but, is a total security package locking down the end-users computer for a minimum monthly fee.
In order to succeed we must meld security and convenience. The consumer doesn’t want to be responsible for their security. All they want to know is how to turn their computer on and off. Unfortunately, we can’t have our cake and eat it too. The time has come to learn how to maintain a safe and healthy computer (saving the consumer both time and money) void of infections that keep spreading and infecting other computers. It’s not necessary to be technically savvy to operate a computer, like your automobile there’s no need to be a technically savvy mechanic but, it is important to make sure your car is in good operating condition not only for its performance but, for the safety of others. We have laws to assure us the security of cars and their owners are safe. Those who are ignorant of how to maintain the safety of an automobile are required to perform certain responsibilities to insure the safety of their vehicle for others as well as the owner of the car. To insure the safety of others we require a certain level of education and knowledge of the rules of the road. You can’t drive without insurance or a drivers license, which means that you have undertaken and understand some level of instructions.
You may disagree but, unfortunately as impossible as it may be practically, politically, and ethically, to require every consumer… including the ignorant, the poor, and even the wealthy, to be legally responsible for keeping their computer in a state of reasonable security, the fact is you are guilty until proven innocent. So, the next best approach might be to offer to try and educate them but we probably cannot impose a “computer-driving license”. Again, we may be able to offer an alternative by requiring the consumer to take necessary steps to assure that their computers are serviced and up-to-date with professional security software and that they are checked and given a clean bill of health; free of malware.