Privacy Lost
This column was written by Tom Kellerman.
In today's age of digital everything, one can reminisce about the days of true privacy. Much of the discussion of late has centered upon the NSA's domestic spying program. Americans from the deep red states to the blue have felt betrayed by Uncle Sam as a result of his anti-terror efforts. The naiveté exhibited by privacy advocates everywhere stems from a lack of appreciation that the world is truly flat — privacy has been traded for convenience. True privacy has become pure nostalgia in this age of digital everything. All the fretting about the National Security Agency's domestic spying program is understandable, but it misses one spectacularly big point: domestic privacy in America simply does not exist anymore. Those who use e-commerce most are at greatest risk. The Privacy Rights Clearinghouse reported that more 80 million Americans have had their personal information jeopardized by data breaches since Feb. 15, 2005. A more recent study conducted by IBM claimed that three times more Americans thought they were more likely to be victimized by cybercrime than physical crime.
Most Americans are unaware that government Big Brother no longer has a monopoly on domestic spying. There are in fact thousands upon thousands of Big Brothers in cyberspace and on the digital airwaves. These Big Brothers are intent upon criminal gain rather than national security. These Big Brothers exist in the underground hacker community, among other places. Since the wide spread adoption of e-commerce and e-finance the burgeoning hacker community has evolved into a force to be reckoned with on the world stage.
An entire subculture of highly educated and sophisticated cyber criminals exists. Much as the Italian Mafia in the U.S. moved into narcotics trafficking in the 1970's, other organized criminal syndicates have realized that identity theft, funds transfer and extortion are the most lucrative business models in the information age. A recent FBI study determined that 9 out of 10 American businesses fell victim to cyber crime last year. The FBI Director, Robert Mueller, declared cyber crime his number one criminal priority. According to the Organization for Economic Cooperation and Development one in three computers is compromised — remotely controlled by someone other than you.
The virtual takeover of Americans' privacy has been largely due to the proliferation of Trojan Horse programs. Trojan Horse programs are smaller, digital, and far more prolific than in the days of Troy. Trojans cloak malicious code by appearing as innocuous attachments in order to gain access inside a user's computer system. Once a Trojan Horse has been introduced into a user's computer system, it plants a program that listens for a variety of user communications and secretly installs secret passageways into a user's computer. Through these backdoors, remote hackers can launch malicious code and vandalize, alter, steal, move, or delete any file on the infected computer. They can also harvest sensitive user information such as financial account numbers and passwords from the data in local files, and then transmit them through backdoors.
Most Americans think that one must be very technical to invade someone else's privacy in this fashion. That belief is dangerously misguided.
Much as one need not understand the inner workings of a handgun to use one, you don't need to be a sophisticated programmer to be an adept cyber crook. By merely running query in a search engine for Trojan horse programs or keyloggers one will find tens of thousands of relevant downloadable programs at their fingertips. One merely needs to comprehend the lexicon associated with hacker tools to launch cyber attacks. The Internet has become a virtual arms bizarre. The free distribution of cyber weapons takes place millions of times every day. Underground Internet Relay Chat rooms and Web sites like http://astalavista.box.sk have mirrored the American gun shows; the only exception being that all the guns and ammo are free.
Some examples might shock you:
Did you know that the Pentagon the most secure infrastructure in the world was hacked for over eight months by a network of Chinese computers named Titan Rain? These computers were implanted within the DOD's internal networks so as to steal our aeronautical specifications for advanced jets and space craft.
Did you know that the greatest threat facing our banks is not armed robbers but cyber thieves stealing your identity and setting up fraudulent lines of credit in your name? Only 2 percent of mounting bank crime losses are from physical robberies now. Today's bandits now hide safely in a hotel room halfway around the world while they steal your financial futures.
Did you know that the 202 deaths of foreigners in Bali in 2002 were financed by cyber crime? Imam Samudra was convicted of engineering the devastating Bali nightclub bombings four years ago. Samudra published a jailhouse autobiography that contained a chapter titled "Hacking, Why Not?" Samudra urged fellow Muslim radicals to take the holy war into cyberspace by attacking U.S. computers, with the particular aim of committing credit card fraud online.
Today's' digital world has become a boon to an illegal underground economy that trades in our secrets. Governments no longer have a monopoly on technology and thus no longer have a monopoly on being Big Brother. Indeed, the proliferation of criminal, digital Big Brothers far exceeds the government's ability to protect citizens in cyberspace.
A good place to begin reclaiming privacy and real cyber security in vital areas of life and commerce is with the banks and corporations that we do business with. Just as some corporations do a better job at protecting the environment there are those who do a better job at ensuring our privacy and cyber security. There is no way government can do the job itself; the resources and resourcefulness of the entire private sector are necessary.
In cyberspace privacy cannot exist without cyber security. You might attempt to protect your computer and the information on it. But you can't protect the security of every institution that holds information about you. Much like the concept of "rewind" the concept of personal privacy is becoming ancient history.
Tom Kellermann is a cyber security consultant who formerly held the position of Senior Data Risk Management Specialist for the World Bank Treasury Security Team. He was responsible for cyber intelligence and policy management within the World Bank treasury and regularly advised central banks around the world. He is a Certified Information Security Manager (CISM).
By Tom Kellermann