Computer Crime Research Center


Thinking Out Loud: In the Age of Cybercrime

Date: March 07, 2006
By: William R. Brody

A few weeks ago, I attended a meeting of university presidents and representatives of the CIA and FBI convened to discuss campus issues related to national security. The goal of the meeting was to establish a dialogue between the federal government and our major universities concerning topics such as immigration policies, export of sensitive technology, the protection of intellectual property and so forth. This was the second meeting of our group that I was able to attend, and I found the discussion to be both positive and hopeful. We are trying to find the proper balance between important national security concerns and our ability to attract the best and brightest talent from around the world, share information internationally and maintain on our campuses an open environment for information exchange.

What I wasn't prepared for, however, was a presentation on cybersecurity by a CIA expert. Although his presentation was brief and, in a way, a coda to the more in-depth discussions preceding it, I walked away shaking my head in disbelief, as did my colleagues from other universities.

The presenter began by discussing the relative lack of security of information that travels on the Internet. This was hardly a revelation to any of us. But then he went online to Google and typed a few keystrokes on his laptop. Within seconds, there flashing up on the screen was a database containing thousands of names, passwords, Social Security numbers and the like. "We teach a course at the CIA," he continued, while dazzling us with the amount of information he so effortlessly pulled up, "about how to use Google to gather sensitive information about individuals. Within a couple of hours, we can teach you how to acquire passwords, Social Security numbers, credit cards, cell phone records, anything you might wish to acquire."

Then he described his own unfortunate experience with cybercrime. A year or so ago, he was asked to appear on a television program discussing the lack of security on the Internet. The very next day his own personal bank account was wiped out. "The cyberthieves didn't go to my bank and jerk the information out on a onetime basis," he recounted. "They didn't have to. There has been so much wholesale theft of databases, when they saw me on television, they simply searched the pilfered databases available to them, found out that my personal information was there — and voila! — took my bank account information and identification and used it to transfer money out of my account."

If you are like me and regularly buy items using e-commerce Web sites, you should know that while most are very secure, a number of them are not. So when you use your credit card to pay for a transaction, there is a good possibility that a snoop has access to that information and in turn can sell it to someone looking to run up a large charge.

Information and identify theft is only one aspect of the many new problems spawned by the Internet, of course. And Johns Hopkins, to its credit, became an early player in the fight against digital information theft when it established the Information Security Institute six years ago. Its Web site is a good place to keep current on these issues and well worth a visit

Other cybersecurity issues, of which we are all too well aware, include spam (a highly profitable enterprise and a growing nuisance), hacking and viruses. The Internet wasn't designed with the intrinsic security of other information appliances, and, sadly, we are now paying the price. The only real solution is to unplug your computer from the Net — and, actually, even that is not foolproof, since there are cybersleuths who can use sophisticated snooping devices to pick up your keystrokes while sitting outside your window.

The next big area for concern is cell phones. These are notoriously leaky devices. As they become more ubiquitous and acquire computerlike data processing capabilities, you can be assured that cyberthieves are developing sophisticated ways to extract whatever information they desire from your handheld device.

And what if one day some enemy conducts a successful, full-scale cyberassault? If all else fails, we'll have to call in the military to re-establish security. After all, they are responsible for the defense of our country. But not so fast. The military has the same vulnerabilities — in case you haven't noticed, our 21st-century armed forces are interconnected electronically as never before. Net-centric warfare has become the mantra. Is it possible that some bored, bright 13-year-old hacker in Bulgaria might be able to disable the United States' air defense system? Who can say?

Terrorists have used the net for tactical advantage in developing a distributed network of people willing to blow things up for whatever cause they are championing. In the future, bombs may not be required. Disabling the stock exchanges, paralyzing our military defenses or rendering our banking system unreliable may have much the same devastating and long-lasting effects.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo