Trouble Brewing

As a security industry vet and one of a handful of guys who developed the Cisco PIX Firewall (PIX is everywhere – if you are reading this from a computer at work, the text you’re reading most likely just traversed one), I can say with certainty that I am unable to protect myself from this sort of crime. At best, security software and hardware makes it slightly less convenient for someone with criminal intent to break in. The scary thing is that most such crimeware is lurking around on unsuspecting computers, purposely silent, waiting for the right opportunity.

You might ask – “helpless computer geek, why are you whining to us about this?.” Because PE has more to lose than Bob and Betty six pack. PE also is in a better position than Bob or Betty to do something about it.

It doesn’t matter if you’re knee deep in biotech or bottling or Boeing or Boingo… if a widespread assault hits, you’re instantly down to about ankle deep with what value you have left. Safety nets are about as reliable as California earthquake insurance. If it all hits at once, there isn’t enough to go around. Clearly we are dependent on this infrastructure, and we (you) are very, very, exposed.

The “bang for the buck” of getting a firearm and robbing a bank is much better than cybercrime. There’s pretty good ROI for spending 10 minutes acquiring a pistol from a known resource, and 2 minutes walking away with a bag of money. Cybercriminals have to work much harder to turn bits of data into bags of money. So why is malware, badware, and now crimeware rapidly on the rise, i.e. why don’t these same criminals just rob a bank instead? Simple – it is likely they will get caught for robbing a bank, and unlikely they get caught for cybercrime.

It’s not easier to track down a bank robber in a crowded city than it is to track down a cybercriminal. Computer crimes are very hard to trace; non-computer crimes are even harder to trace. Not all computers or routers keep good records. Asphalt does not keep as good of records as a computer or router, yet somehow we seem to catch the robber anyway. More reputations, careers, and elections, depend on catching traditional criminals and terrorists, and cybercrime hasn’t hit enough headlines to spark the kind of public outrage that an armed robbery or shooting or bombing does. That’s because few families or companies have suffered substantial, sustained, non-recoverable, losses… yet. And it’s not just about money. Healthcare and transportation and law enforcement and pretty much everything else now depends on the computer and network infrastructure. Cybercrime can cause the loss of life.

Computer security will never be able to prevent cybercrime. The guys who create the crimeware are as smart as the guys who create the security products. Likewise we will never be able to prevent the distribution of firearms between criminals, or the use of them. Law enforcement can catch them afterwards, though, and make the opportunity for cybercrime a little less appealing.

It might be time to start talking to your government contacts about this in between conversations about how to keep the capital gains tax benefit. It’s better to pay tax on something than no tax on nothing.