Safety was a physical thing until recently – the safety net under a trapeze, something you worried about in run-down areas of town, when driving too fast, climbing a mountain or climbing into the ring with Mike Tyson.
Safety, security, has a new face today – it’s the email you are afraid to open, the website that just doesn’t look right, the emptied-out bank account you haven’t used, the credit card charges from places you have never been, the credit rating that plummets for no known reason, that make you worry about your safety and the security measures you need to take. For most of us, elementary precautions seem to work well enough – keep your anti-virus programme updated, use a firewall, never send personal information in response to an online request, and so forth; they take care of the common threats most of us are likely to run into – much like looking both ways before you cross the street.
The face you associate with on-line security could easily be green and answer to the name of George Washington. No, it’s not paranoia; everyone really is after your money. Hackers, or rather the bad-guy crackers, are not after fame any longer – being the biggest, baddest, most outrageous programmer on the planet – today it’s all about money. Invading heavily protected systems created an action-hero aura in the hacker community. That was yesterday; today they just don’t care about auras like in the good old days. The bad guys in Cyber-land are going for the big bucks now. It’s not surprising; more money travels on the Net than in armoured cars and it is a lot less dangerous to hold-up the Internet than a bank – no one shoots you in the screen.
Now we all know that wherever there are bad guys, the sheriff will come to town to get’em. These days the sheriff is not Clint Eastwood; it might be Trend Micro, Symantec alias ‘Norton’, or McAfee. Instead of being the fastest draw in the west these are the fastest coders in the east – even the Far East. The sheriffs are security specialists. They uses brain power not muscle power to bring their opponent down. It comes down to security specialist corporations contra organised Internet crime.
It’s a tough battle – no quarter asked and none given – it’s a fight to the death and it is escalating. The battle of the Internet will certainly be raging for many years to come. The crooks are getting smarter, more sophisticated and more inventive. It is a Darwinian, survival of the fittest, contest. Massive attacks on systems are always a threat, but the major security software makers are getting better at dealing with massive attacks, but the criminals are constantly adapting. Instead, the trend has been swinging a bit toward quieter, specifically targeted attacks against masses of individuals – targeting human weakness as well as users without adequate software protection – in place of massive attacks against corporations. These attacks flood the Internet with unsolicited email.
‘Phishers’ trick unwary email or instant message recipients into furnishing personal data such as passwords, or bank and credit card details. In the past this was a confidence trick, a con, or a swindle – nowadays we call it social engineering. I suppose it is better to be socially engineered than swindled.
‘Pharmers’ are hackers that manage to re-direct a website’s traffic to a false site; as with phishing, the objective is to steal identity information. Although not as well known as viruses or even phishing, pharming is a major concern of e-commerce companies, banks and other financial institutions. Pharming is a major threat, especially so since antivirus software and spyware removers do not stop it.
Security professionals I’ve spoken with at shows agree that organised cyber-criminals with their eyes on the money are now dominating the cyber-crime universe. Well organised pharming attacks have diverted online banking traffic and hit users and their banks around the world. The financial sector is running to keep ahead of the crooks, using hardware tokens, number generators, cards with lists of passwords, and, even mobile phones – in addition to the normal password/username sign on routines to guarantee the identities of their site’s users.
And so it goes, attack and counter-attack, measure for measure, user versus hacker. Every new technology, every new feature available on the net, every new piece of equipment is now a hacker target. Smart-phones, iPods, computers – if it connects to the Web it will be at risk.
While some of the threats are built upon weaknesses found in specific pieces of equipment, applications software or operating systems, much of the threat is not directed at these weaknesses, but our personal weaknesses. The more we use the web, the more we take it for granted, the greater the chance we have of being fooled by clever, plausible, bits of emailed guile. As a cartoon character once said, “We have met the enemy and it is us”, our inattention is our own worst enemy, and the Net is full of those ready to take advantage.
The biggest security threat aimed squarely at you and me, is spam. How big is the threat? I have read several times that some 95 percent of all the email on the Web is spam. Spam is still growing and no way to end it is in sight. Much of the spam is just phishing and pharming attacks, viruses, worms and scams.
Big business has options. Outsourcing of Internet security is a fairly big – on its way to enormous – business. The effort large companies have to control their Internet security – a 24/7 operation – has gotten to be such a great headache and such a great expense that outsourcing the operation to companies with teams of full time security experts seems, increasingly, to be the way to go.
The rest of us will just have to work on building Tarzan-like survival skills to survive in the Internet jungle. You are your own worst enemy on the Net, so watch your shadow – it’s following you!
Connect-World: Europe I (2007) will be published later this month. This edition of Connect-World will be widely distributed to our reader base and, as well, at shows where we are media sponsors such as: GSM World Congress (12-15 February, Barcelona), IPTV World Forum (5-7 March, Olympia, London), CeBit (15-21 March, Hanover), and C5 World Forum (26-29 March, Milan).
In addition to our normal global mailing, this issue will also be distributed to a select list of world leaders, to the ranking executives of the world’s largest companies including the Fortune 1000, to government authorities, and to international institutions. This issue will also be available on our website to all other interested readers throughout the world.
The theme of Connect-World: Europe I (2007), our coming edition, will be Thriving or surviving with convergence.
Traditional network operators, broadcasters, telecom and information technology service providers of all sorts are facing a disconcerting, distressing, competitive landscape. The variety of choices convergence brings the consumer can leave service providers and equipment suppliers with some hard choices of their own to make. The companies that understand the spirit of the new competitive landscape are thriving on the innovation – those that do not are increasingly adopting survival strategies.
The distinct niches built-up over the years within the information and communication technology sectors are melting together like an ice cream sundae – telcos compete with broadcasters that compete with cable companies that compete with power utilities that compete with ISPs that compete with everyone. Like sundaes, convergence comes in many flavours and has as many meanings as practitioners. With convergence, forget the ice cream – take your favourite means of communications, mix with your hardware of choice, top with applications software and a liberal dose of content and serve your own converged desert using an equally converged device.
Convergence is changing businesses, the players the equipment and the services we have become accustomed to; in their place new companies, technologies, equipment and services are arising. New problems are also arising. New multi-sector, multi-technology regulation will be needed, security issues assume new dimension, privacy may be threatened and the same consumers that will benefit from the changes will also need protection.
This issue of Connect-World Europe will examine changes wrought by the many forms of convergence and what they mean to businesses and end-users alike. We will also look at the regulatory situation and the strategic factors that the players, old and new, need take into account.