PDF
The Criminal Mind
We’re all vulnerable to cybercrime.
Charlene O’Hanlon, ACM Queue
Technology is a catch-22. It makes our lives easier and more productive, but in doing so it also makes us more vulnerable to the elements that can make our lives very difficult.
Need to contact a friend or colleague? Send an e-mail, but beware of those return messages with viruses that can infect your system and turn it into a heap of useless circuitry. Want to know your checking account balance? Log on to your account via the Internet, but watch out for those spyware programs that can record your keystrokes and steal your identity.
Worms, viruses, malware, spyware, keystroke loggers… We’ve all been warned about the dangers of such programs. Yet most of us go about our day oblivious though not immune to the real threat these technologies pose to our financial well-being. Anyone who has ever been a victim of identity theft can understand what I’m saying.
I was a victim of identity theft back before it was common—a pizza shop reused my credit card number to charge extra pies to the tune of $200 each month. This lasted about three months. The first two times I called the pizza shop and the owner explained each incident away as a misunderstanding, promising each time to reverse the charges (which did not happen). The third time I called the credit card company, which reversed the charges for each month, cancelled that card, issued a new card, and started an investigation. Sure enough, I was not the only victim of the pizza shop, which, it turned out, was a front for an organized crime ring.
My brush with technology’s seedy underbelly was relatively minor, but it was enough to put me on notice and heed the warnings. (It’s also part of the reason why I use a Mac instead of a PC, but that’s another conversation for another time.) Since that incident in 1999, I have had no fewer than five letters from credit card companies, banks, healthcare organizations, and the like informing me that my personal information had been compromised and I might be the victim of identity theft. Each time I open one of those letters, I trust technology less and less.
This month’s issue is all about cybercrime, delving into the whys and wherefores of this burgeoning technological pursuit. What was once a hobby for bored technophiles has bloomed into a multibillion-dollar industry for nefarious individuals who think nothing of stealing the credit card numbers of thousands of a company’s customers and then extorting the company into buying them back.
Some folks scream that the answer is better oversight of the Internet. But how can you oversee something that physically does not exist? When the threat is a gangbanger or a gunslinger or a bank robber, it’s easy to put feet on the street and catch the criminal. But when the threat is a virtual mafia, how can you track down and catch them in the act, especially when they can use technology specifically to thwart detection?
The members of Team Cymru, an Internet security group, aptly describe what we’re up against in their article, “Cybercrime—An Epidemic.” And Queue Editorial Advisory Board member Eric Allman, founder of Sendmail, gives us his take on e-mail authentication, which could go a long way toward stemming some of the more covert attacks. Dan Geer of Verdasys, meanwhile, investigates the world of security bugs and other looming threats in his article, “Playing for Keeps.”
Security consultant Tom Wadlow and Vlad Gorelik, CTO of Sana Security, take a different tack in their description of the danger in Queue’s first-ever narrative, “Criminal Code—The Making of a Cybercriminal.” The fictional account aims to show how the promise of easy money can lure even the best-intentioned developer and describes the methods by which the acts of cybercrime are perpetrated.
This month’s interview between Peter Neumann and Douglas Jones is a frank discussion about the insecurity of electronic voting and what needs to happen to bring true security into the electoral process. It makes me think twice about touch-screen voting, that’s for sure.
The constant threat of being targeted for a cyberattack can be enough to make anyone technologically gun-shy. Feel lucky?
Originally published in Queue vol. 4, no. 9—
Comment on this article in the ACM Digital Library
© ACM, Inc. All Rights Reserved.