Tuesday, June 14, 2011

"Cyber Attacks - Testing Technology, A Declining Moral Sense, or Both?"

Sydney M. Williams

Thought of the Day
“Cyber Attacks – Testing Technology, a Declining Moral Sense, or Both?”
June 14, 2011

“Humans do have a rudimentary moral sense from the very start of life.” So wrote Paul Bloom, Professor of Psychology and Cognitive Science at Yale University in the New York Times. In “The Moral Life of Babies,” the article published May 5, 2010, he concluded however: “The aspect of morality that we truly marvel at – its generality and universality – is the product of culture, not of biology.” Because of civilization, defined by Webster as “an advanced state of human society, in which a high level of culture, society and government has been reached,” the story of man should reflect an improving moral sense. Unfortunately, history proves otherwise.

A list of the ten most evil people of all time includes six who lived in the Twentieth Century – Adolph Hitler, Adolph Eichmann, Pol Pot, Mao-Tse Tung, Idi Amin and Joseph Stalin. While it may be unfair to compare those who killed millions with computer hackers, the ability to distinguish right from wrong remains a lesson unlearned by too many.

The proliferation of smart phones, along with the advent of Facebook and Twitter, has not only increased the vulnerability of millions of people to cyber attack, they have a potentially negative impact on social intercourse. M. J. Zuckerman, in a USA Today article “What Fuels the mind of a Hacker,” suggests that some suffer from Asperger Syndrome, antisocial people who are good with numbers. Innuendos visible in a face to face meeting are invisible in an e-mail or instant message. Would a seventeen-year old girl be as susceptible to the advances of a forty-six year old Congressman if not distanced by cyberspace? Does the relative anonymity of the internet make the act of displaying one’s genitals socially acceptable? Congressman Anthony Weiner’s first public reaction was that his Twitter account had been hacked – a red herring that, unfortunately for him but fortunately for the rest of us, failed almost immediately.

Given the rise in cybercrime, Mr. Weiner’s initial explanation was, for a moment, credible. A million Sony PlayStation accounts were compromised a little over a month ago. Citigroup reported that 210,000 accounts were recently hacked. Bank of America had a similar experience, as did Google’s G-Mail and Apple iTunes. Last evening, hackers claimed to have compromised Senate security and this morning they claim they will take on the Federal Reserve. Reuters, on June 3rd reported that concerns over security issues could slow the growth of cloud computing, a market that globally “could reach $55 billion in 2014.” If morality is more a function of culture than of biology, as Professor Bloom attests, our society is becoming less civilized.

Whether we approve or not, whether we use the internet or not (and who does not?) all our personal information – bank accounts, Social Security numbers, medical records – are floating somewhere in cyberspace. Like Willy Sutton who robbed banks because that’s where the money was, these thieves hack files because that’s where the data is. A web solutions company, Crucial Paradigm recently issued a report, “Hacking Attacks – How and Why.” They list five forms of attack and offer a number of explanations as to why hackers do what they do. The most common form of attack, a virus, vindictively replicates itself in milliseconds rendering useless computers, programs and software. Among the most insidious are “worms”, quietly consuming resources until the system becomes overloaded and ceases to function. Worms combine, according to the report, elements of Distributed Denial of Services (DDoS) and viruses.

Crucial Paradigm suggests that the reasons hackers attack include everything from revenge, to corporate theft, to stealing identities and information, to spying on friends, to the intellectual challenge. Anyone connected to the internet, which today includes most everybody, is vulnerable to being hacked.

Two articles yesterday lent relevance and immediacy to these concerns. The Wall Street Journal reported that Citigroup waited as long as three weeks to notify credit card customers of a hacking attack. That seems an irresponsibly long time, when milliseconds are all that is needed to access credit and identity information. Citigroup did say that the breach did not compromise card security numbers or Social Security information. Nevertheless, it makes an already skeptical cardholder even more nervous. The UK Business News wrote that “an unnamed security expert” has indicated that the recently revealed cyber attack on the International Monetary Fund (IMF) could have been state sponsored. “The hack,” according to yesterday’s article, “was designed to install malicious software that would create a ‘digital insider presence,’ allowing the hackers access to all the fund’s sensitive financial data.” The consequences, as one can well imagine in this day of instant money transfers, could be dire, and recall Lex Luthor in Superman 3, when he plotted to exact a penny from every money transfer as a means of making billions.

Hackers, though, can work for the “good guys.” In January, the New York Times reported that Israel, with U.S. help, inserted a computer worm, “Stuxnet” into the Iranian nuclear operation, thereby delaying their nuclear program. The worm was developed at Dimona, the Israeli nuclear arms development center in the Negev desert.

Insuring the security of the internet has proven almost impossible. A group called Anonymous, run by Jesse Willms, operates under the motto: “We are legion. We do not forgive. We do not forget.” They see themselves as Internet vigilantes, “fighting for truth and democracy.” According to a posting from Mr. Willms, the U.S. government attempted to learn more about his company, so hired a security firm to investigate. Aaron Barr, CEO of HPGary, was asked to infiltrate the group. Before Mr. Barr had a chance to do his job, Anonymous had put 50,000 of his confidential e-mails on the internet, hacked his twitter account, posted his Social Security number and wiped out his laptop and iPad. Mr. Willms wrote: “I think it is safe to say Barr won’t be selling anything to the FBI – or messing around with Anonymous again.”

So what can be done? One answer is to accept the world as it is and live with the heightened security demands. Over the weekend Randall Stross had a fascinating column about passwords and encryption, “Digital Domain,” in Saturday’s New York Times. In the article he quotes Steve Gibson, a security expert and chief executive of Gibson Research Corporation who claims that the single most important factor in a password is its length. Mr. Stross writes: “Mr. Gibson’s page says that it would take a hacker 2.43 months to go through every nine-character combination offline, at the rate of a hundred billion guesses a second,” but a ten-character password, “at the same rate would take 19.24 years.” A better answer, but reflecting idealism over reality, is to reassert what Professor James Q. Wilson has called “our moral bearings.” He says there is in all humans “a desire not only for praise but for praiseworthiness, for fair deals as for good deals, for honor as well as for advantage.” If only that were so. None of Professor Wilson’s words are likely to stop hackers, but they are worth pondering.

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home