'Disorder and corruption' taking over internet, author claims

The internet is a "godawful mess," but few US government officials are willing to take action against virus writers, spammers and...

The internet is a "godawful mess," but few US government officials are willing to take action against virus writers, spammers and other scammers, author Bruce Sterling said at the Gartner IT Security Summit.

Computer users need the government to crack down on the thieves preying on the internet, said Sterling, the author of  The Hacker Crackdown: Law and Disorder on the Electronic Frontier.

"We had a digital revolution in the 1990s - now we've slid into digital terror," Sterling said during his hour-long critique on the state of cybersecurity.

"Today's internet is a dirty mess - it's revolution failed. E-commerce was extremely inventive for a while, but the financing model was corrupt. There was poor governance in the financial systems, there was worse industrial policy; the upshot was a spectacular industry-wrecking boom and bust."

Most of the advancements in internet commerce since the dot-com bust have been illegal, Sterling noted, including spamming, identity theft, and phishing. "If you advance into mayhem, that's not advancement, that's driving into a ditch," he added.

Sterling offered what he called a little good news about cybersecurity, the recent arrests of a handful of virus or worm writers, including the arrest in May of the 18-year-old German man who allegedly wrote the Sasser worm. "The world is never going to run out of disaffected teenagers," he said.

But Sterling said was not overly worried about bored teenage worm writers who are unsophisticated enough to get caught; instead he is concerned about the authors of such malicious code as Slammer, Code Red, and Witty because they have not been caught.

The authors of the Witty worm targeted users of Internet Security Systems' products, while the Bagel and Mydoom virus authors attempted to turn infected computers into spam-sending machines, Sterling said.

"Bagel and Mydoom are the future of virus-writing because they have a business model," he said. "Those are organised crime activities. ... These are crooks."

Sterling predicted virus and worm writing will grow as a weapon for terrorists and warring nations. Terrorists operating in places with little central government control will begin to see cyberterrorism as an effective weapon because of a lack of international co-operation on cybersecurity enforcement. He listed a dozen such countries, including Somalia, Bosnia and the Philippines.

"This is the birth of a genuine, no-kidding, for-profit ... multinational criminal underworld," he said. "I don't see any way it can't happen. We're going to end up getting pushed around by bands of international electronic thieves in a very similar way to the way we've been pushed around by gangs of international Mafia and international Mujahideen terrorists."

The new tools of terrorists and criminals will be "oil, narcotics, guns and broadband", he added.

With cyberthreats likely to rise, the US government needs to focus on enforcement of existing laws, including antifraud laws, Sterling said. He praised the prosecution of Buffalo spammer Howard Carmack earlier this year, as well as other white-collar criminals. Although virus writers and many spammers break existing laws, he pointed out that most prosecutors seem reluctant to take on computer cases.

Sterling dismissed efforts such as Can-Spam, passed by Congress in late 2003, as "phoney-baloney gestures".

Instead of weak laws, the US government needs to sponsor a multistate computer crime task force that enforces existing laws, he said, recommending that the names of spammers and other internet scammers should be posted on a website for everyone to see.

Sterling also praised parts of the National Strategy to Secure Cyberspace, released by the Bush administration in February 2003, calling it  "modest and feasible".

The document recommended that nations work together to combat cyberthreats, and such co-operation is needed to fight borderless cyberterrorism, Sterling said, admitting, however, that the strategy is likely to go nowhere after former Bush cybersecurity chief Richard Clarke criticised his former boss' counterterrorism efforts in a book released earlier this year.

Grant Gross writes for IDG News Service

Read more on IT risk management