Keep calm and carry on: cyber crime is not the threat it’s made out to be. There is no better fodder for naked fearmongering than crime conducted online. You’ve about heard them all: Nigerian scams, 410 scams, and phishing scams. Banking fraud, credit card fraud, hackers, viruses and keystroke loggers. And there’s spam, zombies, malware, spoofing, scareware, worms, etc.
And there are the biggies: cyber crime, cyber terrorism, and full-blown cyber war. Typically these threats are all merged into each other, blurred by fearmongers to create a picture of a risky Wild West online. They feed into a fear that technology has somehow got out of control, a fear that our lives have become more dangerous as we’ve been sucked online.
On Tuesday, ABC’s 7.30 cited the usual mix, warning of everything from petty identity theft to the ”cyber crime underworld”. The show claimed proceeds of cyber crime were now more than proceeds from illicit drugs. The next day, the federal government announced it would sign the Council of Europe convention on cyber crime – a treaty for international co-operation.
The size of any illegal industry is hard to estimate. But the claim that cyber crime is now a bigger concern than the drug trade relies entirely on an off-the-cuff remark made by a consultant to the US Treasury Department in 2005: ”Last year was the first year that proceeds from cyber crime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $US105 billion.”
Last week’s 7.30 interviewed a US defence contractor saying cyber crime was now $US3 trillion. At that price, cyber crime is the fifth-biggest economy in the world, slightly below Germany. It doesn’t ring true. Cyber crime would be the biggest crime wave in human history – hackers stealing an entire German economy every single year. Of course, we mostly hear these gargantuan numbers from consultants (drumming up business from law enforcement) and internet security companies (trying to sell software).
A new paper by researchers from Microsoft – Sex, Lies, and Cyber crime Surveys – explains why estimates of cyber crime have become so absurdly large. The authors, Dinei Florencio and Cormac Herley, point out that the bulk of what we know comes from tiny surveys. The authors found at least 75 per cent of losses were extrapolated from just one or two unverified, cases.
In other words, one bloke falls for the old ”I’m a prince from Nigeria” scam, and it is reported that cyber crime is a $3 trillion industry. This is not to deny that criminals use the internet.
But crime is crime, whether it’s online or not. Many cyber crimes are just digital variations of old cons. The Nigerian scam was originally conducted by post.
And much cyber crime is just vandalism, hard to police, but not hard to protect against. Lock your gate, use complicated and varied passwords, make backups. Don’t trust foreign princes or popups. Accept the updates for your anti-virus software. Make sure internet companies you deal with are responsible.
These are all pretty simple, and they will protect you from 90 per cent of the danger. Education is more necessary here than legislation. The majority of online transactions are safe. And certainly no reason to give government a blank cheque for any new law it wants.
Some of the proposals to deal with the cyber crime ”epidemic” have serious civil liberties issues. The treaty the federal government intends to sign may mean Australian internet service providers have to store records of every website we visit, and every person we email, just in case the police need it later.
We like to complain about privacy and Facebook, but that will be nothing compared with the massive amount of data compulsorily stored by our internet provider. Apart from the privacy implications, that requirement itself could increase online risk. There’s little more attractive to criminals than large banks of data stored in one place.
All the hype about cyber crime is nothing compared with the noises made by defence contractors and American military commanders who have been stoking fears of ”cyber war” and ”cyber terrorism”. But even the most famous instances of cyber war – like the StuxNet virus, which damaged Iran’s nuclear program in 2010 – are more hype than reality. StuxNet was trotted into an Iranian enrichment facility on a USB stick. It was plain, old espionage. So, next time you read of the dangers online, consider: the seriousness of the threat is inversely proportional to the number of uses of the word ”cyber”. There are risks online. But they are manageable.
Tag: security
Overreaction To Terrorism The Big Threat
The Expansion Of Presidential Power
In the United States, many thought Barack Obama’s election would be the moment the rule of law reasserted itself in the fight against jihadi terrorism.
After all, that’s what he promised – ending the use of torture and extreme rendition, revising the Patriot Act, closing down Guantanamo Bay detention camp, eliminating warrantless wiretaps, and restoring the right of prisoners to challenge their detention.
So the debate whether the Obama administration has the legal authority to assassinate an American citizen without any due process is pretty unedifying.
The citizen in question is Anwar al-Awlaki, a radical Muslim cleric. He’s probably holed up in Yemen. In April, the administration authorised his assassination.
Now his father is suing the government to prevent the government doing so. In response, the administration asked the court to dismiss the lawsuit because it involves state secrets.
There’s no doubt al-Awlaki is a bad guy. He’s reportedly called for American Muslims to wage violent jihad against the US. His sermons have been attended by an array of accused and convicted terrorists. He’s apparently the inspiration for the Times Square bomber and the Christmas Day bomber. The US government now claims he’s gone from encouraging terrorist attacks to actively participating in them.
American governments have long had the power to assassinate those waging war against the United States.
Yet assassinating a US citizen goes well beyond anything previous administrations have ever been able to do. A senior Bush legal official told the New York Times he couldn’t recall any similar case.
And, Barack Obama – or, at least, Barack Obama’s lawyers – believe the president has an absolute right to do so without limitation and without scrutiny.
As the legal commentator Glenn Greenwald wrote, the Obama administration seems to believe that “not only does the president have the right to sentence Americans to death with no due process or charges of any kind, but his decisions as to who will be killed and why he wants them dead are ‘state secrets,’ and thus no court may adjudicate their legality.”
One could make the case al-Awlaki has so abrogated his American citizenship he is effectively a foreigner, and that his threat to the US is so substantial they have no choice but to assassinate him. But that’s a case they should make to a court. Instead, the administration believes the government shouldn’t have to justify targeting the cleric.
This argument proposes the US president be given absolutely unlimited powers.
No matter how hawkish you are on the war on terror, that’s a bad idea.
In her 2008 book, The Dark Side: The Inside Story of How The War on Terror Turned into a War on American Ideals, Jane Mayer laid out how the administration of George W. Bush fumbled its way into its security framework.
Guantanamo Bay, the renditions, the blurring of legal and illegal torture, and the augmenting of the president’s war powers were a result of panic after September 11 attacks and an escalating security machismo within the White House.
The urgency meant it took less than 12 months for these policies to be fixed in place.
That’s not an excuse for the Bush administration blundering – and there was a lot of blundering while the administration tried to reform criminal processes to fight a war against terrorists. And it’s no excuse for their utter disregard of due process, civil liberties, and individual rights. But it is an explanation.
By contrast, it is nearly incomprehensible that, a decade after the September 11 attacks, those powers are still expanding rather than contracting.
Certainly, terrorism remains a national security problem in the US and around the world. Recent warnings about threats in Europe and India remind us of that. But the direct political pressure over terror has been relieved – partially due to the global financial crisis, which displaced public fear of the risk of attack with a much more real fear of unemployment.
And many of the tactics deployed after 2001 have been, in retrospect, dismal failures.
The effort to prosecute accused terrorists through military commissions rather than the civilian legal system has been decidedly uninspiring: those who could have been jailed for life had they faced the full gamut of civilian charges have received peculiarly light sentences.
The recent expansion of presidential power is made worse by the fact that Obama specifically campaigned against legal abuses in the conduct of the war on terror.
This brazenness is unlikely to hurt the president. Many in the American left have been reluctant – even embarrassed – to admit Obama has doubled down on some of the most reviled policies of the Bush administration. Those who do point out a Palin administration would be far worse.
And conservatives are more eager to criticise Obama for being too soft on terrorism than being unprecedentedly bold.
In his new book Obama’s Wars, Bob Woodward quotes the president claiming the US could “absorb” another terrorist attack. This has been described as a gaffe. And, from a political perspective, it is. But it’s also an uncommonly honest reflection of the nature of the terrorist threat.
If only that moderation was translated into policy.
Should terror suspects be protected by politics?
In Dr Strangelove, the crazed General Jack D Ripper claims ‘war is too important to be left to the politicians’.
So, it seems, is terrorism.
It’s been just over one week since a Nissan Pathfinder caught fire in Times Square. The press has focused on the modest drama of stopping the departing Emirates flight carrying the alleged terrorist Faisal Shahzad, as he tried to leave the country.
But still,it seems he was pretty easy to catch.
The Pathfinder was taken to a forensic lab where investigators quickly traced its provenance – it had been sold on Craigslist, two weeks before the incident. The sale was made in $100 bills in a supermarket car park.
But the seller had the buyer’s mobile number. And, with a sketch artist, was able to draw a picture of buyer’s face. Better: the buyer had driven himself to pick up the Nissan, and left his black IsuzuRodeo in the car park.
With the registration of the Isuzu, investigators now had Faisal Shahzad’s home address. They didn’t even have to break in. The key to his apartment was in the Nissan’s ignition.
Shahzad was in custody 53 hours after the bomb was left in Times Square.
The tale of Shahzad’s speedy arrest makes him look less like a formidable jihadist with Pakistani terror camp training, and more like an incompetent, failed criminal.
But it’s worth dwelling on the particulars of how Shahzad was identified and arrested because the legal system largely worked.
What little effort Shahzad made to cover his tracks was easily side-stepped. He took two days to try to leave the US. The US government says Shahzad claims to have learnt bomb-making from the best, but his bomb didn’t work.
And the legal case against Shahzad seems to have been made even easier because he started chatting to the FBI, apparently giving them “valuable intelligence and evidence”.
Seems too simple, doesn’t it? That’s because the politicians haven’t become involved yet.
Take the question of whether Shahzad should have been informed of his legal rights at his arrest. After investigators confirmed there were no other attacks imminent, he was. John McCain claimed doing so was a mistake. And the ranking Republican on the Homeland Security Committee, Peter King, strongly agreed, adding: “I know he’s an American citizen but still…”.
Joe Lieberman upped the ante by proposing to give the government power to remove anybody’s American citizenship if they are merely suspected of being a terrorist. In their view, the rights we afford criminals are getting in the way of winning the war on terror. But the sorts of legal changes they recommend could very well lose it.
Terrorism is against the law. It’s against a lot of laws. And even in a post-Guantanamo world, terrorism trials are conducted in the shadow of centuries of legal precedent, an adversarial court system, and extensive avenues of defence and appeal.
Those bombastic tough-on-terror politicians – if they got their way – could easily undermine terror prosecutions. Because it’s not a question of whether terrorists deserve legal rights. It’s that ignoring those rights allows terrorists to avoid justice.
As David Frum has pointed out, if Lieberman’s proposed citizenship laws were in effect, the US would be on its way “to court right now to litigate the issue whether the Times Square bomber’s bombing plot indicated an intent to relinquish his nationality. Only after taking that issue through trial and appeal (maybe multiple appeals) could we get to work questioning and punishing him”.
It’s happened before.
Ali Saleh Mohamed Kahlah al-Marri was arrested shortly after the September 11 terrorist attacks, accused by the government of being an al-Qaeda sleeper agent, and taking orders directly from Osama bin Laden.
With all the charges against him, al-Marri potentially faced 143 years in prison if convicted in a civilian court, according to the Cato Institute’s David Rittgers. But the Bush administration was eager to show that American counter-terrorist efforts were a ‘war’ in America as much as Afghanistan. It moved him out of the civilian court system and into military custody.
As a result, after years of legal wrangling and a Supreme Court case, he was convicted in October 2009 on just one count of material support for terrorism. He got eight years.
If you want to punish terrorists to the fullest extent of the law possible, that’s an awful outcome.
Like Australia, the United States has a civilian legal system which has evolved from centuries of English legal precedent. It’s handled mass murderers and politically-motivated misdeeds for hundreds of years.
Terrorists believe they are freedom fighters; captured terrorists believe they are political prisoners. Let’s give them the disrespect they deserve and treat them like common criminals
.
Terror Laid Bare
Flying is awful – and it looks like it’s only going to get worse. The actual “flying” part can be all right if you get one of those exotic personal entertainment systems with a trillion movies and every kind of Tetris rip-off imaginable.
Modern airlines come in two types: those that pride themselves on their hospitality, and those that pride themselves on abusing the goodwill of passengers to keep costs down. Either way, commercial airlines aim to please in some fashion.
But not even George Clooney in Up in the Air was able to make traversing the government’s airport security checkpoints look elegant.
Sociologists of the future will describe this as the “ritual” of travel: lists of what you can and cannot take into the plane; convenient check-in machines complemented by impossibly long baggage lines; the security barriers; making sure you remove your laptop; taking off your belt; and being swabbed for bomb residue.
Hop on a plane to the US and it’s worse. Since the underpants bomber failed to blow up his underpants on Christmas Day last year, airport security frisks passengers so intimately they can not only detect bombs in jocks, but can detonate them by hand.
Kevin Rudd has announced an extra $200 million for airport security. “It may,” said the Prime Minister in his best leadership voice, “mean it takes longer for passengers to pass through security, but the government believes that this inconvenience is a small price to pay for increased security.” (Incidentally, the prime ministerial jet was renovated in 2007, at a cost of $100,000.)
We’ll be paying this “small price” because the Prime Minister has decided to install full body scanners in Australian airports, scanners that can see through clothing to get almost naked images of passengers.
No surprise that some people worry about the privacy implications. In Britain, there is even serious concern that body scanners breach child porn laws. It’s illegal to create indecent images of children, and that’s what happens when children go through body scanners designed to look under clothing.
Privacy issues aside, what’s the point? Body scanners will be just another ceremony added to the elaborate ritual of travel – prime examples of “security theatre”. We might feel safer, but we’re not actually safer.
After all, how much safer could we possibly be? The risk of terrorism is infinitesimally small.
In the United States, there is an average of just one terrorist incident every 16.5 million flights, according to the US Bureau of Transportation Statistics.
In Australia, there are half a million domestic flights per year. Every day more than 100,000 people fly from one Australian city to another; 50,000 more either leave or enter the country.
But when in 2003 a parliamentary committee asked a witness from the Department of Transport whether there had ever been a terrorist incident on an aircraft in Australia, nobody could think of one. (There had been an unsuccessful hijacking attempt of a flight between Melbourne and Launceston in May that year, but the hijacker was suffering from severe paranoid schizophrenia. Hardly a professional jihadist.)
So even if full body scanners in every airport in the country halved the risk of terrorism, half of bugger-all is still bugger-all.
Human beings are terrible at assessing risk. In the past 12 months, there have been more than 1500 deaths on Australian roads. By contrast, over the past decade, 469 airline passengers died from bombings, hijackings or pilot shootings in the entire world. More than half of those fatalities occurred on September 11. The noughties were the second-safest decade for air travel since the 1950s, and there are a lot more passenger flights now.
Perhaps it’s all that security that makes flying so safe. But security specialist Bruce Schneier argues that there are just two truly effective protections against terrorism on airlines. The first is reinforced cockpit doors – without access to the cockpit, it’s hard to turn a plane into a flying missile. Since 2001, pilots do not open that door.
The second is us. Right now, the strongest defence we have against airplane hijackings or bombings isn’t terrorist no-fly lists or body scanners. It’s the passengers who now know they shouldn’t passively comply with the demands of terrorists, and who know the guy doing chemistry in the bathroom should not be left in peace.
The Christmas underpants bomber was scary, but security worked exactly as it should have. He couldn’t get a “good” bomb on board, so he tried to detonate a bomb so awkward it required 20 minutes of preparation in the toilet. And he couldn’t get it to work. He was quickly subdued by passengers when his pants caught on fire.
The Australian attempted hijacking was also defeated by passengers.
Back in 2005, then immigration minister Amanda Vanstone was candid about the absurdity of airline security. With obvious enthusiasm, she posed this hypothetical to a private audience: “If I was able to get on a plane with an HB pencil – which you are able to – and stabbed the HB pencil into your eyeball and wiggled it around down to your brain area, do you think you’d be focusing?”
Most terrorist plots are discovered through quiet investigative work, and foiled long before they are anywhere near ready, although we still haven’t dealt with the “Amanda Vanstone driving an HB pencil into your eyeball” threat. So the risk of airline terrorism will never be zero. But let’s try not to panic.