North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?)
At 11:25 AM 7/27/2003, Rob Thomas wrote:
<babble>Hi, NANOGers. ] Folks, its not underground any more. The criminals are using trojans ] to steal real money from real people now. Indeed, and for a while (circa five months by my observation) now. It is no longer, and hasn't been for a while, about technology. The technology - the Internet and the connected devices - has become a conduit for profitable criminal activity on an ubiquitous scale, pure and simple. Miscreants don't break into databases and steal 8M credit cards at a pop so they can card shells and shoes. ] Firewalls can't stop it, ISPs can't stop it. Its a *HOST* security issue. I'll slightly modify that statement; it is a *PEOPLE* issue. People who write code. People who use systems and networks. People who abuse all of the above for monetary gain.
I think people forget that we don't live in a utopian society. Some people expect computers to solve all the problems and expect that they can prevent crime in their own domain. We haven't eliminated physical crime at all so I don't see why people are surprised to find that a computer was used to commit a crime. Bank robberies take place all the time and you don't here much about them. Probably more similar is fraud which has taken place for a countless amount of time without the use of computers. Using computers is just another way to perpetuate it.
I do agree with a lot of people in the fact that users of the tool must be informed of how to use it safely, just like anything the person is not 100% familiar with. It's somewhat common knowledge to not leave bank account numbers lying around for anyone to see. It's not as common for people who are unfamiliar with computers to know not to open unknown attachments, run anti-virus software, use a firewall, etc... Would the average driver know how to handle an 18 wheeler? They could probably get it going, but not safely. People must be educated about using computers, ESPECIALLY if it is in a situation where security is elevated because the company has something valuable to protect. A bank teller wouldn't likely let a client behind the counter, yet many would probably open an attachment sent via email without knowing what it is. I know the average end user probably isn't likely as aware about security using their PC in their home, but if banks and other institutions plan on making their services available online in some manner, perhaps they should at least send out occasional best security practices to protect people's information. I can also see that it's not REALLY their problem either so I could also go the other way on this. Just like a bank is not responsible for someone breaking into your house and stealing your checkbook.
Just my 2¢.
(973)300-9211 x 125
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A
Tellurian Networks - The Ultimate Internet Connection
There are 10 kinds of people in the world. Those who understand binary and those that don't.