Way back in April 1965, Electronics Magazine carried an article by Gordon E. Moore who had predicted that the number of integrated circuits would double every two years. Nobody then thought much of it but it is now accepted as a law, not the legal kind of course.
Whilst Moore’s law was originally seen as nothing more than an observation, it has now been universally accepted in the industry. This also lead to the formulation of various other parallel laws which tried to give form to the applicability of Moore’s general law in specific sectors such as hard disk storage, network capacity and pixels per dollar.
The on-going exponential improvement in technology is something which we nowadays take completely for granted but it has been this continuous and fast paced race of technological innovation that is shaping our lives. Naturally, however, there is a dark side.
Can we somehow use Moore’s law as the basis for an understanding of the rapid increase in the volume of cybercrime incidents which are being reported? Can we dare use the same formula to explain why cybercrime is becoming bigger and bigger in such short spans of time?
The answer is yes.
But we cannot stop at that. Various other variables come into play and not solely the capacity and development of widely available technology. Sociological, cultural and financial factors have a very important role in this equation. Without doubt, the presence of powerful ubiquitous access to technology and the web has catapulted cybercrime to a whole new level and the attacks being perpetrated are just getting bigger.
Only a few weeks ago a spat between Spamhaus, a London based non-profit group fighting spam, and a Dutch webhosting provider escalated to what security experts are referring to as the “biggest cyber-attack of its kind in history”. Spamhaus managed to block a number of servers maintained by Cyberbunker and blacklisted them allegedly due to the services that they provide to web spammers. This triggered a ginormous Distributed Denial of Service (DDOS) attack against the DNS servers of Spamhaus which is being investigated by cyber police in at least five different countries.
But whilst DDOS attacks are not something new, the scale of this incident knows no precedent. DDOS is one of the weapons of choice of hacktivist groups such as Lulzsec and Anonymous. Most of the widely reported DDOS attacks, normally against banks or other governmental entities, would peak at 50Gbps. The attack suffered by Spamhaus was reaching speeds of 300Gbps. Due to its size, such an attack, also known as a Layer 3 attack, was having adverse effect not only on Spamhaus but on internet traffic in general since the increased malicious traffic was at times saturating or literally clogging the internet. In real terms, an escalated situation like this might also affect your online experience and could have catastrophic repercussions on business. You might not be able to view your emails or access your daily sites.
Spamhaus claim that Cyberbunker, together with criminal gangs from Eastern Europe and Russia are actually behind this incident.
DDOS attacks are illegal and the law clearly provides that such actions would be construed as computer misuse under our Criminal Code but the complexity and magnitude of this new wave of attacks is creating problems on various levels irrespective of what the word of the law provides. First of all, Layer 3 attacks do not only affect the intended targets of the crime, they could very well seriously effect ‘innocent parties’ in situations where internet traffic is completely saturated with malicious traffic. Secondly, the resources available to law enforcement agencies dealing with cybercrime, including Malta, are already more that stretched as they are and such increased attacks will definitely not help them. Criminal law is useless without proper enforcement. Thirdly, cloud services and the continued blurring of national borders are surely not helping the fight against cybercrime as such issues are constantly complicating investigations, evidence collection and prosecution.
Last January, we saw the setting up of the European Cybercrime Centre (EC3), an EU organisation attached to Europol whose purpose is to co-ordinate cross-border law enforcement activities against cybercrime and act as a centre of expertise. EC3 augments the principles and co-operation obligations enshrined in the Budapest Convention and is providing real and tangible tools to assist national law enforcement agencies in their fight against cybercrime through increased operational and analytical capacity.
In any case, one should seriously study the applicability of the Moore’s law general principles to this continued rise in cybercrime. Sadly, whether any real law or any cybercrime centre will successfully curb the cybercrime explosion is highly doubtful. In the meantime, the general public will still look at cybercrime investigations through their Hollywood lens and expect real life to be just like what we see on the big screen. Reality however provides us with a completely different picture where technology is helping the bad guys.
No comments:
Post a Comment