Friday, August 24, 2012
Clouds darken in cyber space
Professor Michael Fraser calls it the ''rubbish web''. That is the internet we will be left with in five to 10 years unless governments and cyber corporations fix the holes that allow criminals to infiltrate the worldwide web and to strip global citizens of their identity, money and dignity, he believes.
In his bleak view, those who can afford it will retreat behind private corporatised security walls.
''The public internet will be abandoned by the public for any serious communications or transactions and it will be left for games, gambling, pornography and other such uses,'' Fraser told a parliamentary committee in March, giving evidence as director of the University of Technology, Sydney.
As we learnt this month how easily hackers got into the cloud, wiped American journalist Mat Honan's iPhone, iPad and Macbook and hijacked his Twitter and email accounts, Fraser was even more vehement about the need to make the web and all its components safer. ''The risks are so very low and the rewards are so high for cyber crime on a global scale that it attracts criminals who would otherwise get involved in more risky enterprises, because the internet gives them such a good return on their investment,'' he says.
With possibly one in 10 PCs in Australia infected with malware which can be used as ''bots'' to attack other computers, individuals encounter all types of threats online and those without a secured system like the one he uses at UTS are most vulnerable, he says. ''I do not think that this is an acceptable situation for a civil society when we are now using the internet as a mainstream form of communication and commerce, that it should be such a dangerous environment for citizens in general to deal with,'' he told the federal inquiry into seniors' cyber safety.
Dangerous? It was virtually dangerous for Honan, a journalist for technology news site Wired, who lost his digital life when a hacker used chinks in Amazon's security system to get his credit card numbers and with these duped Apple employees into providing a temporary password. It is potentially risky for the members of the public who to date this year made 6082 reports (and 18,827 last year) to the Australian Taxation Office about ''phishing'' emails purporting to be from the ATO. The greatest danger was for those who fell for the scam.
But we have yet to see how risky it is for companies increasingly placing their data on the poetically named ''cloud'' where a digitally-savvy journalist was robbed blind.
Previously the domain of technology early-adopters, this is the year that consumers have embraced cloud services, from information storage to photo sharing, with big companies like Fortescue Metals, Rio and Qantas making the shift along with the family-run shop, says Microsoft chief security adviser James Kavanagh.
With secure devices, good passwords and anti-virus software, small businesses can have better security on the cloud, where backup and recovery is handled for them, he says.
''You can outsource the function, but you can't outsource the risk,'' says Nigel Phair, director of the Centre for Internet Safety at Canberra University.
''Cloud systems are a major target for hackers these days,'' warns Ty Miller, chief technology officer of the internet security company Pure Hacking.
Miller warns that extra precautions are needed in this virtual world, where data is linked in such a way that hackers can create accounts of their own inside the system and ''jump between accounts''.
Once inside the cloud, where servers are virtual and do not reside in hardware, hackers can copy an entire system that does not have proper safeguards, such as the right sort of hard drive encryption.
In the latest version of the grand heist, ''they could take a clone of your virtual server which is in the cloud and start stripping all the data out of it,'' he says.
Phair says it is time to ''design out crime'' on the internet. He argues that we need to stop cyber crime careering out of control in the same way we tackled the road toll, with heavier policing and more prevention.
Kavanagh, the industry representative disagrees with Michael Fraser's dark take on the future.
''It is a question of what protections are put in place and [achieving] the balance between usability and security,'' he says.
His message to individuals is to keep your computer systems up to date and pick good passwords, stringing three to four words together. Example: ''Mydogsandy''.
As the clouds gather, in such simple things we cyber innocents place our faith.