CyberSoft Computer Crime Report – Issue February 20, 2012

By Peter V. Radatti CEO CyberSoft Operating Corporation www.cybersoft.com

Subtitle:  Congress, Thanks for Nothing!

I don’t know if I am angry with the Federal Government for skirting their responsibility to protect us on the Internet or happy that they are not messing it up.  It seems lately that most of the laws Congress has been trying to pass “for our protection” are aimed at protecting special interests such as the music industry and Hollywood.  Can’t say I will lose any tears for either of those guys.

The Federal Government has a responsibility to protect us and they are failing.  The Internet was invented by the Federal Government and given to the world.  A point for them, the Internet has been a world changer.  The bad part is that it has let criminals’ world wide into our homes, businesses and defense facilities.  It doesn’t require big resources to steal, only brains, an old computer and access to even the slowest of Internet connections.  Brains are in good supply in countries where the morals don’t match ours, where people are desperately poor and feel justified in stealing, where people just hate us and where the Wild West mentality has taken hold.

Having said the Federal Government has failed us there is one Federal organization that is working hard to protect us and that is the FBI.  The problem is that it is too big of a job and the FBI is under funded to tackle something of that size.  They can police it but they can’t fix it.  Congress is totally to blame for what is happening and the longer the problem festers the worse it will get.  It is like a cancer, take care of it while it is small and survive, ignore it until it is a big problem and the results may not be good.  In any case a small problem has less pain.  We are already past the small level and are rapidly moving into serious.  It is hurting our banking industry, defense industry and high technology industries.  The fact that we are ineffective is encouraging more attacks and more brazen attacks.  What is Congress doing about the real issues?  Nothing.

What could Congress do?  A great deal.  Congress could give authority to NIST or the FBI or any other Federal agency to create technical standards that protect us then use the power of the Federal Dollar to make sure that anyone who does business with the government implements them.  Of course it may not work out.  Look at the War on Cancer, the War on Hunger, and the War on Drugs!  The result is wasted money, wasted food and wasted lives.  That is why I am not sure if I am happy or not about the government’s failure to protect us.

If not the government then who will protect us?  First, if you have been reading these articles you know that in my opinion the first level of protect has to be yourself.  You have to develop the skills to be street smart in the Internet. I have been giving you those tools.  After that I believe in the power of the free market.  Business is getting tired of being ripped off and they are concerned that the Internet could become such a dangerous place that people will avoid it.  These are legitimate concerns.   Recently Google, Microsoft, AOL, Bank of America, American Greetings, Facebook, LinkedIn, Fidelity Investments and others have joined together to do the job that needs doing.  They created a new organization called Domain Based Message Authentication, Reporting and Conformance that is going after one of the most common and nastiest attacks on the Internet, phishing.  Phishing is an identity theft problem and affects everyone.  It drives up costs and damages trust.  DMARC believes that by creating and implementing standards on how email systems perform authentication and using common mechanisms already in place anyone will be able to tell a real message from a fake one sent by a criminal.   Not only will this mean that crooks will have to find a different way to scam the public but also it should help reduce unsolicited bulk email.   Expect DMARC to be implemented soon.  To learn more about DMARC visit their website at dmarc.org.  Now why couldn’t Congress have done that?

To read more CyberSoft Computer Crime Reports by Pete Radatti visit www.cybersoft.com/Blog