Monday, February 16, 2015

Crime, security and law drink from the digital fountain

The digital world has changed our reality forever. More and more elements are becaming managed digitally. In fact, it has some advantages such as accessibility, immediacy and greater control (monitoring). But it also brings some risks.

According to Kaspersky, at least 100 banks (mostly Russian, Ukrainian and Chinese) have been the target of the greatest cyber theft in history, which has been valued at around one billion dollars. Cyber crooks used several techniques ranging from social engineering against "low-level" employees of vendor companies and associated financial institutions to infecting computers and devices connected to the banks with malware.

The guys at Forbes explained how crime is evolving in the digital world. They concluded that tracking of mobile devices, neurohacking and artificial intelligence will play (or are playing) an increasingly critical role in the industry of cybercrime, even endangering users’ lives.

The CEO of Twitter Dick Costolo made lots of headlines late last week when he stated that online harassment has become a big problem and his company is not lifting the appropriate control barriers. Given that 40% of people suffered some kind of abuse on the Internet, the problem does not only affect this microblogging network but the whole Internet technical and social architecture.

Quite the same happens in digital security. When you find out that behind the GPG protocol (GnuPG), which is used by many encrypted mailing services, is only one person, who moreover has problems to keep up with his bills, you may think about where the business of an open source project is. Werner Koch maintained updated by himself one of the most critical protocols of Internet communication, but such work did not give him even enough money to pay for his rent.

Fortunately, several donations ensured that Koch could devote himself exclusively to his code and even hire workers. Just a very few expert auditors enjoy such situation even though they discover an exploit which endanger the business of a company like Facebook. Laxman Muthiyah found a way to use the Graph API to delete contact photos and he was rewarded with 12.5k dollars. But Khail Shreateh did not have the same fate. This Palestinian began to warn Facebook of another exploit a few months informed. That bug allowed writing on other’s wall but he was not rewarded even though he left evidence of the situation by writing on Zuckerberg’s wall.

Therefore this imbalance creates confusion between security professionals and explodes regarding the next Pwn2Own, one of the most famous Canadian conferences. Is it legal to submit 0-day exploits at a conference in a foreign country? Are we thus committing a crime? Do we need to ask for permission from our government to do so? All these questions are awaiting a clear and concise response by law enforcement agencies in each country.

Every single thing will eventually affect your live. Detaching digital from real world is, and will be, an increasingly complex task.


Post a Comment