The perpetrators, or the victims who fail to take simple steps to protect themselves?
By Patrick Vuleta on July 6, 2012 at 10:00 am
Who’s to blame for cybercrime?
Cybercrime costs Australians billions, now rivalling burglary for damage caused. With the future of gaming digital, gamers are increasingly stepping into the fastest growing criminal environment in the world.
Common opinion likes to blame the victims. When the Playstation Network was hacked last year, the debate focused on Sony’s security rather than the hackers. Whenever a Diablo III player is hacked, they’re guaranteed a response of “No authenticator, no sympathy.” At the lowest point, some even side with the perpetrators. “Lulzsec is performing a public service by testing security”, or “Lulzec is a protest group.”
With the sheer numbers of scams, you’re almost guaranteed to be targeted. Is it enough to just keep your antivirus up-to-date, and trash any emails that promise naked pictures of Leliana if you click this link?
Are victims to blame?
Some truth does lie behind the common opinion. Recent studies suggest that many neglect simple measures that would otherwise protect themselves. Many don’t update their anti-virus software, and many click on phishing emails or vague promises of nudity.
However, antivirus software is not infallible. New viruses are constantly created, and security companies battle to keep up. While rigorous security would reduce the occurrence of crime, even the best anti-virus programs cannot stamp it out entirely.
Furthermore, much cybercrime is real scams where the victim cannot be blamed. The most concentrated financial damage these days comes from romance scams, where the victim’s emotional desperation leaves them vulnerable. Police lament that even when they do warn people they are being scammed, in over 75% of the cases, these warnings are ignored. While these scams aren’t that relevant to gaming, if a Kelly-lookalike ever tried to scam me… I’m not sure I could resist.
Finally, blaming the victim is simply inappropriate. In the offline world, even if a house was left completely unguarded, a theft is still a theft. While precautions can and should be taken, the responsibility for all crime lies on the perpetrator.
The rise of Skynet
The activities of obvious hackers like Lulzec attract media attention. However, it’s not these hackers that you should fear. Rather, it’s the bots.
Botnets are responsible for most cybercrime. Just like how Skynet was created, a botnet is thousands of computers unknowingly infected with a bot. This botnet is then used to conduct crime on a large and dispersed area, by running mass phishing scams and fraud across multiple states and countries.
This works because police investigations are prioritised by damage. No one, for example, will seriously investigate a $10 theft. Unfortunately, that’s what the majority of cybercrime is. Criminals will use a botnet to steal small amounts, such as $10, from a hundred people in each state. Done across all seven Australian states, that’s $7,000. Rather than lose your life savings, you’re far more likely to get pinged for a small amount.
How do we combat cybercrime?
Because botnets are so important for cybercrime, ‘making an example’ out of individual hackers is pointless. Instead, identifying and disrupting botnets is key.
The first step’s to make it harder for bots to take hold. Very basically, this requires better internet security from PC users. If you’re not using an anti-virus, you really should. If you’re downloading copyrighted material illegally, you really shouldn’t—bots will piggyback on it.
The second step’s to identify botnets. This requires a more focused effort from government. Currently, the government’s cybersecurity focuses on protecting national security. However, that’s not where the problem lies. Organised cybercrime is growing at a far faster rate than espionage.
The third step is to clean infected computers. Japan runs a model program for this—the Cyber Clean Centre. The Centre is a partnership of government, ISPs, and internet security companies that assists PC users in identifying and removing bots from their computers. When an ISP detects bot activity, the user is informed, and asked to take action. The Centre then assists the user to remove the bot.
Australian ISPs are running a similar system to the Japan model, called iCode. This is based on cooperation between ISPs to detect bots, and help users remove them. It’s a start, though completely ISP-based.
We need more investment
Currently, Australian Government efforts to disrupt botnets are inadequate. The problem is not enforcement—it’s investment. Our traditional enforcement agencies are simply incapable of dealing with the problem. We have no real centralised agency to address the problem, and little collected data on cybercrime in Australia.
Until we get this investment, Australian internet users will be vulnerable. Protecting your own PC is good, but it doesn’t stamp-out the existing botnets, used to make further attacks on you. It doesn’t identify cases where bots manage to run the gauntlet of antivirus software, evading deletion. It’s not enough for the Government to leave it to private companies.
Cybercrime is a complex, wide-ranging problem. Blaming the victims is unnecessary. Blaming hackers misses the point. What’s needed is a rigorous attack on the real enemy—Skynet.