Its not just Spam and DDOS anymore (was Re: OT: Re: User negligence?)

Sun Jul 27 15:45:51 UTC 2003

At 11:25 AM 7/27/2003, Rob Thomas wrote:

>Hi, NANOGers.
>
>] Folks, its not underground any more.  The criminals are using trojans
>] to steal real money from real people now.
>
>Indeed, and for a while (circa five months by my observation) now.
>It is no longer, and hasn't been for a while, about technology.
>The technology - the Internet and the connected devices - has
>become a conduit for profitable criminal activity on an ubiquitous
>scale, pure and simple.  Miscreants don't break into databases and
>steal 8M credit cards at a pop so they can card shells and shoes.
>
>] Firewalls can't stop it, ISPs can't stop it.  Its a *HOST* security issue.
>
>I'll slightly modify that statement; it is a *PEOPLE* issue.
>People who write code.  People who use systems and networks.
>People who abuse all of the above for monetary gain.

<babble>

I think people forget that we don't live in a utopian society. Some people 
expect computers to solve all the problems and expect that they can prevent 
crime in their own domain. We haven't eliminated physical crime at all so I 
don't see why people are surprised to find that a computer was used to 
commit a crime. Bank robberies take place all the time and you don't here 
much about them. Probably more similar is fraud which has taken place for a 
countless amount of time without the use of computers. Using computers is 
just another way to perpetuate it.

I do agree with a lot of people in the fact that users of the tool must be 
informed of how to use it safely, just like anything the person is not 100% 
familiar with. It's somewhat common knowledge to not leave bank account 
numbers lying around for anyone to see. It's not as common for people who 
are unfamiliar with computers to know not to open unknown attachments, run 
anti-virus software, use a firewall, etc... Would the average driver know 
how to handle an 18 wheeler? They could probably get it going, but not 
safely. People must be educated about using computers, ESPECIALLY if it is 
in a situation where security is elevated because the company has something 
valuable to protect. A bank teller wouldn't likely let a client behind the 
counter, yet many would probably open an attachment sent via email without 
knowing what it is. I know the average end user probably isn't likely as 
aware about security using their PC in their home, but if banks and other 
institutions plan on making their services available online in some manner, 
perhaps they should at least send out occasional best security practices to 
protect people's information. I can also see that it's not REALLY their 
problem either so I could also go the other way on this. Just like a bank 
is not responsible for someone breaking into your house and stealing your 
checkbook.

</babble>

Just my 2¢.

Vinny Abello
Network Engineer
Server Management
vinny at tellurian.com
(973)300-9211 x 125
(973)940-6125 (Direct)
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

There are 10 kinds of people in the world. Those who understand binary and 
those that don't.