google

Wednesday, February 10, 2010

Beating Cyber Insecurity - timesofindia.indiatimes.com - 10 Feb 2010

Just when i was wondering whether to entrust my research work to a "cloud" computing website Evernote, a service which i could access anywhere,
Twitter Facebook Share
Email Print Save Comment
or get MyPassport, a portable drive the size of an iPhone so easy to slip into my pocket, i received a jolt. A sudden malware hacker attack crippled my desktop. Panic-stricken, i felt that all my work would be gone and i would have to do it all over again.

Unlike a powerful company like Google that could trace where the recent hacker attacks had come from, what was stolen and who to blame, i could do no such thing. When i called the company that was the vendor, it was someone in India who told me that for $59 they would rid my computer of the malware. All i had to do was to hand over to them "virtual" control over my computer, which in good faith i did by just clicking "yes", and in about three hours i was able to resume my work, nonetheless without any assurance that it wouldn't happen again.

When i asked the Indian geek whether the confidentiality of my files remained inviolate during the remote cleanup process, and would be respected in the future, he assured me that the company concerned had no malevolent interest. But who knows? My files, my work, my privacy, have been exposed to strangers. Maybe i became an accidental victim, or perhaps some hacker tried to use my computer as a trap door to hack others.

Everyday millions of people involuntarily expose themselves during their online searches to marketers whose major interest is profiling them for precision ads that match their gender, income level and lifestyle; but also to hackers, who steal identities including passwords to hijack their e-mail and bank accounts. Last year it happened to a Kolkata friend whose e-mail was misappropriated by a hacker. He did not know until i alerted him, something i was able to do because someone from Kuala Lumpur using my friend's name and e-mail asked me to wire him money to a hotel where he had checked in to attend a conference on AIDS. Somewhere, he had lost his wallet including his credit card. The writing style and the way the name of my friend was spelt raised a red flag and i held back on the impulse to rush. It was a set-up.

Not every fraudulent act can be traced, especially when the data thief could be anywhere. According to the FBI, individuals in the United States lost $264 million in 2008 to cyber thieves. Hacking for robbing money from bank accounts and stealing credit card numbers is seldom reported in the media lest it should cause panic in the public. Nonetheless, it is a widespread international crime.

But that's not what Google has been worried about. Nor is it so much the question of free speech and censorship or hacking the Gmail accounts of dissidents that drove Google to come out openly and flatly accuse China of ignoring China-originated hacking. It is widely acknowledged by security experts that internet hackers, clandestinely supported by some home governments, are hunting for bigger assets including valuable source codes, intellectual property and military and corporate secrets. Google is a global brand name but in its fundamental digital reality it is nothing but a source code. If you steal the source code, you can clone Google or even build a better Google. That's why Microsoft jealously guards the Windows underlying code though it allows programmers to build hundreds of applications on its platforms, as do other software companies.

Code is the Thing, to paraphrase Lawrence Lessig of Stanford Law School. Software architects and code designers control the creation and flow of knowledge necessary for everything from developing new life-saving drugs to iPhone and missile interceptors. Between China and the US, there is a tremendous knowledge gap that cannot be bridged without massive appropriation of technology, whichever way it might occur.

Sami Saydjari, a former US National Security Agency (NSA) official, told the media that China's military may be a most important source of hacking skills for which it is said to support "hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits". China has 380 million Web users, a massive pool from which arise footloose hackers who steal credit card numbers, conduct corporate espionage and attack military installations. The all-knowing Chinese authoritarian government cannot be innocent about its citizen hackers.

Google is in the knowledge business and is technically capable of uncovering where the attacks emanated but the problem is so serious that the internet giant has decided to seek the help of the NSA to prevent further assaults on its network. Besides, Google has the political clout for mobilising the power of the US government and the international community in confronting China on the issue of free speech and of intellectual property misappropriation.

The foundation of the knowledge society is trust, not "the information curtain".

By N D Batra

No comments: