Written for a speech around February 2002
In March of 1998, First National Bank, my bank in South Africa, received a phone call. It was to their IT department. The phone call went something like this: “First National Bank IT, how may I help you?” “Hi there, may I please speak to your Head of Department?” “Sure, hang on a second.” “Bob speaking how I may help you.” Hi Bob, this is Michael. I would like a job.” “I am sorry Sir, but this is IT, you need to speak to human resources.” “No Bob I need to speak to you.” “Sir, we are the IT department, only Human Resources can hire people.” “Well Bob, I have just hacked your system.” Pause. “Michael is it? I am afraid that is impossible, we have the some of the most secure servers in the world.” “Bob… check your email, I’ll call back in five minutes.” So five minutes after Bob found the entire list of usernames, passwords, credit card numbers and pin codes of First National Banks customers in his email box, my friend Michael, or Wiz as he prefers to be called, became the new head of security at First National Bank. He is 25 and drives a nice new Jaguar.
Michael was, and still is, a professional hacker. Today’s computer-dependant world is completely reliant on these cyber geeks. But are they dangerous and what threats do they pose? Today I will explain the three main points of concern that you are likely to encounter living in the 21st century: the possible national security risks, the risks that your company or future company might face and what risks you take simply surfing the internet at home. So unless you plan to live under a rock for the rest of your life, you had better listen up!
To start with, let’s think big. What is the most amount of damage that a person could cause with a computer and a phone line? Is stealing someone’s credit card really the worst that could happen? Could a good hacker possibly shut down TV, water, gas or power stations or crash planes? Since September 11th, Washington has had to rethink their stance on terrorism, of any kind, and cyber terrorism ranks high on the list of concerns. So are we prepared? Well just one week ago, an internet security team conducted an investigation into the integrity of the White House computer systems. By simply driving around the exterior of the property, with a regular wireless network card, like this one (example) and a laptop computer, they were able to browse some of the networks inside the White House. And that was what they could do by merely logging on. They didn’t even start hacking at the system! The resulting scare is speeding up the updating of systems defenses in the White House and in other government facilities. This one example can give you an idea of how great a problem this really is. The CIA knows of at least three countries currently training Cyber Soldiers, the US, Russia and China. This new breed of soldier will be capable of launching devastating attacks on enemy infrastructures with out ever leaving their desks.
You might not want to worry about the personal consequences of foreign powers throwing their computing might at your online shopping habits, but that does not mean that you are safe.
Businesses are at a huge risk. If my friend TimeWiz had wanted to do so, he could have had one hell of a shopping spree. In a recent beep poll, it was found that 78% of webmasters do not use the built-in security options that come with many software packages today and another poll taken by beep found that more than 73% of new software has SERIOUS security flaws when released. So if you own a business or intend to do so one day, PLEASE, for the sake of us all, hire experienced IT personal, or out-source the job to an expert security company… it will save you money in the long run. It is also important to demand secure, safe software, rather than buying junk. Software vendors will continue to peddle poor, unsafe software as long as they have a market for it; your dollar is your vote.
But what about you, the home user?
America has the highest rate of internet users and (more importantly) internet shoppers of any country in the world. As a result, credit card fraud is the number one internet crime in America. The reasons? Well firstly people just don’t know enough about the internet, and secondly, Americans seem to be overly trusting with their card details. So to help all those would-be internet shoppers to shop a little safer, I have compiled a short list of do’s and don’ts. The number one suggestion I have for people is not to use a debit card online. Debit cards do not have the same kind insurance from banks as credit cards do, so if you do get ripped off it will be much harder to prove it and get your money back. Number two: use reputable sites – Web sites that you have heard of before, like Amazon.com, eBay, and Yahoo-shopping. If you are not sure about the authenticity of a web site, you can look at its certificate. A certificate appears in the bottom right-hand corner of your screen in the form of a small yellow padlock. The padlock will usually appear in areas where you enter account details or passwords. When it appears, it means that everything you type is being encrypted before being sent to the website, so that no one can intercept your details. Now this doesn’t guarantee anything, because anyone can make a certificate, it’s who the certificate is from that matters. If you double click on the yellow padlock, and discover that it has been issued by a company other than Thwate or VeriSign, then DON’T BUY FROM THERE!! Those are the only two security companies in the world who can guarantee your purchase is safe.
So in summary, there are gaping holes in US computer defenses, although action is being taken to close some of the more dangerous ones, and people are aware of the need to rectify problems. Businesses are facing dangers that in today’s wired world, but there are a number of fairly simple home remedies for the common internet security risks. Terrified yet? Well you don’t have to be. Going for walk down the street is only dangerous if you have no idea what the metal box is, with four wheels hurtling towards you. The internet is no different. Knowing what is out there is the number one step to protecting yourself. And who knows, one day, if you know enough, you could be driving a nice new Jaguar.