In the Age of Cybercrime
A few weeks ago, I attended a meeting of university
presidents and representatives of the CIA and FBI convened
to discuss campus issues related to national security. The
goal of the meeting was to establish a dialogue between the
federal government and our major universities concerning
topics such as immigration policies, export of sensitive
technology, the protection of intellectual property and so
forth. This was the second meeting of our group that I was
able to attend, and I found the discussion to be both
positive and hopeful. We are trying to find the proper
balance between important national security concerns and
our ability to attract the best and brightest talent from
around the world, share information internationally and
maintain on our campuses an open environment for
information exchange.
What I wasn't prepared for, however, was a
presentation on cybersecurity by a CIA expert. Although his
presentation was brief and, in a way, a coda to the more
in-depth discussions preceding it, I walked away shaking my
head in disbelief, as did my colleagues from other
universities.
The presenter began by discussing the relative lack of
security of information that travels on the Internet. This
was hardly a revelation to any of us. But then he went
online to Google and typed a few keystrokes on his laptop.
Within seconds, there flashing up on the screen was a
database containing thousands of names, passwords, Social
Security numbers and the like. "We teach a course at the
CIA," he continued, while dazzling us with the amount of
information he so effortlessly pulled up, "about how to use
Google to gather sensitive information about individuals.
Within a couple of hours, we can teach you how to acquire
passwords, Social Security numbers, credit cards, cell
phone records, anything you might wish to acquire."
Then he described his own unfortunate experience with
cybercrime. A year or so ago, he was asked to appear on a
television program discussing the lack of security on the
Internet. The very next day his own personal bank account
was wiped out. "The cyberthieves didn't go to my bank and
jerk the information out on a onetime basis," he recounted.
"They didn't have to. There has been so much wholesale
theft of databases, when they saw me on television, they
simply searched the pilfered databases available to them,
found out that my personal information was there —
and voila! — took my bank account information and
identification and used it to transfer money out of my
account."
If you are like me and regularly buy items using
e-commerce Web sites, you should know that while most are
very secure, a number of them are not. So when you use your
credit card to pay for a transaction, there is a good
possibility that a snoop has access to that information and
in turn can sell it to someone looking to run up a large
charge.
Information and identify theft is only one aspect of
the many new problems spawned by the Internet, of course.
And Johns Hopkins, to its credit, became an early player in
the fight against digital information theft when it
established the Information Security Institute six years
ago. Its Web site is a good place to keep current on these
issues and well worth a visit
www.jhuisi.jhu.edu.
Other cybersecurity issues, of which we are all too
well aware, include spam (a highly profitable enterprise
and a growing nuisance), hacking and viruses. The Internet
wasn't designed with the intrinsic security of other
information appliances, and, sadly, we are now paying the
price. The only real solution is to unplug your computer
from the Net — and, actually, even that is not
foolproof, since there are cybersleuths who can use
sophisticated snooping devices to pick up your keystrokes
while sitting outside your window.
The next big area for concern is cell phones. These
are notoriously leaky devices. As they become more
ubiquitous and acquire computerlike data processing
capabilities, you can be assured that cyberthieves are
developing sophisticated ways to extract whatever
information they desire from your handheld device.
And what if one day some enemy conducts a successful,
full-scale cyberassault? If all else fails, we'll have to
call in the military to re-establish security. After all,
they are responsible for the defense of our country. But
not so fast. The military has the same vulnerabilities
— in case you haven't noticed, our 21st-century armed
forces are interconnected electronically as never before.
Net-centric warfare has become the mantra. Is it possible
that some bored, bright 13-year-old hacker in Bulgaria
might be able to disable the United States' air defense
system? Who can say?
Terrorists have used the net for tactical advantage in
developing a distributed network of people willing to blow
things up for whatever cause they are championing. In the
future, bombs may not be required. Disabling the stock
exchanges, paralyzing our military defenses or rendering
our banking system unreliable may have much the same
devastating and long-lasting effects.
William R. Brody is president
of The Johns Hopkins University.