paulchinonline.com

Why 'MafiaBoy' is Right About Net's Risks

By Paul Chin

Originally published in Intranet Journal's Chin Music (27-Oct-2008)

back back to portfolio


A recent radio interview with Michael Calce, better known as the infamous hacker "MafiaBoy", echoed the warning I've always tried to get individual users and companies to heed: The Internet is not safe.

On a promotional tour for his new book, "Mafiaboy: How I Cracked the Internet and Why It's Still Broken", Calce illustrated how insecure the Internet was when he, at the tender age of 15, launched massive denial-of-service attacks on sites such as Yahoo!, Amazon.com, eBay, CNN, and E*Trade. But that was eight years ago. The Internet has come a long way since then, hasn't it? Not so much.

Security experts have repeated the same advice for years—install and keep up-to-date anti-malware software; install a firewall; install security patches; and most importantly, practice safe computing—but people still think that the Internet is a warm and fuzzy place. They think that they can turn off their brain as long as they have security software on their computer, or more frighteningly, even if they don't have any security software. The Internet is a global community; and as members of this community, users have a responsibility in preventing the propagation of malware. But alas, not everyone feels this sense of responsibility.

Despite repeated warnings, I constantly encounter casual computer users who repeat, "I'm nobody, why would a hacker want to attack my computer?" like an ignorant mantra. Hackers used to target large sites like those compromised by Calce because they were they ones with the huge bandwidths (and possibly because they wanted the high profile attention and notoriety associated with such attacks). But now, with many regular home users on high speed connections, it's much easier and safer for hackers to fly under the radar by attacking multiple individual users to build zombie networks rather than going for a big kill like Yahoo! or CNN. And some hackers use the former in order to execute the latter.

Hackers use the methods they use because they know they'll work. They know that if they send out 100 feelers, all they really need is for one person to take the bait. This makes an uneducated computer user without any safe computing knowledge just as dangerous as the malware that strikes them—and eventually makes the Internet a lot less safe for the rest of us.

It's disheartening to discover how many users find nothing wrong with sending personal and private information over an unsecured line or jump for joy at the prospect of winning a Nigerian lottery. Sure, what's the harm in opening a strange email attachment from someone you don't know, or sending your social security or credit card number through email? But if you do any of these things, don't be surprised to learn that your digital doppelgänger was apprehended selling a Kalashnikov in Africa.

The Internet is still unsafe because too many software companies are placing more importance on marketing than security and push out buggy products to meet the holiday gift giving frenzy. The Internet is still unsafe because software companies take too long to correct their mistakes, or try to sweep them under the rug for fear of negative publicity. The Internet is still unsafe because of the number of people who would stamp on a flaming bag of poop on Mat Night. This is why, despite my bank's repeated attempts to convince me, I still refuse to adopt Internet banking.

You can't rely on technology alone to keep you safe—especially with the risks of zero-day exploits. There's only so much the technology can do for you; for the rest, you need to rely on your own common sense. Users must remain diligent at all times and be aware of the potential threats to them, their computer, and their personal information. It's time users stop being so nonchalant about Internet security. Just because you haven't been attacked yet doesn't mean you never will be.

If Internet security was at zero when he cracked those big sites, Calce was asked, where is Internet security now? "minus-50," Calce simply replied. Doesn't sound so warm and fuzzy, huh?


Copyright © 2008 Paul Chin. All rights reserved.
Reproduction of this article in whole or part in any form without prior written permission of Paul Chin is prohibited.