Taking Back the Digital Streets – Cybercrime now and the future

Woman looking through dirty broken glassIn the 70’s and 80’s, there was a fight in cities worldwide to take back the streets and make it safe for normal people to walk in their neighbourhoods without fear.   Those efforts paid off—murders, muggings and other urban crimes have dropped dramatically since then. The internet badly needs a similar intervention.

The internet may be the last bastion of free speech, but it’s also the most dangerous place on the planet.   You can lose everything—your money, information and identity—before you even realise that you have been attacked.   At least if you get mugged in a dark alley you have the bruises to prove that you have been robbed.   Have you ever tried to convince the bank that you did NOT purchase that top-of-the-line snow mobile, considering you live in the tropics?   It is not a fun conversation.

But the current level of crime isn’t inevitable. I have been reading some articles on how New York City citizens took back control of their streets.   Their efforts involved forming neighbourhood watches, cooperating with police. There were also a huge number of court cases there concerning a citizen’s right to free speech and free movement. All of these solutions started with citizens demanding a safer environment.

The “citizens” of the digital world should do the same. We, the people, are the ones using the internet for practically everything, and we have to take control.   With the help of law enforcement and politicians, we can do, it but it has to start with us.

Of course, there are huge problems to overcome. I like to call them challenges.   Here are a few.

Too Many Criminals

How do we reduce the number of cyber criminals?   Well, in most cases, the neighbourhood solutions that worked were not high-tech stuff.   And the answer wasn’t more arrests— in some cases it was less, but the arrests they did make were those that had the biggest impact.   By removing the people on the lower rungs of the ladder, they left the ones on the higher rungs without their support. The ones higher up had to come down, and they were also caught in the net.

Hacker programing in technology enviroment with cyber icons andThe internet has its own forms of small-time crime.   Web site graffiti, using an exploit kit, ripping movies and music, and creating a phishing email are all at the lowest level of the badness scale.   If the people who were doing this were the targets of law enforcement, starting with an escalating fine system, then these people would quickly drop out of the cybercrime arena.   It would no longer be a cool and easy thing to do; it could get you a criminal record.   Yes, these people can be caught—the problem is that they are so numerous that it will take a concerted effort at all levels.

Look at web site graffiti: It is either done on a dare, or it is done as a political attack.   Let’s look at as a dare: When the perpetrator is caught then he is fined; if he is underage then his parents are fined.

If it is political, then there is another problem.   I can hear the cry from here—what about free speech?   Well, you can still say what you like. You have the right to go down to the street corner and shout your views from a soapbox.   Or upgrade to the digital version—get a domain name and a web site, and you can say and do whatever you like.   But law enforcement has to make clear that the moment you graffiti a website, you are defacing someone else’s property. Just like spray-painting your tag on the front of someone’s office, you are crossing the proverbial line and will get fined or arrested.

Draconian? Maybe.   But the focus of this policy wouldn’t be to ruin lives forever. Instead, it would provide small-time hackers with an incentive to stop before they have the chance to hone their skills.

Broken Windows

The victims of petty crime can also play a role in keeping the internet safe. The owner of a web site that has been defaced has an obligation to remove the graffiti and tighten up security.   In a normal business situation— the front of a building, for instance—the clean-up is usually almost instantaneous.   But I have seen defaced websites that haven’t been fixed in months.

Why does it matter? The New York mayor of the late 90’s, Rudy Guilani, had the right idea.   He called it the “broken windows” theory. ( http://en.wikipedia.org/wiki/Broken_windows_theory) If there are broken windows in an area, that sends the message that no one values property and no one is in charge. Then more windows will get broken, more crime takes place, and the neighbourhood turns into a scary place. But the moment you start to replace them (or remove other signs of vandalism), everyone in the neighbourhood senses that the rules are being enforced. The whole community starts to get involved in maintaining their space, and normal people start to move back in.

Not Enough Cops

Another deterrent of crime is for law enforcement to have a presence in the area.   In New York today you cannot go two blocks without seeing a cop car or an officer on foot. That’s harder to achieve in the online world. How do we put digital cops on every corner?

Yes, police departments can hire specially trained cyber cops. But they can only see a small fraction of what takes place. To be effective, they will need to interact with normal users.

In south Los Angeles, in innovative inner-city police department devised an effective approach to gang violence: The Community Safety Partnership. (http://www.nytimes.com/2013/07/14/magazine/what-does-it-take-to-stop-crips-and-bloods-from-killing-each-other.html) The police had a need for streetwise people who understood the neighbourhood. These people are the honest, law-abiding citizens who have close ties to gang members and are a little savvier than the rest of the community.   They inform the police when a high-risk situation is developing—for instance, when the Crips or Bloods are plotting a revenge killing. This inside information helps cops prevent crime before it happens.

It works because streetwise citizens are the best source of information on crime. So let’s create more streetwise digital users.   Let’s increase the awareness of the innocent, the uneducated and the ill-informed so they can recognize cybercrime when they see it.   If users know when a crime or scam is taking place, they can report it to law enforcement, their antivirus software provider, or a criminal’s IP.   This is a win-win situation for everyone.

Stop Hunting for Scapegoats

We have a tendency to assign blame and search for scapegoats. The solution I’m proposing is the opposite of that. We need to shift our focus away from the big crimes that grab headlines.   It’s easy to be angry at Target for letting customer credit card information get leaked, but punishing one company won’t prevent the next attack.

Law enforcement, too, needs to change their mindset, from one of confrontation to one of prevention.   Too often, cops swoop in to bust a big cybercrime ring (like the underground drug marketplace Silk Road) after monitoring it secretly for months. To prevent crime, law enforcement has to be more visible.   Bank robberies would probably be a lot more common if there were no security guards or patrol cars for miles around.

If we get the small problems sorted out, we can then put in check and balances that will allow the digital world to flourish. As with any process, we have to walk before we can run.   We have to start with the small wins and build on them.   From Twitter stalkers to Facebook trolls, from 12-year-old script kiddies to targeted phishing attacks, from malicious insiders to the dedicated hackers, we have to send a message that crime has consequences.

I know that changing the digital world will take a little time.   It took 20 to 30 years to sort out the problems in New York and L.A., and they’re still not perfect. But we have to do something about the dangers of the digital world before it really does become a broken communication device.

Posted in Managed Services, Security Advice and tagged , , .