It was not that long ago that people did not think the internet mattered to the economy as a whole. Now it seems the internet IS the economy. This has created a lot of interest in trying to control the internet from multiple different directions. These attempts to control that which is at this stage uncontrollable now threaten the internet as a whole.
All of these threats come down to one thing: ignorance. Ignorance of politicians, ignorance of judges, ignorance of corporations, and the ignorance of the users themselves.
Threat #1: The lack of Net Neutrality
The internet is the third most used utility in the US behind only electricity and water (occasionally 4th behind gas). Former third place holders telephone and cable TV have been replaced by the internet. This is inaccurate though, the truth is that the internet is not a utility, not yet anyway, and that is what the whole net neutrality debate is all about: Should the internet be treated like the telephone, where you can call anyone and anyone can call you? Or, should it be treated like cable TV where you subscribe to bundled packages of websites that run faster and contain more features.
Anyone who knows what they are talking about will tell you telephone. The entire reason the internet is growing the economy is because access to the internet is an even playing field. The major internet service providers want to charge websites more money to get to their customers faster. They want to charge for traffic going both ways. If the internet service providers get away with it, only the major websites with deep pockets can survive in the long run. All the small start-ups with thousands of employees, would suffer and ultimately close. There is a very entertaining video explaining all of this and this website has the latest information.
The ignorant in this case: Mostly conservative politicians and news sources who explain net neutrality completely backwards. If you want to save free speech on the internet you WANT net neutrality. They seem to think that “Net Neutrality” means government regulation and control of the internet, it does not. But now that you mention it…
Threat #2: Government Regulation and Control of the Internet
The Arab Spring demonstrated the power of the internet to help protesters organize. We saw this again during the Occupy Wall Street protests and the Ukranian revolts which actually led to the overthrow of the government. The internet as a communication tool organizes like minded people to take action against people, against corporations, and against government. The more tyrannical governments are looking to stop that by regulating what information moves into its country.
Google has to run different versions of its search engines in China and other countries due to censorship laws. These laws vary from country to country, which also result in lower performance of the internet as a whole. Google releases a regular report on take down requests from various government agencies, the requests are rising dramatically every year, up 68% from 2012 to 2013.
The other threat coming from Government is radical changes of policy. The SOPA act 0f 2012 was one of those. Currently, users can post stuff to websites free of censorship. However if they post copyrighted material, the copyright holder can notify the website, and the website is obligated to take it down. What SOPA wanted to do is put the burden on the websites. If you posted a copyrighted video on You Tube, You Tube would have to identify it as copyrighted and take it down themselves. It basically would have meant that any website that allows you to post stuff, which pretty much includes most of the most popular websites, would have to radically change their submission rules, or just close down completely. Luckily that was stopped, but organizations of copyright holders are still pushing for similar laws around the world. Newer threats include CISPA act of 2013 which in the name of stopping online cyber attacks, hurts online privacy concerns.
Pew Research also released a recent survey of internet experts and they consider government interference to be a big threat as well.
The ignorant in this case: Politicians and law enforcement agencies around the world of all political leanings.
Threat #3: API copyright issues
As threat #1 has to do with communications companies trying to seize control of the internet, threat #3 is about software companies trying to seize control. This is all about a potentially horrible precedent setting case involving Oracle vs. Google.
API is Application Programming Interface, it is basically how software programs talk to each other. If program A needs information from program B, it requests information X from B, which responds by sending Y back to A in a format it understands. Throughout the history of computer programming, it does not matter how program B handles data X or result Y, it can use any number of methods it wants to. Oracle’s Java does it one way, Google’s Android does it another. As a result Google avoids copyrighted software licensing issues with Java.
In Oracle vs. Google, Oracle claims that it holds the copyright of X and Y and not just the method, Google argues (rightly in my opinion) that X and Y are like the title of a book (book titles are not copyrightable), and that because the book part is different, there is no problem. Google won the initial case, but Oracle won on appeal.
Why is this so damning to the internet? Because the internet runs on API’s, and API’s have been around for decades. Without API’s smart phones would be bricks. Google is not the only one with this problem, Microsoft and Apple have their own implementations in place as well. Once the precedent is set, virtually all “open source” software would end.
The ignorant in this case: Judges only looking at previous cases and not the history of software design. Lawyers that could make millions off the thousands of lawsuits that could be filed.
Threat #4: Exponential Growth and Aging Infrastructure
This month, Wired published an article on the growing number of service outages simply caused by too much traffic that older routers simply cannot handle. Better routers and router software can fix these issues, but replacing old routers and pushing software fixes takes time.
Also in this category would be the very slow progress in moving the internet to IPv6 protocol.
The ignorant in this case: Businesses not willing to invest money in updating.
Threat #5: The Increasingly sophisticated methods of crackers and scammers combined with an increasingly tech ignorant general public.
This weeks Celebrity Nude Scandal, aka “The Fappening“, highlights how sophisticated online pirates are becoming, and more importantly how much more dangerous new trends like “cloud computing” can be to privacy.
There is a lot of interest in finding the hacker responsible for the release of these pictures, but this has all the tell tale signs of a group of hackers with a new set of tools. Most interesting is this article from Wired.
On the web forum Anon-IB, one of the most popular anonymous image boards for posting stolen nude selfies, hackers openly discuss using a piece of software called EPPB or Elcomsoft Phone Password Breaker to download their victims’ data from iCloud backups. That software is sold by Moscow-based forensics firm Elcomsoft and intended for government agency customers. In combination with iCloud credentials obtained with iBrute, the password-cracking software for iCloud released on Github over the weekend, EPPB lets anyone impersonate a victim’s iPhone and download its full backup rather than the more limited data accessible on iCloud.com. And as of Tuesday, it was still being used to steal revealing photos and post them on Anon-IB’s forum.
“Use the script to hack her passwd…use eppb to download the backup,” wrote one anonymous user on Anon-IB explaining the process to a less-experienced hacker. “Post your wins here ;-)”
I do not know if this is the exact process used by hackers (plural seems most appropriate) in this case, but something similar: Someone found an exploit, allowing unauthorized access to iCloud accounts, posted it for others to find, and large numbers of hackers went to work seeing what icloud accounts they could hack. I have seen “group think” hacking in action, and the sheer volume of accounts attacked tells me this wasn’t the work of one lone hacker.
What is especially worrisome is that the Wired article seems to imply that the exploit used by hackers on Anon-IB (again the two may be unrelated) is there for law enforcement use. As long as law enforcement and spy agencies insist on legally requiring access to cloud computing for intelligence gathering, cloud computing is is going to be vulnerable to hackers!!
There are a number of large companies that have decided to put much of their data needs on “cloud computing”, quoting the money they save on IT expenses by going this route. They are making themselves more vulnerable to hackers by doing so, just to save a few bucks. Apple and Google have been pushing cloud services for a while now, Apple is even updating OS X and iOS with cloud computing in mind, often requiring the cloud to use certain services. The Celebrity hacks couldn’t come at a worse time for Apple.
But this is just one example of the increasing sophistication of today’s online hackers. Let’s take a look at another recently published by PC World:
CryptoWall ransomware held over 600K computers hostage, encrypted 5 billion files
A file-encrypting ransomware program called CryptoWall infected over 600,000 computer systems in the past six months and held 5 billion files hostage, earning its creators more than $1 million, researchers found.
The Counter Threat Unit (CTU) at Dell SecureWorks performed an extensive analysis of CryptoWall that involved gathering data from its command-and-control (C&C) servers, tracking its variants and distribution methods and counting payments made by victims so far.
CryptoWall is “the largest and most destructive ransomware threat on the Internet” at the moment and will likely continue to grow, the CTU researchers said Wednesday in a blog post that details their findings.
For a couple of years now “ransomware” viruses worked at the fraud level pretending to be government agencies like FBI or IRS claiming to find evidence of wrong doing by the end user and demanding a $300 bribe (or “fine”) to make it all go away, often disabling users from using their computer to get rid of it. Many fixes nevertheless exist online to avoid paying the scammers.
CryptoWall has elevated “ransomware” to the kidnapping and extortion level, and if your files really are encrypted there may be no way to unencrypt them without paying for the extortion.
These viruses are spread mostly the old fashioned way through fraudulent emails saying you are owed money, and you need to “click here” to get access. The sophisticated tech savvy would never click.
Scammers are going beyond fake emails and phishing these days. Now they are calling people, usually older people, posing as technical support using fake caller IDs to look legitimate, telling them they need remote access to their computer to fix a problem they have found, which once given access is loaded with various malware and viruses for future ransomware scams. A variant is to pose as government lawyers collecting fines as explained above. This is of course all highly illegal and potential victims are reporting people with foreign accents, meaning it is foreign scammers taking advantage of call centers being based in India and other large English speaking countries to save money. People are used to hearing foreign accents from support centers these days.
Even if you are smart enough to avoid fraudulent emails, and inbound calls asking for bank or computer access, there is scary unavoidable stuff like rogue cell towers that your phone automatically connects to when you are in range.
The tech savvy for the most part know how to avoid these problems, and keep their security updated, and know how to fix their own problems if they do crop up. The problem is that there is an increasingly small percentage of internet users who are this careful, and viruses malware and trojan horses affect all internet users, even the uninfected.
Some viruses never reveal themselves, they reside in the background of unsuspecting computer users to form networks of parallel processing power, often used to brute force passwords, or create denial of service hacks. Such actions slow down internet traffic, cause temporary outages and ruin everybody’s internet experience.
The other side of the coin is that scamming is profitable. People do fall victim, people do pay, and scammers hide themselves behind international law to avoid prosecution. That means there is only going to be more of it. Scams are not just using mass emails, they are buying ad space on legitimate web sites to make themselves look legitimate. Unfortunately, there are no security firewalls to protect you from the ignorance of others.
The ignorant in this case: pretty much everybody.
UPDATE October 3 2014:
Apple is refusing to help law enforcement access phones anymore, they said that the security of their iCloud is now so secure they can’t even break in. This has made nude celebrity hackers very sad.