Wednesday, December 14, 2016

Guest Post: Our Vulnerable Internet

By John T. Wark

The New York Times’s recent in-depth article on how Russians apparently hacked into computer systems during the presidential election raises alarms: the Internet is not your friend.

The article revealed how unprepared  the Clinton campaign and others  were and how casual the attitude of FBI was. Yet everybody knows  — or should know — how fragile and vulnerable are our Internet infrastructure assets. Look at what Russia is said to have done in Ukraine.

From the  NYT story:

"Last year, the attacks became more aggressive. Russia hacked a major French television station, frying critical hardware. Around Christmas, it attacked part of the power grid in Ukraine, dropping a portion of the country into darkness, killing backup generators and taking control of generators. In retrospect, it was a warning shot.
"The attacks “were not fully integrated military operations,” Mr. Sulmeyer said. But they showed an increasing boldness."

The Internet by its very structure remains vulnerable everywhere. The great irony is that the Internet structure was designed back when it was university-based and funded by U.S. Department of Defense. This network of networks was intentionally designed so that the packets of information we send on it follow random pathways. It was thought if the country's infrastructure was attacked the Internet piece would be safe because information would still move freely on any portion that remained, thanks to that random patterning.

The problem is that the servers the packets zip between randomly from your home computer to mine must be able to "read" the data that give instructions to the server relay stations on what to do with the packets. To accomplish this, though, resulted in a design protocol that meant everyone can see everyone else's packets.

Thus, bad actors can steal info almost effortlessly. Which accounts for the frequent publicized reports about Target or a federal agency being hacked and the many billions of bits of information about everybody's credit accounts and personal identity being stolen all around the globe.

And it also is why stories like this one in the NYT show the victims/targets acting defensively by introducing programs into their systems that allow them to "detect" intruders. You will note articles never say the DoD, Bank of America, or DNC took step A, B or C to totally prevent a cyberattack. 

Because that's not realistic and may no longer even be possible. 

To make the Internet secure would probably involve a redesign. Packets of information would likely no longer travel randomly and in a way that allows everyone to see everyone else. If you control the packet movements you can lock out bad actors.

But then the entire Internet economy collapses. Apple, Google, Facebook, Twitter, etc. (and every bit of monetization attached to them) are built on the random packet "everyone can see everyone else" movement structure. It is the DNA of their business model and today dominates the world's communication structure. Internet companies, foreign governments, our government, advertisers, the joker down the street who studied programming at the local community college and now builds bots to go out and scrape info from websites and return it to him -- they all "see" us and what we do and where we go on the Internet, often tracking us using cookies. The big companies (governments) grind up the info they gather in their algorithm machines and that allows them to anticipate what ads you should see and what information you should get first when searching or doing whatever it is we do on the Internet. 

It is another feature of the "new normal" in today's world that our children, friends and neighbors are familiar with military grade communication encryption AND why we are all routinely advised to use it.

Of course, encrypted messages or only as good as the encryptors. Governments have proven successful at convincing companies to give them the keys. So called "blunt force" computer attacks have cracked the privacy features baked into iPhones. And so on. Nothing is safe. (*)

This is all by way of saying I wish articles like this one in NYT included a few graphs that reminded readers that we wedded an incredibly powerful profit-driven commercial enterprise to a system designed to enable university researchers at different ends of the earth to communicate with one another, hooked in everybody on earth, including Wall Street, ingenious thieves (are they the same?) and governments out to eviscerate each other -- with no way of securely protecting ourselves from bad things happening. And the big Internet companies all know this.

If we lived in honest times, whenever we powered up a computer and heard that banal and benign musical upswell that sounds the audible brand notes of Apple or Microsoft (PC or Mac) there would immediately follow a flashing message:

WARNING: This is a powerful and useful communication tool. But its use may be likened to immediately unlocking your home, file cabinets, home safes and bank safety deposit boxes, and most intimate communications for anyone in the world to gain access. The user/consumer assumes all responsibility and acknowledges that all of his/her activities and personal information is at all times at risk of being viewed, stolen and used without permission by other Internet users. (Sometimes even when your information is encrypted and your computer is turned off.) There is nothing that can be done about this. (If anyone could fix it, don't you think it would have been done by now?)

The new normal. 

Not surprising that such a system would play such a pivotal part in elevating the executive producer of The Apprentice to the once most important public office  of the once most important free democracy on earth.

And not surprising that he should use it to communicate lies and falsehoods instantly to millions. 

This is merely another facet of the "new normal."

I just realized that the term "new normal" is like "alt right." It white washes the darker truth.

It is a doubly ironic term.

What a price we are paying for technology. 

There is no way, once in, to opt out. 
* * *

(*) A free (end to end) encrypted message service popular with security researchers and privacy advocates (including Edward J. Snowden) is the messaging app Signal.  Android version available via Google Play. And iOS version is available via iTunes. There's also now a Chrome app that can link with a Signal client. (Signal uses cell phone numbers as identifiers and end-to-end encryption to secure communications to other Signal users. The person(s) you are communicating with also have to use the app to exchange/get/send info with you.)

No comments:

Post a Comment