The Future of Computer Crime: It Ain't Just Hacking
"I've done time. I know all the cons." - Jim Rockford, The Rockford Files
Kevin Mitnick's testimony on March 2, 2000 before the U.S. Senate Committee on Governmental Affairs (http://www.senate.gov/~gov_affairs/030200_mitnick.htm) had an intriguing tone of simplicity. His opening remarks seemed more like an introductory lecture on computer security found at any local junior college. Fundamental warnings about using good passwords, developing audit trails, establishing trust levels, and educating one's employees about keeping their mouths shut (no pillow talk about operational secrets) formed the core of his teaching. Complexity, the devil that taunts us, according to prophets like Bruce Schneier, was strangely absent from Mitnick's remarks.
Mitnick allowed others to fill in the silences for him: people, with the right coaching, volunteered information. "I was so successful in that line of attack that I rarely had to resort to a technical attack," commented the dragonslayer, the number one computer criminal in America. Mitnick's truth then becomes hacking is not a difficult trade to learn, if you want to dedicate the time and learn the art of the ruse.
Mitnick commented favorably on Senate bill S1993, which would give legislative form to the basic security principles outlined in his opening remarks. Structured and linear steps like S1993 recommends will partially diminish hacker attacks against governmental computer systems. For computer crime does have its roots in the technical shortcomings of inadequate passwords, poor server security, and faulty firewalls cited by Mitnick. He also mentions the psychological vulnerabilities, and in an attempt to be comprehensive, his remarks recommend educational remedies as countermeasures. But, as the adage goes, "civilization is a race between education and disaster." Unfortunately, given time and economic pressures, education will slip, so cyberspace will have its share of disasters.
The future of computer crime is not the cron job but the con job. Making people accept illusions and falsehoods may be far more important than knowing Perl, C++, or flaws in the Linux operating system. Deception will flourish because cyberspace is the perfect medium for chicanery. Having evolved into a belief system, the Internet carries a high "truth-value" in many people's minds. The unreal has become real.
Witness the strange world of Internet stocks. Highly inflated values persist in spite of negative earnings and questionable balance sheets. Anyone can be in e-commerce, even the Mafia. The same people who brought you "Sammy the Bull" Gravano and John Gotti are being investigated for stock manipulations on the Internet. Securities fraud is zooming out of sight. And, the scams are just beginning.