February 26, 2008
Kellermann, SIS ’99, paints picture of Wild West online
If Hollywood made a modern day version of Bonnie and Clyde, it wouldn’t be quite as exciting as the original. Instead of bank robbers Warren Beatty and Faye Dunaway brandishing shotguns and using getaway cars to haul their loot, picture Philip Seymour Hoffman and Joan Cusack sitting around their apartment in pajamas, typing away on a PC.
In today’s Wild West—the Internet—anyone can be a criminal, because virtually everyone has the weapon of choice, a computer. Hacking and cyber crime represent a major threat to not only America’s economic interests and national security, but to the very fabric of our democracy. So said Tom Kellermann ’99, an expert on cyber crime who delivered a startling and somewhat scary talk on the subject Thursday as part of the School of International Service’s lecture series on transnational crime issues and threats.
“The greatest threat to our American empire is our technological underbelly,” said Kellermann, vice president of security awareness for Core Security Technologies. “The only way we can stop this precipitous fall is to deal with this issue because it will affect everything.”
Kellermann tracked the rise in hacking and cyber crime to the fall of the Soviet Union. In 1989, KGB agents with computer expertise suddenly found themselves out of jobs, so they turned to criminal syndicates throughout Eastern Europe that were breaking into networks used by banks.
“The Internet was never created to be secure,” Kellermann said. “It was essentially to be used for emergency communications. The banks and large scale commercial enterprises in the late ’80s adopted the Internet to proliferate e-commerce. Since 1995, banks are using the Internet to move money, store identities, communicate with other banks. The problem here is obvious: IP cannot be fully secured.”
Last year alone, the identities of 120 million Americans were stolen, Kellermann said. Most people don’t even discover that they have lost their identities until they try to buy a house, or lease a car.
“The fact that the FBI’s number one criminal priority right now is cyber crime says something,” he said. “They have a division with 700 agents that can only prosecute one out of 10 cases because they’re overwhelmed.”
In Oregon in 2004, 98 percent of bank heists were virtual, Kellermann said. In the two percent that were physical, the average loss was $5,500. In the virtual ones, the average loss was $200,000.
“Hacking is more profitable than cocaine trafficking, with less risk,” he said. “I can spend six months developing 10 hectares of coke, distributing it, laundering the funds, taking on a lot of risk and making myself $20 million, or I can hack one database with 100,000 Americans’ identities, set up Platinum cards in each of their names, then when I’m done with them sell each one for $5 a pop.”
Most of the security ordinary users rely on can be easily breached, according to Kellermann.
“Encryption is like a steel tunnel with water at one end and water at the other,” he said. “I’m a good hacker, I’m not going to waste my time trying to break through the tunnel. I’m going to pollute the water on this side of the room, I’m going to pollute the water on the other side of the room, and I can compromise everything that moves through the tunnel. It doesn’t matter if the stuff is encrypted, if I can get into your device, I can own the tunnels.”
Kellermann stressed that wireless connections are especially easy to crack.
“Hooking up to random access points in coffee shops, at airports is really putting yourself at risk, particularly if you bank online,” he said. “Passwords are dead. There’s like a million programs that allow you to generate passwords.”
Layering security and consistently testing your own defenses are the best ways to try to protect yourself. But too often individual users, and even the U.S. government, don’t maintain that level of vigilance.
“Nonstate actors like Al Qaeda recognize that the Internet is a true recruitment tool, but realistically it’s also a financing tool and money laundering mechanism,” Kellermann said. “Only recently has the federal government begun to recognize and appreciate these capabilities.”
If you think this all makes for a pretty bleak outlook, well, Kellermann agrees.
“One laptop per child, let’s connect the entire developing world to the Internet. That’s great, but if you don’t give them jobs and you teach them how to use computers and eventually they figure out that they’re weapons, eventually they’re going to figure out that Robin Hood can be them,” he said. “I can hack this American bank and I’m poor in Bangladesh, and I can essentially steal a lifetime’s worth of money in half an hour and it won’t be tracked back to me, what am I going to do? It’s a double-edged sword.
“You’re never going to stop these things, but you better respect the adversary.”
