Computerworld

Net needs law enforcement, author says

The Internet is a "god-awful mess," but few U.S. government officials are willing to take action against virus writers, spammers and other scammers, author Bruce Sterling said at the Gartner IT Security Summit on Tuesday in the US.

Disorder and corruption are winning on the Internet, and computer users need the U.S. government to crack down on the thieves preying on the Internet, said Sterling, author of futuristic novels "Heavy Weather" and "Islands in the Net" and the nonfiction book "The Hacker Crackdown: Law and Disorder on the Electronic Frontier."

"We had a digital revolution in the 1990s -- now we've slid into digital terror," Sterling said during his hour-long critique on the state of cybersecurity. "Today's Internet is a dirty mess -- it's revolution failed. E-commerce was extremely inventive for a while, but the financing model was corrupt. There was poor governance in the financial systems, there was worse industrial policy; the upshot was a spectacular industry-wrecking boom and bust."

Most of the advancements in Internet commerce since the dot-com bust have been illegal, Sterling noted, including spamming, identity theft, and "phishing," which is theft of credit card numbers or other personal information by directing customers to bogus Web sites to change their account settings. "If you advance into mayhem, that's not advancement, that's driving into a ditch," he added.

Sterling offered what he called a little good news about cybersecurity, the recent arrests of a handful of virus or worm writers, including the arrest in May of the 18-year-old German man who allegedly wrote the Sasser worm. "The world is never going to run out of disaffected teenagers," he said.

But Sterling said he's not overly worried about bored 18-year-old worm writers who are unsophisticated enough to get caught; instead he's concerned about the authors of such malicious code as Slammer, Code Red, and Witty because they haven't been caught.

The authors of the Witty worm targeted users of Internet Security Systems Inc.'s products, while the Bagel and Mydoom virus authors attempted to turn infected computers into spam-sending machines, Sterling said. "Bagel and Mydoom are the future of virus-writing because they have a business model," he said. "Those are organized crime activities. ... These are crooks."

Virus and worm writing will grow as a weapon for terrorists and warring nations, he predicted. Terrorists operating in places with little central government control will begin to see cyberterrorism as an effective weapon because of a lack of international cooperation on cybersecurity enforcement, he said. He listed a dozen such countries, including Somalia, Bosnia and the Philippines.

"This is the birth of a genuine, no-kidding, for-profit ... multinational criminal underworld," he said. "I don't see any way it can't happen. We're going to end up getting pushed around by bands of international electronic thieves in a very similar way to the way we've been pushed around by gangs of international Mafia and international Mujahideen terrorists."

The new tools of terrorists and criminals will be "oil, narcotics, guns and broadband," he said.

With cyberthreats likely to rise, the U.S. government needs to focus on enforcement of existing laws, including antifraud laws, Sterling said. He praised New York Attorney General Eliot Spitzer, who prosecuted Buffalo spammer Howard Carmack earlier this year, as well as other white collar criminals. Although virus writers and many spammers break existing laws, most prosecutors seem reluctant to take on computer cases, Sterling said

"In my opinion, we need a thousand guys like (Spitzer)," Sterling said."We've got a ridiculous amount of computer laws."

Efforts such as the Controlling the Assault of Non-Solicited Pornography and Marketing Act, passed by Congress in late 2003, are "phoney-baloney gestures," Sterling said.

Instead of weak laws, the U.S. government needs to sponsor a multistate computer crime task force that enforces existing laws, he said. He also recommended that the U.S. post names of spammers and other Internet scammers on a Web site for everyone to see.

Sterling also praised parts of the National Strategy to Secure Cyberspace, released by the Bush administration in February 2003, calling it "modest and feasible." The document recommended that nations work together to combat cyberthreats, and such cooperation is needed to fight borderless cyberterrorism, Sterling said. But the strategy is likely to go nowhere after former Bush cybersecurity chief Richard Clarke criticized his former boss' counterterrorism efforts in a book released earlier this year, Sterling said.