Programming computers is a skill that can be learned, and a lot can be learned about it with very little investment in hardware and software. That enables people from almost every society on earth, including dangerous psychopaths, to build programming skills and use computers as they choose. Civilization is so dependent on the internet here in 2015 that I expect we have passed the point where a major, multi-day failure of the internet wouldn’t be accompanied by at least some people starving. That puts a lot of power at the fingertips of internet users, but a great deal more in the hands of those who can write software. People never stop learning, and some of them, rogue programmers, are sociopaths with bad intent for the rest of us. So what bad deeds are they carrying out that we don’t know about yet? Can we know?
Much can be done with “bots”. Bots are programs that automatically search networks and databases to find particular kinds of data. I have no doubt that rogue programmers (as well as much more numerous corporate programmers) have probably already set up tens of thousands of these “search-bots”, and those bots are scouring the internet, sucking up and analyzing our personal data 24 hours a day, year around. A bit of software like that, turned loose on the user database of a huge organization like Facebook, could sweep through hundreds of millions of users’ data in a matter of days. You are right to be worried!
What are the side effects of all these bots? It would be interesting to find out just how much internet traffic is created solely by bots, meaning how much bandwidth they are consuming and how much it slows down data traffic we actually want. Of course, the real victims of these bots are not only the people whose personal information is stolen, and whose bank accounts are robbed, but also the entire economic system which becomes increasingly burdened with regulations and other controls, mostly ineffective attempts to control the damage that disadvantage the legitimate user.
Individual hackers can only steal so much. Data thieves exist, of course, and can steal important chunks of our data, but bots can sweep up a million times more. This is because bots are almost limitless, single-minded machines with no moving parts to wear out. Some of them spawn copies of themselves as fast as they look at our data. They don’t need to eat or sleep, and they constantly sweep through internet databases examining thousands of your records per second, or sweep through web page after web page looking for links to the data they seek.
Hackers can die or just go away, but the bots they created don’t stop because of that. They just run uncontrolled until they are detected and blocked or the machines they run on no longer support some part of their program code. Some bots have probably been running since the 90’s, consuming bandwidth and making trouble, and some of them will continue for years or decades to come. Of course, if the data they are collecting has value and the author passed on instructions for operating them to other hackers, the bots might often be being re-targeted or modified to avoid being stopped by anti-malware programs.
Some bots just break passwords and find gaps in security systems, then tip-off hackers that the opportunities exist. Other bots look for specific types of information or target specific organizations or even people.
The NSA can monitor everyone – so why isn’t the government doing something? Unfortunately the internet is truly international, and the hardware on which it operates is owned by many millions of entities with a variety of goals and purposes. Some of them are major corporations or other “legitimate” organizations aimed at legally permitted actions that, in the end, work against us. The software that runs on that hardware is independent of it and often untracked (or even undetected) by the hardware owners, making it extremely hard for them to do anything about it (but not impossible, I believe). The internet spans hundreds or thousands of legal jurisdictions, some of them with little or no understanding of what is happening. Treaties that would enable any government to take action against the hackers are largely lacking, and hackers take refuge in the servers of 3rd world countries essentially incapable of doing anything to stop them.
Pursuing cyber criminals through the internet isn’t a better prospect. If CIA programmers went after hackers and fought them on the internet and in servers that could be almost anywhere in the world, wouldn’t national governments and corporations with jurisdiction or control over the servers involved object? Do we want an escalation of the internet arms war that could eventually cripple our use of this amazing medium? More importantly, will this come about without the intervention of organizations like the CIA, with corporations and government agencies battling hackers on a constant basis even as the line between corporate data sweepers and hackers remain fuzzy at best?
Can international treaties help, and can they be negotiated? No government is eager to have the anti-hacker efforts of another played out on their servers. This may make them reluctant to enter into treaties to pursue internet criminals.
How do you know the police from the hackers? Hackers can already masquerade as anti-hackers quite readily, and sometimes piggy back on the efforts of hacker hunters to not only hide themselves more effectively but also profit from data they might steal from the internet police. The “game” is fast changing.
Our dependency on the internet leaves us helplessly at risk. As wonderful as the internet is, it is just as fraught with problems. The global economy is now irrevocably dependent on the internet, and with billions of people using it the opportunities for fraud and cyber crime are plentiful and tempting to criminals. Terrorist action is even more frightening, as crazy anarchists could potentially cut off shipping of food and other goods to targeted areas of the planet.
There are no easy solutions to cyber crime, but we have no recourse except to (1) band together with other countries in reasonable treaties, (2) set serious penalties for cyber crime, and (3) work together to enforce it. If we don’t we may be in for serious large-scale economic problems created by terrorists, exacerbating the huge problems we face from the population explosion. Crime on the internet is just as diverse as any other, but potentially more dangerous because of the global reach of the internet.
Will things get better? I believe it is unlikely that cyber crime will be curbed any time soon. Nationalism combined with a lack of understanding of the internet stands in the way of effective treaties. The ever-increasing dependency of business on the internet suggests anti-cyber crime regulation will never be well conceived or implemented, and will often be blocked by business interests, some of whom are already using cyber crime tactics to enhance their profits. Some national governments are already waging cyber war on each other, not always confined to spying. Future advances in more tightly connecting human minds with electronics and the internet have frightening aspects to them. The grooming of children and other vulnerable people for illegal purposes, or just to motivate them to join an extremist group, are worrisome with good reason. For as much as we gain through internet access, how much risk do we take on? Will the internet turn out to be a “net negative” for human civilization and life on the planet? Will it help in mitigate the population explosion through better education or will it just make things worse by enabling our population to grow even larger before we are forced to reduce it (or nature reduces it for us)? Does everything we do to make ourselves better off, including development of the internet, only increase our future risks, not just from our own bad actors, but from the increasing pressure we all put on the global environment?
These are questions of critical importance that will be answered, and hopefully in a way that is good for people and life on the planet. Thanks for reading — Tim