Anywhere that you have connectivity combined with the absence of a functioning judicial system; you will breed crime. It doesn’t matter what that connectivity is, or how you measure that connectivity – whether it is in paved roads, running water, electricity – each of these factors contributes to both the reach of commerce and the reach of criminals. The two cannot be divorced from each other. If you have a rapid expansion of transportation, without an equal expansion of police power, criminals will exploit that weakness. In the wild west, outlaws would rob trains as they crossed the nation, knowing that they’d be vulnerable and there was little chance of being caught (as it happens, the development of the telegraph put an end to train robberies.)
Let’s look at Russia. Back in the cold war era, there were technology export restrictions in place. With the fall of the Iron Curtain, those restrictions were relaxed. By the time we in the United States started going online en-masse in 1995, upgrading our computer systems to Pentium machines running Windows 95 – our old computer systems didn’t go into the garbage, they were sold into the huge technological vacuum of the former Soviet Union.
Who are the early adopters of technology? Kids of course! And Russia was no exception. Like a 16-year-old with a hot rod, the youths started souping up computers that we considered garbage. They got on to the internet using whatever they could, and once they connected to our information flows, they started teaching themselves programming. Because they were learning to program on outdated equipment, this forced them to become very, very good. There was no such thing as code bloat. Then you add 5 years to the calendar and what do you have? Little Ivan is no longer 15, he is 20 and has 5 years experience – and therein lies the rub – Ivan cannot go out and get a job in information technology, there is no economy to support his skill set. So, he goes about earning a living any way he can. I call it “N0 RUL3Z, JU5T WR1T3”. Ivan sets about writing spam software, creating Trojan horses, worms… this is where we see the emergence of the botnet.
Brazil wasn’t far behind. In 2004-2005 we saw an uptick in the botnet wars arms race with Russia being one-upped by Brazil with the Beagle/Bagle, Mydoom and Sasser botnet pissing contest.
There is a tide shift taking place. Putin has implemented a 12% flat tax which is bringing revenues flowing into the Russian economy for the first time in 15 years. They are reviving their legal system because they want to attract the Foreign Direct Investment dollars which will never come if they have no legal system which can enforce a legal contract. Along with the civil justice and FDI dollars, criminal justice must reign in corruption otherwise the FDI dollars will quickly disappear. So, Russia is growing out of the script kiddie phase and reemerging onto the world scene. Its good to have Mother Russia back (New & Improved, Now with 1337 H4x0rs!).
I could go on providing details of history and economics, but I will leave that for later. But I will pose this question for you to think about: What do you think the outcome of One Laptop Per Child will have on the future of cybercrime? If connectivity absent a legal system is the breeding ground for crime, what do you think will happen as the bottom billion in Africa gets online?
Computer security is all about dealing with the unintended consequences. Every computer and every system that was ever built was first done to share information, not secure it. Security only came after we got everything connected, then had the collective “awww crap!” moment.
I see another one of those moments coming up on the horizon. Do you? I’m interested in hearing your comments on what the future has in store for security.