About two months ago, I suddenly was no longer able to log on to my Facebook account. We all know the procedure: click the “Forgot Password?” button and have it sent to your email, where you can reset your password and quickly get your life back. However, I have tried at least eight times now, and the most I have gotten is one mocking email from Facebook claiming that all I had to do was respond and I would finally receive a new password—but apparently they were just kidding. After a week or so I moved on from Facebook and decided I didn’t need it anymore, but alas, I found there was no way to delete my account. The good news is I have been liberated by the expectations that used to shackle me to my wall. The bad news is that the wall still stands, and now the most I can do is to watch my poorly-maintained identity as it drifts through cyberspace, being tagged in obscene scenarios (ok, that’s my fault), and deterring potential friends with my forced anti-cyber-socialism.
My unfortunate experience has made me a lot more aware of cyber-shenanigans and I decided to examine the issue. Appropriately enough, October happened to be National Cyber Security Month.
What exactly is cyber security? Most people think it is analogous with the health of living organisms. My story is the equivalent of a minor itch—especially compared to some of the breadth and destruction inflicted by certain computer illnesses. Just like health in human beings, there are two kinds of illness: those inflicted by some other organism, and those that are simply accidental. The Consumerist recently reported a number of people who were accidentally charged $23,148,855,308,184,500.00 on their debit cards due to a malfunction in the bank’s computer. This is a very rare and unavoidable type of bug, and of course Visa agreed to fully reimburse the victims. Still, it’s a reminder that our bank accounts exist in cyberspace, which, like the world we live in, is unpredictable.
Then there is the other kind of illness: the virus. People called “hackers” or “phishers”—essentially rogue computer scientists—engineer them. Most of these criminals derive funds by siphoning discretely from savings accounts, acquiring information about competitors, or if they are especially talented, by directly robbing a bank via computer.
Other common computer illnesses, usually driven by commercial motivations, are generally called “malware.” Some viruses, called “trojans,” can hijack your email account and force it to send out spam to other email addresses—contagious viruses are among the most successful. Other viruses will remember the keystrokes when you type in the password for your bank account and use it to redirect your money to another account. For about a week, your account appears to be normal while the virus is doing its work, and by the time your balance visibly declines, the virus has vanished without a cookie trail.
So what can we do to prevent getting these viruses, and recognize when they invade our computers? The first steps consists of what you’ve heard many times before: Always have trusted virus protection, never leave your computer unlocked in a public space, and don’t open suspicious emails claiming to extend your “membership.”
However, these cyber-hygiene maxims leave a lot of questions about cyber security unanswered. Is the amount of Internet crime going to decrease with improved technology in the future? Then there is the more obvious question: why is there so much Internet crime in the first place? Is Facebook to blame?
In order to answer these questions, I went to Thayer Engineering professor George Cybenko, a specialist in this area.
DFP: “What do we have to do to improve cyber security?”
G.C.: “Improving security will require two things… a) better technology and b) better user awareness of security threats. People are working on a) and making progress. In order to achieve b), users and consumers will have to be educated.”
DFP: “So if the technology is out there, why are so many computers and networks still getting sick?”
G.C: “Although there is better technology, not all users invest in it. Even large companies cut corners on security investment—it’s a calculated cost-benefit analysis.”
Maybe Facebook is to blame for my untamed Facebook wall, I thought to myself.
DFP: “Is data protection keeping up with the new boom of Facebook, Myspace, and online desktops, or is the overall safety of our online identities getting worse?”
G.C.: “The vulnerabilities of Facebook and Myspace are not related to data protection or encryption technology. [The problem] is that people put stuff out there for many to see. There’s more personal data out there [nowadays], for sure.”
It is important to remember that not all viruses are illegal, and not all illegal programs will give you viruses. Some “warez” come in the form of free online “cracks” for unlocking full-version functionality in popular programs that you can download on illegal websites. Although they can be extremely helpful to an unscrupulous consumer, they are also illegal, and authorities usually discover them in a few months. Many of their creators have no incentive to design these programs other than peer recognition. “Hacking has become a business with economic incentives which are not completely open or known,” Cybenko added. For example: Counterstrike, arguably the most internationally successful first-person shooter of all time, was adapted from another published computer game (Half-Life) by an anonymous computer hacker.
Ironically, one could theoretically use an online “crack” to protect one’s computer against viruses. However, due to the many legal risks of downloading freeware—and the fact that at second glance most spyware and virus removers are themselves malware—this is highly discouraged. Although the cyber black-market is not synonymous with corrupt and infected files, there are other obvious calamities to watch out for.
These risks have nothing to do with viruses or computer health in general… they are more legal in nature. Downloading music, cracks, and keygens with generic software clients like Limewire or ever allegedly safe torrent clients is simply a game of roulette. The world of free downloads is a “gray market” that ranges from semi-legal to illegal.
I do not advocate illicit activities, but if you must indulge in cyber piracy, you should choose your methods of downloading wisely—and again, the DFP is most assuredly not advocating these. If you like the regularity of a place that won’t get shut down every few months, the safest option is buying the premium package from a file hosting website (such as rapidshare.com or hotfile.com) for a flat rate and with unlimited downloading capacity. This usually costs about $60 dollars for a year, but the selection is like an all-you-can-eat media buffet. You can search for files on this database through torrent websites like warez-bb.org, or you can use a little trick a-la-Google that will allow you to access to the database from the back, saving time. After you have subscribed to a website like rapidshare.com, simply search on Google: “file:rapidshare.com name of file”, and it will present only premium files from the site. But you still take all the risks and dangers associated with pirated content—including potential legal ramifications.
The Internet is the landscape of the new millennium: it is a battlefield, a library, and a Las Vegas. Like any of these places, if you don’t know the rules you can be taken advantage of and/or hauled away, and even then, the rules aren’t always enforced. Worst of all, you can compromise the safety of anyone with whom you may be connected. However, if you stay quiet and accept that you—and your wallet—have to make certain sacrifices, you will find yourself in command of enormous potential.
