Slashdot Mirror
Cybersecurity and Piracy on the High Seas
Schneier points out an interesting article comparing modern cybersecurity to piracy on the high seas in the early 1800s. The article extends the comparison into projected action based on historical context. "Similarly, in many ways, current U.S. policy on the security of electronic commerce is similar to Adams' appeasement approach to the Barbary pirates. The U.S. government's inability to dictate a consistent cyber commerce protection policy is creating a financial burden on the U.S. private sector to maintain a status quo, when those resources could be used to mount a more-effective Internet-focused defense. In the case of financial fraud on the Internet, the costs associated with fraudulent transactions are currently borne by private companies, which then have to pass those costs on to their customers. This basically creates a system in which the financial institutions are paying a type of 'tribute' to the cyber criminals, just as Adams did to the Barbary pirates."
Except the difference is that software IS VIRTUAL. End of story. Next.
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
Interesting. Government is less effective than private companies. Who would have guessed?
the "Barbary Pirates" were actually privateers and muslim terrorists.
The response the US got back from the Barbary ambassador was that their taking captive sailors and forcing them to either convert or be killed was "founded on the Laws of their Prophet, that it was written in their Quran, that all nations who should not have acknowledged their authority were sinners, that it was their right and duty to make war upon them wherever they could be found, and to make slaves of all they could take as Prisoners, and that every Musselman (Muslim) who should be slain in Battle was sure to go to Paradise." (quote the direct words of Ambassador Sidi Haji Abdul Rahman Adja , the Dey of Algiers to Britain).
Muslim terrorism isn't a new thing, it's been going on since Mohammed killed Safiya Bint Huyyay's entire tribe, cut her father's head off in front of her, raped her, then declared it a "marriage" the next day when his troops started grumbling that he always got the hottest chicks for his personal slaves.
We're pirates not ninjas :(.
***WARNING***
Link in parent is malicious. Do not click.
(Honestly, dude...it's getting old...)
____
~ |rip/\/\aster /\/\onkey
Looks like modern pirates would have a lot of words to relearn...
Hijacking - 1. Taking over a post on Slashdot.
Terrorism - 1. DOS attack against all the root DNS servers simultaneously. 2. Slashdotting a website.
"Arrrr..." - 1. Phrase uttered by someone who has just been linked to goatse.cz
One-Eye - 1. Asshole.
Pirate Flag - 1. Used to indicate a box has been pwned. 2. Used by Maddox (maddox.xmission.com) as a TM.
Booty - 1. A woman's butt.
...now we have bad boat analogies. Great.
Looks like the argument is "the government should be more involved in actually doing something." This is undoubtedly true; it's the government's job to set safety standards and to fight crime.
But really this is just an article that says "Hey, why not have the government fight crime?" with nautical window dressing. The author's better off scuttling the piracy angle.
Freedom isn't free; its price is the well-being of others.
Apparently so from TFA, ... either that, or it's just more FUD to encourage government control (read taxation) of the internet.
I'm of the opinion that the government should be there to hold private industry liable for any breaches of personal data that leads to fraud. If someone steals my credit information and makes purchases with them, the credit card company should be on the hook for not verifying the identity of the person who made the purchase. The merchant should be on the hook for not verifying the identity of the purchaser. The whole system needs to be changed. Instead of giving out free credit, they need to only give credit to those who ask for it. Turn it from a push to a pull system and validate the hell out of the puller.
On an only semi-related tangant, I'm waiting for the explosion in fraudulant health care claims. The health care cards themselves are simple pieces of paper. It is easy to get a picture idea with your picture and someone else's name on it. With the cost of health care skyrocketting in this country it is only a matter of time before people start getting health services under someone else's name. And I already know what is going to happen... the person whose name got abused is going to be liable for it, not the health providers who okayed the procedure in the first place.
"Stop breaking into my server, ya' scurvy dog, or ya'll walk the plank! Arrrr!", right?
This is Slashdot. Common sense is futile. You will be modded down.
The rest of this article is full of similar crap ideas and analogies. Aaron Turner, who manages security technology transfer and commercialization for the Idaho National Laboratory, previously worked in several of Microsoft's security divisions. Oh. I see.
I guess it's easier to create an international body to oversee the internet than get Microsoft to put out a secure product.
[Fuck Beta]
o0t!
A pirate cannot sit in one country and commit his deeds in another country, far away from his physical location. There would not be any spam (at least not for long) if the spammer would have to come close to the recipient. Scammers have much better hideouts than pirates and, unlike their offshore counterparts, scammers never have to leave their hideout.
If financial institutions pass the costs onto their customers, then aren't the customers paying the "pirate tribute"? Also, on an unrelated note, I sure hope that Pirates of the Carribean 4 is rated "ARRR!"
stuff |
...because it was a stupid arrrrrrrrrrgument.
His analogy of credit card fraud to piracy just hogwash. Credit card fraud typically doesn't occur by ISP's snooping on internet traffic because that is just too dangerous to the ISP's business and reputation. It's just easier to crack open someones database to harvest the numbers.
His analogy works far better when talking about Net Neutrality. You could say that ISPs are charging tribute based on packet type. The closest you could get is if a foreign country started blocking traffic to Amazon, or if say a British ISP started removing/substituting ads from American websites.
Article summary:
Its like if you were driving your car filled with Natalie Portman dolls filled with hot grits across the Atlantic at 5 furlongs per fortnight and the RIAA stopped you and robbed all the dolls. Except on the net where its LOCs of data per fortnight, not dolls. What he's saying is that we should call out the US Army to kill all the RIAA lawyers, but of course that should be illegal but they changed the law recently because of the Katrina reaction so now it isn't.
They ARE out to get you simply because They are in it for themselves and they don't care about you.
If the government should be paying for it, where does the government get its money?
If the government pays for it, it still comes out of all of our pockets.
The government can not create value.
Solving the problem of internet security is amazingly trivial in the US. Offer bounties and encourage supervised (logged?) domestic attacks.
The only reason I can imagine for the US government to discourage or jail our millions of ambitious hackers instead of enlisting them is that they don't want the holes found. Either that or arrogance and stupidity on such a massive scale that I can't actually picture it.
Hmm, but then it is the US government we're talking about. Never mind.
This game sucks.
Don't let W. hear this. Next thing you know we'll be sending the Internet Marines to invade Romania.
Hell, lets resolve this like they did back then. Give me an unit of marines, a naval squadron, and three times as many mercenaries. I will just shoot the hackers. Sing the song be damed, we'll just shoot them in the head.
In God we trust, all others require data.
Software "piracy", entertainment "piracy", phishing ... the author is obviously conflating these things under the banner of IP and suggesting that there's an economic argument similar to one raised when the US was a free republic. The differences are glaring and obvious:
I am a name troll of Westlake. Visit my homepage to learn why.
The Barbary pirates were a direct extension of national power using very high value strategic assets. While Cybersecurity attacks may come from nations they can just as easily come from criminal, religious, political groups, or even from a single person. The biggest difference is that the cost of many multiple is very low while military ships is very high. It is hard to make war on fanatics in 3rd world basement or crooks in cybercafes.
Why is it easy for me to get a new credit line of some sort? I should have to go into a bank with at least two forms of state ID, and fill out the paperwork in front of an employee of the bank instead of being able to just mail out a form with no ID other than a SSN and a wink.
The financial institutions need this easy ability to shove credit down people's throats because the cost of doing it right isn't nearly as profitable. However, it is a lot safer and would solve a lot of the problems that banks have with security.
Did the street price of booze go up or down during Prohibition? I'm betting up.
With the first link, the chain is forged.
If they compare it to real piracy, in the same way they can compare to any stealing, railway robberies in US in XIX century, bank robbing...
Pathetic idiotic idiots soaked in their idiocy.
The concept of intellectual property exists since middle ages, when craftsmen corporations were guarding their technological secrets. That would be better, but still utterly useless train of analogy.
There is nothing comparable in the technological ease with which modern digitized intellectual property is stolen. Absolutely nothing.
SO stop idiotic comparisons and do something useful.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Personally, I think the "fraud" here is that these credit companies are still working on transaction idioms that were devised in the 1960s when a person's signature was "good enough" as authentication!
This is a case of banks and credit companies not wanting to change their approach because it's cost prohibitive and puts their business model at risk (hmm, where else are we seeing this right now?). Welcome to an interconnected world, there's a price to pay, maybe you shouldn't have sat on your @$$ all this time and actually kept up with the times.
The thought of the government being responsible to protect bank and creditor's interest scares me.
Let the law enforcement and the military deal with the child pornographers, the kidnappers, and the terrorists. Let the government pass legislation that obliges credit card companies to disclose data on fraud including the cost and the root factors. Maybe they'll see that I'm right!
Arrrrrr matey!
Domain Name: NOTLONG.COM
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com/
Name Server: NS.LEVEL22.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 02-apr-2008
Creation Date: 04-jun-2002
Expiration Date: 04-jun-2009
Registrant:
c/o NOTLONG.COM
P.O. Box 821650
Vancouver, WA 98682
US
Registrar: DOTSTER
Domain Name: NOTLONG.COM
Created on: 04-JUN-02
Expires on: 04-JUN-09
Last Updated on: 02-APR-08
Administrative Contact:
ROvBWr@privacypost.com
c/o NOTLONG.COM
P.O. Box 821650
Vancouver, WA 98682
US
+1.360-449-5933
Technical Contact:
dlGxR4@privacypost.com
c/o NOTLONG.COM
P.O. Box 821650
Vancouver, WA 98682
US
+1.360-449-5933
Domain servers in listed order:
NS.LEVEL22.COM
But I am sure someone here is more knowlegeable in getting better info on the subject as well as what to do with it as well as possibly already working on it.
The word's trite & wrong. Whoever uses that should be treated with scorn & beaten about the head and shoulders.
Hail Eris, full of mischief...
E pluribus sanguinem
It is an anachronism to use the term "muslim terrorists" to refer to criminals of the early 19th century engaged in piracy for profit. Whether you think American and European policy in the Middle East over the last century has been right or wrong, it is fairly safe to say that "muslim terrorism" over the past few decades has been a consequence of those policies. It is a phenomenon of the 20th and 21st centuries.
When you look at the historical record over many centuries, it's hard to say whether Muslims or Christians have been worse in terms of violent acts. On their side of the ledger, Christians have the crusades (which included the slaughter of the Rhineland Jews, among other atrocities), the complete annihilation of the Cathars, and the burning of accused witches, just to name a few of the more obvious examples.
Most Muslims and Christians aren't terrorists, either now or at any time in history. There are obvious political or propoganda reasons for repeatedly using the words "muslim" and "terrorist" in the same context, but I don't think that doing so is helping the cause of sustainable peace.
American standards shall rule the internet. It shall be so decreed. Infringement of American Internet Control Standards shall be an act of war! Yeah, right, whatever.
Like real sword wielding pirates?
-Nemo me impune lacessit-
A pirate cannot sit in one country and commit his deeds in another country, far away from his physical location.
The three mile limit was created because that was essentially the maximum range of cannon at the time: A shore battery could only hit something within that range, so that's how far the countries could claim their territory extended.
The cannon on pirate craft had an only slightly lesser range. A pirate, raiding a town, could bombard it from a couple miles out.
Modern alalogical "pirates", shouting an analogical "stand and deliver" as they extort valuables from their victims, just have analogical cannon with MUCH longer ranges. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Interesting. Government is less effective than private companies. Who would have guessed?
It seems you (and the authors of the article) are missing a key point. Yes, international trade grew on a foundation of international and maritine law, but only after the Marines went in and kicked some Barbary butt. In that sense, government is more effective than private companies. (At least, private companies that don't have their own army and navy.)
Countries were able to reach peaceful agreements on how they would treat each others' ships at sea and use each others' ports only with the very real threat of military action.
To make an analogy to the internet, is there a real threat the USA will take militry action against Russia if that country continues to be a source of internet crime?
It's nice to say all countries in the 21st century have an interest in peaceful, orderly trade via the internet, just as countries had an interest in peaceful, orderly trade via shipping in the 18th. But the reality is, open shipping came at the point of a gun. If the analogy holds up, then is the same true for the internet?
Rudyard Kipling covered this already. Why don't they learn?
Very few political entities are bereft of terrorism. Schier once again makes numerous mistakes in pointing to the culpable. The culpable are: all of us, ranging from users teaching users, to ISPs, to the website owners, to the makers of protocols with holes like Swiss cheese (and apologies to the Swiss). It could be fixed, but no one wants to claim the nexus of responsibility.
The terrorism label is a red herring, great for propaganda and useless war mongering. No one doubts the existence of many organizations that will murder, some en masse, in the name of their cause.
---- Teach Peace. It's Cheaper Than War.
Well, IMHO the worst analogy is even in the summmary. Basically: (A) businesses lose money to fraud, which supposedly is like (B) the government paying tribute to the pirates.
I mean... Umm, excuse me? They don't look at all similar to me. Just because they share one element, it doesn't automatically make two things similar.
If it automatically did, we'd have a hell of a lot of ridiculous "similarities" all over the place. E.g., (A) the government still can't stop cars from killing innocent people, (B) Stalin and Pol Pot killed innocent people too. Ergo, any western government is no better than those murderous regimes. E.g., (A) the fire departments often can't save everyone from a fire, (B) the Spanish Inquisition burned a lot of people alive. Etc.
But to get back on topic: Similar to the losses to pirates, ok, I can swallow. Similar to the government paying off pireates, no, just now. It'll be similar when the government tries to pay off cyber-crooks or something.
Basically (A) is a case of maybe the government not doing enough, while (B) is a case of the government actively doing the wrong (and arguably bloody stupid thing.) Other than as a melodramatic hyperbole, they're not the same thing at all.
And if we're to go even deeper into it, it gets even more lame than that. The barbary piracy resulted in not just a _hell_ of a loss of money (the tribute demanded alone was 1/10 of the federal government's yearly income), and a rather serious disruption of trade, but also loss of lives, and a bunch of people taken into slavery. One of the explicit conditions at the end of the Second Barbary war was that they stop the practice of taking Christian slaves.
It takes a really disturbed mind to see, basically, "yeah, well, I'm not getting as much interest as I could on my bank account" as similar to someone else being taken into slavery.
A polar bear is a cartesian bear after a coordinate transform.
At first intrigued by a somewhat interesting analogy (cyberspace, pirates, seas), it quick became apparent this author has no real understanding of how "cybercrime" is perpetrated. Seriously, how can we expect the US government to aggressively thwart botnets? The analogy basically falls flat on its face primarily because as a somewhat anonymous, automated and decentralized structure, it would be impossible to target the sources.
There is,however, an interesting analogy the author totally missed. There is a trust network already, where email that originates outside of the major webmail providers must enter a trust network. Once the email enters (gmail|yahoo|hotmail), it is afforded a certain level of trust by the others as it is coming from a source that is known to patrol its user base. Similar to this would be a bunch of ports in the high seas that level a certain amount of security...
Yo ho, yo ho, a pirate's life for me
We pillage, we plunder, we rifle and loot
Drink up me hearties, yo ho
We kidnap and ravage and don't give a hoot
Drink up me hearties, yo ho
Yo ho, yo ho, a pirate's life for me
We extort, we pilfer, we filch and sack
Drink up me hearties, yo ho
Maraud and embezzle and even high-jack
Drink up me hearties yo ho
Yo ho, yo ho, a pirate's life for me
We kindle and char, inflame and ignite
Drink up me hearties, yo ho
We burn up the city, we're really a fright
Drink up me hearties, yo ho
We're rascals, scoundrels, villains, and knaves
Drink up me hearties, yo ho
We're devils and black sheep, really bad eggs
Drink up me hearties, yo ho
Yo ho, yo ho, a pirate's life for me
We're beggars and blighters and ne'er do-well cads
Drink up me hearties, yo ho
Aye, but we're loved by our mommies and dads
Drink up me hearties, yo ho
Piracy on the internets is cool and all...
But I'm still waiting for a new space age when piracy in space occurs and when we use grappler ships!
Yes!
Unfortunately the first key difference that shatters the analogy in my opinion is that shipping, commerce and pirates have never been nebulous concepts and therefore one can move straight into the heart of the matter and create actionable items. Anything related to the "inter-webs" unfortunately requires much more definition and learning just to get a foundation of understanding which is very rarely done as part of the necessary due diligence all three of our branches should be doing on an ongoing basis. Take spam legislation as an example. Remove the impact of marketing lobby groups and I'm not convinced we'd be that better off.
Next, pirates, like conventional war enemies, are identifiable. Cybercrime is more along the lines of terrorism in that even identifying the targets is extremely difficult and the potential for collateral damage high if you're not careful. If one carries the shipping analogy along the situation includes such scenarios as the fact that normal merchant ships are carrying invisible pirates who unbeknownst to them steal cargo from nearby ships. I doubt Jefferson would approve taking these ships out to protect American interests.
In my opinion the solution lies with legislation and government support for those hosting the valuable assets (ex. financial institutions, ISPs, etc.) Carrying the shipping analogy along once more, in WWII we learned a hard lesson with respect to our Atlantic shipping getting taken out by U boats. After many losses but before cracking Nazi codes we finally started providing military escorts which reduced losses. The impact of security compliance legislation like SOX is tremendous for our enterprises much like a lack of military escort was for WWII merchant ships. Help them and perhaps even incentivize security reinforcement. Leaving the actual counter cyber terrorism we perform clandestine I believe is critical to its efficacy.
That's just my POV... no more, no less.
Command&control in structures of loosely organized cells are what they claim to be able to eradicate this way, so let (or rather, make) them try out their methods to justify their approach - in a crackdown on cybercrime. If they fail, though, we want our liberties back as we'd have no more reason to expect success from tackling an enemy that fortunately doesn't rear its ugly head all that often.
I read the title and hoped that the story was about lax cybersecurity alowing pirates (the real, ak-47 wielding kind) to know which ships held the most valuble cargo and acting on the information. Images of third world crackers typing at a beat up terminal and finding their way into teh database of shipping companies, followed by the whitehat on the other end redirecting them to the coordinants of the local navy.
I watch too many bad movies.
(vi Powered)
Mohammed killed Safiya Bint Huyyay's entire tribe...
Where did you see this? I ran a search and couldn't find consensus on Mohammed's life. What is the source?
fundamentally there is a huge difference between the internet and pirates of the nautical variety. Every part of the internet is owned by a corporation and therefore that corporation is subject to the laws (or a lack there of) of a nation. The IMO regulates international shipping, nations base their laws on international directives. in theory this could work for cybercrime. Modern nautical pirates exist in nations without a political structure - look at Somlia - they are responsible for most most modern piracy incidents, but at the same time are likely poorly connected. Therefore the conditions that breed piracy, tend to preclude internet connectivity, so i would suggest that the comparison is interesting, but weak, and if anything, is an argument for replacing ICANN with a body more akin to the ISO - which works much as the IMO does.
As an aside, I would also like everyone to look at actual piracy - involving the capture of ships, crew and sometimes their murder. see how this compares to the copying of music videos, and software. Copyright infringement is just that, not piracy. it does a disservice to the victims of true piracy.
"...The U.S. government's inability to dictate a consistent cyber commerce protection policy..."
I'd prefer to keep net neutrality at the cost of piracy than to make the internet a Federal institution.
> Private industry does business online, therefore private industry should be bearing the costs of business online. For the government to step in and do that then the tax payer, or consumer bears the cost which is backwards.
Aww, man. From the post title, I wanted to see a discussion of warsailing and its use in compromising shipping security systems prior to physically taking over a vessel. No fair.