Cybercrime: the Next Driver of Internet Innovation

Those of you that know me have heard me rant about this from my geek soapbox. Well, I finally decided to put it in writing.

Crime is the next driver of Internet innovation: regardless of what color hat you wear.

Sure, crime always been part of the Web (and its ancestors). Remember BBS sites with stolen credit cards back in the 80s? I do. Crime has been with us, just as porn, chatting with our friends and email have been there. Porn begat pay per click... which was adopted by legit advertising... which begat online shopping... which (combined with email) begat social adoption of the web (video games helped for the younger generation... but my mom uses FaceBook because she got used to interacting with the Internet via shopping)... which begat social networking... all of the above begat opportunities for criminals to take money from the unsuspecting- cybercrime.

I'm not implying crime hasn't always been an issue. It has. But it has taken on an entirely new flavor as competition AMONG criminals has sparked heretofore unseen levels of sophistication and innovation.  And from a broader perspective, cybercrime is coming to the forefront of our collective consciousness and shaping change in our societies and how we interact on the web. And this is only the beginning.

For the black hatters, this is certainly shaping up to be the golden age of cyber-crime innovation. The monetization of malware has arrived! Supply chains, botnet-for-rent (complete with FAQs), pay-per-X schemes (e.g., iFrame, infection, etc), malware help desks, money-mule recruiting sites, even pay-per-scan sites to test your code against malware scanners! All the while, legal frameworks, jurisdiction issues and white hat technologies struggle to keep pace. These are great times indeed...

And what is the impact of all of this? In the US, municipalities, small businesses and school districts are getting fleeced. National and corporate secrets are being siphoned off like foam from a pint of beer. And perhaps more importantly, the Internet, which began as a place to share ideas freely is becoming a scary place to be... not what we (regardless of what color hat you wear) intended.

For the white hatters our there... this may FINALLY be their wake-up call. Clearly, the old way of doing business, which previously simply hasn't worked is not only becoming embarrassing, it is becoming expensive. It is only a matter of time before the citizenry begins to pressure their governments to shape the future of EULAs... license agreements that hold no one accountable for shoddy work- regardless of the damage it causes. Signature-based tools are so 2000s- stale and woefully not up to the task. The speed of change in the malware world is driving white-hatters to look at new technologies, revisit assumptions and take a new look at risk management. What REALLY needs to be done via the web? What is an acceptable level of risk. Heck, do we as an organization even understand the risk?

Security used to be an afterthought- speed to market, content richness and features were THE issue- regardless of their impact on security or privacy. They still are important... but to the user, privacy and security are quickly becoming an increasing (if not the primary) concern. THAT is change.

Crime is the next driver of Internet Innovation: if I'm wrong... we are all in trouble- regardless of what hat we wear.

~Cpwnk