THANK YOU, DIGITAL REVOLUTION! You’ve given us many benefits, to be sure, but now this. We are living, apparently, at the mercy of people with the manners of a chimpanzee and the tongue of a Sicilian fishwife.
Such is the assessment of Misha Glenny, a British compatriot and colleague of mine who distinguished himself internationally with some powerful reporting on the Balkan wars, and since then has been trenchantly exposing the workings of global organized crime.
His new book focuses on how we are all at risk of having — because of the way inter-connected networks function, and can be so easily abused — our economic and indeed our everyday practical lives destroyed by the world’s new breed of cyber-criminals. They turn out to be a pretty uncouth and unsophisticated crowd, according to Glenny — which may not matter much, but it certainly adds insult to injury.
Cyber-crime happens at all sorts of levels, of course, from the intimate matter of a thief hacking or conning their way into your bank account, to massive electronic heists from national or multinational institutions … and it murkily shades into the territory of state-on-state attacks, which can be financial or physical. How else except as a crime can we label Russia’s 2007 electronic onslaught against its tiny neighbor and former fiefdom, Estonia, when that nation’s parliament, broadcasters, newspapers and banks were all effectively disabled?
Glenny’s DarkMarket: Cyberthieves, Cybercops and You, from Knopf, points out that at whatever level such crime is planned, the front-line operatives are all drawn from pretty much the same demi-monde. The subculture is made up of many individuals of enormously differing backgrounds, originating cultures and nationalities, but their similarities, he says, are striking. After years of research, and many one-on-one interviews, his essential thumbnail profile typifies such an operative as:
Young (a remarkable proportion of the successful ones are in their late teens) … male (as few as 5% conform to the now-mythologized ‘Lisbeth Salander’ type – though these young males’ general behavior often closely mirrors hers) … blessed with a phenomenal capacity for mental concentration, often over greatly protracted stretches of time. And in Glenny’s opinion they could mostly be diagnosed, in social communication terms, as occupying a place somewhere on the autism spectrum.
The author expounded this week on his encounters with these frontline troops (and their commanders, at various degrees of rank and richness) for New York’s International Peace Institute during one of the Institute’s “Beyond the Headlines” discussions.
(See the presentation and Q & A, moderated by veteran international correspondent Warren Hoge.)
Why air such ‘true-crime thriller’ material at a global think-tank devoted to peace and security? Well, at its simplest, we need to remember that overlap in personnel (and in techniques) between the ‘simply’ criminal enterprises, and the world’s growing inter-state confrontations in the digital sphere. International security is now seriously threatened by the actions of this hard-to-locate and certainly hard-to-regulate young cohort.
Matters are already ratcheting up since the Russia-Estonia clash. Things have been changed dramatically by the notorious episode of Stuxnet, the computer worm which could only (it’s believed) have been developed at a national governmental level — by the United States? … by Israel? … by both in cahoots? … no-one can definitively say — and which nearly two years ago managed a shut-down, if only temporarily, in Iran’s processing of allegedly weapons-grade uranium.
Glenny talked of a pre-Stuxnet and a post-Stuxnet world.
There has not been what the doomsayers call … Cybergeddon or a Digital Pearl Harbor, whereby the stuff of life stops functioning. But once Stuxnet happened it was gloves-off, and people round the world said ‘Whoa! People are deploying. That means we have to get our act together’. … And people are sitting down and developing these weapons hand over first now.
I have reported before on efforts to mobilize public awareness internationally in support of some combined governmental action against cyber-crime, to confront both private gangsters and peace-threatening national aggressors — along the lines of Geneva-style rules of war that need to be customized for the digital age. One clear call came from the high media platform of the Thomson Reuters news-agency headquarters, being voiced jointly by ex-Secretary of State Henry Kissinger together with ex-Ambassador to China (and now barely-surviving presidential hopeful) Jon Huntsman.
A provocative proposal came from Glenny at the IPI. Even before international action can be taken, some rationalization needs to happen, he argued, in how individual countries handle their own hackers. Most notable in its ham-handed approach is the United States, with its indiscriminate criminalization and punishment of such operatives, who for all their similarities of method and perhaps of their psyches, can have been animated by a complex variety of motivations and motivators.
The same skills and methods can be in service of tabloid gossip-seeking, multimillion dollar fraud, corporate whistle-blowing, international espionage, identity theft, advocacy of open government, or the search for missing teenagers with Facebook accounts. The blunt instrument of the Computer Fraud and Abuse Act dating back to 1984 makes you a criminal whenever you do anything that can be defined as “exceeding authorized access”.
Most challenging of all, perhaps, was Glenny’s notion that a convicted cyber-thief or other digital offender could be considered, after completing their sentence, for lawful employment by government agencies engaged in the business of enforcing network security. It reminds me of my rural childhood, when I sometimes helped a game-keeper and learned the usefulness of ‘a poacher turned gamekeeper’, or of later urbanized years when I heard the adage ‘set a thief to catch a thief’. Currently an ex-con whose expertise is in hacking and related digital fields has few choices for re-employment … and too easily can be bought up by organized crime, or by a foreign country’s spy agency.
After all, Glenny emphasizes, existing computer security specialists in the CIA, FBI, DEA, ATF and other agencies are unsurprisingly being lured away when they reach a high level of expertise, by the rich industry behemoths of Google, Apple, or Microsoft. Oh, and possibly by … and let’s see this researched by some good investigative journalists … the cyber-criminal bosses of the Dark Market.