Articles Index About 60-Seconds Submit an Article Contact Us About the Editor
This column, part of DTG Magazine has been published since 1990.
* The Design Center * Design Bookshelf * DTG Magazine * Photoshop * Photoshop 911 * Photoshop Help * Photoshop Resources * Photography * Web Design * Fonts & Typography * The Design Cafe * User Groups * Info Manager
(Hover for brief description)
Got content? Share your articles, reviews, tips and tricks with DTG readers around the world. (Ask about our writer guidelines for ideas.) Contact us. Submit Article
#182 May, 2006
WITH ALL THE TALK THESE DAYS about defending our borders, I'm appalled that so much time and money is spent by the drive-by media -- and so much lip service -- when an insidious invasion has been upon us for the past four years without even a whimper.
Every evening on the network news I endure politicians pointing their fingers into today's political pie hoping to get a little piece for themselves. They're enthralled with their own ghost hunts for non-existent issues to blame on their opponents. They're far too enamored with making new laws when they can't even enforce the ones they've got. All while their constituents are under an ever increasing, ongoing criminal electronic attack.
The real eye-opener is the implication of tie-ins with well known entities like AOL, Compuserve, Google and Yahoo. That's right -- you heard right. In two days of research, I've uncovered phishing plots that utilize accounts at AOL, Yahoo and Google to stage and redirect criminal attacks. (See last month's column on Phishing) If those ISPs were part of the Anti-Spam initiative, the terrorists would have been blocked from setting up such accounts. Those criminals and their Phishing efforts would not even exists to US internet users.
Out of 25 phishing attacks in the past 48 hours, all but four were perpetrated through open proxy servers outside of the US. These are computer installations, usually in foreign countries, cheaply implemented, ill configured, and for the most part unattended. Not much you can do about those short of blocking their IP addresses. Abuse reports have no affect, and there's no accountability.
Of major concern, however, are the four phishing attacks in two days which used big US firms for their staging. Registrars and ISPs in the U.S. should know better. The problem is, none of the big guys have to be accountable either. After all, there's no regulation, and they're all too busy making money to be concerned about their users' safety.
Savvy criminals and terrorists alike know that they need to launch their attacks where no one is watching. Either they use a foreign open proxy server, or a US provider with no administration. They're aware that using small, independent providers is counter-productive because their administrators can be reached quickly -- and their phishing efforts are more likely to be squashed early in the attack. When an operator can act quickly, the attack can be turned off and the offending redirect or hosted spoof pages can be deleted off their server putting that attack out of business. (Which usually happens.)
Therefore, online criminals like the big U.S. installations. They're confident that spam reporting software does not usually take on the big guys like AOL, EarthLink, MSN, Yahoo and Google. They know that these mega-providers have grown far too fat and complacent to actually act upon reports in time. They are covered in layer after layer of corporate shroud that all but prevents crime detection and guarantees criminal success. Reports and tracking can take days or weeks -- by which time, the terrorists have folded their tents and moved along to other staging venues. (Or, to the same venue under a newly forged name -- also quite common.)
Picture what the grocery industry would be like if there were no regulation or accountability of the packaged goods you buy on the shelves each day. How long would it take for less than honorable vendors to get in there and fill the shelves with bogus products? Or, take the pharmaceutical industry. How about if anyone and everyone could vend pills and elixirs. What if you never needed a prescription, there were no regulation of drugs and just anyone could sell any drug -- no research and development -- no testing or industry standards to meet. Morphine on your grocery shelf. It's a scary thought.
There are two serious problems with the online world known as the Internet:
1: Loss of Control and Accountability
First, the controls for Internet, created and developed by the U.S. Government, were freely turned over to an international nonprofit organization, thanks to the Clinton administration. This is the worst of the problems because those controls cannot easily be taken back. The one organization capable of protecting the Internet population, ICANN, is no longer accountable nor capable of governing. They can't even manage their own policies and regulations, much less that of the DNS system that runs the whole internet. And, there is no one overlooking ICANN's activities, short of an act of Congress.
2: Corporatization
With all traces of regulation and accountability in the inept hands of ICANN, big business with highly skilled programmers and very deep pockets is on a crusade to squeeze every penny out of every pair of eyes on the planet. They do as they please for the sake of advertising revenue, so consequently, communities like Ourworld.cs.com and MySpace.com are open-arms to the criminal element as well as anyone else who comes along -- from any place in the world.
The slippery slope
In a matter of moments, with nearly zero cost, a criminal can register two domains, set up a bogus account at a large ISP, post a bogus redirect web page along with a CGI form web page on a separate server and send 25 million spams through an open proxy mail server in Romania. They stand to make more money in the next couple of days than most people make all year.
You ask: "How can they do that?"
Answer: Because nobody stops them.
Thanks for reading...
Editor: DTG Magazine and 60-Second Windows contact me!
REFERENCES:
*
"The Battle for Regulation of the Internet" Massachusetts Bar Association (March 1999)
*
"Why Worry" ICANN Watch - "Icann for Beginners"
*
ISP Self Regulatory Initiative 2000 proposal from UGN Safe Netting
*
Wrong Turn in Cyberspace A. Michael Froomkin, Duke Law Journal (Or in PDF format)
*
PDF Graphic of ICANN organization
*
Icann And The Problem Of Legitimacy - Jonathan Weinberg, DUKE LAW JOURNAL PDF
"... there is more at stake here than the Internet. Even if ICANN were thought to be a good thing, a narrow focus on the Internet ignores the pernicious effect of ICANN on the U.S. government itself and on our democracy -- for there is a real danger that ICANN will not be a fluke but will be used as a model for additional erosions of responsible government."
A. Michael Froomkin, Duke Law Journal
Please take advantage of everything we have to offer. It will only help you in your daily activities. Please also take advantage of all the opportunities that exist in the online community. Ask questions, offer feedback, and contribute your ideas and opinions. We're here for you, and we're all here for each other.
* Back to 60-Second Window
* The Design & Publishing Center
* DT&G Online Magazine
Would you like to carry the 60-Second Windows column in your newsletter or web site? Ask us about our syndication program... join hundreds of others who now publish 60-Second Windows!
60-Second Windows is wholly owned by the Design & Publishing Center, part of Showker Graphic Arts & Design, Harrisonburg VA; in the Shenandoah Valley of Virginia -- Copyright: 1990 through present, All Rights Reserved.