Re: what are realistic threats

• To: szabo@netcom.com (Nick Szabo), www-security@ns1.rutgers.edu
• Subject: Re: what are realistic threats
• From: hallam@dxal18.cern.ch
• Date: Wed, 28 Sep 94 20:56:49 +0100
• Cc: hallam@dxal18.cern.ch
• In-Reply-To: Your message of "Wed, 28 Sep 94 09:54:30 MST." <199409281654.JAA07713@netcom10.netcom.com>
• Reply-To: hallam@dxal18.cern.ch

>> It is not a question of the amount of money at stake, the real danger
>> comes from people who do not have monetary motivation, the terrorist
>> and the like.
>
>Do you have any statistics to back this up?  I claim (with equal 
>amount of evidence :-) that the amount terrorism that impacts
>electronic commerce (including $trillions per month in curency 
>trading, POS, credit card authorization, etc.) is infinitesimal 
>compared with the amount of fraud and theft perpetrated for personal 
>gain.  

There are two things to consider, the cost of the individual attack and
the cost of the class of attacks.

If you are a small business then the cost of fraud and theft rightly
falls upon the credit card companies who set up the security system. The
main danger of being wiped out is from a malicious person out to get
you.

Given the `security' measures taken by ATM and POS type systems at present
I don't think that much can be done to patch a system that is basically
flawed. We can put in public key exchange, authorisation, encryption
etc but the basic mechanisms are too lose. 

* From the details on a statement alone it is possible to create a copy
	of a credit or ATM card

* It is not necessary to even have the card to order goods, all you need
	is the information the user has to give to make any telephone
	order.

* Packages should be delivered to the billing address. In practice it is 
	easy to cicumvent this, either by rerouting the package through
	a call to the shipper or in many cases by requesting a different
	delivery address.

In the UK the police have refused to put any effort into tracking down 
phreaks who steal phone codes by listening into conversations and then 
using them in a chipped phone. They consider it a waste of their time
to try to track down people abusing a system that is asking to be cracked.


There may be more thieves but they are easier to deal with. End to end
encryption and authentication will cut out most of the problem. The hard
problems to solve are traffic analysis type attacks and denial of service


>This invocation of terrorism is another symptom of computer 
>security folks still fighting the Cold War rather than looking 
>to solve the problems of electronic commerce. 

No we have stopped fighting the cold war... or rather became surplus 
to requirements thats why there is a need to look for alternative uses
to put a lot of integer arithmetic to :-)


> Use of Internet 
>resources to engage in terrorism, just as terrorists might use phones, 
>faxes, etc., might happen one day, but that has nothing to do with 
>the problems of Internet commerce.

What worries me is a terrorist type mentality deciding to take out the
e-commerce with a carefully chosen attack. We provide end to end security
over an insecure medium through cryptography. The problem is that in any
system such as the internet which does not have quotas it is very difficult 
to stop a denial of service attack.

We have people already whose idea of a good time is to put a redirected
nuisance phone call through such that a famous person looks like they are 
the originator. There are also people who would like to bring down the 
phone network for kicks. Bringing down the internet is very much easier.


I think we should be able to solve most of the e-fraud problem long term
except for problems with stolen cards. The main thing is to not leave
open invitations to abuse as we do now, Long term what worries me is that
as people depend on e-commerce the personality disorder types will try
to simply wreck the system. to prevent that we need to change the transport
itself and I don't know of a good solution that scales well.

 
To summarise, I don't think that we should try to analyse the motives of the
presumed attacker. The non profit attack may be rare but can be very expensive
indeed for a single episode. Profit attacks tend to be little and often,
spread arround to hide the affair. Otherwise they get spotted. The terrorist
type attacker does not care about detection, they may even try to get
caught, and leave clues. In the meantime they can cause substantial harm to
selected targets and not just place a surcharge on society as a whole for
being careless with security.


	Phill H-B

• Re: what are realistic threats
• From: szabo@netcom.com (Nick Szabo)

• Previous: Re: what are realistic threats
• Next: Re: what are realistic threats
• Index(es):
  • Index
  • Thread