One of Australia’s leading figures in online law enforcement says the internet offers so many opportunities for crime that he expects “at some stage there will be real debate on the benefit of the internet”.
This has led Detective Superintendent Brian Hay of the Queensland Police Service to suggest that some people might ask: Should we turn it off?
As far as major infrastructure projects go, it does not get much bigger than the National Broadband Network announced by Kevin Rudd earlier this year to “pull Australia out of the broadband dark ages”.
But the plan has frayed the nerves of the already overstretched agencies and companies charged with keeping the internet safe.
For them, the digital future looks dark, and the faster the internet, the darker it could get.
Organised crime is emerging as the biggest threat online, and perhaps most alarming is the role that home computers play in international crime networks.
The criminal gangs’ weapons of choice are referred to as botnets – groups of computers that have been infected by small computer programs called malware.
It is estimated that one in every six computers in Australia has at some stage been infected by malware – you can be infected just by opening a suspicious email or even visiting a trusted site that has been secretly hacked.
Some of the best-known sites in Australia have been hacked in this way, including the Sydney Opera House’s site.
Once your computer has been infected and becomes part of a botnet, it is under the control of an online criminal who can use it to do just about anything – send spam emails by the thousands or steal your bank account information.
Since 2002, a cyber-crime industry worth hundreds of millions of dollars has flourished, and home computer users have helped out every step of the way.
The largest known botnet has as many as 2 million computers connected to it at any one time and has affected 28 million machines over its lifetime.
In 2007, the entire Baltic nation of Estonia was taken offline by a Distributed Denial of Service (DDoS) attack – where the computers in a botnet are instructed to flood a particular site with traffic.
Just last week, the microblogging site Twitter was down for hours at a time because of a DDoS.
With the size of today’s botnets, Graham Ingram, the head of Australia’s national internet security body AusCERT, worries that a major Western country could be next.
“I believe that it’s possible,” he said. “The botnets are getting bigger and they are getting more sophisticated and getting more difficult for us to mitigate against.”
The financial system is also at risk. It is now so easy to steal credit card and banking details that they are being sold openly in online forums for a few dollars each.
Four Corners has been given a guided tour of one such site which has up to 14,000 people logged onto it at any one time.
Up for sale were stolen credit card details (sold in bulk or individually), fake passports, spam campaigns (priced per million emails) and even entire botnets – priced per thousand computers.
‘Ultimately professional’
Police around the country are under no illusions about the scale of the challenge, and Detective Superintendent Hay gives credit to the criminals where it is due.
“It is a wonderful business model,” he said. “It’s highly successful. It’s self-regulated. It’s for all intents and purposes ultimately professional.”
The success of the model, and the difficulties of prosecuting international crimes, have forced what Det Supt Hay refers to as “a real paradigm shift”.
“Is it more important to lock up one offender or to prevent it from happening to thousands of people?” he said.
“We realise that putting resources, energies and efforts into attempting to prosecute someone overseas is probably not the wisest use of the taxpayer’s dollar.”
The Australian Federal Police had a recent success when they covertly took control of a criminal online marketplace that was being run from Australia.
They raided at least two Australian-based members of the site but eventually decided that disruption was the best plan of attack.
Last Thursday officers posted an announcement on the site, informing members that it was under police control and that they should expect a knock at the door.
But as the police have acknowledged, most cyber-criminals are members of multiple sites and the roaring trade will undoubtedly continue elsewhere.
The question of how else to deal with online crime is not easily answered. A common refrain from police forces is that public education is the key.
Det Supt Hay proffers the mantra of “delete, delete, delete” for any unsolicited email.
“If everyone followed those three simple rules, that would reduce the chances of them falling victim online possibly as much as 80 per cent,” he said.
Switch off?
But Mr Ingram says computer security is becoming so complicated that education alone is not enough.
He points out that 80 per cent of malware infections come not from email attachments, but from simply visiting trusted sites associated with major institutions and entertainment organisations.
“If we tell people, ‘don’t click on links in emails that you don’t know who they’re from’… that’s a really good public approach,” he said.
“But if I tell you now that you’re not to click on links on the internet, it sort of makes the internet a bit redundant doesn’t it?”
At this stage, there is no serious argument being made that the internet should be switched off.
But the fact that it is being raised at all in internet security circles shows how large the problem has become.
The number of malware strains on the internet has nearly doubled in the past year, to 22 million.
The more sophisticated botnets are almost impossible to trace and have self-defence mechanisms that identify and attack anyone who tries to investigate how they work.
Police forces and security companies are under constant attack from hackers around the world.
In their more subdued moments, some experts who spoke to Four Corners said simply that they “don’t know what the solution is”.
But as internet speeds get faster in Australia, computers will become more valuable to online criminals, botnets will become more potent and threats will become more pronounced.
Without a serious debate about internet security, Australia could well go from one dark age to another.
For more news visit ABC News Online at http://abc.net.au/news/
