The Broken Link - Digital Transactions
The Broken Link - Digital Transactions
The Broken Link - Digital Transactions
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Security Notes<br />
A ‘Mark of Cain’ Could Deter Data Thieves<br />
Gideon Samid • Gideon@agsencryptions.com<br />
Cain’s punishment for his<br />
offense against his Biblical<br />
brother Abel was<br />
to be forever recognized as the<br />
criminal he was. Maybe the Bible<br />
can teach some modern employers<br />
and crime fighters a lesson.<br />
Rather than the enduring ignominy<br />
they deserve, today’s hackers enjoy enduring obscurity.<br />
Once exposed for data violations, the hacker is simply<br />
discharged. His tale is hushed up and goes no further. But he<br />
does—straight to the bank across the street, where he flaunts<br />
his brilliant résumé while making no mention of his recent<br />
escapade. Since the hackers who actually steal data or modify<br />
records are so lightly dealt with, it’s hard to prosecute<br />
them, even if someone wished to. Victims—who need the<br />
image of security more than security itself—opt to cover up<br />
an event that would expose their lax security. <strong>The</strong>y reach a<br />
pact with their data rapist, and pretend that all is well.<br />
One could argue it’s their own business. But when China<br />
was exposed as hiding the “private fact” that so many people<br />
died of SARS, the world community was outraged, and the<br />
Chinese eventually apologized without arguing that it was a<br />
private affair. Hackers, and the thievery of data they propagate,<br />
present the same sort of predicament as communicable<br />
diseases. For that reason alone, hiding data violations and<br />
covering up for data violators should be a criminal offense.<br />
But even more could be done about the problem. <strong>The</strong><br />
FBI should organize a data-crime center, much like the initiatives<br />
they organize to fight child pornography and pedophiles.<br />
If neighbors have the right to know that a convicted<br />
child rapist lives among them, data dealers should have the<br />
right to be aware that the person who logged onto their site is<br />
a convicted hacker. Convicted identity thieves should have<br />
their mug shots posted and their crimes exposed on the same<br />
Internet they so deftly use for their villainous purposes.<br />
But how could we be sure to identify a convicted data<br />
offender in any interaction? He could be forced to surf the<br />
Internet with an e-mail address that instantly exposes his<br />
past in an unmistakeable way. Offenders could do anything<br />
online, but their address would say something like<br />
John.Doe@fraudlist.gov. That would put anyone on alert.<br />
Exposure and permanent tagging as a punishment is very<br />
cost-effective. <strong>The</strong> criminals would work and roam free, but<br />
their shame would stain them wherever they go.<br />
It might just be a real deterrent. A kid realizing that,<br />
if he fools around with his father’s bank data, he may<br />
have to use such an e-mail address for the next, say, 10<br />
years, would hesitate before going forward with his prank.<br />
Hackers who count on their employers’ eagerness to hush<br />
things up would face mandatory exposure, by law. <strong>The</strong><br />
shame stain would identify hackers no matter which state<br />
they relocate to. And, if successful with this, the U.S. could<br />
initiate a global database for international fraudsters, seriously<br />
limiting their playground.<br />
Today, Web sites and literature glorify the ace hacker<br />
who penetrates walls built by legions of security experts.<br />
Only a few are prosecuted, and even fewer suffer lasting<br />
consequences. Is it any wonder that, instead of writing a<br />
more efficient peer-to-peer protocol, the talented hacker<br />
writes some code for pilferage-and-prowl? What’s needed<br />
is a mark of Cain. When the headlines of the hacker’s<br />
exploits fade, this shame stain will be there, day in and<br />
day out. Every time he shops for a book, buys an airline<br />
ticket, asks for information, the domain name of his e-mail<br />
address will alert the public.<br />
Violators of this tagging system should be treated<br />
harshly. If a convicted hacker uses a normal address instead<br />
of the one assigned to him, he should go to jail. Convicted<br />
hackers should have to go the extra mile to get a job, especially<br />
one with intensive data access. Yes, the tales of the<br />
first wave of shame-stain criminals will be real sob stories,<br />
but society might just be spared the pain of thousands of<br />
would-be hackers who were deterred.<br />
Data crimes are proven through the records; they don’t<br />
rely on witnesses. Ever-improving data-mining programs<br />
can flush out old data crimes nobody discovered. Imagine<br />
the fear in the hearts of hackers who realize a hacking<br />
offense they successfully accomplished, with no one the<br />
wiser, will in due course be exposed and haunt them for<br />
years, forcing them to write to their growing children: Here<br />
is Your_Dad@fraudlist.gov.<br />
February 2008 • digitaltransactions • 13