Part-Time Pundit

Al Qaeda’s Economic War and Online Identity Theft: A Perfect Storm

Online identity theft has become a constant concern in a world of online shopping and bill paying. In the rush to move to the internet age, many companies simply neglected security concerns and the result has luckily not been as bad as it could have been.

In 2005, I did an estimate of the amount of money that was compromised because of online identity theft and came up with $24 billion in the United States alone. With the help of Agnieszka Klus, I redid the study recently with more realistic numbers and found over $55 billion was compromised. That amount is enough to pay off the entire state debt of Illinois.

Despite this large amount of money being at risk, very little of that money actually gets stolen. What investigators have found is despite it being relatively easy to steal money online, the current fraud protections make it hard to steal a great deal of money; “The straw is only so big”, according to one government source. The running assumption is that online identity theft would be used for theft and there is a finite limit of the amount of theft that can actually take place. This has allowed financial institutions to build in this amount into their business models and simply write the cost of fraud and fraud protection into the price for their services.

The idea that we, as a society, should rely on only one layer of protection (the limitation on how much can be stolen) is absurd and violates defense in depth. Eventually someone will figure out a way around the straw. More importantly, however, earlier this month proved false the assumption that identity theft would be used solely for stealing money.

On December 1st, the Department of Homeland Security warned of an “aspirational threat” to United States banking interests by Al Qaeda. A website claiming to be affiliated with Al Qaeda encouraged the cyberattack against US financial interests using denial of service attacks and viruses. While the specific methods of attack are “low tech” and easy to prevent, it shows that terrorist groups are moving to expand their tactics to include economic warfare.

If the goal of identity theft is to make money, the incentive is to keep taking as much as you can. If the goal is economic warfare, the behavior changes dramatically. As a concrete example, Al Qaeda could use run-of-the-mill hacker techniques to build a large botnet to steal identities. It could then use those machines that they have taken over to process fake transactions in the name of that consumer.

For instance, they could use a consumer’s home PC and process transactions at amazon.com to buy a bunch of books using the credit card information and home address of the consumer. It is not clearly a case of fraud because the hacker is not getting any personal gain. Does Amazon or the credit card company believe that the consumer really didn’t make the order when the product is going to their home address?

Now repeat this attack for a thousand consumers, ten thousand consumers, or one hundred thousand consumers. What would happen with the ensuing media coverage is that consumers would think twice about shopping online if their assets can’t be protected. They would think twice about paying bills online or banking online if they’re bank accounts can’t be protected. If done correctly and on a large enough scale, it would lead to a dramatic loss of confidence in electronic commerce and could push the United States economy back ten years.

The fundamental problem with electronic commerce is that transactions are not effectively authenticated. If someone knows all the right information, they can place a transaction in your name. We’ve learned that in the digital age that stealing information from consumer PCs is remarkably easy. However, there exists technology today to fix this problem.

Two-factor authentication (something you “have” and something you “know”) would mitigate the risk of stolen information. Some banks use key chains that generate random numbers to authenticate users to their bank accounts. This must be widely applied to not only bank accounts but general financial transactions online. As another example, instead of entering credit card information with a keyboard, a user could insert a credit card with an embedded smart card into a card reader attached to their computer. The reader could have a keypad to enter a PIN to make the transaction secure and the card reader would happily give the online merchant all the information it needed to complete the transaction.

There are a variety of technologies to properly authenticate users to make purchases and these should be adopted. Al Qaeda and other groups are already on the lookout to undermine our economy. The question is will we stop them before it’s too late.

Learn More Online

Ever thought about learning online? It’s easy to get an online bachelors degree in anything from foreign policy to political science. Just look into finding a great online college and you’ll be on your way to getting an education in something you love!

December 22nd, 2006 Posted by John Bambenek | InfoSec, Information Security, Military / War, Politics, Technology / Internet, Terrorism | one comment

The Price of UN Indecision over Iran: A Nuclear Arms Race

In the light on the obvious non-effectual nature of nuclear negotiations with Iran, six other Arab states decided they want to be nuclear powers. Algeria, Egypt, Morocco, Tunisia, UAE and Saudi Arabia all have announced plans to start working on nuclear technology. The obvious implication is that this “peaceful” research well within the “sovereign rights” of these nations will be used for nuclear weapons. For as much as people claim the US has shredding the Geneva Conventions, the bumbling over the Iran issue has lead to an effective dissolution of the Non-Proliferation Treaty.

This is the obvious consequence of the fact that Iran is transparently developing nuclear weapons, that the world knows it, and that the UN isn’t and can’t do anything about it. Iran has thumbed its nose at the world and the world shuffles around and navel-gazes.

Iran knows they won’t be stopped by the UN because Russia and China have effectively said they won’t even allow sanctions, much less military action. The consequences of a nuclear Iran have no effect on China or Russia (as opposed to North Korea) and in fact, it distracts the US and makes life difficult for them. A US distracted and hampered by problems in the Middle East is a boon to Russian and China and they know it.

Both the Vietnam precedent and current public opinion on Iraq show the world that the US simply does not have the internal fortitude to get involved in a war that isn’t over in a few weeks. Saddam Hussein knew this which is why he planned the so-called insurgency before the war. He knew that if he could run the clock long enough, the public pressure in the US would cause us to eventually leave. Iran knows this too, so they are playing their cards that the US is too committed in Iraq and wouldn’t invade anyway.

The rest of the Arab world has watched and also come to the conclusion that they can simply ignore international law and there will be no consequences. No one takes the righteous indignation of UN bureaucrats seriously unless it can be followed by some action. The UN has showed itself to be incapable of action. The US has showed itself unwilling.

Either the UN and Europe needs to man up and deal with Iran or the world has a nuclear arms race on its hands. An arms race that will take place in one of the most volatile places in the world at that.

November 4th, 2006 Posted by John Bambenek | Military / War, Politics, Terrorism, United Nations | one comment

Yet Another Journalistic Fraud?

It appears another drive-by media attempt to discredit the President and advance the claim that Republicans are trying to usher in a new era of fascism has fallen flat on its face. Claims by USA Today using sources with “direct knowledge of the program” that the NSA has been collecting massive databases of phone calls don’t appear to match with the records of two of the three apparent participants, Verizon and Bell South.

Sure, they could be lying but that would be stupid considering they’re going to be on the frontline for litigation over this issue as it is easier to sue a company for breach of privacy then getting anything out of the NSA. If they took the time to search their records (as it appears they did) all they would have done was generate more evidence for such a relationship. However, it appears now that there really was no relationship at all, or for that matter, any requests by the NSA in the first place. Some of the bitter-enders will still insist the program exists and there is a massive cover-up, just like some continue to insist that 9/11 was staged despite the release of flight recorders, telephone calls, and video feeds that show the opposite.

Once again, we are faced with an “objective” journalistic medium that didn’t do enough footwork to verify the claims that were made before it splashed them on the front page and riled the population. The irony is that it appears the population would support such a database if it existed.

Time after time there are those who continue to make up claims (i.e. KoranGate and RatherGate) in the media who never seem to be held to account on their frauds. If the media wishes to continue to be seen as a serious medium of information (and more and more people are turning elsewhere for news) it needs to take seriously its responsibility to report accurately the news instead of pandering to the worst elements of the left.

May 16th, 2006 Posted by John Bambenek | Military / War, Terrorism, The MSM | one comment

Toward a More Perfect CIA

The appointment of General Hayden to run the Central Intelligence Agency is the ideal appointment to help reform the CIA at this critical point in time.

What many people don’t understand is the relationship between the military and the CIA. The military, quite obviously, is aligned with the Department of Defense and the CIA is aligned with the Department of State. While this doesn’t seem to have much of a meaning, the two departments really have very different ways of looking at the world and looking at conflict.

The purpose of the Department of Defense is to kill people and break things. That’s what the military does best. When the military looks at the world, they look at ways to win wars. When they find threats, they eliminate them.

The Department of State, however, looks at the world very differently. They look at the world diplomatically and seek to maximize the amount of information on adversaries or potential adversaries. When the CIA finds threats, they seek to get as much information as possible, including who is supporting or financing those threats, what their intentions are, and whom else they are working with.

To be perfectly clear, both are necessary. In order to adequately deal with threats, one needs to fully understand where those threats come from and who is involved to eliminate them. Knowing everything you can about the enemy is useless without eventual action. Knowing who the 9/11 hijackers are doesn’t, by itself, prevent them from flying into buildings.

The situation, combined with typical inter-agency rivalry, has led both Departments into a form of opposition. While the military (and Bush for that matter) have backed action into Iraq to end the conflict that has been going on for 12 years (at the time of the second invasion), State and the CIA was opposed because that conflict would end the information flow and diplomacy. That difference in world-view has been the source of much public contention on the Iraq War and the War on Terror in general.

By appointing Hayden to the CIA, it appears that the intent is to shift the viewpoint of the CIA to be more action-oriented. Hayden is in intelligence, so he obviously knows the value of information, however, as a soldier he also surely knows the value of action and that there comes a point to act on intelligence even if there is more information that could be gathered.

This change is a good thing, as it will help both Defense and State to moderate the poles that have been generated from the rivalry. This appointment is a good thing at a great time that will help both agencies to understand the values each provide and help them learn to work together in the future. The military will learn the value of diplomacy and information and the CIA will learn the value of action. Our national defense will be the clear winner.

May 8th, 2006 Posted by John Bambenek | Military / War, Politics, Terrorism | no comments

For the Love of All That is America, Learn What The First Amendment Is…

Throughout the cartoon controversy people on both sides talk about free speech and a free press. While in general, these can be construed as the freedom to say what you want, people are conflating Constitutional protections with the idea that one shouldn’t face any consequences to their speech.

Free speech, but more specifically, the Constitutional protection of free speech has absolutely nothing to do with private individuals and what they can do. The First Amendment is not a protection from your fellow citizens (or foreigners). It is a protection against what the government can do, and the government alone.

When the Dixie Chicks protested that people were boycotting their music, they claimed Free Speech. No one said they didn’t have the right to say what they did; they were saying they weren’t going to continue giving them money if they wanted to engage in that behavior. This is perfectly legal and why our country is so great. We don’t need the government to create hate speech laws here; the free market system largely takes care of the problem. Yes, you have a right to say stupid things, but that doesn’t mean you have the right to continue to get subsidized by the public if you do. This is the lesson that the creators of “Book of Daniel” learned.

When Islamic radicals (who are the minority) burn down embassies and threaten violence, it is shameful behavior. You don’t protest the stereotype of being a fanatical murder by being a fanatical murder. However, Muslims hacking websites is not a Constitutional issue. There are laws to prevent it, sure. It’s bad behavior, sure. But it is not an attack on the First Amendment. It is high time people on both sides realize what the First Amendment is and what it is not.

February 15th, 2006 Posted by John Bambenek | International, Law / Legal Issues, Politics, Terrorism, The MSM | one comment

Food for Thought - Iran, Israel, and the bomb

The US’s EIA chief has said we can’t get by without Iranian oil. Can we get buy with a nuclear crater that used to be Tel Aviv?

War with Iran may be ugly and require some real sacrifice from the citizens, but if the alternative is sitting on our thumbs when Iran vaporizes Tel Aviv and tells us that they’ve got a nuke pointed at Paris if anyone does anything, then I think I can handle walking to work.

January 21st, 2006 Posted by John Bambenek | Iran, Military / War, Terrorism | no comments

Weak attempt at an Anti-ACLU Post

There is a movement to intervene in the ACLU case so that real Americans can have real views represented in the NSA lawsuit filed by the ACLU…

Straight from Malkin

Debbie Schlussel, blogger/investigative writer/lawyer, is extending an invitation to citizens interested in intervening in the ACLU’s NSA lawsuit. She practices in Eastern Michigan, where the suit was filed.

Take a look and sign up.

January 19th, 2006 Posted by John Bambenek | Impeachment, Law / Legal Issues, Military / War, National, Politics, Terrorism | no comments