July 15, 2011

The insecurity of computer systems

After the American Century

The insecurity of computer systems, discussed previously in this space, is once again in the news. The American Pentagon has admitted that back in March 24,000 files were stolen from its supposedly secure systems. The perpetrator was presumably a foreign coountry or a very large player in the defense industry, but then again it might have been another hacker incident. There have been several examples of hackers getting into the Pentagon in the past, hardly a reassuring pattern.

Why admit this now,  more than three months afterwards? The simplest explanation is that the security breach has to be acknowledged eventually. But in the world of espionage, disinformation is also a possibility, and several scenarios come to mind.

Perhaps the 24,000 files are bogus, and they were put there in a relatively insecure place, like bait in a trap.  Or perhaps there was no security breach at all, but the Pentagon wants to create the impression that there was one, as part of some larger scheme, like selling disinformation to the Chinese. If you begin to think about such matters, there is no reason to take anything at face value.

Meanwhile, Wikileaks has distributed worldwide thousands of US military files, and at least once a week there is a news story about stolen identities, security breaches, and the market in stolen credit card numbers.

Do we need a neo-Luddite movement? It might be nice to have no money or personal records out there in cyberspace. It might even be an idea for the military to take its most important secrets off-line. But how many would be willing to give up Facebook, email, and all the rest of it? From what I can see, no one under 30, and few under 65. It seems we will have to live with this new and pervasive form of insecurity.