Home » Governance » Politics » Four Years Too Late

Four Years Too Late

by Jane Ginn

Over the past few weeks the emergent populist movement called #OccupyWallStreet has had a lukewarm reception by the national press. Journalistic coverage has focused on the lack of a coherent message, the differences and/or similarities with the tea-party movement, and the timing relative to the Arab spring protests. I’m going to weigh in with a different observation.

I’m going to argue that they are too late; in fact, they are four years too late. Wall Street has already been occupied. Indeed, even Main Street has been occupied. Occupied by what? You might ask. My answer: Fraudsters.

In my article on information and communication technologies (ICT) and how they are being used for the developing (4D) world I pointed out that “often the degree of market penetration [of mobile networks] is not a function of technology, but rather a function of government reforms in the areas of contract law, financial services, intellectual property protection, and public sector accountability and transparency.” This cellular network penetration in turn provides for more would-be hackers to perpetrate fraud and, at the same time, creates more vulnerable victims in these countries. That is especially true if the rule of law is not strong in that particular country.

In my article on the global institutional infrastructure for fighting cybercrime I noted that “The U.S. needs to show greater leadership in supporting the development of a centralized entity that will serve as the global clearing house and enforcement agency for cyber crime.” As the founder of DARPA and the developer of the TCP/IP as well as other key standards and technologies used in the Internet infrastructure, the U.S. has a responsibility to recognize the growing threat of fraudulent activity on the Internet and to act decisively to protect innocent victims of fraud and other cybercrimes.

In this article I will be pointing out how the fraudulent activity of cyber criminals exacerbated the global financial crisis that began in 2007 and flourished in earnest after September of 2008. Both Wall Street and Main Street have already been occupied by fraudsters. We are four years too late in sounding the alarm.

An Evolution in Types of Exploits

Based on data published by the Internet Systems Consortium which was derived from WHOIS searches and surveys of Internet Service Providers (ISPs) the Internet grew from less than 1 million users in 1995 to almost 900 million by January 2010, as illustrated by Figure 1.

Source: Navigators.com

During this time a new battlefield for dominance of cyberspace developed between the “good guys” (i.e., the people seeking to protect the technological and institutional infrastructure of the modern economy and the Internet) known as the White Hats, and the “bad guys” (i.e., the criminals seeking to steal from legitimate individuals and businesses) known as the Black Hats.

Barrett Lyon’s efforts as a White Hat hacker are expertly documented in Joseph Menn’s Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet (2010). That work, coupled with Kevin Poulsen’s Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground (2011) has helped me to develop a summary of the key cybercrime exploits and how they have been used to steal personally identifiable information (PII) and commit many varieties and permutations of cybercrime. This summary, pictured below as Figure 2, shows how the specific exploits became more and more sophisticated through time. This occurred in parallel with the growth and development of various kinds of malware (i.e., viruses, trojans & worms).

Evolution of Cybercrime Exploits

Click on Image to Enlarge

 

Usually the exclusive domain of technical specialists, the issue of cybercrime has begun to make the mainstream news, if only because the effects are so widespread. And, to the point of this article, the magnitude of much of the fraudulent cyber crime activity was building in intensity and sophistication from about 2004 to 2007. This just happened to coincide with the build-up of the sophisticated financial “instruments” of the brokerage firms, banks and mortgage lending companies for the syndication of sub-prime loans.

Are the #OccupyWallStreet protestors missing something here?

A Shadowy Nexus

You may ask, how do we know about the magnitude of the growth of cybercrime from 2004 to 2007? The specifics are documented meticulously by Bryon Acohido and Jon Swartz in their book Zero Day Threat: The Shocking Truth of How Banks and Credit Bureaus Help Cyber Crooks Steal Your Money and Identity. From the time of the first Diner’s Club Charge Card in 1952, to the creation of the BankAmericard in 1958 (out of which grew Visa in 1977), the evolution of the credit card system within the U.S., accompanied by the technological development of faster-than-fast electronic payment systems called Base I and Base II, gave rise to a mind-set of living beyond one’s means. Coupled with the increasing dominance of commercial television in American culture, the ease of using credit as a tool for funding major and minor purchases became a way of life for millions of people.

From 1980 to December 2006 outstanding consumer credit rose more than fifteen-fold, from $352 billion to $2.4 trillion. “By the end of 2006, American consumers cumulatively held outstanding debt roughly matching the gross national product of Germany, the world’s third most productive nation” (Acohido & Swartz, 2008). At the same time the median household income of young families where the head of household was between 25 and 34 rose only 0.08 percent between 2008 and 2004.

At the same time this was happening cybercrime surpassed illicit drug sales as a global economic force. In a November 29, 2005 Reuters article, dateline Riyadh, Saudi Arabia, Souhail Karam quoted eFinance and cybersecurity expert Valerie McNiven at a two-day security conference sponsored by the Saudi central bank. “Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion.” (Acohido & Swartz, 2008, pg. 103). Further substantiating the magnitude of private consumer and business losses in that same year, Poulsen writes that Black Hat hacker Max “Vision” Butler through various cyber exploits had cost U.S. financial institutions $2.75 billion in losses as calculated by a Gartner analyst (Poulsen, 2011). This was for 2005 alone.

By 2008 the Javelin Strategy and Research Center reported that there had been almost 10 million victims of identity theft. That represented a 22% increase over 2007 (Javelin Strategy & Research, 2009).

Also Hidden From the Light

While all of this was developing on the cybercrime front ECONed author Yves Smith among others were documenting how major capital market players were “engaged in large-scale looting, in which excessive short-term focus, aided by pliable accounting and lax regulation” led to the global financial crisis (2010). He noted that in August of 2005 the former chief economist of the International Monetary Fund (IMF) Raghuram Rajan presented a paper at a banquet attended by the retiring Alan Greenspan. His paper, entitled “Has Financial Development Made the World Riskier?” showed that bad incentives encouraged undue risk taking. He focused in on credit default swaps as an overleveraged form of insurance. Joseph Stiglitz argued in his 2010 book Freefall: America, Free Markets and the Sinking of the World Economy, that credit default swaps, “allegedly for managing risk but in reality as much designed for deceiving regulators, were so complex that they applified risk.” [emphasis added]

Smith also establishes the risk inherent in collateralized debt obligations (CDOs) as a class of asset-backed deals that operated on razor-thin margins that made the information flow between sellers, middle-men and buyers murky. These so-called “structured finance” instruments were not regulated and were, by 2007, beginning to be seen by the most savvy investors as exceedingly risky.

The September 2008 fall of the stock markets and the subsequent crisis management efforts of the Bush and Obama Administrations resulted in the situation that the #OccupyWallStreet protestors are concerned about. When we look at this convergence of events, why aren’t the protestors asking about the role that cybercrime played in the financial crisis? What percentage of the 99% walking the streets participated in some sort of cybercrime and, therefore, contributed to the critical mass of fraud that served as the tipping point? Was peer-to-peer audio file sharing cybercrime? What about intellectual property protection?

What Now?

Promotors of the super convenience aspect of modern society’s dependence on credit cards and credit discount the effect that cybercrime had on the financial services sector. It would be an inconvenient truth to disclose how devestating the charge-backs and administrative costs have been to the banking community. The credit bureaus and rating agencies came away from the 2008 crisis bloodied as well, as much for their complicity in the global scam, as for their lobbying efforts to derail regulatory oversight.

And, judging by the animosity of the populist #OccupyWallSteet movement, the other institutions that make up our financial services industry (NYSE, IMF, the U.S. Treasury, Fannie Mae & Fannie Mac, AIG, etc…) are also getting their fair share of the blame. Right now these institutions are on the defensive.

But everyone should be on the defensive, including the mom & pop grocery store on the corner, around the block. Not because of their role in the financial industry fraud, but because of the vulnerbility of their data management systems. They can unwittingly become a victim of a cybercrime through a vulnerability in their point-of-sale (POS) system and, presto, they can contribute to the next critical mass that threatens to crash the global economic system.

For those of us that value the stability of society and cherish the fruits of a system of law that, at its base respects individual rights, freedom of the press, and civil liberties, the insidious threat of cybercrime cannot be underestimated. A reckoning of the true societal cost of the various malicious exploits identified on Figure 2 is in order. Beyond that the actions outlined in Acohido and Swartz’s book on Zero Day Threats are also in order. These include:

  • More diligent oversight of the credit bureaus, banks and other financial industry entities
  • Consumer education on identity theft and fraud techniques
  • Diligent use of computer fraud, theft and antivirus systems by individuals and companies
  • Application of all computer and cellular system software patches as soon as they are released
  • Upgrading of various Internet networking protocols that are used (e.g., the TCP/IP), and
  • Rigorous application of the Security Development Lifecycle (SDL) approach to software engineering

I would add, as I’ve argued before, that the institutional framework for greater coordination between law enforcement agencies, both within the U.S., and with our trading partners, is also critical to our success. We also need to take a systematic approach to how Internet security can be effectively managed given the plethora of mobile devices that are being used in the expanding global community of users. But most of all, we must all live within our means and occupy our lives, in real time.

Perhaps, next time, we won’t be four years too late.

_______________________________________________________________________________

References:

Acohido, B., & Swartz, J. (2008). Zero day threat: The shocking truth of how banks and credit bureaus help cyber crooks steal your money and identity. New York: Union Square Press.

Javelin Strategy & Research. (2009). Research Library. Retrieved September 15, 2011, from Javelin Strategy: https://www.javelinstrategy.com

Menn, J. (2010). Fatal system error: The hunt for the new crime lords who are bringing down the Internet. New York: Public Affairs.

Poulsen, K. (2011). Kingpin: How one hacker took over the billion-dollar cybercrime underground. New York: Random House.

Smith, Y. (2010). ECONned. New York: St. Martin’s Press.

Stiglitz, J. (2010). Freefall: America, free markets, and the sinking of the world economy. New York: W. W. Norton.