Earlier today, I used my credit card to pay for a purchase. As I handed my card to the merchant, he asked if I had used my card to purchase gas recently. When I said yes, he warned me that I should never do it again. He explained that technology experts have developed something that fits inside the credit card reader and copies your credit card information. Another customer overhearing our conversation nodded in agreement. The merchant acknowledged that carrying cash to make gas purchases was much less convenient, but he cautioned me that I should never again use a credit card to buy gas. The other customer nodded in agreement again.
On my way home tonight I need to fill my tank, and I have to decide whether I dare use my credit card. If I do, and my information is stolen and misused, most people will blame me. They will say that I was adequately warned, but I ignored the warning and acted foolishly.
A Wall Street Journal article (18 Feb 10, A3) describes how hackers in Europe and China broke into the computers at more than 2,400 companies and government agencies and stole vast amounts of personal and corporate secrets. An estimated 75,000 computers were invaded in 196 countries, including the United States, Saudi Arabia, Turkey, Mexico, and Egypt. The spyware used in this attack allows hackers to control computers remotely and arrange them into a cyber army known as botnets. Researchers estimate that millions of computers have been conscripted into these armies. The article concluded that this discovery “highlights the weaknesses in cyber security right now.”
I agree that there is a weakness in cyber security; but I also think there is a larger problem that we are failing to address. That problem is our unwillingness to face the immorality of this behavior and treat it as wrong. This isn’t a game between hackers and computer security experts; this is criminal activity that needs to be identified as such.
It may be true that better cyber security could have prevented this problem. But that’s about the same as saying that better fences or stronger doors might have prevented the burglars from breaking into my home and stealing my property. The problem is not my fences and doors; the problem is criminal activity on the part of burglars. I’m confident that I spend more each year on internet security than I do for my home security.
Several years ago, my family lived in a small community on the north shore of Oahu. Our homes were frequently burglarized, but no one seemed to take the problem too seriously since the amounts were usually rather small. The Honolulu Police Department told us we were too far away for them to provide adequate police coverage to protect us.
The problem eventually became so bad that the members of the community were forced to organize themselves for protection. Every night, on a rotating basis, two men from each neighborhood were assigned to patrol the streets with flashlights. We never knew what we would do if we actually confronted the thieves and the running joke was that we would run them down and beat them with our flashlights.
After several months of patrolling the streets we discovered that the thieves were a group of teenagers who were robbing homes and businesses to purchase marijuana. One night three of them were arrested and an investigation soon led to the apprehension of the entire group. After they were arrested, the burglaries ceased and our neighborhoods were safe again.
We need to recognize that hacking into computers involves international criminal behavior and attack it as such. Google and about 20 other companies have threatened to cease doing business in China because of the damage they believe Chinese hackers are doing to their systems. Just as we had to organize to patrol each neighborhood, we need to organize to patrol the internet. National boundaries should not protect hackers any more than Oklahoma rustlers could get away with rustling cattle in Texas—regardless of where the crime occurred, cattle rustlers were shot and hanged.
The fear that some technology “expert” has created something to steal my credit card information should not prevent me from ever using my credit card again. This person is a technology thief and what he/she is doing is just immoral as a burglar who breaks into my home. Although better internet protection and better computer security are helpful, they are not the real solution. The focus should always be on the person who commits the crime and immoral behavior should be clearly labeled and condemned. $