Australian internet users might understandably be pulling the plug on their broadband connections overnight, after a program aired on national broadcaster ABC highlighted the risks and repercussions of going online.
Brian Hay, detective superintendent for fraud and corporate crime at the Queensland Police, gave the ABC's current affairs program Four Corners the ultimate soundbite: "I expect to see at some stage in the future there will be real debate on the benefit of the internet; should we turn it off?"
The program, titled Fear in the Fast Lane, focused on the ease at which computers could be infected with malware and then controlled by organised criminal gangs to commit online crimes -- from launching DDoS strikes such as the recent attack that knocked Twitter offline, to hosting phishing sites designed to dupe consumers into revealing their personal details.
One victim of a phishing scam was Dimitri Glianos, a Commonwealth Bank customer who discovered over $80,000 was taken from his bank account soon after he clicked on a link in a phishing email and completed a bogus security form.
"I didn't give it all that much thought. I had to get off to a meeting ... an email was urging me to do something. It had come through the firewall, it looked legitimate," Glianos told Four Corners.
Glianos gave the criminals his address, phone number and other information, which they used to steal his identity, cut off his internet access, take over his mobile phone and then clean out his bank account.
Although the bank refunded the stolen money, Gilanos claims he had a tough time convincing everyone that he was a victim.
"I will probably never really recover in the sense that it's now made me much more nervous," he said.
Far fetched?
The Twitterverse was buzzing after the show, with many users claiming the program was far fetched and sensationalist.
But Chris Gatford, a security consultant at HackLabs who featured on the program as a wardriver, told iTnews that although the IT community is generally more educated than the average user, he is constantly surprised by lax security practices in the corporate world.
He gave an example from a biotech firm.
"On an open shared network with no authentication was a document called safecombination.doc. I am not joking. And inside were instructions on opening the safe. They kept all their secret research in there!"
Fixing the problem
Education, better patch management, improved security practices, international cooperation between law enforcement agencies and even a national two-factor authentication scheme, have been spruiked as possible solutions to the problem.
The general consensus formed on the program was that the criminals behind most of the malware and phishing attacks were motivated by money.
Patrick Gray, founder of ITRadio.com.au and the RiskyBusiness security podcast, suggested a solution might lie in finding a way of making such attacks unprofitable, possibly by revisiting fraud liability laws.
"Once we get a handle on the fraud a lot of our IT security problems disappear. If we can stop people exploiting personal information for financial benefit, they are not going to be motivated to research and develop the tools and techniques to collect that information.
"It is really about changing the economics to make it unprofitable for the bad guys. As soon as you make it unprofitable, it stops," he added.
What did you think of the show? Have you been a victim of ID theft? Has your organisation's IT infrastructure been attacked?
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
