Over the years since the internet has come to dominate the technology and business landscape, I’ve often compared the growing tide of malware and general bad behavior found online to pollution. Like its physical manifestation, the source of internet pollution can’t be tied to a single cause or factor or even several of them. The rising tide of malware, spam, cybercrime, and even fake news is caused by a relatively small group of ignorant, mercenary or even outright malicious agents, but because of the way the internet works, there are few practical ways to stop it from spreading everywhere. If you imagine that the internet is the ocean, this stuff is a gigantic oil spill, illegal toxic waste dump and six-pack rings spreading everywhere.
And your website is soaking in it.
Most of us access the internet like we tap our water supply – through (more or less) filtered pipes connected to the main source. Just like I wouldn’t recommend drinking your water straight out of a lake or stream without some filtering, accessing the internet without proper protections is asking for a nasty infection. But have you considered the chilling fact that your website is out there, right now, braving the internet without a hazmat suit? According to at least one internet security company, over half of all website traffic is generated by bots, and more than half of that traffic is malicious. More importantly, they found that for the smallest, least trafficked websites (0-10 human visitors per day) had the highest percentage of non-human traffic, and because they were less visible and more likely to be unattended, they were more likely to be attacked and successfully compromised. Does that sound like a website you know? Maybe your own website? On average, C2’s webserver is attacked several hundred times a day, and, let’s face it, compared to the rest of the web, we’re at the very low-end of the traffic scale.
As to why anyone would attack a site that isn’t visited that much? A compromised website has many uses, many of which actually require that attention not be drawn to the compromised activities occurring on your very own internet island. This allows the attackers to leverage your site’s computing and broadcasting power (however small), essentially drafting it into a massive mesh of zombified soldiers that aren’t limited by a workplace or home firewall. And there are a ton of low-traffic websites. It’s the internet-version of the age-old question of, “Which would you rather fight?” One massive, infected website, or a million tiny, but infected, websites?
Unless you are a skilled website administrator, securing your site isn’t trivial. Definitely leave it to the professionals, but don’t leave it undone. Your website is floating in polluted waters, and unless you take necessary precautions, your little bit of internet paradise might end up looking like the picture attached.
Image courtesy of Sujin Jetkasettakorn from FreeDigitalPhotos.net
As many of you know, one of my specialties is framing complex technology concepts in more simple, human-relatable terms. When people have a better understanding of the tools they use, they have a tendency to use them more efficiently, effectively and to take better care of them. A thoughtful article in the Atlantic written by security guru Bruce Schneier got me thinking about cyber security and the internet in a new way.
Cyber attacks are something most people only comprehend at a conceptual level, but even high-profile victims and their big-budget investigations struggle to really understand what actually happened. In the case of the Sony attack, even the experts are still debating who was behind the attack, and it’s a definite possibility that we may never find out. As Schneier deftly points out, with physical attacks (criminal and political) there is usually a trail of evidence and witnesses that allow us to identify the weapons and attackers as well as motives.
Unfortunately, modern technology and the internet have made it possible to perpetrate large scale, damaging attacks that are difficult to see (even when they are underway), vexingly hard to counteract and sometimes impossible to trace back to the aggressor. In the case of Sony, does it even matter who was behind the attack? Would they retaliate? How? For those of us suffering under a never ending tide of smaller malware attacks held back by only the thinnest veneer of defenses, there’s no one person to arrest, group to disband or government to disrupt that will stop the onslaught. It’s largely anonymous, amorphous and pretty much dangerous to everyone who comes in contact with it.
It’s better to think of malware and cyber attacks as the digital equivalent of pollution.
It’s certainly a lot easier to visualize, and the analogies might help everyone understand and better prepare themselves for the next time they head out on the digital highway. It may also help organizations and governments frame their actions in a more productive manner. Even if North Korea was actually behind the Sony attack, is leveling sanctions against them really going to stop future attacks? No. Neither will hacking their internet nor any other retaliation measure we could take. Why not invest efforts in combating internet “pollution” (you could lump hate speech in there as well!) – instead of putting fingers in a leaky dike, why not see if you can reduce the pressure causing the leaks?
It’s hard to imagine how the cyber equivalent of solar energy or the banning of CFC’s might be able to stem the growing miasma of malware choking our technology, but maybe that’s because we are thinking about it the wrong way.