Fast & Fearful

Australia’s current affairs program 4 Corners ran a story this week on Internet hackers which has backfired.

4 Corners reporter Andrew Fowler contends in the report that cybercrime is one rise, and may explode when Australia’s long-delayed National Broadband Network (NBN) launches sometime before December 21, 2012 or Skynet takes over the world’s computer networks. Fowler’s report is a mix of commentaries from victims of denial-of-service attacks and identity fraud; ethical hackers who are employed by companies to test their information systems security; vendors who provide virus protection software; and a jount investigation by the Australian Federal Police (AFP) and Victorian Police into a warez site for hackers.

Detective Superintendent Brian Hay of Queensland Police’s Fraud and Corporate Crime Squad sums up the report’s mood: “I expect to see at some stage in the future there will be a real debate on the future of the internet, should we turn it off?”

Over four years ago I looked at this area, as part of a research team on internet futures see the report‘s section ‘Chaos Rules’. The experts the tean interviewed had sometimes expressed similar thoughts to Hay. Despite the mention of NBN this was the same kind of report which could have been filmed in 2004 or 1999, as PBS Frontline did in 2003 in its Cyber War! report. The journalistic genre extends to the choice of edits, music and images to portray the vulnerability of the technologies.

Several other things struck me about Fowler’s 4 Corners report. Many of the sources had an interest in raising the threat levels of identity theft and denial-of-service attacks. The program’s case studies raised other potential sources — banks, customer service teams in financial intermediaries, and telecommunications infrastructure providers — which Fowler did not pursue. High-profile experts who might have a more informed and critical viewpoint, such as hacker Kevin Mitnick and security maven Bruce Schneier, were missing. Perhaps Fowler’s researchers did not have the leads or production budget. For me, the result was that whilst Fowler raised important issues about internet security, he also went for the low-hanging fruit and with a cliched editorial format.

Hackers retaliated and broke into AFP computers only 24 hours after Fowler’s report screened. The incident raises some further questions. Under what conditions is the short-term ‘publicity dividend’ of police cooperation in a journalist story worth the risk of a retaliatory tit-for-tat attack? To prevent unauthorised and external access, will police intelligence on the investigation (continue to) be kept on a secure computer with no online or network connections? Should a police team maintain a low-key, covert presence to monitor underground hacking sites, or instead alert site members as a deterrent? And, given this latest development, will Fowler’s team file a follow-up report?