OPINION / Shedding light on the dark cyber-world

Dr. Antonio Nucci

The Internet has become the central nervous system for our networked life. As a global network of loosely connected IP-based networks, it reaches into every country, and provides governments, businesses and consumers worldwide with a common platform for communication. And now, a new kind of criminal has emerged.

As the 21^st Century criminal has moved into new realms and dimensions, law enforcement agencies and government organizations are in hot pursuit. The pervasive nature of cyber-crime ranges from loss of proprietary corporate information to the loss of life, from national security to cyber warfare. From predators exchanging child porn and scammers stealing identities to countries attacking countries, cyber-crime does not discriminate.

Quantifying the spread and impact of cyber-crime and cyber-terrorism

The FBI estimates that all types of computer crime in the U.S. currently cost industry about $400 billion, while officials in the Department of Trade and Industry in Great Britain say computer crime has risen by 50 percent from 2005 to 2006. It is estimated that only five percent of cyber-criminals are ever arrested or convicted because the anonymity associated with Web activity makes them hard to catch, and the trail of evidence needed to link them to a cyber-crime is hard to unravel. CERT/CC estimates that as much as 80 percent of all computer security incidents remain unreported. Steps must be taken before we can successfully combat cyber-crime.

First, we must understand the language and dialects (i.e., the protocols, applications and services) spoken in the cyber-world. Although the importance of traffic monitoring has always been seen as a fundamental step in the process, and has attracted many researchers and industry communities, the problem is far from being solved. As networks became faster and network-centric applications became more complex over time, what was roughly our “good” understanding of the Internet traffic a few years ago turned out to be a terrifying realization that today the “what we do not know” has largely surpassed the “what we know.”

It is clear that our true understanding of the protocols, applications and services carried by the cyber-infrastructure continues to diminish as we speak. A special project called Lobster -- aimed at developing an advanced pilot for the European Internet Traffic Monitoring Infrastructure based on passive monitoring sensors at speeds starting from 2.5 Gbps up to 10 Gbps -- has shown that the amount of unrecognized traffic has increased from 30 percent in 2002 to 69 percent in 2004. That’s more than double in just two years. The answer to the question, “How do we bridge this knowledge gap?” remains open.

Second, we must identify cyber-users and communities of cyber-users whose activity and content may harm the safety and transparency of the cyber world. The speed and asynchronous nature of the cyber-world communication makes it an ideal platform for rapidly mobilizing a group of like-minded users. Associations can emerge on all size scales and can be geographically local or dispersed. They can form around very specific issues and then die out quickly. They may remain loosely connected and dispersed or eventually coalesce into more structured and hierarchical forms.

Of course, like all advances in communication technology, the cyber-world is useful not only to legitimate political and civic groups, but also to criminal and terrorist groups. Blog sites, news sites and social sites have indeed become an ideal arena for such users to “phish” for information and coordinate their criminal or terrorist activities, lost in the ocean of legal digital transactions and communications, and while hidden among the massive number of innocent cyber-users. The answer to the question, “How do we identify users engaged in suspicious activities that can span many different Web sites at once?” remains open.

Third, it is important to identify the real person behind an alias or cyber-identifier used to enter the cyber-world. A critical problem in this digital world is not knowing with whom you are interacting. The difference between the real space and the cyber-world is that the essence of any digital transaction is unbundling. In the cyber-world, users can unbundle their identity from content and transactions. Conversely, a real-space transaction carries along inseparable secondary information that can be leveraged to uniquely trace a transaction to a living person.

Currently, no generic system exists for identification in the cyber-world. Ones and zeros do not inherently carry any separate information along with them. Further, in the cyber-world, users have control over the strength of the link between their real world and their cyber-identities. So, how feasible is it from a technology perspective to reconstruct the missing link between the user identity in the cyber-world and his or her real-world identity? Again, this question remains open.

A new way to think about the cyber-world

While the cyber-world is seen as a “dark” space and governments have increasingly expressed their concern about the cyber-world’s role in public safety and national security, we still have not done enough to shed light on the cyber-world and its users.