The Future of the Global Internet Economy
London, UK - 7 July 2007, 9:27 GMT - The Internet is increasingly
critical to our economies and societies -- with far reaching implications
for all policy domains. Only now is the world beginning to grasp the Internet's
potential as a powerful driver of innovation, sustainable economic growth
and social well-being. It is timely for leaders in governments, corporates,
NGOs and technology experts to forge broad understanding and principles
that will guide the next decade of the Internet economy.
[CONTINUES]
[ATCA Membership]
We look forward to your further thoughts, observations and views. Thank
you.
Best wishes
For and on behalf of DK Matai, Chairman, Asymmetric Threats Contingency
Alliance (ATCA)
ATCA: The Asymmetric Threats Contingency
Alliance is a philanthropic expert initiative founded in 2001
to resolve complex global challenges through collective Socratic
dialogue and joint executive action to build a wisdom based global
economy. Adhering to the doctrine of non-violence, ATCA addresses
asymmetric threats and social opportunities arising from climate
chaos and the environment; radical poverty and microfinance; geo-politics
and energy; organised crime & extremism; advanced technologies
-- bio, info, nano, robo & AI; demographic skews and resource
shortages; pandemics; financial systems and systemic risk; as
well as transhumanism and ethics. Present membership of ATCA is
by invitation only and has over 5,000 distinguished members from
over 100 countries: including several from the House of Lords,
House of Commons, EU Parliament, US Congress & Senate, G10's
Senior Government officials and over 1,500 CEOs from financial
institutions, scientific corporates and voluntary organisations
as well as over 750 Professors from academic centres of excellence
worldwide.
The views presented by individual contributors are not necessarily
representative of the views of ATCA, which is neutral. Please
do not forward or use the material circulated without permission
and full attribution.
Intelligence Unit | mi2g | tel +44 (0) 20 7712 1782 fax +44
(0) 20 7712 1501 | internet www.mi2g.net
mi2g: Winner of the Queen's Award for Enterprise in the category
of Innovation
Low Probability High Impact and
Black Swan Events
London, UK - 12 June 2007, 14:22 GMT
Dear ATCA Colleagues
[Please note that the views presented by individual contributors
are not necessarily representative of the views of ATCA, which is neutral.
ATCA conducts collective Socratic dialogue on global opportunities and
threats.]
Considerations for Future Scenarios -- The Opportunity and Risk
of Asymmetric Globalisation
We are all being hurled closer to each other as the world integrates
faster than ever before. The propensity for fast global integration
creates both huge opportunities and its inevitable flip-side, huge risks.
In the future, we should be concerned about Low Probability High Impact
and Black Swan events which can change the present trajectory of nation
states and large economic entities, many with turnovers in excess of
the GDP of most nations. Welcome to Asymmetric Globalisation in which
friends and adversaries are no longer similar looking as they react
to on- and off-the-radar forces giving rise to Low Probability High
Impact and Black Swan Events. This also means that more risk is increasingly
transferred into the markets away from Sovereign states, increasing
their volatility.
[CONTINUES]
[ATCA Membership]
As a special consideration, please note that some Low Probability High
Impact and Black Swan events may actually become High Probability High
Impact Events as time goes by owing to the five drivers converging and
colliding.
The ATCA think-piece, based on major research, was put together by DK
Matai and the mi2g Intelligence Unit. ATCA reviewers of the article
include: Aileen Armour-Biggs, Douglas Byblow, Professor Nigel M de S
Cameron, Hervé de Carmoy, Fred Cohen, Jean-Yves Gresser, Hamid
Hakimzadeh, Gerald Harris, Rear Admiral John Hilton, Chris Histed, Alexander
Hoare, Prof Sai-Felicia Krishna-Hensel, Prof Jean-Pierre Lehmann, Andrew
Leung, George Littlejohn, Thierry Malleret, Dr Harald Malmgren, Nicholas
Mellor, Miguel Mendonca, Prof Jim Norton, John Petersen, John Pickering,
Richard Thomas Gerber, Commodore Patrick Tyrrell, Michael Wade, Sir
Harold Walker, Ian Walker and Martin Wolf.
[ENDS]
We look forward to your further thoughts, observations and views. Thank
you.
Best wishes
For and on behalf of DK Matai, Chairman, Asymmetric Threats Contingency
Alliance (ATCA)
ATCA: The Asymmetric Threats Contingency
Alliance is a philanthropic expert initiative founded in 2001
to resolve complex global challenges through collective Socratic
dialogue and joint executive action to build a wisdom based global
economy. Adhering to the doctrine of non-violence, ATCA addresses
asymmetric threats and social opportunities arising from climate
chaos and the environment; radical poverty and microfinance; geo-politics
and energy; organised crime & extremism; advanced technologies
-- bio, info, nano, robo & AI; demographic skews and resource
shortages; pandemics; financial systems and systemic risk; as
well as transhumanism and ethics. Present membership of ATCA is
by invitation only and has over 5,000 distinguished members from
over 100 countries: including several from the House of Lords,
House of Commons, EU Parliament, US Congress & Senate, G10's
Senior Government officials and over 1,500 CEOs from financial
institutions, scientific corporates and voluntary organisations
as well as over 750 Professors from academic centres of excellence
worldwide.
The views presented by individual contributors are not necessarily
representative of the views of ATCA, which is neutral. Please
do not forward or use the material circulated without permission
and full attribution.
Intelligence Unit | mi2g | tel +44 (0) 20 7712 1782 fax +44
(0) 20 7712 1501 | internet www.mi2g.net
mi2g: Winner of the Queen's Award for Enterprise in the category
of Innovation
Spam, DDoS & Phishing rocket as organised crime
takes hold
London, UK - 30 July 2004, 16:00 GMT - The total amount of spam distributed
across the globe has touched nearly three trillion messages in 2004 as it
sits at 2,981 billion worldwide to date according to the latest data available
from the mi2g Intelligence Unit, the world leader in digital risk. The global
economic damage from spam in 2004 to date is estimated to lie between $107bn
and $131bn. The economic damage from spam is projected to cross $200bn worldwide
for the whole year. The total amount of spam in 2003 was around 1.6 trillion
messages. The high rise in the volume of spam in 2004 is attributed to malware
proliferation and the use of hijacked computers as file servers, proxies for
criminal activities and mail relays.
[CONTINUES]
Full details of the June 2004 report are available as of 1st July 2004 and
can be ordered from here.
(To view contents sample please click here).
If you are already a member
of the Inner Sanctum you should have been emailed a full copy. To retrieve
the original article please fill out the order
form.
Second Swiss bank targeted by identity theft campaign
London, UK - 13 April 2004, 17:15 GMT - Just before Easter, customers
of the venerable Swiss financial institution Zuercher Kantonalbank (ZKB) were
targeted by identity theft emails. A few days prior to the ZKB incident, Basler
Kantonalbank (BKB) customers were similarly targeted in another round of "phishing"
scam attacks aimed at international and domestic banks worldwide. The Basler
Kantonalbank has put up an advisory on its web site explaining the problem.
Eastern European criminal syndicates are widely suspected of carrying out
the phishing scams. Historically, Swiss private banks with their strict adherence
to client confidentiality through "secrecy laws" have been seen
as safe havens for high net worth individuals across the world. These recent
phishing incidents seeking to carry out mass identity theft undermine confidence
in the unique selling proposition of Swiss banks.
[CONTINUES]
Full details of the March 2004 report are available as of 1st April 2004
and can be ordered from here.
(To view contents sample please click here).
If you are already a member
of the Inner Sanctum you should have been emailed a full copy. To retrieve
the original article please fill out the order
form.
Swiss Bank targeted by identity theft attackers;
Phishing scams rocket by 330% worldwide
London, UK - 6 April 2004, 9:30 GMT - For the last few days the Swiss
financial institution - Basler Kantonalbank - customers have been targeted
by identity theft emails in another round of "phishing" scam attacks
aimed at international and domestic banks worldwide. The Basler Kantonalbank
has put up an advisory on its web site explaining the problem: www.bkb.ch/hinweis
[CONTINUES]
Full details of the March 2004 report are available as of 1st April 2004
and can be ordered from here.
(To view contents sample please click here).
If you are already a member
of the Inner Sanctum you should have been emailed a full copy. To retrieve
the original article please fill out the order
form.
Identity theft scams rocket by 330% as users prove
vulnerable
London, UK - 5 April 2004, 17:30 GMT - As the number of major identity
theft - "Phishing" - scams targeting the clients of financial institutions,
ISPs and multi-nationals in Europe, North America and Australasia cross 184
in Q1 2004, and now exceed the 171 phishing incidents recorded throughout
2003, the identity theft problem is estimated to be growing at 330% on an
annualised basis by the mi2g Intelligence Unit, the world leader in
digital risk. The primary victims are unsuspecting home users.
[CONTINUES]
Full details of the March 2004 report are available as of 1st April 2004
and can be ordered from here.
(To view contents sample please click here).
If you are already a member
of the Inner Sanctum you should have been emailed a full copy. To retrieve
the original article please fill out the order
form.
Five solutions to the rising identity theft and malware
problem
London, UK - 24 March 2004, 13:00 GMT - How is an individual or an
organisation supposed to cope with the growing problem of identity theft on
the web and malware proliferation that seeks to extract vital personal details
from the machines of unsuspecting users? As a result of the recent malware
and phishing scam outbreaks, new and dangerous developments have taken place.
Self-infecting malware variants are being released and proliferate ever faster.
There is a lag before they are added to virus definition records, during which
time they cannot be recognised by anti-virus systems or other counter-measures.
The majority of anti-virus solutions currently on offer are therefore no longer
viable in countering malware epidemics.
Causes of malware proliferation
Malware families like the new Bagle variants are now proliferating automatically
through HTML email, and where the malware is propagating through attachments,
people are going so far as to type in passwords contained in the email to
open them. In any complex technology-dependent system - whether it is air-traffic,
car-traffic or network-traffic - extraordinary accidents happen because human
beings either operate the system incorrectly or extend the system's usability
beyond the boundaries originally intended.
The human factor is proving to be the weakest link in the development of recent
global malware epidemics, whether it is the naive user who opens attachments
or malware writers who compete with each other to produce ever more virulent
and fast-spreading forms of code in protracted turf wars. In less than a few
weeks, MyDoom, Netsky and Bagle malware have had thirty new variants between
them. Additionally, Netsky seeks to remove traces of Bagle and MyDoom variants
in a bid to gain a greater share of infected machines.
Malware is becoming increasingly multi-functional and socially aware as it
gains the ability to perpetrate Distributed Denial of Service (DDoS) attacks,
create zombies and send spam without being detected easily. Both RIAA and
the SCO Group have fallen victim to MyDoom DDoS attacks. Malware epidemics
are also being fuelled by organised crime.
Trans-national malware proliferation and protracted hacker attacks show that
the sovereignty of the individual in cyberspace supersedes the sovereignty
of the nation state. A force for common good - the internet - welcomed by
all a decade ago, has now begun to show a consistent dark side. It is just
beginning to dawn on government policy makers and chief executives of organisations
that the global nature of the internet and the rise of the resultant networking
power, creates entirely new and unfamiliar problems of governance and relations
between nation states, businesses and computer-empowered individuals, who
may have their own agendas.
Five Solutions to the rising identity theft and malware problem
With correct set up, administration and defence procedures, it is possible
to protect a Linux, Windows or BSD server from hacker and malware attack.
However, this requires a very high level of training and expertise as well
as a substantial technology investment. In most cases, it is not the Operating
System (OS) alone that lets the system down: inappropriate configuration management,
incapacity to prepare for the impact of third party application exploits as
well as the maintenance of default configurations with unnecessary processes
running are all partially responsible for the high level of attacks against
a particular OS.
The mi2g Intelligence Unit puts forward five graduated solutions to
address malware proliferation and identity theft, which defeat computer hierarchies
and adversely impact the digital eco-system:
1. Migration to upstream data cleansing and vaulting
In the downstream cleansing approach, prevalent at present, the client computers
have full responsibility for prevention of contamination, clean-up and recovery.
End-users can allow any function from their computers to be performed, including
inadvertent DDoS attacks.
When computers are damaged or rendered useless, users bemoan the loss of their
data, not the loss of their machines. It will become increasingly necessary
to offer upstream safekeeping of data with the attendant intrusion detection,
anti-virus, firewall and other counter-measures, which individual users may
not necessarily have the time or expertise to address.
Migrating complex security functionality upstream away from the desktop allows
the comparative advantage of more sophisticated resources and computing capability
at a much lower cost and with improved security, safety and reliability.
The Internet Service Provider (ISP) of the future will offer all safety, security
and data assurance services as part of the internet access charge to individuals,
small to medium size businesses as well as larger organisations.
Upstream cleansing prescriptively maintains a managed security infrastructure
at the ISP level or higher. The anticipated resistance at the home or individual
user level will have to be overcome somehow in the light of the little effect
that education on safety and security has had in preventing malware proliferation.
As computing power migrates upstream it should both reduce the number of points
of fallibility and solve the twin problems of loss and theft of personal data,
the most valuable digital asset in the 21st century. This approach may not
be popular to begin with, especially amongst those who are attached to the
independence they have within the current computing paradigm. As identity
theft gains momentum the objecting voices may be left with no alternative
but to make some concessions.
2. Utility model
The utility model is a computing model which was prevalent in the 1960s, in
which there would be no local capability at the individual level beyond browsing
and other simple tasks, with all other functionality transferred to central
computing facilities or mainframes. This model was deployed because of the
prohibitive expense associated with computing power and storage at the user
level.
The utility model could be introduced as the extreme version of the upstream
data cleansing model, ie, users consume computing power and data storage from
a large pool of processors running generic software, which remain under highly
sophisticated security management at all times.
As it is now clear, individuals are not capable of distinguishing friendly
attachments from malware-laden attachments. Upstream processing which includes
mail and data cleansing takes responsibility away from naive individuals and
home users whilst restricting functionality. However, the home computer is
an entertainment and life-style machine, which synchronises with mobile phones,
PDAs and digital entertainment portals. These require computer peripherals
and software applications. Every home computer will need some dedicated processing
power and therefore a restricted services "not-so-thin" client will
need to be deployed.
3. Total Information Awareness Systems (TIAS)
The other approach would be that of Total Information Awareness Systems (TIAS)
with a specific function to contain malware proliferation, identity theft
and swift growth in the digital crime wave. Within a large organisation with
thousands of employees and other stakeholders, it is necessary to go beyond
defining external boundaries and implementing counter-measures just between
the external and internal interfaces. A security architecture needs to be
deployed where every node on a network is recognised as a potential threat
and TIAS can be employed to look for anomalous behaviour at the human, computer
and communications level.
TIAS make use of the safety model of a warship, where certain critical individual
compartments are left in closed mode whereas others remain in a "ready
to be closed" mode. For example, when going into a port, there is a heightened
state of readiness. If flooded, affected compartments are immediately closed
off to prevent the problem from spreading. TIAS based networks can be blocked
off from the rest of the world following an outbreak as soon as a malware
epidemic or other anomalous behaviour is detected at an operational level
within a department, corporation, metropolitan area or nation state. TIAS
also help to train organisations as mistakes are made, recording the ill-judged
actions that precipitated the problem.
TIAS are a plausible solution for any form of network but they are ineffective
at preventing large scale digital risk events from occurring across the globe,
they simply contain the outbreak for the organisation that has invested in
them.
4. Bio-diversity
Desktops are dominated by the Microsoft OS and application software. At the
server level, Windows, Linux and BSD all play a significant part. In the near
term, it is possible to mitigate the infection rate across an organisation
during a malware epidemic by reducing dependency on computers belonging to
the targeted operating system.
However, it is important to note that malware authors at present have no incentive
for developing malicious code that targets the less popular non-Windows platforms.
Migrating to a non-Windows system for the sake of preventing malware infections
only takes advantage of security by obscurity in the near term and this approach
is not viable in the long term. If there is a known vulnerability and a commercial
incentive exists, any operating system including Linux, BSD or a third party
application can have malware or hacker activated code custom designed to target
it.
5. Law enforcement, legislation and government intervention
There is a lack of coherent strategy at the nation state level to contain
digital risk. The internet is unique in comparison to other media in that
there are no borders and the sovereignty of an individual extends worldwide.
An individual in his home country can carry out a digital crime in a foreign
land without the authorities in the home land being able to prosecute or vice-versa
in many instances.
There is scope for international agreements being made to control malware
proliferation and identity theft. Millions of computers are being turned into
zombies by malware worldwide. What would happen if a globally spawned cyber-catastrophe
leads to a major economy being crippled for a few days? Adequate international
law enforcement is an essential deterrent to prevent such attacks.
Law enforcement agencies from all countries should be better equipped, both
from a logistical standpoint as well as a regulatory standpoint to deal with
the perpetrators and facilitators of digital crime.
Given the potential for carrying out large scale digital crimes unbeknownst
to their owners, computers ought to be subject to periodic checks, although
this resembles a transport license model which could be hard to enforce or
gain support for. Would it be reasonable to require a license to be held in
order to operate the computer of tomorrow, even when it is likely that the
difference between a computer, a mobile phone and other devices is becoming
increasingly diffuse?
"The current situation of excessive malware
proliferation, phishing fraud and spam campaigns has to force user improvements
in the digital eco-system. We are being inspired to innovate: before the end
of this decade we aim to offer the convenience and guaranteed security of
one stop utility computing which will include automatic data cleansing and
data vaulting," said DK
Matai, Executive Chairman, mi2g. "This
next generation of utility computing - which we call D2-Banking - will be
second nature to its users as they enjoy the ability to store and access data
and finances from anywhere at anytime without fear of being hacked or plagued
by malicious software."
[ENDS]
Related Articles:
17th November 2004 - Full compendium
of mi2g speeches released on web
12th November 2004 - Exclusive interview of DK Matai
with Linux/Security Pipeline
12th November 2004 - Deep study: The ongoing Linux Attacks
fallout
6th November 2004 - Experts challenge mi2g security
study: mi2g response
5th November 2004 - The relativistic approach to safety
- uptime versus market share
2nd November 2004 - Deep study: The world's safest
computing environment
2nd March 2004 - Disturbing the sanctity of the Linux
Church
19th February 2004 - The World's safest Operating
System
Coverage:
Information
Security News: mi2g defends its Linux claims - Insecure.org
mi2g
defends its Linux claims - Virus.org
mi2g defends
its Linux claims - The Inquirer
Interviews:
DK Matai with Linux/Security Pipeline - Linuxtimes.net
Exclusive
interview of DK Matai with Linux/Security Pipeline - LinuxSecurity.com
Exclusive
interview of DK Matai with Linux/Security Pipeline - eBCVG IT Security
Apple's
Mac OS X is much more secure than Linux or Windows - MacDailyNews
Furore
over OS security survey - ITWeb
Sloppy
Sysadmins Leave Linux Security Lacking - InternetWeek.com
Sloppy
Sysadmins Leave Linux Security Lacking - CRN
Sloppy
Admins Leave Linux Vulnerable To Security Breaches - Information Week
Linux
is 'most breached' OS on the Net, security research firm says - ARNnet
Linux
is 'most breached' OS on the Net, security research firm says - LinuxWorld
Linux
is 'most breached' OS on the Net, security research firm says - ComputerWorld
Security
company defends Linux-is-vulnerable survey - HNS
The
world’s safest computing environment - TechCentral
mi2g response:
Experts challenge mi2g security study - eBCVG IT Security
PC
Pro: Security Company Defends Linux-is-Vulnerable Survey - linux today
Study:
Linux Is Least Secure OS - WindowsITPro
Linux
Most Breached OS, Says New Report - CXO Today
Survey:
Mac OS X most secure, Linux least - ITWeb
Mac
OS X, BSD Unix top security survey - Neowin.net
Mac
OS X, BSD Unix top security survey - Computer World
Study:
OS X World's Safest OS From Security Attacks - MacNewsWorld
Study
Recommends Mac OS X as Safest OS - Slashdot
Mac
OS X, BSD Unix top security survey - MacCentral
Security:
Mac OS X Good, Linux Bad - eBCVG IT Security
Study:
Apple's Mac OS X 'world's safest and most secure' operating system - MacDailyNews
Study:
OS X World's Safest OS From Security Attacks - the Mac Observer
The world's
safest computing environment - eBCVG IT Security
Mac
OS X - 'world's safest' - Macworld Daily News
The
world's safest computing environment - TechCentral
mi2g is at the leading edge of building secure on-line banking, broking
and trading architectures. The principal applications of our technology are:
1.
D2-Banking;
2.
Digital Risk Management; and
3.
Bespoke Security Architecture.
mi2g pioneers enterprise-wide security practices and technology to save
time and cut cost. We enhance comparative advantage within financial services
and government agencies. Our real time intelligence is deployed worldwide for
contingency capability, executive decision making and strategic threat assessment.
mi2g Research Methodology: The Frequently Asked Questions (FAQ) List
is available from
here in pdf. Please
note
terms and conditions of use listed on
www.mi2g.net
Full details of the latest monthly 2004 report are available and can be ordered
from here.
(To view contents sample please click here).
Big Three malware cause heavy productivity losses in
Q1 2004
Poor business processes and auditing holes exacerbate damage
London, UK - 16 March 2004, 15:00 GMT - The Big Three malware families
of 2004, ie, all variants of Bagle, MyDoom and NetSky combined, have caused
the loss or misallocation of 72 million Equivalent Person Days (EPDs) worldwide
over the last two months across corporations, government organisations and
homes according to the mi2g intelligence Unit, the world leader in digital
risk. As an average for the last 60 days, the daily sustained loss is 1.2
million EPDs worldwide, the highest ever.
[CONTINUES]
Full details of the February 2004 report are available as of 1st March 2004
and can be ordered from here.
(To view contents sample please click here).
If you are already a member
of the Inner Sanctum you should have been emailed a full copy. To retrieve
the original article please fill out the order
form.
