They're doing this all wrong. Trying to stop "Cybercrime" by taking away the privacy and tools to help secure the innocent and corporations from the malicious natured "cracker" is the wrong way to handle it. If you want to prevent or crack down on the amount and frequency of "cybercrime attacks" then it will take a completely different approach.

You must first enforce the usage of encryption. Yes, I said enforce it. One of the primary vulnerabilities of the internet is the fact that almost everything is sent across plain text. If new protocols that included encrypted communications were used and enforced as new standards that would make a lot of problems go away. One of the main things a cracker can do is put a sniffer out there and acquire users passwords and other sensitive information that can be used against that particular network or computer system. Even if you make it illegal for tools such as sniffers to be distributed or sold there are enough programmers out there (and enough potentially malicious ones) that they will just write their own sniffer.

This programming of ones own tools will happen everywhere just as it did in the past except the people are much more skilled than prior years. There are more programmers and highly computer literate people than there ever was before and the numbers will only continue to grow. By putting laws or restrictions against having security auditing tools (which in turn can be used to actually crack into systems and networks), you will only weaken what little security corporations and the internet currently has.

What it will take to cut down on "cybercrime" is to enforce that the major players in the computer corps (i.e. Microsoft, Sun Microsystems, Macintosh, Linux) develop more secure operating systems. It will take putting measures on the network corps such as Cisco to ensure there networking devices are more secure. Ultimately, it will take design, implementation and a lot of manpower. This is good, because not only will the peoples rights not be infringed upon but it will open up a huge job market.

At the stage the internet is at, it will never work to simply tell everyone that they cannot have or use security/hacking tools and also take away their freedom. The internet community has enough programmers that those who merely want to protect the freedom will write there own encryption software. The ones who want to be malicious and crack into systems and networks will still do so and now they will be less hampered. Security on the internet cannot be obtained through obscurity and telling the "bad people no!". The problems of security in our technological world must be addressed and solved with technology. (And that does not through taking away peoples freedom and rights.)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/39/2031#2031