By Dr. Antonio Nucci, CTO, Narus (News - Alert), Inc.

 

The Internet has become the central nervous system for our networked life. As a global network of loosely connected IP-based networks, it reaches into every country and provides governments, businesses and consumers worldwide with a common platform for communication. And now, a new kind of criminal has emerged.

 

As the 21st century criminal has moved into new realms and dimensions, law enforcement agencies and government organizations are in hot pursuit. The pervasive nature of cyber crime ranges from loss of proprietary corporate information to the loss of life, from national security to cyber warfare. From predators exchanging child porn and scammers stealing identities to countries attacking countries, cyber crime does not discriminate.

 

 

The FBI estimates that all types of computer crime in the U.S. now cost industry about $400 billion, while officials in the Department of Trade and Industry in Britain say computer crime has risen by 50 percent from 2005 to 2006. It is estimated that only 5 percent of cybercriminals are ever arrested or convicted because the anonymity associated with Web activity makes them hard to catch, and the trail of evidence needed to link them to a cyber crime is hard to unravel. CERT/CC estimates that as much as 80 percent of all computer security incidents remain unreported, as reported by SearchSecurity.com. Steps must be taken before we can successfully combat cyber crime.

 

First, we must understand the language and dialects (i.e. protocols, applications and services) spoken in the cyber world. Although the importance of traffic monitoring has always been seen as a fundamental step in the process and attracted many researchers and industry communities, the problem is far from being solved. As networks got faster and network-centric applications got more complex over time, what was roughly our “good” understanding of the Internet traffic a few years ago turned out to be a terrifying realization that today the “what we do not know” has largely surpassed the “what we know.”

 

It is clear that our true understanding of the protocols, applications and services carried by the cyber infrastructure continues to diminish as we speak. A special project called Lobster – aimed at developing an advanced pilot for the European Internet Traffic Monitoring Infrastructure based on passive monitoring sensors at speeds starting from 2.5 Gbps up to 10 Gbps – has shown that the amount of unrecognized traffic has increased from 30 percent in 2002 to 69 percent in 204 – more than double in just two years. The answer to the question “How do we bridge this knowledge gap?” remains open.

 

Second, we must identify cyber users and communities of cyber users whose activity and content may harm the safety and transparency of the cyber world. The speed and asynchronous nature of the cyber world communication makes it an ideal platform for rapidly mobilizing a group of like-minded users. Associations can emerge on all size scales and can be geographically local or dispersed. They can form around very specific issues and then die out quickly. They may remain loosely connected and dispersed or eventually coalesce into more structured and hierarchical forms. Of course, like all advances in communication technology, the cyber world is useful not only to legitimate political and civic groups but also to criminal and terrorist groups. Blog sites, news sites and social sites have indeed become an ideal arena for such users to “phish” for information and coordinate their criminal or terrorist activities lost in the ocean of legal digital transactions and communications, and while hidden among the massive number of innocent cyber users. The answer to the question “How do we identify users engaged in suspicious activities that can span many different Web sites at once?” remains open.

 

Third, it is important to identify the real person behind an alias or cyber-identifier used to enter the cyber world. A critical problem in this digital world is not knowing with whom you are interacting. The difference between the real space and the cyber world is that the essence of any digital transaction is unbundling. In the cyber world, users can unbundle their identity from content and transactions. Conversely, a real-space transaction carries along inseparable secondary information that can be leveraged to uniquely trace a transaction to a living person.

 

Currently, no generic system exists for identification in the cyber world. Ones and zeros do not inherently carry any separate information along with them. Further, in the cyber world users have control over the strength of the link between their real world and their cyber-identities. So, how feasible is it from a technology perspective to reconstruct the missing link between the user identity in the cyber world and his or her real-world identity? Again, this question remains open.

 

 

While the cyber world is seen as a “dark” space and governments have increasingly expressed their concern about the cyber world’s role in public safety and national security, we still have not done enough to shed light on the cyber world and its users.

 

To do so, we must first understand it. The cyber infrastructure must not be thought of as just the physical infrastructure made of optical fibers, servers and routers. Rather, the cyber infrastructure is also about protocols, applications and services being used to enable communications among any number of end points, or users. We must discover who is behind the nickname, Mac or IP address, or VoIP number – perhaps by using novel biometric techniques to profile users’ communication as they access the cyber world. Reconstructing today’s missing links between the cyber ID and the real person would make the cyber world a safer place to visit.