The internet will never be secure: Sourcefire

The internet will never be secure: Sourcefire

Summary: Securing the internet is impossible, unless you make fundamental changes to its structure, but then it won't be the same, according to a Sourcefire researcher.

TOPICS: Security

The information security problem will never be completely solved unless the internet is fundamentally changed for the worse, according to Sourcefire senior research analyst Alex Kirk.

Speaking to ZDNet, Kirk said it was naive to think that crime could be eliminated from the internet, and anyone who thought so didn't understand technology.

"Anyone who makes specific date predictions about technology is a fool, in my opinion. You're not going to solve the problem of security on the internet on a large scale, without completely changing the fundamental underpinnings of the internet — and not in a positive way."

"In order to effectively stop all cyber crime, you'd have to lock the internet down to the point where it'd lose its allure. You'd lose usablility in the process."

Kirk also addressed recent bold statements made in the industry, by Kaspersky Labs founder Eugene Kaspersky, that the "golden age of cybercrime" would be over in two years.

"I think they're full of s**t," Kirk said.

"I don't think it will be over. You might see a decline in cyber crime, you might see a rise in it."

However, Kirk did say that he thinks security could be better than it is at the moment.

"We're probably in a particularly ugly point in the history of internet security."

One type of behaviour that Kirk said Sourcefire has observed recently, is a surge in attacks that take advantage of supply and demand market mechanics.

For instance, identifying that tickets for the London 2012 Olympics have been sold out, hackers and scammers are using phishing emails to capitalise on a market that has a huge demand and very little supply, promising to on-sell tickets to those desperate enough to fall for the scam.

Likewise, Kirk said that users were being taken in by their hunger for breaking news, particularly around natural disasters. According to Kirk, unlike regular industry news, natural disasters don't always have an official related organisation that users can trust for information.

"It's easier to throw something together that doesn't look like something out there already, because folks are desperate for news on something like this. And there's no expectation about what sort of logos might be affiliated with something, or what organisations might be discussing it," he said.

Topic: Security

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Internet wont be secure

    Yup its our duty to safeguard our valuble datas.
  • The Internet Doesn't Need To Be Secure

    The Internet is not like the phone network. There is no central authority in control of it, that everybody trusts. Instead, all the smarts (and the trust) is in the endpoints. Standard, commonly-used protocols like SSL/TLS and SSH are quite capable of running securely over insecure connections.
  • Have to agree

    I agree. Criminals will exploit any system that relies on human naivety and trust, and the Internet is no exception. Everything from Nigerian Prince scams, lottery scams, "free" anything scams... anything where people can get great things for free (or a small investment) will circulate while people are around to trust them.

    Yes, we have technology such as firewalls, VPNs and encryption to secure our connections. But all it needs is one person to be misguided enough to accept one of these scams to bring it undone.