The internet will never be secure: Sourcefire

Securing the internet is impossible, unless you make fundamental changes to its structure, but then it won't be the same, according to a Sourcefire researcher.
Written by Michael Lee, Contributor

The information security problem will never be completely solved unless the internet is fundamentally changed for the worse, according to Sourcefire senior research analyst Alex Kirk.

Speaking to ZDNet, Kirk said it was naive to think that crime could be eliminated from the internet, and anyone who thought so didn't understand technology.

"Anyone who makes specific date predictions about technology is a fool, in my opinion. You're not going to solve the problem of security on the internet on a large scale, without completely changing the fundamental underpinnings of the internet — and not in a positive way."

"In order to effectively stop all cyber crime, you'd have to lock the internet down to the point where it'd lose its allure. You'd lose usablility in the process."

Kirk also addressed recent bold statements made in the industry, by Kaspersky Labs founder Eugene Kaspersky, that the "golden age of cybercrime" would be over in two years.

"I think they're full of s**t," Kirk said.

"I don't think it will be over. You might see a decline in cyber crime, you might see a rise in it."

However, Kirk did say that he thinks security could be better than it is at the moment.

"We're probably in a particularly ugly point in the history of internet security."

One type of behaviour that Kirk said Sourcefire has observed recently, is a surge in attacks that take advantage of supply and demand market mechanics.

For instance, identifying that tickets for the London 2012 Olympics have been sold out, hackers and scammers are using phishing emails to capitalise on a market that has a huge demand and very little supply, promising to on-sell tickets to those desperate enough to fall for the scam.

Likewise, Kirk said that users were being taken in by their hunger for breaking news, particularly around natural disasters. According to Kirk, unlike regular industry news, natural disasters don't always have an official related organisation that users can trust for information.

"It's easier to throw something together that doesn't look like something out there already, because folks are desperate for news on something like this. And there's no expectation about what sort of logos might be affiliated with something, or what organisations might be discussing it," he said.

Editorial standards