Will you stop with all your 'cybering' already?

When someone starts warning you of "cyberthreats", check your wallet and keys. You're probably about to be conned.
Written by Stilgherrian , Contributor

Have you noticed that some folks have been talking up the cyberthreat mighty hard. Cybercrime is "the greatest transfer of wealth in history", said General Keith Alexander, director of the US National Security Agency (NSA), last year, parroting then-McAfee vice-president Dmitri Alperovitch. Last week, McAfee's current chief technology officer warned that the security landscape is on its way to a complete breakdown. And in this country, we're getting a "world-class facility" in the Australian Cyber Security Centre to deal with all the "malicious cyber activity".

Now obviously, bad things are happening online. And obviously, with more people online every year, and each of those people doing more things, there's more to attract the Bad Guys — whether they be nation-state sponsored spooks or common criminals. As William "Slick Willie" Sutton is supposed to have said (but probably didn't) when asked why he robbed banks, "because that's where the money is".

Being alert to changing crime trends is one thing, blatant misrepresentation of reality quite another. Over the last year or so, and especially the last few weeks, facts and logic are being ignored as all this cybering approaches a sweaty climax.

According to Manhattan District Attorney Cyrus Vance, cybercrime isn't just a growing trend, it's a fundamental shift in the way modern crime works. "Cybercrime is the fastest growing crime trend in New York and around the country ... The Manhattan police precincts now record cybercrime and identity theft as their most frequently reported complaints," he reportedly told a conference last month.

"It is rare that a case does not involve some kind of cyber or computer element that we prosecute in our office."

Goodness me. It all sounds very cyberscary. Until you read on, that is, and discover that this "cyber or computer element" might be something as basic as "a gang case, where the gang members are posting on Facebook where they're going to meet".

So now that computer-mediated communication is the way all of us organise our daily lives, and with the crims using Facebook, that makes it a "cybercrime" that requires special new "cyberpowers" to investigate — in the same way that using the phone previously made it a "telephone crime" or driving away from the crime scene in your getaway car made it an "auto crime". Oh, wait.

Here in Australia, our new Attorney-General Mark Dreyfus has been just as flexible with the logic.

Launching the 2012 Cyber Crime and Security Survey Report from CERT Australia last month, Dreyfus noted that as some of the first Australia-specific research into the impact of cybercrime, this report will "establish baseline information on cyberattacks". And it does, provided you ignore some of the bizarre side effects of its tiny-N survey — such as "revealing" that the food industry is 100 percent compliant with IT security standards compared with the defence industry's figure of just over 30 percent.

Image: Screenshot by Stilgherrian/ZDNet

What's more disturbing is the report's finding that "over 90 percent of respondents deployed firewalls, anti-spam filters, and anti-virus software". Meaning that nearly 10 percent didn't have these basic precautions. And we're talking the critical-infrastructure and government clients of CERT Australia here, not the unwashed masses. But that's a story for another time.

The very first sentence of Dreyfus' media release claimed that the report "shows cyberattacks are becoming increasingly targeted and coordinated". Sorry, attorney-general, but this first-ever report gives us only one set of data points, so by definition, it can't possibly tell us anything about changes over time.

What's driving this need to be economic with the truth? Well here's a few clues.

Ignore Vance's warnings of imminent cybergeddon. Pull the NYPD crime stats and you'll discover that New York crime rates have been plummeting. Murders are down from 2,262 in 1990 to "only" 419 in 2012. Robberies down from 100,280 to 20,169. Burglaries down from 122,055 to 19,190. Grand larceny down from 108,487 to 42,596. And so on.

Do you think that Mr Vance might perhaps be talking up the cyberthreat to maintain his city-funded budgets, given that he's got far fewer crimes to investigate and prosecute? Maybe just a little?

Over in the US defence sector, it turns out that cybersecurity isn't the shower of gold that contractors had imagined. According to a Defense News report, cybersecurity staff are being sacked as part of a "growing recognition by the industry" that cyber will never reach the scale of military aircraft or ship programs.

"The myth is that it's the fastest growing capability around, that there is tremendous pent-up demand, and it is a river of milk and honey for everyone, when the reality is that it's not that," Roger Cressey, senior vice president at Booz Allen Hamilton, is reported as saying.

While the "cyber-" prefix is being usedmuch the same way as the "e-" prefix a few years ago, there's one key difference. Only bad things are cyber. Cybercrime, cyberbullying and cyberwar, yes; but not cyber education or cyberhealth. Cyber is the label on all the scare stories.

The questions to ask are "Who wants me to be scared?" and "Why?"

Editorial standards