Preventing fraud is within our grasp
IPv6 was announced four years ago. Where is it now that it is really needed? asks Keith Humphreys
Financial institutions are losing $20bn a year because of identity theft, yet much of this is going unreported because of the institutions’ embarrassment and fear of the loss of public confidence that admitting such incidents would cause.
The number of phishing scam reports received in July 2005 by the Anti-Phishing Working Group was 14,135 and more than nine million phishing emails were collected in May 2005 by MessageLabs. It has been estimated that recipients click on 15 per cent of these fraudulent emails.
This is organised crime, much of it emanating from Russia. So what can be done to prevent it happening? Security devices – anti-spam, intruder detection, intruder prevention – are going some way towards helping, but the answer surely lies in fixing the root causes of fraud, and not just finding the culprits.
The latest IP version, IPv6, not only fixes the limitation of internet addresses of IPv4, but also brings much-needed security. And security that is inherent will stop the security breaches caused by ‘passing-off’.
Bob Metcalfe, the man widely credited with being the inventor of Ethernet, said in a recent interview: “There are a lot of firewalls and proxy servers and a bunch of crap out there that we can eliminate if we have IPv6. So let’s get on with it. I notice now on my Macintosh I have the option of turning on IPv6. I know Cisco has IPv6 ready to go. I know Microsoft has IPv6. Who else do you need?”
Security is not a Cisco problem, nor a Microsoft problem, but because of their ubiquity, both manufacturers, are heavily targeted by fraudsters.
At the Black Hat security conference in San Francisco in July, security researcher Michael Lynn demonstrated a problem with Cisco routers. Not to comprise a Cisco partner, Lynn had resigned from security software firm Internet Security Systems days before the presentation. Indicating the magnitude of the problem, he described it as the “digital Pearl Harbour”.
To date no one has taken ownership of security issues, but when financial institutions start losing such vast sums because of identity theft there is pressure placed on everybody.
The security problem stems from flaws in the design of the internet, or more accurately its evolution over three 10-year spans: in 1983 the internet was released to academia; in 1993 the web appeared commercially and in 2003 voice over the internet takes off.
The answer lies in the combined strength of Cisco and Microsoft. If both these companies made a concerted effort to implement IPv6 the problem could be solved – and not simply by putting sticking plasters on it but by using radical surgery.
EuroLAN has identified more than 3,500 resellers across Europe selling security devices and software. They are doing a good job and will always have a role to play, but they may find that they need to rely more on a consultancy sell than on revenue from product sales alone.