Gary Warner – TRANSCRIPT
Let me ask you a simple question to get us started here. If you’re the victim of a crime, what do you do? I’ll give you a little hint.
So, let’s say as you leave the audience today, you go out to your car, your windows smashed of your vehicle, your stereo’s gone. So, you’re going to call the….. (Audience) Police. Very good.
Okay, you’re at a bar, you walk out with your friend, someone sticks a gun at you and says, “Give me your wallet.” So, you give him your wallet and then you call the – (Audience) Police. Right! You get home, somebody’s kicked in your door, your stereo, TV….. Everything’s missing, out of your house. So you call the… (Audience) Police. Very good.
You have that strange email that says your bank needs to have you reset your passwords, so, you go to the website and the next time you check your balance you realize you’re down $400 because you’ve wired money to a place you’ve never heard of. So you call the… Bank? Your friends are all calling you and telling you that they hope you’re okay. They’ve got an email that says you’re stranded in London and you need to have them wire you some money, so you call your… Email provider ?
Your kids want that new Xbox 1 for Christmas but you weren’t going to camp out for 48h at Wallmart. So you try to buy one on eBay and the guy says you have to wire him the money in order for him to guarantee a Christmas delivery so you send him $700 but you never get the Xbox. So you call… eBay? Why do we call it “Cyber Crime”, but we don’t call the police?
Well, I have a little personal experience with this because we had an incident in our family.
And I said well, I’m a criminal justice kind of guy. I know the DA, I’m going to go talk to the district attorney. He says: “Look, Gary, let’s say you can find the person in San Diego. You know what happens next? I, the DA have to fly them back to Birmingham, put them up a safe place where they reside until such time as we have a trial, feed them, he says, “I’ll have to spend far more than $1800 you lost. Call your bank and get the money back.” That’s not enough for me. I have connections everywhere. So I called someone in San Diego, I managed to get an introduction to the San Diego sheriff. Okay, one of his deputies. But, I realized, the problem was the plane ticket. Right?
So, he says, “We’d be happy to investigate this crime for you Mr. Warner, tell you what, just send me a affidavit that says you or your wife will fly to San Diego at your own expense, stay in a hotel for a week and pay for all your own meals if we catch the criminal, because without a witness in the stand, it’s not going to do us any good. I said, well that would cost me more than the $1800 I lost! He said, “Right, call your bank, get the money back!”
Well, I’ve been trying to connect the dots on these crimes because how many people think that’s the only person they ever stole $1800 from? Right! So, all the way back in 1992, I was working at a local university and, I started having these problems because we made this mistake, we plugged ourselves into this thing we call the Internet and as soon as we did that, we exposed ourselves to hackers and viruses and all sorts of problems. And this was before we had anti-virus or firewalls and, so, I found that the secret was sharing information.
I spent a great deal of my waking hours, and believe me I have more of them than you do, tracking down these people and helping by sharing what I had learned about these crimes with other people around the Internet. I help them protect themselves, they help me protect my network. And my boss came to me and he says, “Gary, you’re spending way too much on this. You’re spending all of your time chasing these bad guys; it’s not your Internet!” That was a formative moment for me.
I still remember exactly how that conversation went, I said, “The hell it’s not. My people created this Internet, computer scientists. We invented this and gave it to the world as a gift, and somebody’s out there trying to destroy it by using it to steal your money and your passwords, and your secrets and your documents. I’m going to stand at the end of my internet driveway and protect what’s mine and I hope other people will do the same to protect what’s theirs.
Well, so why doesn’t it work? What if we treated physical crime the way we treat cyber crime? What if we told you when you got home and your door was kicked in, it was your fault you’re a victim, because you didn’t have enough locks on your door? It was your fault you were a victim, because you didn’t have bars on your windows. You should have had a motion detector. If you had an attack dog in the yard, that would be nice, maybe a brick wall around the perimeter with barbed wire – that’s what you needed, because it’s your fault you were a victim. That’s not how we treat physical crime.
Why do we do that with cyber crime? Why is it your fault that your anti-virus wasn’t up to date? Or you didn’t have the most recent security patch? if you’re a victim of a cyber crime, someone tells you that you should buy a firewall. No, you should buy intrusion detection software, what you really need is intrusion prevention software. Actually you probably should hire a manage security services company to go through all of your logs for you to make sure that you didn’t miss an attack.
Why is it your fault if you’re a victim of a cyber crime? Somewhere along the way we decided that market forces should reign and that the industry would tell you, what you needed to do to protect your self from crime. I have a friend in Japan, he re-tweeted me this morning actually. He told me that in Japan, they had a service they were rolling out where you could call it “government phone number” and they’d send someone to your house to remove the virus for you. I said, that’s ridiculous! How could you do that? He said to me very seriously, Isn’t it the government’s job to protect you from cyber crime? Isn’t it the government’s job to protect its citizens?
And I said, “Not in the United States. Not with cybercrime!” I heard a story from Richard Clarke, I was at the DARPA Cyber Colloquium in 2011 and he said, “What if in the Cold War, President Kennedy had said ‘Hey, General Electric, General Motors and Ford, I need you all to come to the White house, have a little meeting.’ And he said, ‘I’ve got something to tell you.’ The Russians may come after us! So here’s what we’re going to do. I’ll take care of defending the government facilities, but you guys might want to look into some anti-aircraft, and maybe some fighter planes because you’re on your own.'” But that’s exactly what we’ve done with cyber crime.
The government’s actually built this wall around their network and they have trusted Internet connection points, these draw bridges where they’ve put in Einstein 3 billion dollar sensor there to make sure that nothing bad comes into the castle. The problem with that is that we’re all on the outside of the castle. The government has said, we should use these industry solutions to protect ourselves but they’re all building a billion dollar wall that we don’t have access to. I know, I have lots of friends and legislators both in the state and national level, and one nice thing about the legislators, they’ve never heard of a problem that the solution wasn’t another law.
Let me share one of these laws with you. In Alabama, we now have a law that says it’s a Class C Felony to access a computer without authorization for the purpose of devising or executing any scheme or artifice to defraud or obtain property. And if you steal at least $5000 dollars or $2500 that’s a Class C felony, that means you can go to jail for up to 20 years. Now is that an Alabama thing? No, that’s a Federal thing. The Federal Government calls it “Title XVIII section 10.30 Fraud.”
With regard to a computer and if you commit that crime and steal at least $5000 you’re going to go to jail for 10 years. If you do it to more than 10 computers, you’re going to get an extra 2 years for “Aggravated Identity Theft”. Sounds pretty good. I bet the criminals are scared of that. I think, she’s holding a Class C Felony right there in her hands. She was so afraid of this law as she and her friends stole $220 million dollars from tens of thousands of Americans that she posted that picture on her Facebook wall. Now, we measure crime, the government has this rule that the government has shared with – are you guys reading ahead? –
The government has laws that say that we should have every municipality, every county, every state report up to the Federal government, to the department of Justice, every time a crime happens, so they measure aggravated assault, and rape and burglary, and murder, and all of these physical crimes and you know what the measurements are showing that every category of crime is falling. But, what we don’t measure, there isn’t even a category not a box that you can check as you do your police report that says: to report a cyber crime. And as this teller is pointing out to his criminal, “You know, you can do this just as easily online”. Is physical crime falling because cybercrime is going up? But nobody’s counting! We don’t even have the terminology or the technology, to count the estimates of how many dollars are lost to cyber crime range from $52 billion in the US per year to a trillion dollars. That’s a pretty wide range.
Now, so, we have to rely on industry and researchers to come up with some of these statistics. Symantec says that there are 18 new victims of cyber crime per second. Think about that. 18, 36, 54, 72, 90, 108. We just had 100 new victims of cybercrime. How many of them do you think called the police? Consumer reports has a report that they survey people about various kinds of victimization. They said that in 2012 we had 9 million Americans who fell victim to phishing, those fake bank websites, and 58 million had malware that they to spend time and money to remove from their computer.
In fact, just the cost of removing the computer viruses was 4 billion dollars; that’s not how much money was stolen, that was the cost to respond to it. 19 million Americans had money taken off their credit cards without their authorization, 10 million had money taken from other forms of accounts and despite all of the technology we can offer 43% of American’s still say they’re experiencing heavy volumes of spam. So what do we do about it?
I’ve chosen to do quite a bit about it I think. I went to my boss at the oil and gas company where I was the IT director. They’ve been very generous loaning me out to the FBI to help with the cases and to help with the InfraGard program. And I said I’m going to resign. He said, what’s wrong? I said, I’ve got to go make my own FBI agents. And he said, I don’t understand. I said, I’m going to go find a university that will let me teach people how to fight cybercrime the right way. And he said, where’re you going to go? I said, well I’ll start with my alma mater, at UAB.
I went to UAB’s administration and I said, I’d like to do this, I laid out my plan. They said, well I don’t understand the objective. I said, well I’m going to get a 100 new FBI agents that I trained. Well how is that working? Well we have students in the FBI and in the CIA and the NSA. We have students working at Microsoft and Paypal; we have students at VISA and Bank of America and Regents Bank. We’ve got students all over the world who are fighting cybercrime the way I do.
But what about you? Isn’t it your Internet, too? What can you do? Well remember the $1800 that I had missing. What if you had $400 missing but you didn’t call the police? And the same criminal took $400 from you. And from you. And in fact from 10 thousand people. Eventually, that adds up to money. Well, what are we going to do? The DHS has this things which says, “if you see something, say something”. Well, say something, call the police. And if they don’t respond the way you think they should, let your elected officials know. Tell you congressmen and your senators tell your governor, your DA, you attorney general. I’d like you to change the way we fight cybercrime. And in the meantime, send that evidence to me. We’ll help you connect the dots. Thank you.
Related Posts
- The Dark Subcultures of Online Politics – Joshua Citarella on Modern Wisdom (Transcript)
- Jeffrey Sachs: Trump’s Distorted Version of the Monroe Doctrine (Transcript)
- Robin Day Speaks With Svetlana Alliluyeva – 1969 BBC Interview (Transcript)
- Grade Inflation: Why an “A” Today Means Less Than It Did 20 Years Ago
- Why Is Knowledge Getting So Expensive? – Jeffrey Edmunds (Transcript)