NewsDude

Eugene Spafford is executive director of Purdue University's Center for Education and Research in Information Assurance and security, one of the world's leading centers for information security. His research focuses on issues related to securing computers, networks and their data against criminal activities and failures. He has testified before various congressional committees, advised agencies within the executive branch and worked with the U.S. military and the FBI. Here, freelance science writer Susan Gaidos questions Spafford about computer security issues.
You've been tracking computer security breaches for 30 years. What trends have you seen over that time, and what new problems are emerging?
The change in the computational environment has led to changes in what we've seen as "incidents." In the 1990s, most of what we saw as "untoward behavior" was neither malicious nor criminal. Some of it came from individuals who were new to the Internet and didn't have a complete handle of what it was they were doing. Others -- the classic hackers -- did it for bragging rights or to prove to others their skill.
We're now seeing a tremendous amount of criminal fraud perpetrated through the Internet, and much of it organized with an international reach. Things like credit card fraud and phishing for identity theft fall into this category. We're also seeing greater sophistication in... theft of intellectual property and information by transnational organizations and governments. Here we're talking about the invasion of corporate and government machines to steal advanced designs, or to extract political and personal information.
Who's policing the Internet and how is that being done?
It isn't, and that's part of the problem. I've been working with some law enforcement agencies trying to track down fraud that appears to be coming from other countries. Some of it maybe originating in those other countries, but some of it...

More...