Essays in the Category "Economics of Security"

Page 1 of 4

How to Cut Down on Ransomware Attacks Without Banning Bitcoin

  • Bruce Schneier and Nicholas Weaver
  • Slate
  • June 17, 2021

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. Now, it’s become the criminal business model of the internet for two reasons. The first is the realization that no one values data more than its original owner, and it makes more sense to ransom it back to them—sometimes with the added extortion of threatening to make it public—than it does to sell it to anyone else. The second is a safe way of collecting ransoms: Bitcoin.

This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from. Lee Reiners, executive director of the Global Financial Markets Center at Duke Law, …

Why Was SolarWinds So Vulnerable to a Hack?

It’s the economy, stupid.

  • The New York Times
  • February 23, 2021

Ukrainian translation

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including U.S. government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

It was a huge attack, with major implications for U.S. national security. The Senate Intelligence Committee is scheduled to …

Hacking the Tax Code

  • Bruce Schneier
  • IEEE Security & Privacy
  • September/October 2020

The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input—financial information for the year—and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and special cases. It consists of government laws, rulings from the tax authorities, judicial decisions, and legal opinions.

Like computer code, the tax code has bugs. They might be mistakes in how the tax laws were written. They might be mistakes in how the tax code is interpreted, oversights in how parts of the law were conceived, or unintended omissions of some sort or another. They might arise from the exponentially huge number of ways different parts of the tax code interact…

Bruce Schneier says we need to embrace inefficiency to save our economy

  • Bruce Schneier
  • Quartz
  • June 30, 2020

It took a global pandemic and stay-at-home orders for 1.5 billion people worldwide, but something is finally occurring to us: The future we thought we expected may not be the one we get.

We know that things will change; how they’ll change is a mystery. To envision a future altered by coronavirus, Quartz asked dozens of experts for their best predictions on how the world will be different in five years.

Below is an answer from Bruce Schneier, a security expert focused on technology. He is a fellow at the Berkman Klein Center for Internet & Society at Harvard University and a lecturer in public policy at the Harvard Kennedy School. He is also the author of more than a dozen books—his latest, …

Lessons From the Dyn DDoS Attack

  • Bruce Schneier
  • SecurityIntelligence
  • November 1, 2016

A week ago Friday, someone took down numerous popular websites in a massive distributed denial-of-service (DDoS) attack against the domain name provider Dyn. DDoS attacks are neither new nor sophisticated. The attacker sends a massive amount of traffic, causing the victim’s system to slow to a crawl and eventually crash. There are more or less clever variants, but basically, it’s a datapipe-size battle between attacker and victim. If the defender has a larger capacity to receive and process data, he or she will win. If the attacker can throw more data than the victim can process, he or she will win…

"Stalker Economy" Here to Stay

  • Bruce Schneier
  • CNN
  • November 20, 2013

Google recently announced that it would start including individual users’ names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached—without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on its website.

These changes come on the heels of Google’s move to explore replacing tracking cookies with something that users have even less control over. Microsoft is …

A Fraying of the Public/Private Surveillance Partnership

  • Bruce Schneier
  • The Atlantic
  • November 8, 2013

The public/private surveillance partnership between the NSA and corporate data collectors is starting to fray. The reason is sunlight. The publicity resulting from the Snowden documents has made companies think twice before allowing the NSA access to their users’ and customers’ data.

Pre-Snowden, there was no downside to cooperating with the NSA. If the NSA asked you for copies of all your Internet traffic, or to put backdoors into your security software, you could assume that your cooperation would forever remain secret. To be fair, not every corporation cooperated willingly. Some fought in court. But it seems that a lot of them, telcos and backbone providers especially, were happy to give the NSA unfettered access to everything. Post-Snowden, this is changing. Now that many companies’ cooperation has become public, they’re facing a PR backlash from customers and users who are upset that their data is flowing to the NSA. And this is costing those companies business…

Why It's So Easy to Hack Your Home

  • Bruce Schneier
  • CNN
  • August 15, 2013

Last weekend a Texas couple apparently discovered that the electronic “baby monitor” in their children’s bedroom had been hacked. According to a local TV station, the couple said they heard an unfamiliar voice coming from the room, went to investigate and found that someone had taken control of the camera monitor remotely and was shouting profanity-laden abuse. The child’s father unplugged the monitor.

What does this mean for the rest of us? How secure are consumer electronic systems, now that they’re all attached to the Internet?

The answer is not very, and it’s been this bad for many years. Security vulnerabilities …

Take Stop-and-Scan with a Grain of Salt

Security Has Become a For-Profit Business

  • Bruce Schneier
  • New York Daily News
  • March 3, 2013

This is an edited version of a longer essay.

It’s a new day for the New York Police Department, with technology increasingly informing the way cops do their jobs. With innovation come new possibilities, but also new concerns.

For one, the NYPD is testing a security apparatus that uses terahertz radiation to detect guns under clothing from a distance. As Police Commissioner Ray Kelly explained back in January, “If something is obstructing the flow of that radiation, for example a weapon, the device will highlight that object.”

Ignore, for a moment, the glaring constitutional concerns, which make the stop-and-frisk debate pale in comparison: virtual strip-searching, evasion of probable cause, potential profiling. Organizations like the American Civil Liberties Union are all over those, even though their opposition probably won’t make a difference. We’re scared of terrorism and crime (even as the risks decrease), and when we’re scared, we’re willing to give up all sorts of freedoms to assuage our fears. Often, the courts go along…

Why Framing Your Enemies Is Now Virtually Child's Play

In the eternal arms race between bad guys and those who police them, automated systems can have perverse effects

  • Bruce Schneier
  • The Guardian
  • October 15, 2009

A few years ago, a company began to sell a liquid with identification codes suspended in it. The idea was that you would paint it on your stuff as proof of ownership. I commented that I would paint it on someone else’s stuff, then call the police.

I was reminded of this recently when a group of Israeli scientists demonstrated that it’s possible to fabricate DNA evidence. So now, instead of leaving your own DNA at a crime scene, you can leave fabricated DNA. And it isn’t even necessary to fabricate. In Charlie Stross’s novel Halting State, the bad guys foul a crime scene by blowing around the contents of a vacuum cleaner bag, containing the DNA of dozens, if not hundreds, of people…

1 2 3 4

Sidebar photo of Bruce Schneier by Joe MacInnis.