Full disclosure up front: Joe Menn, the author of "Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet" and a tech reporter for the Financial Times, is a friend and former colleague of mine here at The Times. Nevertheless, I think even an unbiased observer would say that "Fatal System Error" is a compelling read, despite the fact that it's nonfiction (or maybe because it's nonfiction). It's also a very frightening book.
By retracing the steps taken by two men who were trying to fend off cyber criminals who went from attacking websites to stealing identities, Menn's tome reveals the enormous challenge facing civil society in preserving not just online commerce but entire financial systems. In a nutshell, it's the same problem we confront in trying to clamp down on opium production and nuclear proliferation: There are governments around the world that not only protect hackers but have a strategic interest in the damage they can inflict.
Menn, who will be speaking Tuesday night at a Zócalo Public Square event in downtown Los Angeles, said in an interview Tuesday afternoon that the capabilities of mercenary hackers are expanding, in some areas (namely, China) with the government's help. The same equipment, the same people and sometimes even the same software can be deployed to wage a cyber attack on a country as on a financial institution, he said. And while the federal government looks out for dot-mil and dot-gov sites, no one is responsible for safeguarding the dot-com infrastructure.
The hackers who attacked Google (evidently from China) last year have prompted more people in government to take an interest in the broader cyber-crime threat, Menn said. But the issue has morphed from a straightforward tech or law enforcement problem into a foreign policy challenge. As his book illustrates, officials around the world have to work together to stop far-flung but organized cyber-criminal groups. And when major world powers (read: Russia, China) don't feel like joining in, the good guys can't get very far.
Hackers have stolen so much personal financial data, Menn said, "you can no longer assume that as long as you're computer's not acting weird, you're OK." Maybe half of all Internet users haven't been victimized, "but there's no way to tell whether you're one of those people or not."
There is hope on the horizon. Because of the higher interest level among policymakers, there's a chance to put more safeguards in place. Menn, though, contended that the basic protocol for exchanging information on the Net -- TCP/IP -- needs to be replaced for commercial uses with something far more secure. "It seems to me we're getting fairly close to too late now," he added.
Provocatively titled "Will the Internet Collapse?" Menn's Zócalo talk Tuesday is scheduled to start at 7:30 p.m. at the National Center for the Preservation of Democracy on Central Avenue.