The Internet was built to exchange data between a few known academic networks. The protocols upon which it is built assumed trusted parties on both ends. Security is an add-on that has been built over time in reaction to flaws and weaknesses discovered in protocols and operating systems that connect the billions of unknown and untrusted devices that make up the Internet today. Because of the scale of the net, the flaws are becoming so significant and pervasive; they’re given names as if they were natural disasters. Here are three of the more recent flaws:
- Heartbleed: The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic as it moves from server to server. It exposes the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
- Shellshock: Attackers are exploiting a critical, newly disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.
- Stagefright: The latest malware headline-grabber, Stagefright affects billions of android phones via MMS video. Suspect clips can infect a phone without users even having to open them, with Google software pre–processing media attachments into malware agents.
These flaws are used to gain credentials that allow cyber-crime to flourish. No software is 100% safe, but we keep trying. We’ll spend $76.9 billion on cyber security in 2015 and that investment will grow at 10% annually well into the next decade. And still, the number of breaches and records stolen are increasing at a faster pace.
According to Gemalto’s Breach Level Index, the number of 2014 breach incidents grew 46% over record breaking 2013 levels. 1,023,108,267 records containing personally identifiable information (PII) were stolen. Since 2013, a shocking 3,197,818,977 records have been stolen. Why is this happening? Because it’s worth it. The chart below describes how much that PII goes for in the black market.
Slick Willie Sutton, a notorious bank robber during the great depression, is credited with the following quote: “Willie, why do you rob banks? Because that’s where the money is.” Why do hackers go after centralized databases kept in enterprises? Because that’s where the data assets are.
In the Respect Network, there are no central data stores. The member data are kept encrypted in individual personal clouds that only the members have keys to unlock. If a hacker compromises one member’s identity, they can only impact that member’s data. This security architecture makes the respect network much less appealing to those who want to steal data. For criminals, it’s simply not worth it to break into millions of individual personal clouds when there are centralized enterprise databases holding huge pots of data gold to be had.