It probably started with Kevin Mitnick. No, he was not the first computer hacker. But he was the first to become an Internet, folk hero. He was a real life antihero who became a symbol of rebellion, fighting the power, and sticking it to the man for a generation of impressionable computer geeks. Suddenly, there was a generation of kids who wanted to be hackers, not programmers, not game developers, not the CEO of their very own software empire — hackers. They were inspired by Kevin, and wanted to be just like him, only more infamous.
In 1995, Kevin Mitnick went to prison for his many cybercrimes. The Internet community broke out in a near unanimous outpouring of support for their fallen hero. This would set the stage for how we talked about cybercrime from that moment to the present. As much as we’ve seen and experienced, hackers are not the universally reviled scurge of the Internet as one might think. Despite the human cost of hacking, there is still a loud contingent who still root for the black hats, and applaud a masterful exploit. What is required is a closer look at the human cost of cybercrime:
It is hard to place a dollar value on talent. But we can more easily put a dollar value on other resources, like dollars. While most types of cybercrime may not directly cost the individual very much, it costs society greatly. According to phys.org:
The report finds that each year the UK spends US$1 billion on efforts to protect against or clean-up after a threat, including $170 million on antivirus. By contrast, just $15 million is spent on law enforcement.
The quote references 2012 research that shows conclusively the money we are spending to fight cybercrime is largely wasted at the consumer level. Corporations are still well served by products like enterprise-level network software, which offers such features as:
Comprehensive security capabilities, including anti-malware with web reputation, host-based firewall, intrusion detection/prevention, integrity monitoring, log inspection, encryption, application scanning, and globally trusted SSL certificates.
In the meantime, consumers are busily chasing their tails upgrading browsers from the latest vulnerabilities we are powerless to thwart, despite our investment in ever more complicated security measures.
The young kids who idolize hackers start their lives out on the wrong side of the law, without any real concept that there is a wrong side of the law. They grow up believing there is a difference between cybercrime and real crime. They do not believe that cybercrime involves harming real people. So they slip into a life of crime without ever seeing themselves the way mainstream citizens see them: as very dangerous criminals.
Some of the world’s finest talent is lost to this type of crime confusion. Aaron Schwartz is a good example. He committed suicide at age 26, after being pursued by a prosecutor to stand trial for his federal crimes. Schwartz was indicted on multiple felony counts. The millions of digital assets he stole were at the heart of the issue. He saw himself as a heroic activist liberating information. Ortiz, the prosecutor, saw it differently. He said, “Stealing is stealing, whether you use a computer command or a crowbar.”
The amount of talent lost to the allure of cybercrime that might have otherwise served humanity is incalculable.
That same report shows that one of the greatest human losses to cybercrime is lost opportunity. Like terrorists, cybercriminals have created an environment of fear which holds average people back from enjoying all the benefits of a connected world. The economy loses more from the online sales that never happen due to fear, than from direct monetary losses due to theft.
We are afraid to use our credit cards online because we don’t know who we can trust. We are worried about being scammed and taken advantage of. We are worried about identity theft and credit degradation. We buy software we don’t fully understand or need because we are worried about getting hacked.
For too long, we have blurred the line between heroes and villains. Now, we are paying for that in lost productivity, time, resources, peace of mind, and talent. The human cost of cybercrime is much too high. We can do better. We must do better.