The dotCrime Manifesto: How to Stop Internet Crime

• Cover Type: Hard Cover with 456 pages
• Published by: Addison-Wesley Professional
• Edition: 1st Edition January 8, 2008
• Written in: English
• ISBN 10 Number: 0321503589
• ISBN 13 Number: 978-0321503589
• Book Dimensions: 9 x 6.1 x 1.3 inches
• Weighs: 1.6 pounds

Internet crime keeps getting worsebut it doesn’t have to be that way. In this book, Internet security pioneer Phillip Hallam-Baker shows how we can make the Internet far friendlier for honest people–and far less friendly to criminals.

The dotCrime Manifesto begins with a revealing new look at the challenge of Internet crime–and a surprising look at today’s Internet criminals. You’ll discover why the Internet’s lack of accountability makes it so vulnerable, and how this can be fixed –technically, politically, and culturally.

Hallam-Baker introduces tactical, short-term measures for countering phishing, botnets, spam, and other forms of Internet crime. Even more important, he presents a comprehensive plan for implementing accountability-driven security infrastructure: a plan that draws on tools that are already available, and rapidly emerging standards and products. The result: a safer Internet that doesn’t sacrifice what people value most: power, ubiquity, simplicity, flexibility, or privacy.

Tactics and strategy: protecting Internet infrastructure from top to bottom

Building more secure transport, messaging, identities, networks, platforms, and more

Gaining safety without sacrificing the Internet’s unique power and value

Making the Internet safer for honest people without sacrificing ubiquity, simplicity, or privacy

Spam: draining the swamp, once and for all

Why spam contributes to virtually every form of Internet crime–and what we can do about it

Design for deployment: how to really make it happen

Defining security objectives, architecture, strategy, and design–and evangelizing them

How to Build a Safer, Better Internet

You’ll find yourself deeply concerned, then fascinated, then hopeful as you read about

•    Building an Internet that resists online crime

•    Phishing, botnets, and spam: tactical, workable, immediate countermeasures

•    Establishing the “Accountable Web”: a strategic, long-term solution to Internet crime

•    Improving security without sacrificing what people love about the Internet

The Internet is today’s Wild West: too much lawlessness, too little accountability. Now, one of the Internet’s leading pioneers shows how we can build a more trustworthy Internet: one that resists crime without frustrating honest people or compromising privacy and civil liberties. Drawing on years at the cutting edge of Internet and security research, Phillip Hallam-Baker offers a complete plan for reinventing the Internet: a plan that addresses everything from technology to politics and culture. Whether you’re a technology professional, policymaker, or citizen, this book will show you how we can make the Internet better, smarter, and above all, safer.

informit.com/aw

Preface xix

Acknowledgments xxiv

About the Author xxviii

Chapter 1: Motive 1

Chapter 2: Famous for Fifteen Minutes 37

Chapter 3: Learning from Mistakes 51

Chapter 4: Making Change Happen 81

Chapter 5: Design for Deployment 107

Chapter 6: Spam Whack-a-Mole 119

Chapter 7: Stopping Spam 135

Chapter 8: Stopping Phishing 155

Chapter 9: Stopping Botnets 175

Chapter 10: Cryptography 199

Chapter 11: Establishing Trust 215

Chapter 12: Secure Transport 227

Chapter 13: Secure Messaging 251

Chapter 14: Secure Identity 277

Chapter 15: Secure Names 311

Chapter 16: Secure Networks 323

Chapter 17: Secure Platforms 343

Chapter 18: Law 355

Chapter 19: The dotCrime Manifesto 377

Further Reading 383

References 387

Index 395

 

About The Author

Dr. Phillip Hallam-Baker has been at the center of the development of the World Wide Web, electronic commerce, and Internet security for more than a decade. A member of the CERN team that created the original Web specifications, his list of design credits has few rivals and includes substantial contributions to the design of HTTP, the core protocol of the World Wide Web.

A frequent speaker at international conferences with more than 100 appearances over the past four years and numerous media interviews, Hallam-Baker is known for his passionate advocacy of what he calls technology for real people. His mission is to democratize technology, making technology serve the requirements of the ordinary human being rather than interest technologists or an artificial business model. The dotCrime Manifesto serves this mission by reaching out beyond the field of network security specialists to provide a firsthand, accessible account of the measures needed to control Internet crime.

Dr. Hallam-Baker was also responsible for setting up the first-ever political Web site on the World Wide Web and worked with the Clinton-Gore ’92 Internet campaign, correctly predicting that the Web would change the future of political communication, a prediction that led to the creation of the Clinton Presidential Web site, whitehouse.gov. While at the MIT Laboratory for Artificial Intelligence, Dr. Hallam-Baker worked on developing a security plan to allow deployment of the groundbreaking Internet publications system at the executive office of the president.

VeriSign Inc. was founded in 1995 to provide a trust infrastructure for the Internet that would allow people to buy and sell over the Web without worrying that a criminal might be able to steal their credit card number. This trust infrastructure was the key technology that allowed the development of online retail stores and banks. Dr. Hallam-Baker joined VeriSign in 1998 and became its first principal scientist in 2000. His first commission as principal scientist was to design a second-generation trust infrastructure for the Internet. This research work led to the design of XML Key Management Specification (XKMS), a protocol that reduces the number of lines of code necessary to connect to a trust infrastructure from more than a quarter of a million to less than two thousand. This research was also a major influence on the development of the Security Assertion Markup Language (SAML) protocol, which Dr. Hallam-Baker also edited. Both XKMS and SAML have been adopted as industry standards, and SAML was chosen by the Liberty Alliance as its key infrastructure protocol.

Since 2002, Dr. Hallam-Baker has increasingly focused on the problem of how to stop Internet crime. He played a leading role in the fight against spam and was one of the first researchers to argue for the authentication-based approach to spam control that has since become the Industry standard. In 2004, Dr. Hallam-Baker testified at the Federal Trade Commission workshop on authentication-based approaches to stopping spam.

Dr. Hallam-Baker holds a degree in electronic engineering from Southampton University and a doctorate in computer science from the Nuclear Physics Lab at Oxford University. He has worked at internationally respected research institutions such as DESY, CERN (as a European Union Fellow), and MIT. He is a member of the Oxford Union Society and a Fellow of the British Computer Society.

 

Reader Reviews
This comprehensive book describes in great detail the state of internet crime today and what can be done about it. It gives a complete history that covers hacking and associated crimes beginning with the birth of the internet. In the dot Crime Manifesto, Dr. Hallam-Baker describes the advent and growth of crime on the internet in a way that only someone who has been there and observed it first hand is able to do. It is well written with many illustrations that make it simpler to understand the difficult and often mind numbing tasks that are a part of the day to day combat known as internet security. One example of how the author gives scope to this complexity is found beginning on page 191. Here, Dr. Hallam-Baker gives an example of what type of man power would have been required to defend similar formations in the past. He starts by describing how the Great Wall of China was originally constructed and how it grew in size over a period of time as more and more invaders circumvented it. He also describes how difficult it was to defend. To quote him, "The wall could not prevent the raiding parties from entering China, but could stop them from escaping with the loot. It is one thing for a few hundred bandits to sneak over an unwatched stretch of wall in the middle of the night, but it is quite another to escape back over a fully guarded wall carrying large quantities of loot with an army in pursuit. - The conventional firewall configuration protects the internal network from external attack. Preventing attacks in the reverse direction reduces the value a captured machine to an attacker." This quote is just one example of how Dot Crime Manifesto surrounds current major issues about security and simplifies the processes that are required to protect systems from attack and penetration. Dot crime manifesto goes on to describe the most popular processes hackers use to gain access to computer networks and the best ways to defend against them. A good example of the detail and knowledge conferred through Dot Crime Manifesto can be found on page 301. Here the author describes Applied Identity; "When employees require access to valuable assets to perform their jobs, employers need reliable means of controlling access and establishing accountability. Strong authentication is an essential requirement in both cases. - SAML was originally designed to meet the expanding needs of enterprise authentication, authorization, and accountability." Dot Crime Manifesto also has detailed key points at the end of each chapter, which makes remembering the main points much easier. Not only does this book include the various means to combat internet crime it includes wealth on information on the history of the internet and the crime it has spawned along the way. I would highly recommend dot Crime Manifesto to anyone who may be studying for their security certifications or seeking an all-inclusive primer on the processes of internet crime and how to defend against them.