Less fear, more knowledge in cybercrime fight

24 October 2017
" "

We are told that cyberspace is pathologically unsafe and that we must be protected, perhaps even from ourselves. Dr Claire Meehan asks where this leaves us.

Drama surrounding the perceived reach of technology is part of our everyday lives. This, along with the fear of the potentially dystopic futures it could inflict upon us, means cybercrime regularly makes news headlines.

The latest cyber activity to reach the front page is the so-called KRACK attack. The KRACK, or Key Reinstallation Attack, is a security flaw in the WPA2 protocol (the standard for securing wireless computer networks) which could allow an intruder to get through the encryption between a device and router. This would enable them to intercept and interfere with network traffic (i.e. the flow of information you send and receive online). The intruder could potentially implant ransomware or other malware (malicious software) into otherwise benign websites.

While no attacks have been reported in New Zealand so far (as of October 17), experts including InternetNZ and the government cyber watchdog Cert NZ have urged people to avoid using Wi-Fi if possible. News headlines have included ‘Watch out for the KRACK hack attack’ (NZH) and ‘Major flaw threatens most wi-fi networks, warns cyber watchdog’ (Stuff) with articles advising readers to “update their devices” and “check their routers” to protect against this "exceptionally devastating" vulnerability.

Yet, Dr Peter Gutmann, an IT security expert from Auckland University, said, during an interview on RNZ, that expecting people to shut off the Wi-Fi was “unreasonable” and that he’s "not terribly worried about it”. He concluded by stating that while “an attack had the potential to cause mayhem if carried out on a large scale, it was highly unlikely”.

With these competing reports, it is hard to know how to move forward.

While cybercrime has become part of our everyday vocabulary, it still lacks a clear definition even among agencies tasked with policing it. Nevertheless, cybercrime has become a hot topic in academic and public domains, and with good reason – in the vast expanse of cyberspace, new and distinctive forms of criminal activity have emerged which demand a new criminological understanding which will only be gained through research and communication.

Media coverage of the KRACK attack, as with many forms of cybercrime (such as the recent WannaCry ransomware attack) seeks to ‘warn’ members of the public about the ‘risks’ of not only cyberspace, but the Internet of Things, ‘Baby monitors face mandatory cyber security rating over hacking fears’ (Stuff) and reassure them that the “Government is ready to act”. In doing so, we learn that cyberspace is pathologically unsafe, invites criminal behaviour and that we must be protected, perhaps even from ourselves. So, where does this leave us?

The exponential development of technology has seen many reports of increased anxiety, particularly around privacy. This, coupled with frequent media reporting on cyber risks leads to an increase in cyberfear. The culture of fear surrounding cybercrime can influence public perceptions of online risk, policy debates, policing of cybercrime, and ultimately, the interpretation of cyber justice.

While many incidents of cyber threat are reported each year, the rate of prosecutions is relatively low. This disparity creates a chasm in our understanding of cybercrime, which highlights a number of important issues about the veracity of the criminal knowledge behind it. As a public, do we fully comprehend the differences between the various ‘experts’ cited in the media, and how do they shape our grasp of the nuances of cybercrime? Where does rhetoric end and reality begin?

The framing of cybercrime as a prospective online intrusion distorts our understanding of it. The coverage of novel and unusual attacks, such as the KRACK attack, become sensationalised and cyber myths reinforce the culture of fear. As with the social construction of ‘terrestrial’ crime, cybercrime is framed as a prevalent, dramatic and even catastrophic type of crime – one that law-makers and enforcers are helpless to deal with.

Cybercrimes are frightening. This fear is compounded by the gap that has emerged between our knowledge of what cybercrime entails, its prevalence, and the risk to our online privacy. We need to close this gap by continuing our research in this area, keeping the public informed and being aware of how we report on, and represent, cybercrime in the media.

 

Dr Claire Meehan lectures in Sociology at the University of Auckland's Faculty of Arts. Her research is focused around four main areas: the relationship between the internet and young people's drug use, young people’s views on sexting, young people’s views on pornography, and young people's views on pleasure and empowerment.

Used with permission from NewsroomLess fear, more knowledge in cybercrime fight published on Tuesday 24 October 2017.