I've done a number of CBC segments recently around computer security and information warfare. While trying not to be sensational, these are subject areas that I feel require more attention, certainly from the news media, but also from the public at large.

On the one hand they are fascinating unto themselves, and don't require any added emphasis to denote severity, yet at the same time, the phenomena generally flourishes due to the ignorance and fear of average computer users.

This is true from the meta level of state based information warfare, all the way down to the exploitation of regular computer users by criminals and run of the mill cyber-thugs.

Several months ago there was a substantial attack originating from within Russia against Estonia. While the attack itself was from all over the Internet, the trigger was pulled from inside Russia, as an expression of outrage against the removal of a Soviet-era war monument in Estonia.

The attack was waged by an army of zombie computers, i.e. hijacked personal computers, that flooded Estonian Internet infrastructure bringing the country's computer networks to a halt.

In a similar development the United States' Pentagon has been subject to successful attacks and penetration by Chinese based attackers, and it was later shown that these attacks were made via private defence contractors. Another example of civilian computer resources being used to engage in state based information warfare.

Here we see the real story of the perpetual information war: that the battleground is not military super computers, but rather the Internet itself, with the millions, if not billions of personal computers that are vulnerable and ripe for manipulation.

For example the Storm Worm, which is at present the most successful and infectious malware making the rounds, was recently proclaimed as being the largest computer system in the world, greater than any super computer, whether military, corporate, or academic.

The Storm Worm is largely used to harvest email addresses and send spam, but it can also be utilized for almost any aspect of computer crime, whether identity theft, or the more recent ransom-ware, o/k/a extortion.

This type of attack was recently demonstrated via a sensational scam that targeted Monster.com and other large career related websites. Combining elements of phishing, identity theft, harvesting, and finally extortion, the perpetrators of this rather clever scam were able to create a series of steps that allowed them to exploit innocent job seekers.

First they would steal the access password to Monster.com for recruiters who had access to resumes posted online. Then empowered with this recruiter access, they were able to download millions of resumes, which they could then feed into their malware, sending out messages to all the users who submitted their resumes, pretending they were from monster.com, and encouraging them to install a new software add-on that would help their chances of finding a better job.

Unfortunately anyone who followed these instructions had their entire computer taken over, encrypted, and all they were left with was a ransom note asking for money in exchange for the return of their computer and files. Given the millions of people targeted, one can imagine that only a small minority is required to actually pay up for the scam to be profitable.

There of course lies the problem. The online criminal industries are far too profitable for them to decline anytime soon. In fact a level and culture of collaboration has emerged within the computer criminal underground where technology sharing may be occurring at such an open and distributed level that adds to the efficiency and technical prowess of this set of industries.

Witness for example the recent introduction of Cyber Crime Toolkits that allow anyone regardless of technical expertise to become part of the industry and add on to the pyramid scheme that is online crime. Included in the purchase of some of these kits are 12 months of technical support, ensuring that as an eager apprentice criminal you'll be able to stay two steps ahead of the computer security companies.

Which is not to say that global law enforcement is not doing their best to respond to this threat. Recently Interpol announced their desire to establish cyber crime combat centres around the globe. However even this type of multi-national response is too little and perhaps too late to curb the incredible growth of the industries of information warfare.

It strikes me that the appropriate analogy to be made here is between the emergence of the perpetual information war and the perpetual war on terror that the world is now completely entangled in. A similar type of unconventional warfare is waged by a small group of cyber terrorists who's primary goal is symbolic, and who's power therefore is amplified beyond their own meager numbers.

Similarly, the ability to counter these terrorists, to identify and stop their attacks, is almost impossible, yet the attempt to do so requires significant sacrifice when it comes to increased security and decreased freedom.

For these reasons and more I find the growth of the perpetual information war to be disturbing, and unfortunately quite connected to the increasingly destabilized world of geo-politics. Similar to the War on Terror I find it hard to identify or support one side or the other, but am struck by the potential and real impact upon civilians and innocent by-standers.

Update: Symantec released a report describing the cyber crime industries are "increasingly professional and was now a multi-billion dollar industry".

Here's a video of my most recent CBC News Today segment, which focuses on the emergence of the Cyber Crime Toolkits, while also touching upon some of the larger ideas mentioned in this blog post. I'll continue to monitor this area, and will do more CBC Newsworld segments on these subjects.