April 2, 2010    /    by

Redefining Enemies: 21st Century Crime Knows No Borders

I was jogging on my treadmill when I saw the breaking news on ABC - Moscow subway bombing just occurred. It was Monday morning, March 29, ...

I was jogging on my treadmill when I saw the breaking news on ABC - Moscow subway bombing just occurred. It was Monday morning, March 29, and I stared at my television in disbelief. My wife walked in the room as I pointed to the TV, "That's the same metro station that we were in four weeks ago. That's just a few blocks from Red Square."

After I watched the horrible scenes , I felt the same shock that I've felt several times since 9/11/2001. Those feelings hit me when I watched the coverage of the bombs going off on the London underground and after the trains were bombed in Spain. "That could have easily been us. We were just there!"

Why Were We in Moscow?

Back last fall, I had been invited by IDC Russia to be the morning keynote speaker at their IT Security Roadshow 2010 in Moscow. They asked me to speak on cyber crime, identity theft and online trends in protecting businesses and governments globally. The audience was primarily Russian businesses, and their list of sponsors was largely the same technology companies that we are familiar with in the USA.

Still, I was initially very skeptical about going. As a former NSA employee back in the 80s and someone who still works with law enforcement agencies in Washington DC, I was nervous about their intentions and safety in the land of our former Cold War enemies.  But as I asked more and more questions of the IDC conference organizers, I became reassured. In addition, respected colleagues from agencies in Washington DC and Michigan encouraged me to go. Others even pointed to the upcoming EastWest Institute sponsored: Worldwide Cybersecurity Summit in Dallas as an example of how we need to foster new cross-border partnerships to fight the bad guys online. 

So after getting the necessary permissions and visas, my wife and I decided to turn the trip into a European vacation and wedding anniversary time away in Moscow and Rome. Our plan: three days in Moscow, followed by four days in Rome - while our in-laws watched our kids.

When we first arrived, it was a bit awkward. Our bags didn't make the connection from Germany to Russia, and we were stuck at the airport for several extra hours. Later, we almost missed our ride to the hotel since our driver was hard to find in the crowd, and he didn't speak English.

Still, we had a wonderful time sightseeing, and our Russian hosts were warm and friendly. Our college-age tour guide in Moscow spoke great English, and she took us to all the famous sites in Moscow - arriving by their Metro (subway). As we walked around the city, it was hard for me to believe that I was vacationing in Moscow in March. Our favorite tour was inside Saint Basil's Cathedral .  The food was ok. (As you'd expect, the meals were much better in Rome.)

 The IDC conference itself ran smoothly on Wednesday morning. The facility was a Holiday Inn with excellent technology and everything you expect to see at US technology events. I was amazed at their mastery of so many languages and especially near-perfect English. They had a translator who listened to my words in English and rebroadcast the speech simultaneously in Russian to those who wore iPod-like devices that they were given at the door. (Questions at the end were translated into English for me using a similar device.) I was intrigued to find out that the same translator regularly works with former United Kingdom Prime Minister Tony Blair.

At the end of my session, the questions that the audience asked were almost identical to the questions I typically receive at US events or at a conference I spoke at on vacation last year in South Africa . These were businessmen and women who were dealing with the same cyber problems, budget cuts and personnel challenges as most of us. They described their online threats and computer problems in terms which were very familiar. Their #1 security vulnerability (by at least 3 to 1 in a show of hands) was company insider threats. Yes, they were worried about their own employees' behavior.  

My only complaint (not really) from Moscow was the pictures they posted on their website after the event. (I assure you, I was not disco dancing.) Either the photographer was shooting from strange angles, or I'm much more acrobatic than I realize. You can click on the translate button at the top of the page to read the captions. (Notice how the other speakers look so reserved compared to me.)

After the event, we had a very nice lunch with the conference organizers before leaving for the airport. Their descriptions of the online challenges facing businesses in Russia made me feel as if we could have been in another large US or European city. My wife and I truly enjoyed the experience. We returned home safely to Michigan, eight days after we left. I didn't plan to be writing a blog describing the trip - until the bombs went off last Monday.

 So what's my point? We live in a small world that knows no borders when it comes to crime. As IT professionals, we understand the fact that the Internet is global, and we can be attacked from anywhere on the planet at any time of day or night. We discuss threats we face from Russia, Nigeria, South Africa and everywhere else, but there are potential partners in those countries that want to help in the fight against malware and online crime.

 Indeed, several of the professionals I spoke with at the conference fear cyber attacks from the USA and China . That's all the more reason for us to work together, when it makes practical sense, with their criminal justice organizations and other "good guys" to stop the cyber criminals in every culture.

Don't get me wrong. I'm a loyal, flag-waving American who loves baseball, hotdogs, apple pie and Fords. My family enjoys living in Michigan, and I have minimal desire to move to Russia or South Africa. (However, they were both wonderful places to visit on vacation.) Nor did my slide deck or side conversations break any new ground regarding cutting-edge cyberspace protections, identity theft or malware sources overseas.

I also realize that I don't know these people very well. Just as in the USA, I would need to build more trust with specific individuals and organizations before collaborating on complex projects. It's true that there may have even been some bad apples in the room while I was speaking.

New Partnership Opportunities

Still, I sense a common cause amongst technology professionals around the world who want to fight cyber crime together on a global basis.  I don't think I'm na├»ve in wanting to partner where it makes pragmatic sense. Yes, I realize that our countries have different interests in many economic, political and military areas. We don't agree on a long list of items.

And yet, we're all fighting terrorists (in both cyberspace and our physical world). In fact, New York, Washington DC, Atlanta and other global cities tightened subway security after the bombs went off in Moscow. We need to fight all forms of crime together. We need to build global partners, and many US technology companies have offices in world-wide cities including Moscow.

 I made several new professional contacts and even "online friends" in Europe. More than that, the bombs going off in the Moscow Metro (killing dozens of innocent people) made me think even deeper about this question: who are our 21 st century enemies?  

Right now, I'm feeling Moscow's pain. I'm praying for their people. That could have been me in the news.    

I'd love to hear your thoughts on this topic - feel free to leave comment below.