Online scammers are defrauding us of huge sums while dangerous counterfeit products flood markets. The security sector is working overtime on solutions that include RFID and quantum cryptography chips.
Counterfeit products cause financial damage that adds up to billions every year. Customs agents are largely powerless and reduced to simply destroying the counterfeits they do find.
Product authenticity can be verified using copy-protected RFID chips and a reader. With an Internet ID, sensitive data never finds its way online.
- Text Size
- Share
- Print this page
One of the most spectacular criminal cases in recent years began back in May 1988 in Germany. At that time, Arno Funke, an extortionist, threatened to detonate bombs in a number of department stores and demanded a hefty sum of money, throwing not only department store owners but also the police into a state of chaos.
Funke was made famous by the media as "Dagobert" (the German name for Walt Disney’s Scrooge McDuck character was used as a code name during the negotiations). He used a surprising number of intricate mechanical devices, including remote-controlled vehicles with false bottoms and a mini submarine where money was to be placed — and repeatedly managed to evade the police. Funke was finally captured in April 1994, after six years and a total of 30 attempts to hand over the money.
Media coverage of the case took on the character of a road movie, with the ingenious criminal making fools of the police time and again. The public eagerly followed the story, which provided a picture of criminality that was entertaining, and thus entirely inaccurate. Crime, after all, was and remains omnipresent — and it’s anything but amusing.
A total of 6,284,661 crimes were reported in Germany in 2007; in the U.S. the number was 11,260,000. Obviously it takes more than just the police to prevent such crimes, and cries for preventive measures go hand-in-hand with rising crime rates. One glance at figures for Security 2008, the world’s largest security trade show, which takes place in Essen, Germany, confirms this trend. The number of visitors in attendance doubled from the previous year, and the 1,100 exhibitors also set a new record.
Among the fair’s highlights were new video monitoring capabilities — including solutions provided by Siemens (see article "Driving out the Crooks") — and the latest generation of fire alarms, which literally "sniff out" invisible and toxic carbon monoxide. Manufacturers also presented innovative fire extinguishing systems, such as the Sinorix H2O Gas from Siemens, which features a special nitrogen-water mixture (see article "Where there's Smoke there's").
The latest financial figures confirm that the industry is booming, with worldwide growth of about 10 %. And the engine that is driving this growth will surely continue to hum along (see article "Growing Boom in IT Security Technologies"), particularly in sectors with rising crime rates such as information technology (IT), since life without a computer and the Internet is now unimaginable.
Criminals at Work. The Internet is already the marketplace of the future. Experts estimate that online sales in Germany alone will rise to 694 bill. € by 2009; in 2005 the figure was 321 bill. €.
The number of online customers is growing too. According to the German Federal Statistical Office (Destatis), 27 million Germans made Internet purchases in 2007, thus putting their personal data into circulation online.
This represents a potential feast for scammers, reports Dr. Udo Helmbrecht, President of the German Federal Office for Information Security (BSI) in Bonn. "Internet crime has become a flourishing, globally organized underground economy," he says. "While computer hackers use Trojan horses to gain unauthorized access to other people’s computers, where they steal and sell private data such as account numbers and PINs, scammers make targeted use of this data to get their hands on money."
And lots of it, in fact. According to BitKom, an IT trade association, 4,100 such cases of theft, with damages totaling 19 mill. €, were reported in Germany in 2007 alone, and the German Federal Criminal Police Office (BKA) estimates that the number of unreported cases is actually much higher than that.
The corporate world also has suffered enormous damage. A survey conducted by Corporate Trust, a consulting firm, found that roughly 20 % of German companies surveyed had been victims of at least one case of espionage in recent years, cases in which confidential company information was the primary target. And the situation is not any better abroad. The Internet Crime Complaint Center (IC3), a U.S. consumer protection agency, reported a record-breaking $240 million in damages in the U.S. alone in 2007 — an increase of 20 % from the previous year’s figure.
BSI President Helmbrecht explains, however, that just a few precautions are needed in order to substantially limit damage. "Many users underestimate the danger on the Internet," he says. "It’s as if they were running around with an open wallet full of money while shopping from their livingrooms." He adds that Internet users have to be aware of potential risks at all times and take appropriate security measures. "That begins with a healthy distrust of dubious e-mails and installation of security solutions," he says.
Such solutions can include biometric systems external to the PC, such as a credit card-sized Internet ID card bearing the user’s fingerprints (see article "No More Mr. Nice Guy"). With this technology, for instance, authentication data never comes in contact with the PC, putting it out of reach of anyone trying to spy — at least for now.
Over the long term, however, it could prove difficult to find a tool for fighting Internet criminality, since ongoing technological development benefits not only the security industry, but also the scammers. Take, for instance, the quantum computer, which uses quantum physics to achieve unparalleled computing performance (see article "Catching Worms with Quanta"). The BSI considers this kind of computer, which is still in the development stage, to be one of the greatest challenges facing the entire IT security industry. In Helmbrecht’s opinion, as soon as such a computational powerhouse hits the market, Internet criminals will have no problem cracking today’s standard method for encrypting data. "As the central IT security services provider to the German federal government, the BSI must be able to anticipate future scenarios such as the quantum computer — and to work with research institutions on the development of solutions that can thwart this previously unimaginable level of computing power," says Helmbrecht.
One such defense mechanism could be the quantum cryptography chip developed by the Vienna-based Austrian Research Center in cooperation with Graz Technical University and Siemens (see article "Code of Silence"). This chip protects data by generating a random sequence of numbers from light particles — also known as photons. Because quantum mechanical processes alter the photons, any attempt at tapping is recognized immediately and the chip simply generates a new key. Here, the laws of physics themselves make it impossible for anyone to crack an encrypted message. If it ever goes into production, the chip would be a tremendous benefit to security technology.
When Counterfeits Kill. When it comes to counterfeit products, most companies can only dream of achieving victory over criminals. In product categories ranging from brand-name jeans to luxury watches to MP3 players, trade in counterfeit products causes approximately 30 bill. € worth of damage each year in Germany alone, according to the Association of German Chambers of Industry and Commerce. And the EU Commission estimates that losses suffered worldwide as a result of product counterfeiting are somewhere between 200 and 300 bill. €.
"But such bar codes offer only limited protection," cautions Dr. Michael Braun of Siemens Corporate Technology in Munich. "Everyone along the supply chain has to support this infrastructure and be trustworthy. What’s more, it wouldn’t take a lot of effort to copy the code and print it on a counterfeit. No systems are available that can tell the difference."
Copy protection is Braun’s area of expertise. His team recently developed a solution that could deliver the blow to the counterfeiters that is so eagerly anticipated by industry: a copy-protected RFID chip based on public key cryptography, allowing reliable verification of its authenticity (see article "Products that Don't Lie").
"Our radio chip makes it possible for the first time to verify the authenticity of a product offline at any point," says Braun. The chip encodes a query from a reader device with its own private key. The receiver is then able to verify the correctness of the answer to this query by means of the matching public key.
The prototype device functions perfectly. But Braun sees areas that still need improvement before the system can be brought to market. His team is working closely with customers and semiconductor manufacturers to start several pilot projects. The projects are designed to determine which additional functionalities over and above pure authentication may be needed for a range of different user scenarios. The results of this work will support the successful introduction of a mass-market product.
But even as RFID chips gradually enter the mainstream, they certainly will not offer a universal solution to the plague of counterfeit products. Experts fully expect the neck-and-neck race between criminals and security technology to continue in the years ahead. It’s a cat-and-mouse game — one in which the bad guys certainly are inventive. But unlike Dagobert, most will never experience even a moment of public sympathy.