Predicting the future of abuse

  • Article

A couple of months ago, I wrote about IBM’s predictions for 2016, and one of those was that there would be no more spam.  As I look around at other predictions about the future, I say to myself “Self, what do I think will be the future of abuse?”

The problem is that I am not very good at making predictions.  In 2007 I predicted that by 2012, we’d have free cell phone plans that would paid for by advertising (e.g., Google would send you an ad every few hours on your phone or when you powered it on).  That turned out wrong; cell phone costs have dropped but the carrier plans are as high as they have been.

Even in email, I’ve been wrong.  In 2008 and 2009, spam was out of control and accounting for 97% of email across the Internet*.  I thought that spam would be a huge problem for years.  But when it comes to spam, the most important chart is the one below:

image

These numbers are aggregated together from historical Microsoft Security Intelligence Reports.  But observe the trend: as the total amount of legitimate mail has increased (as our customer base has gotten larger), the total amount of spam dropped.

This is not what I expected would occur.  The problem of email abuse is not one of pure numbers.  Whereas a couple of years ago spam accounted for 97% of email, last month (not shown above) it was only 68%.  It is still the majority but it is down substantially.

So what can be predict about the future of abuse?  Not just in spam, but about cyber crime in general?

Let’s start by looking at current technology trends:

  1. We live in the post-PC era

    What this means is not that the personal computer (either a desktop or laptop) is going away, but that consumers are shifting to do more and more activities on a tablet or on their phones.  They don’t need the high power devices to consume most data like web browsing, email or chat.  They can get away with lower powered ones.  You would never be able to write a computer program on your iPad, or write the next great novel, but you can compose text messages, short email ands some blog posts on your tablet.

  2. More people, and devices not controlled by a person, are getting online
    Even though the email space is in no hurry to go to IPv6, the rest of the world is going there at a decent clip.  Rather than overloading IPs and using a NAT table to sort them all out, ISPs and Regional Internet Registrars will give end users their own IPv6 range.  This means that a lot more unique IP addresses will float around.

  3. Technology is getting easier to use, most of the time
    As time passes, technology gets easier to use… most of the time.  Printers still suck, but an iPad is easier to use than a PC was 10 years ago.  Phones are easier to use today than they used to, and they do more.  More tools exist to make rapid deployment possible.  For example, when Java first came out, you had to do all of your applet building in a text editor like Notepad.  Today, there are free tools like NetBeans which speeds things up.

In my next post, I’ll look at what this means.

* This number comes from Wikipedia, which quotes the BBC, which quotes a Microsoft Security Intelligence report where the foreword was written by one of our executives, who was quoting a section written by me.