Discussion 1 Acts considered cyberterrorism and / or information warfare can be
ID: 3584450 • Letter: D
Question
Discussion 1 Acts considered cyberterrorism and / or information warfare can be divided into four separate categories; infrastructure attacks, information attacks, technological facilitation, and promotion. Identify organizations that may be susceptible to each type of attack and explain what the perpetrators might hope to gain by infiltrating their systems. Discussion 2 There are several theories that have been postulated over the past 100 years to explain crime, and these ideas have recently been applied to digital crime. These theories include choice theory, deterrence theory, psychological theories, social structure theories, social process theories, subcultural theories, and political theory. Discuss which theory is the source of motivation for the majority of computer criminals. Be sure to justify your answer. Discuss which theory would produce the most dangerous criminals and/or criminal acts.Explanation / Answer
In criminology, examining why people commit crime is very important in the ongoing debate of how crime should be handled and prevented. Many theories have emerged over the years, and they continue to be explored, individually and in combination, as criminologists seek the best solutions in ultimately reducing types and levels of crime. Here is a broad overview of some key theories: Rational choice theory: People generally act in their self-interest and make decisions to commit crime after weighing the potential risks (including getting caught and punished) against the rewards. Social disorganization theory: A person’s physical and social environments are primarily responsible for the behavioral choices that person makes. In particular, a neighborhood that has fraying social structures is more likely to have high crime rates. Such a neighborhood may have poor schools, vacant and vandalized buildings, high unemployment, and a mix of commercial and residential property. Strain theory: Most people have similar aspirations, but they don’t all have the same opportunities or abilities. When people fail to achieve society’s expectations through approved means such as hard work and delayed gratification, they may attempt to achieve success through crime. Social learning theory: People develop motivation to commit crime and the skills to commit crime through the people they associate with. Social control theory: Most people would commit crime if not for the controls that society places on individuals through institutions such as schools, workplaces, churches, and families. Labeling theory: People in power decide what acts are crimes, and the act of labeling someone a criminal is what makes him a criminal. Once a person is labeled a criminal, society takes away his opportunities, which may ultimately lead to more criminal behavior. Biology, genetics, and evolution: Poor diet, mental illness, bad brain chemistry, and even evolutionary rewards for aggressive criminal conduct have been proposed as explanations for crime. Cybercrime can often mutate into cyberterrorism or occur simultaneously, but cyberterrorism by itself is a distinct entity. Terrorist groups can surely find a number of highly talented, intelligent, and computer-literate people who are in agreement with their cause, and even if they can't, the more cash-rich terrorist organizations can surely afford to purchase the resources they need to carry out a cyberterrorist operation. The most talented and cash-rich organizations are likely to be state-sponsored, so this means that cyberterrorism more closely resembles war than crime. The most central, defining characteristics of cyberterrorism (that distinguishe it from do-it-yourself hacking) are that it is advanced, persistent, and targets a national security asset. However, these are all elements of sophistication, and sophistication varies, just as different talents exist at all levels of the cyber-threat spectrum. People that know how to use computers can unlock doors few of us even know exist. The Internet is analogous to the Wild West (Biegel 2003). Most laws are unwritten and power falls into the hands of those with the best technology. Traditional concepts of privacy are transforming before our eyes. Cybercrime and cyberspace law are very complicated subjects. Cybercrime has many definitions (Wall 2001), but many criminologists believe it will become a very common crime in the future. It's here to stay. It's not just a passing fad. With over one trillion dollars moved electronically every week, the Internet is where the money is. The rates of cybercrime are skyrocketing. The annual "take" by (organized) theft-oriented cybercriminals is estimated as high as $100 billion, and 97% of offenses go undetected (Bennett & Hess 2001). Then, there are those who just abuse the Internet and computer systems -- hackers or hooligans, whatever you want to call them. Their shenanigans result in an average cost of $104,000 per incident in damage, labor, and lost productivity (Brown et al. 2001). In addition, there's corporate espionage, which some experts say is the real problem, with annual losses of proprietary information in the $60 million range. Cyber-extortion is rapidly becoming commonplace in the corporate world. Cyber espionage, which is usually helped by insiders much of the time, generally involves probes for vulnerabilities and implementation of backdoors, much the same as high-level organized crime's interest in computers as a way to expand profits and seek out new markets. And finally, there's cyberterrorism, which most often involves a specific national security target but can easily escalate into a full-scale infrastructure attack on a whole society, depriving inhabitants of electrical power, dam protection from floods, use of emergency services, etc. The full threat spectrum is captured in the following illustration (Bucci 2009): It is difficult to classify all the possible methods of evil-doing with computers. In criminology, this is dangerous ground because theory and research are weak. A few typologies can be found. Also, one doesn't want to add to any legislative frenzy because there are things here that are criminally wrong, deliberately wrong, accidentally wrong, wrong for all the right reasons, and just plain annoying. Legal systems everywhere are busy finding new ways of dealing with Internet misbehavior, so this arena has become a sort of "test-bed" or "mini-society" where all sorts of symbolic interactions and moral panics play out. Nonetheless, this is the ethereal realm called CYBERSPACE which is somewhat intriguing and full of potential. Barney (2000), among others, says it is full of hope for democracy. Let us hope so. To become a cybercriminal, it stands to reason that one has to first acquire the skills. To a small number, this may come easy, but for most, they have to work very hard and long at it. It can be argued that most beginners start off as an Internet addict (it used to be they started off as computer afficionatos). "Internet Addiction" (sometimes called being an "onlineaholic" or having the non-insurable diagnosis of "Internet addiction disorder") is controversial. In a world of news feeds, instant messaging, emails, and games, it sometimes seems like Blackberry devices might be called "Crackberry" devices because of their addictive potential. I know it sounds like I'm looking for a mental pathology that starts people off in the wrong direction, but it is irrefutable that Internet addiction is a disorder and as destructive as any obsessive disorder, although one would be hard-pressed to describe the forensic or clinical outlines of it. Specialists estimate that 6 percent to 10 percent of Internet users develop a dependency (e.g., Dr. Hilarie Cash, head of Seattle-based Internet/Computer Addiction Services; Dr. Kimberly S. Young, head of the Center for Online Addiction in Bradford, Pa.; & Dr. Maressa Hecht Orzack, the director of the Computer Addiction Study Center at McLean Hospital in Belmont, Mass., and an assistant professor at Harvard Medical School; but in contrast, Sara Kiesler, professor of computer science and human-computer interaction at Carnegie Mellon University calls it a "fad illness"). Not, not all addicts become cyberterrorists, but the following can be modestly stated -- Internet addiction exacts a toll on health and family life; it aggravates pre-existing disorders; it can lead to further addictions such as gambling or pornography; it can lead to cybercrime involvement; and it can lead to online radical indoctrination in some terrorist ideology. The "hook" involves the ever-present hope of escape that the Internet offers to people who are longing for something. The "hook" for cyberterrorism may well be the sense of nihilism that overcomes the information over-saturated Internet addict. The intent to do harm will develop once one or more attack scenarios seem appealing. For example, a terrorist or terrorist group may feel grievously injured over the actions of a specific corporation, government, or organization. They may try to overwhelm the cyber defenses of that corporation, government organization, or infrastructure sector and do damage. They could destroy or corrupt vital data in the financial sector, cripple communications over a wide area to spread panic and uncertainty. They could use botnet-driven DDoS attacks to blind security forces at a border crossing point as a means of facilitating an infiltration operation, or a cyber attack in one area of a country could act as a diversion so a "conventional" kinetic terrorist attack can occur elsewhere. They could even conduct SCADA attacks on specific sites and use the system to create kinetic-like effects without the kinetic component. A good example would be to open the valves at a chemical plant near a population center, creating a Bhopal-like event. The permutations are as endless as one's imagination. THE DEFINITION OF CYBER First of all, anytime you use the prefix cyber-, you're talking about something moving fast. Motion is always involved. Anything related to the Internet falls under the cyber category. Besides being a prefix, it's also a verb, not a noun. So plugging in some 3D game and donning your goggles to go "cyber" doesn't count. There's always action, movement, evolving motivations, adventure and interaction when you cyber. It's impossible to just be cyber. There's no steady state of being cyber. To cyber means that you are constantly moving across vast amounts of information, lots of information. You are constantly using technology to the max. It's an activity unique to the Information or Knowledge Age we live in, and by its very nature, it involves some unique implications for changes in the way we live. Cyber activity is very different from the use of computers for traditional activities. In fact, the break from tradition is so great that most criminologists don't grasp this distinction, and would argue that theft is theft regardless of the medium used. However, cyber theft is substantially different, and cyberterrorism is substantially different from terrorism (it may be this distinction which spares us from it). Cybercrime is also substantially different from computer crime. It's like the difference between people who use computers for all they can be versus people who use computers as a tool like a typewriter. In each case, the the action or movement is different. Motives and intents are vastly different. Traditional users limit their motivation. Our criminal law requires certain specific elements of mens rea when it comes to cybercrime motivation, but there are different kinds of glee, elation, and glory involved in cyberspace that don't exist as normal psychological states. For example, ordinary criminal motivation usually functions on the basis of limited information. With cybercrime, the motivation involves an excess of information, not a deficit or "blind spot" of cognitive functioning. Nor are many of the concepts in white-collar criminology of any use, because you're dealing with something more revolutionary than just trying to make money -- you're dealing with cyberspace and technoculture, two concepts that are essential to any definition of cyber. A cybercriminology (if one is ever developed) will most likely have to be created by abandoning many old concepts. THE NATURE OF CYBERSPACE Cyberspace is a bioelectronic ecosystem that exists everywhere and nowhere. Technically, it consists of phones, coaxial cables, fiber optic lines, or electomagnetic waves (Dyson 1994). Nobody's really sure how big the Internet is (see CAIDA's map of Internet) for a map), but 135 countries have access, 54 world cities are the major hosts, and 72 million people logon every day. You should get the idea that cyberspace is pretty big, in fact, bigger than anything that's ever happened before in human history, and it's constantly growing, tripling in size every year. There are 13 main servers -- known as "root" servers -- which control all traffic on the Internet, and they are controlled by the U.S. Government (specifically the U.S. Commerce Department). Notice I didn't say "owned" by the government. Those 13 computers are in private hands, but they contain government-approved, master lists of the 260 or so Internet suffixes, such as ".com" and ".org." The master lists serve as the Internet’s master directories and tell Web browsers and e-mail programs how to direct traffic. Internet users around the world interact with them every day, likely without knowing it. If the U.S. government wanted to, it could render a policy decision that in one stroke could make all Web sites ending in a specific suffix essentially unreachable. The history is that in 1998, the Commerce Department selected a private organization with international board members (ICANN, or Internet Corporation for Assigned Names and Numbers) to decide what goes on those lists. Commerce kept veto power, and indicated it would let go of control eventually, and maybe turn control over to an international organization like the U.N. International Telecommunication Union, but in 2005, the U.S. reversed itself and said it would never cede control of the 13 main servers. The U.S. Commerce department does, however, endorse having foreign governments manage their own country-code suffixes, such as “.fr” for France. ICANN, in the meantime, is often hailed as an example of what international organizations would look like when they rule the world (Fukuyama 2006). THE CHALLENGES OF CYBERLAW A computer hooked up to the Internet is a publishing company, telephone, television, library, megaphone, and more all rolled into one. This means that any administration of justice for suspected evil-doing with computers is covered by the First Amendment (freedom of speech) as much as the Fourth Amendment (freedom from search and seizure). The traditional approach in this legal area involves thinking in terms of certain protected zones or spheres of privacy. However, cyberspace isn't really a zone or sphere. Nobody really owns it, nobody considers it "home", reasonable people shouldn't expect privacy from it, but not too many people want the government or anybody else sniffing, snooping, or regulating every part of this special place. Those are the First Amendment issues. The Fourth Amendment issues, such as those contained in the Personal Privacy Act (PPA) and Title III of the Electronics Communications Privacy Act (ECPA), involve people, not places, but the distinction between wiretapping unread mail (which law enforcement can freely do) and wiretapping previously read mail (which requires consent via Acceptable Use Policies) is less than perfect. When computer forensics specialists seize and search a hard drive for all its contents, the only Fourth Amendment issues they're concerned about are privileged relationships, work product, documentary materials, and/or whether or not the data was intended for publication or dissemination. If cyberlaw continues evolving in its current direction, we will end up not only criminalizing a special place, but lots of harmless person-based activity. Nobody should want to make it a crime for having too much fun with computers. The other challenging legal question is when does Internet activity involve actus reus. In cyberspace, as in virtual reality, it's the impression that what one is experiencing is real. Cyber-action often involves the virtual equivalent of real action. It doesn't require tactile sensation to be virtually raped in a chat room, but the consequences or trauma can be just as real. People can get married in cyberspace, obtain college degrees, and do other things that have real consequences. Plagiarism and copyright infringement is rampant on the web, and companies regularly install cookies and engage in data mining. A lot of Internet content is inappropriate for children. Just how many virtual crimes are possible to commit in cyberspace is difficult to determine, and there's no crime counting system for them. Computer impressions, symbols, and persona do not make for anything more than conspiracy and inchoate offense charges. If and when AI (Artificial Intelligence) systems come online, it will prove difficult who had the thought first -- the person or the machine. Then, there's the whole problem of jurisdiction. Where exactly does cyberspace begin and end? In general, a government's jurisdiction extends to those individuals who reside within its borders or to transactions or events which occur within those borders. The Internet, like space, doesn't have any borders. A few states have been daring, claiming that the flow of commerce, or financial stream, across their Internet nodes gives them jurisdiction. However, it's unlikely that any state authority would issue a warrant for an overseas offender who has less than minimal physical contact with U.S. soil. The minimal contact requirement usually governs transborder technology-related commerce (International Shoe Co. v. Washington 1945). International law enforcement compacts also require dual criminality, which means that investigative cooperation only exists if the offense has similar meaning in both nations. Sometimes, it's better to prosecute overseas, sometimes locally, sometimes federally, and this leads to a lot of disparities and inequities in the administration of justice. What and when to seize are also baffling issues. Reactive response to hard drives have become a pattern in law enforcement because they conveniently record voyages in cyberspace. However, it might be easier, and more proactive, to monitor specific bulletin boards, websites, posts, emails, and torrent streams. The computer's role should determine if the machine itself is to be seized or simply searched onsite. If the computer was used to commit a crime, the entire system should be seized. If the computer was used to store information about a crime, the hard drive, printer, and printout should be seized. Other situations might call for a quick copy of the hard drive and all floppies. The independent component doctrine requires that probable cause elements be present before any peripheral devices are seized. Getting ISPs to turn over their log files in a timely fashion, and getting upstream carriers to cooperate, are additional problems. It must be remembered that this is an area, along with drugs, that helped develop the practice of no-knock warrants. Judges apparently felt that hackers could install time-delay devices or hot keys to permit quick disposal of evidence. A time-delay device destroys evidence if the keyboard is not accessed for awhile, and a hot key program erases data when a certain keystroke combination is depressed. Courts have also dealt with the time element for when a computer search warrant keeps from going stale, which is 3-6 months, the latter being the time when an unread message becomes a stored message, for legal purposes (Becker 2000). Cyberspace law is a patchwork of loosely-articulated protections, liberally punctuated with loopholes and exceptions. Consider, for example, that there is privacy protection for bank records but not for medical records; protection for videotape rentals, but not magazine subscriptions; credit record protection, but not insurance records. New business practices and new technological developments often make good laws quickly obsolete. It's no wonder that cyberspace is the perfect breeding ground for crime because cyberlaw is such a mess. 48 states have some version of a Computer Fraud and Misuse Act (Title 18, Section 1030 of the Federal Criminal Code). This act was passed into law by Congress in 1986, and has been amended at least five times to touch up the language. There's also the Economic Espionage Act (Title 18, Section Chapter 90). Most cybercrime is prosecuted at the federal level under either of these two acts. Let's take a look at these two laws. Computer Fraud and Misuse Act (last amended 1999): "Whoever knowingly accesses a computer without permission...to obtain information...defined as harmful to national defense, foreign relations..., or injury to the United States, intentionally accesses the financial record of a financial institution, any computer of any department or agency of the U.S., any protected computer involved in interstate or foreign communication, any nonpublic computer that conducts affairs for the government...with intent to defraud, extort, or cause damage...shall be punished by fine and imprisonment for five to twenty years." Economic Espionage Act of 1996: "Whoever intentionally or knowingly steals, copies, receives, or conspires to benefit any foreign instrumentality by converting any trade secret related to interstate or foreign commerce shall be subject to criminal and civil forfeiture of all property used or derived from the offense as well a fine from $500,000 to $5,000,000 and imprisonment from ten to fifteen years." State laws tend to be written as theft or fraud statutes, the evils being stealing and undermining confidence. One might want to review the common law elements of theft, fraud, and consumer fraud if they are unfamiliar with these offenses. CardCops, a company that tracks and stings fraudulent (stolen) credit card use over the Internet, estimates online fraud at ten times the rate of real world fraud, and on many web sites the seller of something will try to "steer" you toward something which is "fake." Virtual returns of merchandise are almost as costly as virtual purchases, and so-called carders regularly post sniffed credit card numbers in chat rooms and on web sites. In the long run, it's the perception of dangerousness that hurts e-commerce, but in the short run, it's the speed of offending and the slowness of law enforcement that is of concern. The typical state-level cybercrime statute is long, often longer than federal code, and the wording is extremely general, but a short example might be as follows: Typical State Cybercrime Statute (circa 2000): "A person commits computer theft or fraud when they knowingly and without authorization access or cause to be accessed any computer or network for obtaining goods, services or information with the intent to permanently deprive the owner of possession or use." THE VARIETIES AND TYPES OF CYBERCRIME Not everything computer-related is cybercrime, and not everything computer-related is computer crime. A person using a stolen telephone code to make free calls, even though the number is processed by a computer, is engaging in toll fraud, not computer crime. A person who embezzles $200 from the ATM of a company they work for still commits embezzlement, not cybercrime. The use of computers as incidental to another offense is not cybercrime. There are plenty of laws on the books already to classify many types of related crime. One way to do this involves thinking along the lines of asset forfeiture, or whether computers make up the fruits or instrumentalities of crime. This is a classification of cybercrime with the computer as target and computer as tool. Computer as Target: This kind of activity is the wrongful taking of information or the causing of damage to information. Targeting a computer just to obtain unauthorized access is the hallmark of hacking, and the most serious criminal offense here is theft of information, followed by maliciousness, mischief, and wayward adventuring. Bypassing a password protected website to avoid payment would be theft of services, and foreign intelligence break-ins would be espionage. These are all familiar types of crimes, but hacking is typically done in furtherance of a larger scheme since the hacker wants to exploit all computational and encryption capabilities of a hacked system in order to weave through related computer systems. The activity can range from large-scale disruption to elegant hacking. DNS rerouting and denial of service attacks are the most disruptive. Subtle changes to a web page are elegant. Hackers also generally collect password lists, credit card info, proprietary corporate info, and warez (pirated commercial software). A list of specific offenses in this category might include: Arson (targeting a computer center for damage by fire) Extortion (threatening to damage a computer to obtain money) Burglary (break-ins to steal computer parts) Conspiracy (people agreeing to commit an illegal act on computer) Espionage/Sabotage (stealing secrets or destroying competitors records) Forgery (issuing false documents or information via computer) Larceny/Theft (theft of computer parts) Malicious destruction of property (destroying computer hardware or software) Murder (tampering with computerized life-sustaining equipment) Receiving stolen property (accepting known stolen good or services via computer) Computer as Tool: This kind of activity involves modification of a traditional crime by using the Internet in some way. The traditional analogue here is fraud. It can something as simple as the online illegal sale of prescription drugs or something as sophisticated as cyberstalking. Pedophiles also use the Internet to exchange child pornography, pose as a child, and lure victims into real life kidnappings. Laws governing fraud apply with equal force regardless if the activity is online or offline, but a few special regulations apply at the federal level: Internet fraud (false advertising, credit card fraud, wire fraud, money laundering) Online child pornography; child luring (sexual exploitation; transportation for sexual activity) Internet sale of prescription drugs & controlled substances (smuggling; drug control laws) Internet sale of firearms (firearms control laws) Internet gambling (interstate wagering laws; lottery laws; illegal gambling businesses) Internet sale of alcohol (liquor trafficking) Online securities fraud (securities act violations) Software piracy & Intellectual Property theft (copyright infringement; trade secrets) Counterfeiting (use of computer to make duplicates or phonies) INSIDERS AND OUTSIDERS Another way of classifying cybercrime is to use a location-based approach that distinguishes between insiders and outsiders. This is the approach the FBI uses, which is also based on an evaluation of societal costs and the capabilities of law enforcement. It is also the approach one is most likely to encounter in the published, scholarly literature (e.g. Nykodym, Taylor & Vilela 2005). Such efforts are merely categorizations and are merely descriptive, but the geographic profiling of hackers has been a law enforcement pastime for quite some time (Taylor 1991), as has criminal profiling in general (Nykodym et al. 2005). Opinions differ over the most effective form of the profiling process, but it's somewhat true that the rest of the country usually follows the lead of the FBI on such matters. If one were to visit the now-defunct National Infrastructure Protection Center (now part of DHS), one could have seen how the problems of joint efforts reflect a changing set of priorities and emphases, but one could also easily see how about half the tips relate to insiders (using e-mail safely within your organization) and half to outsiders (cyberprotests by foreign nationals). Insider Threats: The disgruntled insider is the principle source of computer crime. As much as 75% of computer crimes are done by employees. This makes cybercrime against business the number one type of cybercrime, and it's growing, with the estimated loss to business running about $500 million per year, in the form of crimes like theft of proprietary information, theft of customer databases, and theft of product databases. Their average age of an insider offender is 29, and they generally hold managerial or professional positions (USDOJ CCIPS data of 2003 puts the age profile like this -- 34% are between 20-29, 36% between 30-35, and 27% over 35). Older offenders generally do more damage. The FBI regards disgruntled employees as motivated by a perception of unfair treatment by management or snubs by co-workers. Another fraction of incidents are caused by blunders, errors, or omissions. The FBI regards the insiders here as incompetent, inquisitive, or unintentional. The difference appears to be in the intent to disrupt. Crimes involving the computer only incidentally are treated as traditional crimes -- theft, for example, if an employee tampers with the payroll system (called "data-diddling"). However, even the FBI is continually surprised, when under the plain view doctrine, they investigate an insider threat and find examples of child pornography, organized crime connections, and even recreational hacking. Employees often waste a lot of company time using their network access to surf, shop, or engage in other instances of lost productivity. It makes sense to profile the typical computer abuser. Every organization has them, and here are some of the signs: missing computer supplies when the employee is around missing software when the employee is around numerous logon sessions, some attempts under different name sloppy password management unusual interest in computer system printout mixes personal equipment with company equipment Insider profiling (Nykodym et al. 2005) aims to help organizations understand the types of people that are likely to commit net abuse and/or cybercrime. Some common characteristics of such people include: not showing fear from having managers around; inclination to break the rules; and perhaps a keen sports fan (in the case of net abuse by online gambling at work). Such persons are usually fairly secretive, hard to communicate with, and quiet at work. Workplace cybercrime committed by managers at work tends to adhere to the same profile, yet the amount of money "take" at work is higher. Mid-or low-level employees, who commit the majority of cybercrimes at work, tend to have more restricted access and subsequently a lower "take." However, alliances between a manager and employee at work can be a difficult case to investigate (detect and stop) because they are working on different levels of a hierarchy and have more ways to hide the crime. Insider cybercrime is generally divided into four (4) main categories (Nykodym et al. 2005): (1) espionage; (2) theft; (3) sabotage; and (4) personal abuse of the organizational network. The espionage-oriented offender is similar to the outsider cybercriminal (discussed below), and generally is after confidential or sensitive information, and usually is part of the management team, sometimes the higher management (very senior) team. Depending upon the race structure of the organization, the cybercriminal would be white or black, but they are usually secretive individuals who do not want to look different, and always try to blend in among others. Theft-oriented cybercriminals are motivated by their own gain (despite what they might say about hate or revenge) with their only goal the selling or using of valuable information for money. Such criminals are usually very comfortable with their position in the organization, and they tend to be young (either male or female) and still, relatively low in the organization's hierarchy. The sabotage-oriented cybercriminal is like the espionage-oriented type (in being influenced by a competitor), but sabateurs are not necessarily employed by the organization, but consist usually of subcontractors, part-timers, and the like, who also usually have one things in common -- they have personal motives, like revenge for some mistreatment they perceive, like a layoff or missed promotional opportunity. Age, race, and sex variation is quite diverse with this type. Outsider Threats: Hackers are the most common group in this category. Their typical age is between 14 and 19, and they are generally part of the cyberpunk subculture. Hacking for illicit financial gain has been increasing, and less-skilled "script kiddies" (using point-and-click software instead of programming) are increasing in number. Distributed Denial of Service Attacks are also increasing, which plant a tool such as Trinoo, Tribal Flood Net (TFN), TFN2K, or Stacheldraht (German for barbed wire) on a number of unwitting victim systems. Then when the hacker sends the command, the victim systems in turn begin sending messages against the real target system. 2001 was also the Year of the Virus, and several large-scale hacks were accompanied by viruses released in the wild, which led authorities to suspect that hackers and virus writers were uniting. The FBI uses the following typology to classify outsider threats: industrial espionage - theft of proprietary information or trade secrets terrorism - attempts to influence or disrupt U.S. policy national intelligence - attempts by foreign governments to steal economic, political, or military secrets infowarfare - cyber attacks by anyone on the nation's infrastructure to disrupt economic or military operations Industrial espionage is a very high-stakes game which U.S. companies play along with everyone else. There is a 1996 Anti-Economic Espionage law which defines "trade secrets" quite broadly, but arrests usually involve sting operations conducted against foreign nationals attempting to bribe somebody. Rarely are American companies stung. It's the perfect example of an exception to the insider-outsider typology because sometimes, the crime originates with an employee who is in a position to sell trade secrets, and other times, the employee is tempted by an outsider. Terrorists are known to use information technology to formulate plans, raise funds, spread propaganda, and to communicate securely. For example, Ramzi Yousef, mastermind of the first World Trade Center attack, stored detailed plans to destroy United States airliners on encrypted files in his laptop computer. Osami bin Laden was known to use steganography for his network's communications. A website that was known as the Muslim Hacker's Club listed tips for things such as hacking the Pentagon. A hacker known as DoctorNuker has been defacing websites for the last five years with anti-American, anti-Israeli, and pro-Bin Laden propaganda. Other than by using computers to communicate and coordinate, few examples exist of cyberterrorism, or politically motivated attacks on computer systems. In fact, it is advantageous to a terrorist group to keep the Internet working, as a means of communication and outlet for propaganda. The main tools of terrorism remain guns and bombs, not computers. There are a few instances of cyberterrorism, however, such as the 1998 attack on Sri Lankan servers by the Internet Black Tigers, or the Mexican Zapatista movement of the same year, which eventually teamed up with protesters of the World Trade Organization. We have yet to see a significant instance of "cyber terrorism" with respect to widespread disruption of critical infrastructures. However, the FBI and many others, are concerned about the growth of something called hactivism, which is a word that combines hacking and activism. These are politically motivated attacks, but they may also be a form of electronic civil disobedience. Such attacks are usually elegant. For example, the Zapatistas target the URLs of companies they think don't support human rights. The attack is nothing more than adding the phrase "/human_rights" to the end of the URL. The page returns a display that says "human rights not found on this server," which is also found in the server logs. They don't actually flood the server, just enough times to make sure it's noticed in the server logs. Foreign intelligence services have adapted to using cyber tools as part of their information gathering and espionage tradecraft. In a case dubbed "the Cuckoo's Egg," between 1986 and 1989 a ring of West German hackers penetrated numerous military, scientific, and industry computers in the United States, Western Europe, and Japan, stealing passwords, programs, and other information which they sold to the Soviet KGB. Significantly, this was over a decade ago -- ancient history in Internet years. Infowarfare usually involves foreign military forces against another foreign military force. We know that several nations are already developing information warfare doctrine, programs, and capabilities for use against each other and the United States. China and Taiwan have been at infowar for years. Foreign nations interested in such programs feel they cannot defeat the United States in a head-to-head military encounter and believe that information technology is our Achilles Heel and their best bet. Infowar is a classic example of cyberterrorism because it is always advanced and persistent. In fact, there is a neat term for it called AFT (Advanced Persistent Threat) which refers to the capability and intent to persistently and effectively target a specific entity such as the way the Stuxnet worm in 2010 targeted Siemens industrial software to disrupt the Iranian nuclear program. The "advanced" in AFT refers to the capability to compromise a target and maintain access to it. The "persistent" in AFT refers to a "low-and-slow" approach in the opportunistic motivation to seek greater amounts of information. An AFT usually targets national security information, is often attached to an authorized user, and firewalls don't stop it. Following in the footsteps of Stuxnet (and sharing some of the same code) are two new pieces of 2011 malware called Duqu (which targets European manufacturing) and Nitro (which targets chemical companies, defense contractors, and other elements critical to national security in the UK, USA, and Bangladesh). CYBEREXTORTION Cyberextortion is an outsider threat designed to obtain money, products, or favorable considerations from an organization or an organization's individual employees using illegal means of persuasion related to a computer intrusion or threatened computer intrusion that would make it impossible or difficult for that organization to do business. The method of attack is most typically a Denial of Service (DoS) although theft of data or public ridicule (web defacement) are also common. The crime takes advantage of the tendency for most businesses to NOT want their infrastructure vulnerability made public. The target is typically a company that is involved heavily in e-commerce, and there is some tendency for targets to be companies that outsource their help desk function to places like India and Pakistan. This crime is a good example of a transnational crime. While it can occur within the boundaries of a single nation (Japanese businesses, for example, tend to be cyberextorted by Japanese criminals), it is more commonly found in the form of Russian or Eastern European hackers, hired or coerced by some organized crime group into finding American and European companies to break into. Banking organizations are a particular target. The Bank victim is threatened with having all or most of their customer's PIN numbers placed on the Internet somewhere, and a suprising number of victims "pay up" rather than report the problem to law enforcement. Cyberextortion, in its organized crime variety, also represents an interesting division of labor among criminals since the hackers do specialized, technical work and their "handlers" do specialized, nontechnical work. A TYPOLOGY OF HACKERS At the heart of cybercrime are the hackers. These people are the ones with the skills to commit the crimes, and an interesting way to look at them is to focus upon the lifestyles and personalities of hackers. Take it for what it's worth. None of these personality characteristics have been validated by any empirical tests. The first typology comes from Maxfield (1985): Pioneers -- those who are fascinated by evolving technology and explore it without knowing exactly what they are going to find Scamps -- hackers with a sense of fun who intend no overt harm Explorers -- hackers motivated by a delight in breaking into computer systems. The more geographically distant, or more secure the target it, the greater the delight Game players -- those who enjoy defeating software or system protection, with hacking seen as a sort of game itself Vandals -- those who cause damage for no apparent gain Addicts -- nerds who are literally addicted to hacking and computer technology A second typology (Coutourie 1989) describes the relationship of a hacker to their computer: Playpen -- in which the computer is seen as a toy Fairyland -- where cyberspace is an unreal world where wrong cannot be done Land of opportunity -- where there's nothing wrong with exploiting a vulnerable system Tool box -- in which the computer is just a way to get other things done Cookie jar -- with the computer as a place to go borrow things now and again War game -- where hostile feelings are vented against machines rather than people