Computer Attacks and Global Terrorism

It is problematic defining a “Cyberattack” such as “Cybercrime” or “Cyberterrorism” cause of difficult determining with certainty the identity, intent, or the political motivations of an attacker.

Often we equated simple use of malicious code with “Cyberterrorism” which usually involve more factors like just a computer hack. However, a “Cyberterrorism” event may also sometimes depend on the presence of other factors beyond just a “Cyberattack.”

There are many different definitions exist for the term “Cyberterrorism” like as many definitions exist for the term “Terrorism ”. Security expert Dorothy Denning defines Cyberterrorism as “politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage”. Some definitions of Cyberterrorism as “unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives ”.

Others definitions indicate such as physical attacks that destroy computerized nodes for critical infrastructures, such as the Internet, telecommunications, or the electric power grid, without ever touching a keyboard, also be labeled as Cyberterrorism . Thus, it is possible that if a computer facility were deliberately attacked for political purposes, all the methods described above (physical attack, Cyberattack,..) might contribute to, or be labeled as “Cyberterrorism” .

Business, government and industry have all become addicted to information. Theirs depends of information creates opportunities for terrorism. Computer and information security, data protection, and privacy are all growing problems. No single technology or product will eliminate threats and risk. Securing our computers, information, and communications networks secure our economy and our country. A global strategy and policy for combating this type of terrorism is need now.

It is necessary to know that these methods of terror, producing destruction, and fear can be much more destructive online than other conventional methods in the real world.
To avoid much malicious possibility it is today’s research and development task to produce the crime-resistant products of the future. So we must take every opportunity we can to use science and technology to reduce crime and improve the quality of our lives. In this article we focused on different aspects of “Cyberterrorism”, their begin fundamentals and against fights methods.

Key-words: Cyber Terrorism, Cyber Espionage, Terrorist Attacks, Network Society Information Security Systems

1 Netwar Overview
Where is cybercrime today? Where it is headed? Espionage? Botnets? Trojans? Spyware? Denial-of Service attacks? Phishing scams? Zero-day exploits ? The reality is that no one is immune from this malicious industry’s reach – individuals, businesses, even governments. Many sophisticated computer technologies are developing in new era. Also there are growing dangers from crimes committed against information on computers, or against computers. In most countries around the world, however, existing laws are likely unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information. Self-protection, while essential, is not sufficient to make cyberspace a safe place to conduct business. The rule of law must also be enforcing. As cyber crime increasingly breaches national borders. National governments should examine their current statutes to determine whether they are sufficient to combat the kinds of crimes discussed in this article. Where gaps exist, governments should draw on best practices from other countries and work closely with industry to enact enforceable legal protections against these new crimes. Many reports describe about possible effects of a coordinated Netwar against the most critical infrastructure. Also there are many discussions about open options to extremists, or terrorist groups for obtaining malicious technical services from cybercriminals to meet political or military objectives.

2 Cyberattack, Cybercrime, Cyberterrorism.
A great deal of “cracks” are committed for the purposes of anarchy, humor, or as often stated by the perpetrators, “to be annoying”. However, is this the mindset of a cyberterrorist? Does he change an web site to say a country’s government is evil? Does he hack into a major corporation’s voice mail system to make long distance calls? No, that isn’t domain of the cyberterrorist. That is domain of the amateur cracker demonstration. A cyberterrorist will disrupt the banks, the international financial transactions, the stock exchanges. The key: the people of a country will lose all confidence in the economic system. Would a cyberterrorist attempt to gain entry to the goverment building or equivalent? Likely, since arrest would be immediate. However, in the case of the cyberterrorism, the perpetrator sitting on another continent while a nation’s economic systems grind-down. Destabilization will be achieved.

3 What’s New In Netwar?
Undeterred by the prospect of arrest or prosecution, cybercriminals around the world lurk on the Net as an omnipresent menace to the financial health of businesses, to the trust of their customers, and as an emerging threat to nation’s security. Headlines of Netwar attacks command our attention with increasing frequency. Moreover countless instances of illegal access and damage around the world remain unreported, as victims fear the exposure of vulnerabilities the potential for copycat crimes and the loss of public confidence. Sophisticated tools for cyberattack we can found for sale or freeware on the web. Highly-organized underground cybercrime businesses host websites advertise a variety of disruptive software products and malicious technical services.

High-end cybercrime groups use standard software business development techniques to keep their products updated with the latest antisecurity features. Also they seek and recruit new and talented software engineering students into their organizations. As in next chapter shows the laws of most countries do not clearly prohibit cybercrime.

3.1 Problem to Cybercrime definition harmonize
Cybercrime can be very broad in scope and may sometimes involve more factors than just a computer hack. Cyberterrorism is often equating with using of malicious code. However, a cyberterrorism event may also sometimes depend on the presence of other factors beyond just a cyberattack.

3.2 Problem of transitional nature of Cybercrime
Effective law providing is complicate cause of transnational nature of cyberspace. Mechanisms of cooperation across national borders to solve and prosecute crimes are complex and slow. Such techniques dramatically increase both the technical and legal complexities of investigating and prosecuting cybercrime. However, the future of the networked world demands a more proactive approach, whereby governments, industry, and the public work together to devise effective laws that will effectively determined cyber criminals. “Fighting cybercrime is a 24/7 battle, a global battle, and it is far from over” (DeWalt, 2007).
It is easy to learn how to commit; they require few resources relative to the potential damage caused they can be committed in a jurisdiction without being physically present in it; and they are often not clearly illegal.

3.3 Problem to international Law harmonize
Cyber criminals can defy the conventional jurisdictional realms of sovereign nations, originating an attack from almost any computer in the world, passing it across multiple national. New technologies continue to outpace policy for law enforcement. Problems of coordination among agencies of different countries, along with conflicting national policies about crime in cyberspace, work to the advantage of cybercriminals who can choose to operate from geographic locations where penalties for some forms of cybercrime may not yet exist. boundaries, or designing attacks that appear to be originating from foreign sources. Existing terrestrial laws against physical acts of trespass or breaking and entering often do not cover their “virtual” counterparts. Outdated laws may not cover web pages such as the e-commerce sites recently hit by widespread, distributed denial of service attacks as protected forms of property.

4 Ethics and moral doubts
Over the past 10 years, crime has been moving away from stealing physical goods, towards obtaining information. First the means of robbery changed to keep up with an age where people carry identity information in the form of credit cards instead of cash. However, these are just the modern equivalents to common mugging.
Recently though, whole new information markets have opened up as playing fields for computer criminals. Much of the internet economy revolves around advertising. And much of this advertising is targeted by using databases of personal information. This information is extremely valuable, and could be stolen, and a black market of information created. Information such as medical records, HIV test results, and personal emails could all be stolen and sold to advertisers and other information-based companies.
One of the most worrying is the terrorists moving online, and engaging in what is called cyber-terrorism. These methods of producing destruction, terror, mayhem, and fear can be much more destructive online than other conventional methods in the real world.

What types exactly will depend on what new forms of security tomorrow’s criminals will need to break. Will people be synthesizing voice authorizations? Or running replay attacks on retinal scanners? Or even learning to imitate a victim’s typing style. All we can be sure of, is that criminals of tomorrow, like those of last century and those of today, will keep on innovating.

5 Netwar – War of the future
Cyber espionage involves the unauthorized probing to test a target computer’s configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files. However, should a terrorist group, nation, or other organization use computer hacking techniques for political or economic motives. Their deliberate intrusions may also qualify them, additionally, as cybercriminals. If there is disagreement about this, it is likely because technology has outpaced policy for labeling actions in cyberspace. In fact, industrial cyber espionage may now be consider a necessary part of global economic competition, and secretly monitoring the computerized functions and capabilities of potential adversary countries may also be consider essential for national defense.

U.S. counterintelligence officials reportedly have stated that about 140 different foreign intelligence organizations regularly attempt to hack into the computer systems of U.S. government agencies and U.S. companies. Cyber espionage, which enables the ex-filtration of massive amounts of information electronically, has now transformed the nature of counterintelligence.

6 Satan
SATAN is an automated network vulnerability search and report tool that provides an excellent framework for expansion. The authors indicate that SATAN stands for “Security Analysis Tool for Auditing Networks”.

7 Kerberos
Kerberos is a network authentication system developed at MIT to address this problem. It enables users communicating over networks to prove their identity to each other while optionally preventing eavesdropping or replay attacks. It provides data secrecy using encryption. Kerberos provides real-time authentication in an insecure distributed environment.

8 How avoid to unexpected scenarios?
To avoid many malicious possibilitys it is today’s research and development task to produce the crime-resistant products of the future. So we must take every opportunity we can to use science and technology to reduce crime and improve the quality of our lives.

In order for a wide implementation of this technology, standards must be developed that will allow for their consistent use. The International Organization for Standards ISO/IEC JTC1 is the governing body of international biometric standards, but this standardization is still in progress. Also there are many International Standards such us ISO/IEC 19794-5 to define Image Quality Requirements and BS7799 covering ten major sections, each a different area as a Business Continuity Planning , System Access Control, System Development and Maintenance, Physical and Environmental Security, Compliance, Personnel Security, Security Organisation, Computer & Network Management, Asset Classification and Control, Security Policy to maximum protect Information System and personal informations.

In the future, fixed biometric standards will be in place to guide vendors and developers in the areas of biometric application profiles, interfaces, and system performance. Along with standardization there should be certain privacy issues addressed by law such as privacy and specific use guarantees as well as checks and balances to conduct audits to ensure compliance with these guarantees. This is a good reason that encryption and digitalization are recommended by leading industry organizations such as International Biometrics Industry Association (IBIA) and the BioAPI Consortium.

9 Conclusion-Future Challenges
Global security trend identified by security experts consulted is the emergence of an entire economy geared to outfit criminals with the tools for cybercrime.

9.1 Reliance on terrestrial laws is an untested approach.
Despite the progress being made in many countries, most countries still rely on standard terrestrial law to prosecute cyber crimes. The majority of countries are relying on archaic statutes that predate the birth of cyberspace and have not yet been tested in court.

9.2 Weak penalties limit deterrence.
The weak penalties in most updated criminal statutes provide limited deterrence for crimes that can have large-scale economic and social effects.

9.3 Self-protection remains the first line of defense.
The general weakness of statutes increases the importance of private sector efforts to develop and adopt strong and efficient technical solutions and management practices for information security.

9.4 A global patchwork of laws creates little certainty
Little consensus exists among countries regarding exactly which crimes need to be legislated against. Figure 2 illustrates the kinds of gaps that remain, even in the 19 countries that have already taken steps to address cybercrimes. In the networked world, no island is an island. Unless crimes are define in a similar manner across jurisdictions, coordinated efforts by law enforcement officials to combat cybercrime will be complicated.

9.5 A model approach is need.
Most countries, particularly those in the developing world, are seeking a model to follow. These countries recognize the importance of outlawing malicious computer-related acts in a timely manner in order to promote a secure environment for ecommerce. But few have the legal and technical resources necessary to address the complexities of adapting terrestrial criminal statutes to cyberspace. A coordinated, public-private partnership to produce a model approach can help eliminate the potential danger from the inadvertent creation of cyber crime havens.

Literature and sources:
1. Europol, (2003): Computer-related crime within the EU: Old crimes new tools; new crimes new tools. Luxembourg: Office for Official Publications of the European Communities.
2. Hicklin, R. A., and Khanna, R, (2006): The Role of Data Quality in Biometric Systems
3. Jain, A. K., Bolle, R. and Pankanti S., (1999): BIOMETRICS: Personal Identification in Networked society, Kluwer Academic Publishers.
4. Janbandhu P.K. and Siyal M.Y., (2001): Novel biometric digital signatures for Internet-based applications, Inf. Management and Computer Security, vol. 9.
5. Maltoni, D., Maio, D., Jain, A. K. and Prabhakar, S., (2003): Handbook of Fingerprint Recognition, Springer Verlag.
6. Mitnick, D. Kevin (2002): The Art of Deception: Controlling the Human Element of Security. Indianapolis: John Wiley & Sons Inc.
7. Nadel, L., (2006), On the Future of Biometrics – Research, Applications, and Social Challenges, IEEE CVPR 2006.
8. National Institute of Standards and Technology, (1993): Data Encryption Standard (DES), Federal Information Processing Standards Publication 46-2, 1993.
9. Pocar, Fausto, (2004): New Challenges for International Rules against Cyber-Crime. European Journal on Criminal Policy and Research, Volume 10, No. 1. 27–37.
10. Ratha N.K., Connell J.H., Bolle R.M., (2001): An analysis of minutiae matching strength, Proc. 3rd AVBPA, Halmstad, Sweden,
11. Umut Uludag, Anil K. Jain, (2003): Multimedia Content Protection Via Biometrics-Based Encryption International Conference on Multimedia and Expo (ICME 2003), Baltimore, Maryland, USA.
12. Wilson, C., (2008): CRS Report for Congress, Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, Washington, 2008.

Опубликовать в twitter.com

Comments close