View
25
Download
3
Category
Preview:
Citation preview
INTERNET SECURITY THREAT
Running Head: INTERNET SECURITY THREAT
Online Perpetrators and Cyber Crime:
The Internet as a Security Threat
Michael Yatskievych
University of Texas at El Paso
Fall 2010
0
INTERNET SECURITY THREAT
Online Perpetrators and Cyber Crime:
The Internet as a Security Threat
Introduction
Currently the world is witnessing a rapidly increasing threat to public safety as the
Internet is providing for more venues that make access to sensitive vulnerabilities easier,
whether civilian or government. The online perpetrators responsible for wreaking havoc
in the virtual world is resulting in drastic financial damages, identity theft, losses in
productivity, and breaches in national security. When taken individually these potential
threats are devastating, however, when combining these threats their potential for damage
makes for a synergistic amalgamation, which could spell the impending doom of the
methods of traditional crime and international war.
Figure 1.
The argument as to how relevant cyber crime and terrorism is to the well being of
the people of the United States, and that of the world, is debated as the effectiveness of
using computer technology in tandem with the Internet has never yielded a substantial
loss where lives were eliminated or critical infrastructures were commandeered to service
evil enterprises. This report will address how the susceptibility of the networks that
1
INTERNET SECURITY THREAT
depend on Internet communication to service almost every facet of humanity is in
jeopardy and has the potential to not only create inconvenient conditions for computer
users but has the potential to terminate civilization.
When surveying the form of the cyber landscape it reveals an infinite number of
possibilities where the wickedness of online misconduct can be translated into refined
attacks of anonymity. These criminals are the new generation of delinquency and when
combined with the increasing prevalence in the dependency of Internet communications
to control commercial and industrial systems the prospect in the corruption of the
necessary components of day-to-day life become a promise to surely be fulfilled.
Analyzing the possible detrimental effects of cyber threats, and identifying its
society ending potential, requires the acknowledgement of changing the online virtual
environment. The increased use of the Internet is causing a proportional escalation in
Internet related crime and terrorism. Among the scores of online disobedience this essay
will deal with several incidents, which will include recent examples in the disruption of
critical infrastructures as well as threats to the government sector.
Evaluating the current cyber situation and forecasting the future of online crime
and terrorism and its burgeoning threat upon the general population means that the
solutions to govern the safety of people affected by the Internet obliges the coalescence
of multiple factors. Syndicating both private and public mandated measures in
cooperation with an international unified Internet etiquette protocol that is prosecutable
by a global judiciary committee is the best solution to prevent atrocities made responsible
by online bandits. Although the Internet poses as a potentially universal security threat it
2
INTERNET SECURITY THREAT
can be monitored and maintained to prevent the potential for cyber attacks with the aid of
applied vigilance and Internet watchdogs.
Cyber Crime Statistics
Since the inception of the Internet the prevalence of online relate crimes and acts
of terror have greatly increased. The following is an overview of some of the statistics
that disclose the general trends of high-tech crimes. These numbers prove that with the
proliferation of offenses found online the likelihood for severe transgressions yielding in
acts of terror and the crippling of critical infrastructures become more apparent. As more
users log-on the Internet the corresponding amount of foul play increases and when
compiled with time the possibility of a breach in national security becomes imminent.
Comparing the statistics of 2010 and the proceeding year divulges that the
differential in online associated crimes have increased more in this year than ever in
history. For example, according to a joint federal-civilian organization (FBI and National
White Collar Crime Center), the IC3 or the Internet Crime Complaint Center has released
data that proves to be unsettling and confirms the necessity to change the ways in which
Internet legality needs to be modified to adapt to the evolving online criminal and
terrorist environment. The numbers released by the IC3 is exclusive to this organization
only and is not a representation of Internet activity for the entire United States.
Figure 2.
3
INTERNET SECURITY THREAT
“From January 1, 2009 through December 31, 2009, the
Internet Crime Complaint Center (IC3) Web site received
336,655 complaint submissions. This was a 22.3% increase
as compared to 2008 when 275,284 complaints were
received. The total dollar loss from all referred cases was
$559.7 million with a median dollar loss of $575. This is up
from $264.6 million in total reported losses in 2008.”
(IC3, 2010)
Figure 3. Annual Cyber Crime Complaints Comparison
Figure 4. Annual Losses due to Cyber Crime
4
INTERNET SECURITY THREAT
Besides the United States other countries also have had to deal with the increased
prevalence in cyber related incidents of crime and terror. These lands are mostly
industrialized nations that actively participate in the world market and have international
trade agreements. Not every country is as liberal in releasing criminal data regarding
online behavior, however, most European and East Asian countries have compiled years
of Internet crime related information.
“Belgium, a country with a population of about 10.5
million people. In 2006, about 52.6% of the population
were Internet users. So Belgian online community counts
about 5.5 million users. In 2007 the police portal
www.ecops.be registered 23,832 messages of which 17,089
were punishable acts. The total number of cases was an
increase of 750% compared to the 2.360 case registered in
2002.” (Security4All, 2008).
South Korean Police - Cyber crime statistics (by type) Cyber crime statistics (Dec. 31,2009)
Year Total Hacking virus Internet fraud Cyber violence Illegal website
operationIllegal copying and
salesOther
04 63,384 10,993 30,288 5,816 2,410 1,244 12,633
05 72,421 15,874 33,112 9,227 1,850 1,233 11,125
06 70,545 15,979 26,711 9,436 7,322 2,284 8,813
07 78,890 14,037 28,081 12,905 5,505 8,167 10,195
08 122,227 16,953 29,290 13,819 8,056 32,084 22,025
09 147,069 13,152 31,814 10,936 31,101 34,575 25,491
Figure 5. South Korean Cyber Crime Statistics by Year
When comparing these numbers from country to country it becomes apparent that
the Internet security threat dilemma is not something that the United States should be
5
INTERNET SECURITY THREAT
independently concerned. The trends of cyber related crimes are very similar from one
land to the next inferring that the Internet is a threat to national security for every
developed nation with online capacities.
Internet as a Security Threat to Critical Infrastructures
Recent news stories have reported isolated incidents of Internet related crimes that
are not merely potential risks for national security but are blatant breaches of security.
The following two accounts are examples of the future of cyber crime and the pending
cyber wars where the parties responsible for the incidents were not native nationals,
rather the parties claimed to be accountable for these security violations originated from
other countries.
The first of these examples occurred on Sunday the 26th of September 2010 in
Iran. Officials claim that a staff member of the Bushehr nuclear power plant
unknowingly infected the installation’s computers with a Stuxnet worm virus. Derek
Reveron, professor at the U.S. Naval War School in Rhode Island said that this virus “is
the first known worm to target industrial control systems and grants hackers vital control
of vital public infrastructures like power plants, dams and chemical facilities.” (Apps,
2010).
Although there was no damage to any vital power plant operations the breach in
Iranian security proved to be more than just embarrassing as there is no responsibility yet
made by an outside party. Iranian Security and Intelligence are said they believe it to be
an American or Israeli operation. This type of precursory mentality could potentially
prove to be fatal where retaliatory measures would be exercised producing casualties on
6
INTERNET SECURITY THREAT
predetermined targets that may not be affiliated with this computer virus at the power
plant episode.
Figure 6.
The future of cyber warfare is already upon us as Chinese government funded
operations are implemented the development of cyber attack “troops” that specialize in
penetrating online networks and computer security systems so as to undermine enemy
infrastructure operations (Higgins, 2008). Evidence of these incidents have not been
significant enough to cause wide spread panic since there has never been an incident
resulting in expensive collateral damages or losses of life. However, numerous reports
have been published that led to China’s government being responsible for a great deal of
online debauchery.
Two years ago Taiwanese information and technology government officials
commented on how almost all cyber attacks on their federal computers originated from
7
INTERNET SECURITY THREAT
China. (Higgins, 2008). These assaults primarily targeted the personal computers of
government lawmakers, foreign policy makers, and military officials. By obtaining
secret information needed to operate key facets of the nation from these players China
would have better chances in controlling the reins of critical Taiwanese infrastructure.
The Chinese have a reputation for government sponsored computer hacking. In
1999 two senior Chinese military officers detailed the China’s new position in the world
cyber-theater. Specially trained hackers would have extra emphasis to not only break
into foreign Internet networks, but also to employ newly developed information warfare
techniques that attack enemy financial markets, civilian electricity networks, and
telecommunications networks by launching information warfare network attacks. (Lang,
1999).
Internet as a Security Threat to Government
A report released by IBM for the first half of 2005 explains that government
organizations are the primary target for cyber threats with more than 54 million globally
reported attacks, followed by the manufacturing sector with 36 million, financial services
ranked a close third place with 34 million, and healthcare supposedly encountered more
than 17 million cyber attacks. (Rollins, et al., 2007). Government organizations
continuously are being attacked, thus it can be implied that the implementation of the
majority of Internet security devices that are aimed to thwart online network hackers
should be applied for government Internet systems.
Current estimates, as reported by Senate Sergeant-at-Arms Terrance Gainer, claim
that the numbers of cyber attacks on government offices have skyrocketed when
compared to years past. Latest reports have claimed that the number of security events
8
INTERNET SECURITY THREAT
per month in Congress has shot up to 1.8 billion and “the Senate Security Operations
Center alone receives 13.9 million of those attempts per day," said by Gainer. (Seltzer,
2010). Furthermore, the new head of the U.S. Cyber Command, Gen. Keith Alexander,
revealed earlier this summer that Pentagon systems are attacked 250,000 times an hour, 6
million times a day. (Lambrecht, 2010).
Figure 7.
Identifying the vast number of cyber attacks on the American federal government
is an eye-opener, however, when combining the number of cyber events with government
affiliated contract agencies the threat of an online take-over becomes more of a
possibility. For example earlier this year in June U.S. defense contractor Boeing was
struck by a barrage of cyber attacks and encountered more than 3,700 suspicious efforts
in one hour to gain access to the company's global computer network. (Lambrecht, 2010).
These attacks, although aimed at a civilian company, are indirectly targeting the federal
government as companies such as Boeing and Lockheed Martin work directly under the
order of military contracts.
Being the primary focus of Internet crime and terrorism the federal government
must make advances in protecting itself from online vulnerabilities. In doing so the
9
INTERNET SECURITY THREAT
government must attempt to meet its adversaries on a level playing field where federal
online networks’ hardware, software, and operating administration are on par with the
skills and abilities of their Internet foes. This, however, will prove to be a monumental
task with a corresponding price tag and does not a have a certification of guaranteed
success in keeping the enemy out of the American cyber world.
Solutions for Preventing Security Threats from the Internet
In order to protect the well being and safety of the constituents of the United
States a combined effort that employs the knowledge and skills of not only the federal
government but that of every Internet user must be used. The intermingling of private
citizens and government entities must practice extra vigilance in maintaining a safe
online environment. By learning more about Internet etiquette the threat of Internet
corruption and cyber crime, and ultimately cyber war, the number of malicious Internet
network attacks would be greatly diminished and lessen the inherent consequences, such
as lost time and money, as well as breaches in security. However, vigilance is not
enough to ensure a safe cyber environment.
In 2002 the price tag to revamp the federal government’s computers and Internet
network security system had been initially written in the amount of about $4.5 billion.
Currently, in the year 2010 Internet security representatives for government networks
such as Loren Thompson of the Lexington Institute, a think tank supported heavily by
defense contractors, place the current market for government cyber security between $10-
15 billion, which does not include awards for contracts to covert programs that could
potentially double the intially proposed bill. (Lambrecht, 2010). Other means of
10
INTERNET SECURITY THREAT
protecting the Internet and security of government offices must be practiced as upgrading
security network hardware and software is not enough.
The recent appointment of a new Cyber Security Czar, Howard Schmidt, late last
year in December 2009 is an active step in the direction of having a federally mandated
office that is responsible for overseeing the safety of Internet security for public and
private users. Schmidt is the unifying manager that mediates the government rules for
cyber security, appropriates necessary funding for advancing and maintaining Internet
security, and coordinates responses to cyber attacks. (Kelly, 2009).
Cyber Security Czars collaborate with a team of government agencies that are
headed by multiple federal departments. The union of all these offices encourages a
mixed dialogue that detects cyber security threats. Today, the federal government has a
multitude of cyber security offices, many of them brand new or have yet to open. Some
of these cyber security offices include:
-IC3: Internet Crime Complaint Center, a joint operation between the FBI and
civilian operated agency NW3C or the National White Collar Crime Center.
-NCSD: National Cyber Security Division, a division of the Office of Cyber
Security & Communications within the United States Department of Homeland
Security's Directorate for National Protection and Programs
-US-CERT: United States Computer Emergency Readiness Team, a division
within the NCSD.
-DC3: Department of Defense Cyber Crime Center, a Department of Defense
organization run by the Air Force Office of Special Investigations.
11
INTERNET SECURITY THREAT
- USCYBERCOM: United States Cyber Command, a United States armed forces
sub-unified command subordinate to United States Strategic Command.
This list of federal cyber security agencies is not fully complied as there are other
offices that are responsible for monitoring the cyber landscape. Although this offices
have different names and specialize in specific aspects of cyber security their jobs in
maintaining a safer online environment is essentially the same. The redundant
competition promotes greater degrees of online safety and inter-office communication.
When combined with the skills and talents of non-governmental security entities
the likelihood cyber attacks are reduced, but can never be completely eliminated. Even
with addition of all the extra high-tech offices and staff commingling with the public
Internet security sector a guarantee of safety and elimination of security threats cannot be
reassured. However, with these new tools at the disposal of the government pooled with
Internet user re-education efforts will significantly diminish the degree of danger of cyber
security threats.
Final Statement
The Internet is a security threat to not only the United States but the entire world.
Countries all over the world are vulnerable to the attacks of malicious cyber evil-doers
intent on not only disrupting Internet security but rather subverting dominant paradigms
and initiating the foundations of a new type of warfare.
Every year the situation regarding Internet security is compromised and results in
worsening statistics where the number of security breach incidents yields countless lost
time and money; this problem is getting dramatically worse. Resolutions in online user
activity with increased cyber vigilance is not enough to amend the situation. Currently,
12
INTERNET SECURITY THREAT
the joint efforts of several federal Internet security agencies amalgamated with civilian
Internet security organizations is still in its infancy and has not proven its worth as to its
effectiveness in preventing Internet security threats. However, this is a step in the right
direction where the added efforts of Internet user vigilance and re-education, with the
expertise of the Cyber Security Czar and his teams of federally appointed Internet watch-
dog groups, will reduce the number of Internet security threat occurances and retard the
inevitablity of global cyber warfare.
References
Apps, Peter. (2010). Implications of Iran Cyber Attack Affect All. Reuters.
13
INTERNET SECURITY THREAT
http://www.theglobeandmail.com/news/technology/implications-of-iran-cyber-
attack-affectall/article1727558/?cmpid=rss1&utm_source=feedburner&
utm_medium=feed&utm_campaign=Feed%3A+TheGlobeAndMailTechnology+
%28The+Globe+and+Mail+-+Technology+News%29. Retrieved 28 September
2010.
Higgins, Kelly Jackson. (2008). Taiwan Says China Accounts for Most Cyber Attacks.
DarkReading and Asahi Shimbun. http://www.darkreading.com/security/
vulnerabilities/showArticle.jhtml?articleID=208803769. Retrieved 28 September
2010.
Internet Crime Complaint Center. (2010). 2009 Internet Crime Report. The National
White Collar Crime Center. http://www.ic3.gov/media/annualreport/2009_
IC3Report.pdf. Retrieved 28 September 2010.
Kelly, John. (2009). What Does the U.S. Cybersecurity Czar Do? How Stuff Works.
Discovery Co. http://computer.howstuffworks.com/cybersecurity-czar1.htm.
Retrieved 28 September 2010.
Lambrecht, Bill. (2010). Boeing Among Defense Contractors Fighting Cyberterrorism.
Chicago Tribune and Los Angeles Times. http://articles.chicagotribune.com/
2010-06-28/business/ct-biz-0628-cyberterrorism-20100628-8_1_boeing-co
defense-contractors-cyberwarfare: Chicago Tribune and http://articles.latimes.
com/2010/jun/24/business/la-fi-cyber-terrorism-20100624/3: Los Angeles Times.
Retrieved 28 September 2010.
Qioa, Lang and Wang, Xiangsui. (1999). Unrestricted Warfare, Beijing: PLA Literature
and Arts Publishing House.
14
INTERNET SECURITY THREAT
Rollins, John and Wilson, Clay. (2007). Terrorist Capabilities for Cyberattack:
Overview and Policy Issues. CRS report for Congress. January 2007
Congressional Research Service. Library of Congress. http://www.fas.org/sgp/
crs/terror/RL33123.pdf. Retrieved 28 September 2010.
Security4All. (2008). Cyber crime statistics released by Belgian Government.
http://blog.security4all.be/2008/07/cybercrime-statistics-released-by.html.
Retrieved 28 September 2010.
Seltzer, Larry. (2010). Government Bombarded With Cyber Attacks. Security Watch.
PCMag.com. http://blogs.pcmag.com/securitywatch/2010/03/government_
bombarded_with_cybe.php. Retrieved 28 September 2010.
Illustrations and Photographs
Figure 1. Stock photo: Cyber Crime- http://www.cbsnews.com/digitaldan/disaster/
disast16.jpg. Retrieved 28 September 2010.
Figure 2. I3C logo- http://www.fbi.gov/headlines/ic3_032708.jpg. Retrieved 28
September 2010.
Figure 3. Annual Cyber Crime Complaints Comparison- http://news.cnet.com/8301
1023_3-10208355-93.html. Retrieved 28 September 2010.
Figure 4. Figure 4. Annual Losses due to Cyber Crime- http://news.cnet.com/8301
1023_3-10208355-93.html. Retrieved 28 September 2010.
Figure 5. South Korean Cyber Crime Statistics by Year- http://www.police.go.kr/KNPA/
statistics/st_investingation_02.jsp. Retrieved 28 September 2010.
15
INTERNET SECURITY THREAT
Figure 6. Cyber Dummies. Washington Monthly. http://www.washingtonmonthly.com/
graphics/cyber.jpg. Retrieved 28 September 2010.
Figure 7. US Congress. Pcmag.com http://blogs.pcmag.com/securitywatch/2010
/03/government_bombarded_with_cybe.php. Retrieved 28 September 2010.
16
Recommended