Internet Security Threat

INTERNET SECURITY THREAT

Running Head: INTERNET SECURITY THREAT

Online Perpetrators and Cyber Crime:

The Internet as a Security Threat

Michael Yatskievych

University of Texas at El Paso

Fall 2010

0


Online Perpetrators and Cyber Crime:

The Internet as a Security Threat

Introduction

Currently the world is witnessing a rapidly increasing threat to public safety as the

Internet is providing for more venues that make access to sensitive vulnerabilities easier,

whether civilian or government. The online perpetrators responsible for wreaking havoc

in the virtual world is resulting in drastic financial damages, identity theft, losses in

productivity, and breaches in national security. When taken individually these potential

threats are devastating, however, when combining these threats their potential for damage

makes for a synergistic amalgamation, which could spell the impending doom of the

methods of traditional crime and international war.

Figure 1.

The argument as to how relevant cyber crime and terrorism is to the well being of

the people of the United States, and that of the world, is debated as the effectiveness of

using computer technology in tandem with the Internet has never yielded a substantial

loss where lives were eliminated or critical infrastructures were commandeered to service

evil enterprises. This report will address how the susceptibility of the networks that

1


depend on Internet communication to service almost every facet of humanity is in

jeopardy and has the potential to not only create inconvenient conditions for computer

users but has the potential to terminate civilization.

When surveying the form of the cyber landscape it reveals an infinite number of

possibilities where the wickedness of online misconduct can be translated into refined

attacks of anonymity. These criminals are the new generation of delinquency and when

combined with the increasing prevalence in the dependency of Internet communications

to control commercial and industrial systems the prospect in the corruption of the

necessary components of day-to-day life become a promise to surely be fulfilled.

Analyzing the possible detrimental effects of cyber threats, and identifying its

society ending potential, requires the acknowledgement of changing the online virtual

environment. The increased use of the Internet is causing a proportional escalation in

Internet related crime and terrorism. Among the scores of online disobedience this essay

will deal with several incidents, which will include recent examples in the disruption of

critical infrastructures as well as threats to the government sector.

Evaluating the current cyber situation and forecasting the future of online crime

and terrorism and its burgeoning threat upon the general population means that the

solutions to govern the safety of people affected by the Internet obliges the coalescence

of multiple factors. Syndicating both private and public mandated measures in

cooperation with an international unified Internet etiquette protocol that is prosecutable

by a global judiciary committee is the best solution to prevent atrocities made responsible

by online bandits. Although the Internet poses as a potentially universal security threat it

2


can be monitored and maintained to prevent the potential for cyber attacks with the aid of

applied vigilance and Internet watchdogs.

Cyber Crime Statistics

Since the inception of the Internet the prevalence of online relate crimes and acts

of terror have greatly increased. The following is an overview of some of the statistics

that disclose the general trends of high-tech crimes. These numbers prove that with the

proliferation of offenses found online the likelihood for severe transgressions yielding in

acts of terror and the crippling of critical infrastructures become more apparent. As more

users log-on the Internet the corresponding amount of foul play increases and when

compiled with time the possibility of a breach in national security becomes imminent.

Comparing the statistics of 2010 and the proceeding year divulges that the

differential in online associated crimes have increased more in this year than ever in

history. For example, according to a joint federal-civilian organization (FBI and National

White Collar Crime Center), the IC3 or the Internet Crime Complaint Center has released

data that proves to be unsettling and confirms the necessity to change the ways in which

Internet legality needs to be modified to adapt to the evolving online criminal and

terrorist environment. The numbers released by the IC3 is exclusive to this organization

only and is not a representation of Internet activity for the entire United States.

Figure 2.

3


“From January 1, 2009 through December 31, 2009, the

Internet Crime Complaint Center (IC3) Web site received

336,655 complaint submissions. This was a 22.3% increase

as compared to 2008 when 275,284 complaints were

received. The total dollar loss from all referred cases was

$559.7 million with a median dollar loss of $575. This is up

from $264.6 million in total reported losses in 2008.”

(IC3, 2010)

Figure 3. Annual Cyber Crime Complaints Comparison

Figure 4. Annual Losses due to Cyber Crime

4


Besides the United States other countries also have had to deal with the increased

prevalence in cyber related incidents of crime and terror. These lands are mostly

industrialized nations that actively participate in the world market and have international

trade agreements. Not every country is as liberal in releasing criminal data regarding

online behavior, however, most European and East Asian countries have compiled years

of Internet crime related information.

“Belgium, a country with a population of about 10.5

million people. In 2006, about 52.6% of the population

were Internet users. So Belgian online community counts

about 5.5 million users. In 2007 the police portal

www.ecops.be registered 23,832 messages of which 17,089

were punishable acts. The total number of cases was an

increase of 750% compared to the 2.360 case registered in

2002.” (Security4All, 2008).

South Korean Police - Cyber crime statistics (by type) Cyber crime statistics (Dec. 31,2009)

Year Total Hacking virus Internet fraud Cyber violence Illegal website

operationIllegal copying and

salesOther

04 63,384 10,993 30,288 5,816 2,410 1,244 12,633

05 72,421 15,874 33,112 9,227 1,850 1,233 11,125

06 70,545 15,979 26,711 9,436 7,322 2,284 8,813

07 78,890 14,037 28,081 12,905 5,505 8,167 10,195

08 122,227 16,953 29,290 13,819 8,056 32,084 22,025

09 147,069 13,152 31,814 10,936 31,101 34,575 25,491

Figure 5. South Korean Cyber Crime Statistics by Year

When comparing these numbers from country to country it becomes apparent that

the Internet security threat dilemma is not something that the United States should be

5


independently concerned. The trends of cyber related crimes are very similar from one

land to the next inferring that the Internet is a threat to national security for every

developed nation with online capacities.

Internet as a Security Threat to Critical Infrastructures

Recent news stories have reported isolated incidents of Internet related crimes that

are not merely potential risks for national security but are blatant breaches of security.

The following two accounts are examples of the future of cyber crime and the pending

cyber wars where the parties responsible for the incidents were not native nationals,

rather the parties claimed to be accountable for these security violations originated from

other countries.

The first of these examples occurred on Sunday the 26th of September 2010 in

Iran. Officials claim that a staff member of the Bushehr nuclear power plant

unknowingly infected the installation’s computers with a Stuxnet worm virus. Derek

Reveron, professor at the U.S. Naval War School in Rhode Island said that this virus “is

the first known worm to target industrial control systems and grants hackers vital control

of vital public infrastructures like power plants, dams and chemical facilities.” (Apps,

2010).

Although there was no damage to any vital power plant operations the breach in

Iranian security proved to be more than just embarrassing as there is no responsibility yet

made by an outside party. Iranian Security and Intelligence are said they believe it to be

an American or Israeli operation. This type of precursory mentality could potentially

prove to be fatal where retaliatory measures would be exercised producing casualties on

6


predetermined targets that may not be affiliated with this computer virus at the power

plant episode.

Figure 6.

The future of cyber warfare is already upon us as Chinese government funded

operations are implemented the development of cyber attack “troops” that specialize in

penetrating online networks and computer security systems so as to undermine enemy

infrastructure operations (Higgins, 2008). Evidence of these incidents have not been

significant enough to cause wide spread panic since there has never been an incident

resulting in expensive collateral damages or losses of life. However, numerous reports

have been published that led to China’s government being responsible for a great deal of

online debauchery.

Two years ago Taiwanese information and technology government officials

commented on how almost all cyber attacks on their federal computers originated from

7


China. (Higgins, 2008). These assaults primarily targeted the personal computers of

government lawmakers, foreign policy makers, and military officials. By obtaining

secret information needed to operate key facets of the nation from these players China

would have better chances in controlling the reins of critical Taiwanese infrastructure.

The Chinese have a reputation for government sponsored computer hacking. In

1999 two senior Chinese military officers detailed the China’s new position in the world

cyber-theater. Specially trained hackers would have extra emphasis to not only break

into foreign Internet networks, but also to employ newly developed information warfare

techniques that attack enemy financial markets, civilian electricity networks, and

telecommunications networks by launching information warfare network attacks. (Lang,

1999).

Internet as a Security Threat to Government

A report released by IBM for the first half of 2005 explains that government

organizations are the primary target for cyber threats with more than 54 million globally

reported attacks, followed by the manufacturing sector with 36 million, financial services

ranked a close third place with 34 million, and healthcare supposedly encountered more

than 17 million cyber attacks. (Rollins, et al., 2007). Government organizations

continuously are being attacked, thus it can be implied that the implementation of the

majority of Internet security devices that are aimed to thwart online network hackers

should be applied for government Internet systems.

Current estimates, as reported by Senate Sergeant-at-Arms Terrance Gainer, claim

that the numbers of cyber attacks on government offices have skyrocketed when

compared to years past. Latest reports have claimed that the number of security events

8


per month in Congress has shot up to 1.8 billion and “the Senate Security Operations

Center alone receives 13.9 million of those attempts per day," said by Gainer. (Seltzer,

2010). Furthermore, the new head of the U.S. Cyber Command, Gen. Keith Alexander,

revealed earlier this summer that Pentagon systems are attacked 250,000 times an hour, 6

million times a day. (Lambrecht, 2010).

Figure 7.

Identifying the vast number of cyber attacks on the American federal government

is an eye-opener, however, when combining the number of cyber events with government

affiliated contract agencies the threat of an online take-over becomes more of a

possibility. For example earlier this year in June U.S. defense contractor Boeing was

struck by a barrage of cyber attacks and encountered more than 3,700 suspicious efforts

in one hour to gain access to the company's global computer network. (Lambrecht, 2010).

These attacks, although aimed at a civilian company, are indirectly targeting the federal

government as companies such as Boeing and Lockheed Martin work directly under the

order of military contracts.

Being the primary focus of Internet crime and terrorism the federal government

must make advances in protecting itself from online vulnerabilities. In doing so the

9


government must attempt to meet its adversaries on a level playing field where federal

online networks’ hardware, software, and operating administration are on par with the

skills and abilities of their Internet foes. This, however, will prove to be a monumental

task with a corresponding price tag and does not a have a certification of guaranteed

success in keeping the enemy out of the American cyber world.

Solutions for Preventing Security Threats from the Internet

In order to protect the well being and safety of the constituents of the United

States a combined effort that employs the knowledge and skills of not only the federal

government but that of every Internet user must be used. The intermingling of private

citizens and government entities must practice extra vigilance in maintaining a safe

online environment. By learning more about Internet etiquette the threat of Internet

corruption and cyber crime, and ultimately cyber war, the number of malicious Internet

network attacks would be greatly diminished and lessen the inherent consequences, such

as lost time and money, as well as breaches in security. However, vigilance is not

enough to ensure a safe cyber environment.

In 2002 the price tag to revamp the federal government’s computers and Internet

network security system had been initially written in the amount of about $4.5 billion.

Currently, in the year 2010 Internet security representatives for government networks

such as Loren Thompson of the Lexington Institute, a think tank supported heavily by

defense contractors, place the current market for government cyber security between $10-

15 billion, which does not include awards for contracts to covert programs that could

potentially double the intially proposed bill. (Lambrecht, 2010). Other means of

10


protecting the Internet and security of government offices must be practiced as upgrading

security network hardware and software is not enough.

The recent appointment of a new Cyber Security Czar, Howard Schmidt, late last

year in December 2009 is an active step in the direction of having a federally mandated

office that is responsible for overseeing the safety of Internet security for public and

private users. Schmidt is the unifying manager that mediates the government rules for

cyber security, appropriates necessary funding for advancing and maintaining Internet

security, and coordinates responses to cyber attacks. (Kelly, 2009).

Cyber Security Czars collaborate with a team of government agencies that are

headed by multiple federal departments. The union of all these offices encourages a

mixed dialogue that detects cyber security threats. Today, the federal government has a

multitude of cyber security offices, many of them brand new or have yet to open. Some

of these cyber security offices include:

-IC3: Internet Crime Complaint Center, a joint operation between the FBI and

civilian operated agency NW3C or the National White Collar Crime Center.

-NCSD: National Cyber Security Division, a division of the Office of Cyber

Security & Communications within the United States Department of Homeland

Security's Directorate for National Protection and Programs

-US-CERT: United States Computer Emergency Readiness Team, a division

within the NCSD.

-DC3: Department of Defense Cyber Crime Center, a Department of Defense

organization run by the Air Force Office of Special Investigations.

11


- USCYBERCOM: United States Cyber Command, a United States armed forces

sub-unified command subordinate to United States Strategic Command.

This list of federal cyber security agencies is not fully complied as there are other

offices that are responsible for monitoring the cyber landscape. Although this offices

have different names and specialize in specific aspects of cyber security their jobs in

maintaining a safer online environment is essentially the same. The redundant

competition promotes greater degrees of online safety and inter-office communication.

When combined with the skills and talents of non-governmental security entities

the likelihood cyber attacks are reduced, but can never be completely eliminated. Even

with addition of all the extra high-tech offices and staff commingling with the public

Internet security sector a guarantee of safety and elimination of security threats cannot be

reassured. However, with these new tools at the disposal of the government pooled with

Internet user re-education efforts will significantly diminish the degree of danger of cyber

security threats.

Final Statement

The Internet is a security threat to not only the United States but the entire world.

Countries all over the world are vulnerable to the attacks of malicious cyber evil-doers

intent on not only disrupting Internet security but rather subverting dominant paradigms

and initiating the foundations of a new type of warfare.

Every year the situation regarding Internet security is compromised and results in

worsening statistics where the number of security breach incidents yields countless lost

time and money; this problem is getting dramatically worse. Resolutions in online user

activity with increased cyber vigilance is not enough to amend the situation. Currently,

12


the joint efforts of several federal Internet security agencies amalgamated with civilian

Internet security organizations is still in its infancy and has not proven its worth as to its

effectiveness in preventing Internet security threats. However, this is a step in the right

direction where the added efforts of Internet user vigilance and re-education, with the

expertise of the Cyber Security Czar and his teams of federally appointed Internet watch-

dog groups, will reduce the number of Internet security threat occurances and retard the

inevitablity of global cyber warfare.

References

Apps, Peter. (2010). Implications of Iran Cyber Attack Affect All. Reuters.

13


http://www.theglobeandmail.com/news/technology/implications-of-iran-cyber-

attack-affectall/article1727558/?cmpid=rss1&utm_source=feedburner&

utm_medium=feed&utm_campaign=Feed%3A+TheGlobeAndMailTechnology+

%28The+Globe+and+Mail+-+Technology+News%29. Retrieved 28 September

2010.

Higgins, Kelly Jackson. (2008). Taiwan Says China Accounts for Most Cyber Attacks.

DarkReading and Asahi Shimbun. http://www.darkreading.com/security/

vulnerabilities/showArticle.jhtml?articleID=208803769. Retrieved 28 September

2010.

Internet Crime Complaint Center. (2010). 2009 Internet Crime Report. The National

White Collar Crime Center. http://www.ic3.gov/media/annualreport/2009_

IC3Report.pdf. Retrieved 28 September 2010.

Kelly, John. (2009). What Does the U.S. Cybersecurity Czar Do? How Stuff Works.

Discovery Co. http://computer.howstuffworks.com/cybersecurity-czar1.htm.

Retrieved 28 September 2010.

Lambrecht, Bill. (2010). Boeing Among Defense Contractors Fighting Cyberterrorism.

Chicago Tribune and Los Angeles Times. http://articles.chicagotribune.com/

2010-06-28/business/ct-biz-0628-cyberterrorism-20100628-8_1_boeing-co

defense-contractors-cyberwarfare: Chicago Tribune and http://articles.latimes.

com/2010/jun/24/business/la-fi-cyber-terrorism-20100624/3: Los Angeles Times.


Qioa, Lang and Wang, Xiangsui. (1999). Unrestricted Warfare, Beijing: PLA Literature

and Arts Publishing House.

14


Rollins, John and Wilson, Clay. (2007). Terrorist Capabilities for Cyberattack:

Overview and Policy Issues. CRS report for Congress. January 2007

Congressional Research Service. Library of Congress. http://www.fas.org/sgp/

crs/terror/RL33123.pdf. Retrieved 28 September 2010.

Security4All. (2008). Cyber crime statistics released by Belgian Government.

http://blog.security4all.be/2008/07/cybercrime-statistics-released-by.html.


Seltzer, Larry. (2010). Government Bombarded With Cyber Attacks. Security Watch.

PCMag.com. http://blogs.pcmag.com/securitywatch/2010/03/government_

bombarded_with_cybe.php. Retrieved 28 September 2010.

Illustrations and Photographs

Figure 1. Stock photo: Cyber Crime- http://www.cbsnews.com/digitaldan/disaster/

disast16.jpg. Retrieved 28 September 2010.

Figure 2. I3C logo- http://www.fbi.gov/headlines/ic3_032708.jpg. Retrieved 28

September 2010.

Figure 3. Annual Cyber Crime Complaints Comparison- http://news.cnet.com/8301

1023_3-10208355-93.html. Retrieved 28 September 2010.

Figure 4. Figure 4. Annual Losses due to Cyber Crime- http://news.cnet.com/8301

1023_3-10208355-93.html. Retrieved 28 September 2010.

Figure 5. South Korean Cyber Crime Statistics by Year- http://www.police.go.kr/KNPA/

statistics/st_investingation_02.jsp. Retrieved 28 September 2010.

15


Figure 6. Cyber Dummies. Washington Monthly. http://www.washingtonmonthly.com/

graphics/cyber.jpg. Retrieved 28 September 2010.

Figure 7. US Congress. Pcmag.com http://blogs.pcmag.com/securitywatch/2010

/03/government_bombarded_with_cybe.php. Retrieved 28 September 2010.

16

Documents

Internet Security Threat