Cyber-Crime, Cyber-Terrorism, and Cyber-Warfare Since

Cyber-crime, Cyber-Terrorism, And Cyber-Warfare

Since the earliest days of the first primitive computer information networks and information systems, a perpetual evolutionary war has existed between entities relying on those computer systems and entities seeking to exploit those systems by acquiring unauthorized access to them or to disrupt them maliciously. This dynamic precedes the contemporary Internet Age by more than a decade and was already in full swing during the 1980s in connection with Usenet and the Unix to Unix Copy Program (UUCP) that were the technological precursors of the World Wide Web (Knapp, K.J. And Boulton, 2006; Wik, 1999).

Initially, the malicious intruders into computer networks were primarily insular communities of computer enthusiast called "hackers" whose attacks on computer systems were as much of a sport for the sake of the challenge and bragging rights within their communities. They approached the concept of breaching computer system security as a technical challenge rather than as a means of perpetrating other criminal activities for profit; even dedicated attacks designed for the specific purpose of harming the victims of those attacks were comparatively rare, inflicting costly harm much more often as an unintended byproduct of the hacking challenge than as part of any purposefully harmful or malicious intent toward the victim (Kizza, 2005).

However, it quickly became apparent that the medium of exploiting the inherent vulnerabilities of modern computer networks and digital information systems held tremendous potential value for criminal and modern terrorists alike. In principle, the exploitation of computer systems for criminal and terrorist objectives provides two key elements that are extremely valuable to malicious entities: attribution and contagion (Larsen, 2007). In that regard, attribution refers to the fact that crimes executed through computer systems allow the malicious actor to operate and attack intended targets remotely and in a manner that is highly conducive to disguising the genuine source and origin of the malicious activity (Larsen, 2007; Schmalleger, 2009). Meanwhile, contagion refers to the ability of malicious intruders relying on computer codes to spread their attacks, potentially, to thousands or even millions of individual computer systems by successfully attacking a single connected computer network with self-propagating weapons. In fact, those elements of attribution and contagion are equally characteristic of bio-warfare and, according to security, law enforcement, and terrorism specialists, present very similar risks and issues of analysis, risk mitigation, and critical incident response (Larson, 2007). Naturally, those same characteristics that make malicious intrusion and disruption of computer systems viable mechanisms through which to perpetrate crime have resulted in their being widely embraced both by organized crime syndicates as well as by terrorists and nation states. The exploitation of computer systems and of network vulnerabilities as viable forms of warfare in general, and of asymmetric warfare against enemies with much greater resources and conventional armed forces and military weapons in particular, now presents significant risks, even to the world's most advanced and sophisticated business organizations and military superpowers alike. Finally, with respect to the types of threats posed by cyber-terrorism, one of the most insidious and dangerous current threats is the manner in which international terrorist organizations have used the Internet media as vehicles to spread propaganda and to conduct remote recruiting operations (Dyer, McCoy, & Rodriguez, et al., 2007; Evans, 2007).

The Nature of Cyber-threats, Vulnerabilities, and Asymmetric Warfare

Precisely because cyber-warfare is conducted remotely, it provides a viable means for malicious entities, including nation states, of attacking their enemies without having to worry about confronting overwhelming military forces because actual physical breach of national defenses is entirely unnecessary (Larsen, 2007). Likewise, the fact that more sophisticated computer-based attacks also lend themselves to technical means of obscuring their origin make them valuable to malicious entities of all types, whether in connection with seeking to disrupt the commercial enterprises of business competitors, to appropriate proprietary information without detection or evidence of responsibility, or to launch attacks expressly intended to cause damage to major military or industrial complexes and municipal services within a foreign nation (Schmalleger, 2009).

Already the Federal Bureau of Investigation (FBI) Office of Computer Investigations (OCI) has reported that risks posed by cyber-threats threats greatly exceed the resources of most small business organizations and that of many mid-sized business organizations (Baker, Hylender, & Valentine, 2008; Larsen, 2007). Analysts refer to a "digital divide" in characterizing the respective capabilities and costs necessary to launch cyber-attacks on computer networks and those necessary to continually prevent them by monitoring and upgrading all computer systems upon which contemporary business organizations rely and of responding to every threat and every successful malicious intrusion. Generally, genuinely reliable protection against the full range of cyber-threats against contemporary business organizations and governmental institutions is only realistically available to very well-financed entities with the capacity to employ dedicated network security specialists, to continually train all personnel in intrusion resistance, and to upgrade and replace major hardware and software system components on a very regular basis (Baker, Hylender, & Valentine, 2008; Larsen, 2007; Tripwire, 2010).

One of the earliest illustrations of the extent to which even the most well-financed and resourced organizations in the world was vulnerable to cyber-attacks occurred in early 1998 when components of the United States Department of Defense (DoD) suffered a coordinated series of computer network attacks that simultaneously compromised systems security of U.S. Air Force, Marine, and Navy computer systems (Larsen, 2007; Schmalleger, 2009). Despite the fact that the systems affected were unclassified, they were responsible for essential logistical, administrative, and accounting management processes that, at the time, were heavily engaged in managing U.S. military resources worldwide, particularly in the Middle East, in connection with monitoring Iraqi compliance with international weapons inspectors dispatched by the United Nations (Larsen, 2007). Initially, international and domestic law enforcement and intelligence agencies suspected that these attacks were launched by nation states in the Middle East; eventually, full investigation disclosed information that was simultaneously good and bad. Specifically, the good news was that the sophisticated military information networks of the U.S. Armed Forces had not been successfully attacked by any hostile nation states; instead, those attacks were attributed to three independent individuals: two college students in California and a teenage accomplice in Israel (Larsen, 2007). Similarly, the I Love You computer virus launched less than two-year later was the work of two Filipino college dropouts who succeeded in temporarily disrupting the business operations of thousands of American businesses (Larsen, 2007).

When the available techniques for perpetrating cyber-attacks on computer networks are developed and exploited by nation states in connection with major and well-financed operations, there are several very serious types of situations that could result and that could, at least potentially, threaten even nations with the largest and most powerful conventional military forces. Specifically, cyber-attacks could be used to disable air defense stations protecting a nation's borders and compromise air supremacy and superiority. That approach could be used as a form of precision weapon in connection with a first-strike to accomplish the same objectives as a conventional air raid on ground-based radar and ground control stations that are indispensable components of national air defenses (Kelsey, 2008).

Virtually all major military powers have invested heavily in researching, developing, and planning methods of infiltrating the centralized defense networks of enemies and potential enemies (Larsen, 2007). Two decades ago, during the NATO Kosovo operations to enforce a no-fly zone over Serbia, NATO air war planners designed a cyber attack capable of uploading false messages and strike targets directly into the centralized air-defense command network of the Serbian Air Force (Kelsey, 2008). In that particular campaign, tactical military needs and the nature of the risks to NATO warplanes that those methods were designed to address were deemed insufficient to deploy, largely by virtue of the potential risks to civilians and other noncombatants in connection with stray missiles, local populations adjacent to contested areas, and the dangers to civilian relief organization flights. However, the capabilities to counter air forces (including superior air forces) have existed for at least two decades (Kelsey, 2008).

Another frightening scenario raised by cyber-warfare is that malicious entities could target major power plants in connection with both military and civilian infrastructure (Kelsey, 2008; Larsen, 2007; Shah, 2011). Finally, the use of cyber-warfare could allow belligerents to attack crucial communications media, both with respect to essential military communications and in connection with broader capabilities, such as civilian broadcast media and emergency response communications systems. Those two types of cyber-attacks in particular (against power plants and communications systems) also represent another fundamental concern pertaining to the nature and possible scope of cyber-warfare: namely, the erosion of traditional principles of distinction between military and civilian targets (Kelsey, 2008). That is largely a function of the facts that the identical technical modalities are capable of attacking both types of targets and that, unlike conventional attacks on civilian targets that cause death and physical destruction, cyber-attacks against civilian infrastructure and communications systems are, for the most part, entirely reversible after the conclusion of hostilities (Kelsey, 2008). Meanwhile, the ability to completely disrupt civilian life throughout a hostile nation during wartime could provide invaluable assistance, especially to combatants relying on asymmetrical warfare against more militarily powerful enemies (Larsen, 2007; Shah, 2011).

Contemporary Cyber-warfare Cases Studies

In 2011, the Center for Strategic and International Studies published Significant Cyber Incidents Since 2006 (Lewis, 2011) as part of its Cyber and Internet Policy, Technology and Public Policy Program. Among the incidents detailed in that report, referenced by their year of occurrence:

2007

After officials in former-Soviet Estonia removed a World War II memorial from its capital city of Tallinn in the Spring of 2007, a large-scale cyber-attack disabled the websites and computer networks of Estonia's government offices, the office of the president, the Estonian Parliament, police facilities, news organizations, two of Estonia's largest financial institutions.

United States Secretary of Defense, Robert Gates, confirmed has his unclassified email account had been successfully hacked. Subsequent investigation identified that attack as having originated directly from the People's Liberation Army in China.

As German Chancellor, Angela Merkel visits China, German, French, and British government computer systems suffer a major attack on their respective computer information systems. Those attacks are connected to Chinese hackers with toes to that nation's military. After complaints to Beijing, China's Premier, Wen Jiabao, promises to enact "forceful measures" against those responsible.

Computer systems of the British Foreign Office and other government entities suffer intrusions identified as having originated from China's People's Liberation Army. Director-General, Jonathan Evans, of the elite British MI5 counter-terrorism agency references the intrusions in his first speech, expressing frustration that the anti-terrorism mission of his organization has had to waste valuable resources combating espionage by Russia and China.

2008

According to South Korean officials, China launched intrusion attacks against Korean embassy and military networks.

Unidentified foreign intruders gain unauthorized access to the databases of the U.S. Republican and Democratic presidential campaigns.

Shortly before armed conflict erupts between Russia and former Soviet Georgia, the government computer systems of the latter are hacked in an attack that successfully overloads and disables their network servers. The timing suggests to independent investigators that the cyber-attacks were not random or coincidental, but provide evidence of co-ordination between the entities responsible and the Russian military.

2009

During Israel's 2009 Gaza Strip offensive, more than five million computers execute a coordinated cyber-attack on that government's. Israeli investigators attribute the attack to Hamas or Hezbollah-financed enterprises perpetrated by criminal organizations located in the former Soviet Union.

According to a report published by experts fro the University of Toronto, sensitive data from hundreds of government computers in more than 100 countries were compromised by an attack launched by a Chinese spying operation called "GhostNet." That investigation had been originally requested by the Tibetan government-in-exile after it discovered 1,295 computers infected with malware in connection with which network administrators monitored the theft of documents in real time using webcams and microphones. Those incidents also reveal that information warfare efforts launched from China are greatly increasing in sophistication by virtue of their "high-value" targets and other evidence of a targeted spying operation.

The "Conficker" or "Downadup" computer worm threatens millions of computers by virtue of an inherent vulnerability in Microsoft Windows. The worm successfully infects millions of business organizations, government agencies, and personal networks, an extends to consumer devices such as USB memory sticks, in addition to traditional hardware system targets.