Cybercrime and Cyberterrorism? How Should We Respond

¶ … cybercrime and cyberterrorism? How should we respond to these if we detect them?

Although 'cybercrime' and 'cyberterrorism' have had flexible definitions in common legal and corporate parlance, perhaps the best way to define these 'cyber' criminal and security issues are to focus on the fact that 'cyber' refers to anything taking place in the world of cyber, or virtual rather than physical space. Cybercrime is thus using a computer and cyberspace specifically as a tool to commit a crime, a crime that could not otherwise be committed without a computer. For instance, merely stealing a computer is not a cybercrime, for the stealing of tangible goods is something that has always existed. Nor is using a computer to type up and print out false receipts with a word-processing program, as if that computer was a typewriter. However, hacking into an online system to access credit card numbers and other criminally useful data like social security numbers would not be possible without the existence of computer technology and the existence of the Internet. ("Cybercrime: The Internet as Crime Scene," 2004)

Likewise, cyberterrorism is substantially different from terrorism and is more widespread in use than mere cybercrime, involving more than the enrichment of the criminals, but with a political agenda, sometimes against a computer system, sometimes against a government. Cyberterrorism might be defined as using the computer as a weapon of mass destruction for an act of terror that could not take place without a computer or cyberspace. This might encompass, for instance, shutting down the operating system of an entire corporation or country, so that power systems ground to a halt, and routine medical and business operations become impossible. "Barry Collin, a senior research fellow at the Institute for Security and Intelligence in California, who in 1997 was attributed for creation of the term...defined cyber-terrorism as the convergence of cybernetics and terrorism. Mark Pollitt, a special agent for the FBI, defined cyberterrorism as a "premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub-national groups or clandestine agents." (Krasavin, 2004)

Because the existence of the Internet is so new, and the law moves so slowly, "cyberspace law is a patchwork of loosely-articulated protections, liberally punctuated with loopholes and exceptions." However, because of the heightened levels of alert required by 9.11, cyberterroist efforts that are detected should immediately be reported to the government, as well as detected cybercrimes that are found on computer's hard drives' records. ("Cybercrime: The Internet as Crime Scene," 2004) After shutting down the offending systems, the hardware and software used should immediately be quarantined and turned over to the appropriate authorities.

How would one go about the task of investigating the origin of an attack (virus or intrusion)? Where would you begin to look and what tools are available for you to continue the investigation?