The Transnational Dimension of Cyber Crime and Terrorism
eBook - ePub

The Transnational Dimension of Cyber Crime and Terrorism

  1. 292 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

The Transnational Dimension of Cyber Crime and Terrorism

About this book

In December 1999, more than forty members of government, industry, and academia assembled at the Hoover Institution to discuss this problem and explore possible countermeasures. The Transnational Dimension of Cyber Crime and Terrorism summarizes the conference papers and exchanges, addressing pertinent issues in chapters that include a review of the legal initiatives undertaken around the world to combat cyber crime, an exploration of the threat to civil aviation, analysis of the constitutional, legal, economic, and ethical constraints on use of technology to control cyber crime, a discussion of the ways we can achieve security objectives through international cooperation, and more. Much has been said about the threat posed by worldwide cyber crime, but little has been done to protect against it. A transnational response sufficient to meet this challenge is an immediate and compelling necessity—and this book is a critical first step in that direction.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Transnational Dimension of Cyber Crime and Terrorism by Seymour E. Goodman,Abraham D. Sofaer in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & Essays in Politics & International Relations. We have over one million books available in our catalogue for you to explore.

CHAPTER 1

Cyber Crime and Security

The Transnational Dimension

Abraham D. Sofaer
Seymour E. Goodman
The information infrastructure is increasingly under attack by cyber criminals. The number, cost, and sophistication of attacks are increasing at alarming rates. They threaten the substantial and growing reliance of commerce, governments, and the public upon the information infrastructure to conduct business, carry messages, and process information. Some forms of attack also pose a growing threat to the public, and to critical infrastructures.
Much has been said about the threat posed by cyber crime, including terrorism, but little has been done to protect against what has become the most costly form of such crime: transnational attacks on computers and the information infrastructure. Measures thus far adopted by the private and public sectors fail to provide an adequate level of security against these attacks. The Internet and other aspects of the information infrastructure are inherently transnational. A transnational response sufficient to meet these transnational challenges is an immediate and compelling necessity.
The challenge of controlling transnational cyber crime requires a full range of responses, including both voluntary and legally mandated cooperation. Both the private and public sectors are now actively pursuing transnational initiatives, ranging in form from voluntary, informal exchange of information to a multilateral treaty proposed by the Council of Europe (COE) to establish common crimes and a substantial degree of cooperation in the investigation and prosecution of such crimes.
Public declarations and voluntary international cooperation have no doubt helped in dealing with transnational attacks. Funds are being made available to enhance the technological capacities of national law enforcement personnel engaged in cyber investigations, and through international cooperation, some attacks have been traced, and some perpetrators have been punished. But public pronouncements, educational programs, and voluntary cooperation are not enough. The sources of many transnational attacks have never been determined, and perpetrators of many of the most damaging attacks, even when identified, go unpunished. A great disparity exists, moreover, in the legal and technological capacity of states to meet the challenges of preventing, investigating, and prosecuting cyber crime.
An effective program against transnational cyber crime will require legal cooperation among states that involves the enforcement of agreed standards of conduct. A reasonably broad consensus exists among states concerning many forms of conduct that should be treated as cyber crime within national borders. This consensus must be translated into a legal regime in which all states that are connected to the Internet prohibit forms of conduct widely regarded as destructive or improper. In addition, much remains to be done to encourage and, as soon as practicable, to require states to adopt common positions to facilitate cooperation in investigation, the preservation of evidence, and extradition. States must establish and designate cross-patent agencies to deal with transnational issues, and to cooperate with counterparts throughout the world. To develop and secure the universal adoption of technological and policy standards to defend against, prosecute, and deter cyber crime and terrorism, states should create an international agency, along the lines of the International Civil Aviation Organization (ICAO) but designed to reflect the particular needs and nature of the cyber world. International cooperation must include an effective program to upgrade the capacities of states that lack the technological resources to cooperate in a comprehensive international regime. These measures, though far-reaching by comparison with current policies, can be fashioned to maximize private-sector participation and control, to ensure that privacy and other human rights are not adversely affected and so as not to impinge on the national security activities and interests of States Parties.
1. Scope of the Problem
A summary of the problem of cyber crime and terrorism was presented at the Stanford Conference by Peter G. Neumann, principal scientist at the Computer Science Laboratory, SRI International. He stated:
We are becoming massively interconnected. Whether we like it or not, we must coexist with people and systems of unknown and unidentifiable trustworthiness (including unidentifiable hostile parties), within the U.S. and elsewhere. Our problems have become international as well as national, and cannot be solved only locally.
Computer-related systems tend to fall apart on their own, even in the absence of intentional misuse. However, misuse by outsiders and insiders and the presence of malicious code … present some enormously difficult challenges that are not being adequately addressed at present….
Computers and communications are increasingly being used in almost every imaginable application. However, our computer-communication systems are not dependably secure, reliable, or robust. Reliability, fault tolerance, security, and overall system survivability are all closely interrelated. There are fundamental vulnerabilities in the existing information system infrastructures, and serious risks that those vulnerabilities will be exploited—with possibly very severe effects.
Our national infrastructures depend not only on our interconnected information systems and networks, but also on the public switched network, the air-traffic control systems, the power grids, and many associated control systems—which themselves depend heavily on computers and communications.
Global problems can result from seemingly isolated events, as exhibited by the early power-grid collapses, the 1980 ARPANET collapse, and the 1990 long-distance collapse—all of which began with single-point failures.
Our defenses against a variety of adversities—from intentional misuse to hardware flaws and software bugs to environmental disturbances—are fundamentally inadequate.
Our defenses against large-scale coordinated attacks are even more inadequate….
The risks of cyber terrorism and cyber crime vastly outweigh our abilities to control those risks by technological means, although technology can help and should be vigorously pursued. There are many important problems, such as providing better defenses against denial of service attacks, outsiders, and insiders. Socio-politico-economic measures must also be considered.1
2. Costs of Cyber Crime
The costs of cyber crime are difficult to measure, but by any reasonable standard they are substantial and growing exponentially. The most comprehensive available source of data on costs is compiled annually by the Computer Security Institute (CSI), with the participation of the FBI’s Computer Intrusion Squad. The CSI survey for 2000, edited by Stanford Conference participant Richard Power, is based on 643 responses from computer security practitioners in U.S. corporations and government agencies.2 It establishes that computer security breaches are widespread, diverse, and costly. Respondents are investing heavily in a variety of security technologies, at a cost estimated by the International Data Corporation to grow from $2 billion in 1999 to $7.4 billion in 2003.3 These investments are dramatic evidence of the huge costs being inflicted by cyber crime. To these amounts must be added the costs of cyber crime insurance, a new coverage for an expanding market.4
In spite of the costly defensive measures thus far adopted, CSI/FBI survey respondents experiencing unauthorized use of their computer systems increased from 42 percent in 1996 to 70 percent in 2000; those not experiencing such events declined from 37 percent to 18 percent in the same period. Only 37 percent of all attacks reported in 1996 involved Internet connections; in 2000 this proportion increased to 59 percent, with a corresponding decline in insider attacks. So far, the most serious category of reported financial loss has been through “theft of proprietary information,” which appears to include attacks that result in the theft of financial data.5 Other categories of substantial losses include fraud, virus attacks, denial of service, and sabotage.
Estimating the monetary damage inflicted by cyber crime is difficult but worth attempting, and particularly valuable for tracking relative costs from year to year. The CSI/FBI surveys for the last four years report total losses of about $100,000,000 in 1997, increasing to some $266,000,000 in 2000.6 Stephen J. Lukasik has found a pattern reflecting a trend in which costs have essentially doubled each year.7 This progression has been shattered by costs associated with the “I Love You” virus of May 2000, estimated at between $1 and $10 billion. Although the costs reported by respondents include lost time, and may be exaggerated, the reluctance of companies to acknowledge losses tends to result in underreporting.8 The overall numbers are useful indicators when these uncertainties are taken into account.
3. Transnational Nature of Cyber Crime
At a purely technical level, all messages on the Internet are broken down into “packets” that separate and travel through available routers and servers located throughout the world.9 Cyber crime goes beyond this technical, transnational dimension and involves senders who deliberately fashion their attacks and other crimes to exploit the potential weaknesses present in the infrastructure’s transnational nature. These weaknesses include: (1) a worldwide target pool of computers and users to victimize, or to exploit in denial-of-service or other attacks, which enables attackers to do more damage with no more effort than would be necessary in attacking computers or users in a single state; and (2) the widespread disparities among states, in the legal, regulatory, or policy environment concerning cyber crime, and the lack of a sufficiently high degree of international cooperation in prosecuting and deterring such crime.
The most damaging cyber attacks thus far experienced have been transnational, originating in many different countries and aimed at computers everywhere. Here are some prominent examples:10
  • The so-called “Phonemasters,” a “loosely-knit,” “12-member” international “hacking ring” headed by Jonathan Bosa-nac of Rancho Santa Fe, California (near San Diego), who, using the on-line name “The Gatsby,” developed a method for gaining access to telephone networks (such as MCI, WorldCom, Sprint, and AT&T), credit-reporting databases (such as Equifax), and even the FBI’s own National Crime Information Center, which they utilized in a number of countries.11 “The breadth of their monkey-wrenching was staggering; at various times they could eavesdrop on phone calls, compromise secure databases, and redirect communications at will. They had access to portions of the national power grid, air-traffic-control systems and had hacked their way into a digital cache of unpublished telephone numbers at the White House…. [T]hey often worked in stealth, and avoided bragging about their exploits…. Their customers included …the Sicilian Mafia. According to FBI estimates, the gang accounted for about $1.85 million in business losses.”12
  • David L. Smith, a New Jersey programmer, pleaded guilty in December 1999 of creating the “Melissa” computer virus and using an x-rated website to spread it through cyber space via e-mail in March 1999, where it “rampaged personal, government, and corporate computers around the world,” “caused worldwide devastation,” and was estimated to have done $80 million (or more) in damages.13
  • From December 1999 through April 2000, five hackers in Moscow stole more than 5,400 credit card numbers belonging to Russians and foreigners from Internet retailers, pocketing more than $630,000 until arrested.14 The incident pointed up the threat that “Eastern European fraudsters continue to pose … for all card issuers, even those with no direct business in the region.15
  • In 1995–96, from his home in Buenos Aires, a twenty-one-year-old Argentine student, Julio Cesar Ardita, “slipped through the security of … systems at Harvard University’s Faculty of Arts and Science, the U.S. Defense Department, the U.S. Naval Command, the San Diego-based Control and Ocean Surveillance Center, the Washington-based Naval Research Lab, NASA’s Ames Research Center and Jet Propulsion Laboratory, and the Los Alamos National Laboratory in New Mexico.”16 His actions were not criminal in Argentina, and his extradition to the U.S. was refused, although he later surrendered voluntarily.
  • Reports of persistent, international attacks on official government websites throughout the world in 1999–2000 appeared with great frequency. Some of the notable ones include: (1) Hackers breaking into the website of the Ministry of Fina...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Contents
  5. Foreword
  6. Contributing Authors/Editors
  7. Website Notice
  8. List of Abbreviations
  9. 1 Cyber Crime and Security: The Transnational Dimension
  10. 2 International Responses to Cyber Crime
  11. 3 The Civil Aviation Analogy
  12. 4 Current and Future Technical Capabilities
  13. 5 Civil Liberties and Security in Cyberspace
  14. 6 Toward an International Convention on Cyber Security
  15. Draft International Convention to Enhance Protection From Cyber Crime and Terrorism
  16. Appendix 1: December 1999 Conference Agenda
  17. Appendix 2: December 1999 Conference Participants