Hundreds of Columns Sorted by Topic
Shedding Light on the Dark Cyber World
Part I
by Antonio Nucci, CTO
8/24/2009
Theft of Personal Information and Identity: How common is the problem?
Global electronic networks of increasing power and pervasiveness form the communications backbone of this 21st century world economy, just as railroads, steamships, telegraphs and postal systems formed the transportation and communications infrastructure of the 19th century industrial economies. The foundation for the creation of the new digital era, also referred to as cyber world, virtual world or digital world, is the rapid and effective deployment of information and communication technologies in all sectors of our lives, ranging from economy, government and businesses to consumers at large. Widely available, highly complex and powered networks allow information exchange at very low cost, reduce the negative role of distance, and enormously increase the ability to coordinate geographically separated activities. The Internet has definitely become the central nervous system for our networked life. As a global network of loosely connected Internet Protocol (IP) based networks, many thousands in number and growing rapidly, it reaches into every country in the world and provides governments, businesses and consumers worldwide with a common platform for communication.
As the 21st century criminal has moved into realms and dimensions never before dreamed of by yesterday's cop on the beat, law enforcement agencies are in hot pursuit. The vast reach of the Internet continues to shrink the world - there are more than 200 million Internet users in the United States alone - increasing the likelihood that you or someone you know will become a victim of cyber crime. The pervasive nature of crime committed with the use of computers runs the gamut from loss of proprietary corporate information to the loss of life, and more commonly includes the theft of sensitive personal information such as social security, bank account or drivers' license numbers or the contents of a personal file. No less hurtful or compromising is the loss of innocence and trust. The Internet has provided millions of criminals worldwide with a platform to seek vengeance or riches at the expense of unsuspecting victims. From predators exchanging child porn to scammers stealing identities, cyber crime does not discriminate.
Converge! One Minute Videos
There are certain steps to be made before we can successfully combat cyber crime.
First, and foremost, it is time to increase our understanding of the language and the many dialects (i.e. protocols, applications and services) being spoken in the cyber world.
Second, it is time to promptly identify cyber users and communities of cyber users whose activity and content may harm the safety and transparency of the cyber world. (Here, they may be referred to as "dark users"and the associated communities they belong to as "dark clouds.")
Third, it is important to gain visibility into who is the real person behind an alias or cyber-identifier used to enter the cyber world. A critical problem in this digital world is knowing with whom you are interacting.
Societal Challenges: Quantifying the Spread and Impact of Cyber Crime and Cyber Terrorism
The FBI estimates that all types of computer crime in the United States now cost industry about $400 billion, while officials in the Department of Trade and Industry in Britain say computer crime has risen by 50 percent from 2005 to 2006. It is estimated that only 5 percent of cybercriminals are ever arrested or convicted because the anonymity associated with Web activity makes them hard to catch, and the trail of evidence needed to link them to a cyber crime is hard to unravel. Studies also show that cyber crime incidents are rarely reported, especially by companies that wish to avoid negative publicity leading to possible loss of confidence by their customers. CERT/CC estimates that as much as 80 percent of all actual computer security incidents still remain unreported.
Current FBI estimates are that identity theft costs American businesses and consumers $50 billion a year. Individual users are often lured into clicking on tempting links that are found in e-mail or when visiting Web sites. Clicking on titles such as "Buy Rolex watches cheap"or "Check out my new Photos"can take advantage of Web browser vulnerabilities to place malicious software onto a user's system, which allows a cybercriminal to gather personal information from the user's computer. Malicious code can scan a victim's computer for sensitive information, such as name, address, place and date of birth, social security number, mother's maiden name and telephone number. Full identities obtained this way are bought and sold in online markets.
How devastating is a botnet? Take Estonia as an example.
In spring 2007, government computer systems in Estonia experienced a sustained cyber attack that has been labeled by various observers as cyberwarfare. On April 27, officials in Estonia moved a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The move stirred emotions, and led to rioting by ethnic Russians, and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a series of large and sustained Distributed Denial-Of-Service (DDOS) attacks launched against several Estonian national Web sites, including government ministries and the Prime Minister's Reform Party. In the early days of the cyberattack, government Web sites that normally receive around 1,000 visits a day reportedly were receiving 2,000 visits every second. This caused the repeated shutdown of some Web sites for several hours at a time or longer, according to Estonian officials. The attacks, which flooded computers and servers and blocked legitimate users, were described as crippling, owing to Estonia's high dependence on information technology, but limited resources for managing their infrastructure. This event can serve to illustrate how computer network technology has blurred the boundaries between crime, warfare and terrorism. A persistent problem during and after any cyberattack is accurate identification of the attacker by finding out whether it was sponsored by a nation, or was the independent work of a few unconnected individuals, or was initiated by a group to instill frustration and fear by damaging the computerized infrastructure and economy. The uncertainty of not knowing the initiator also affects the decision about who should ultimately become a target for retaliation, and whether the response should come from law enforcement or the military.
Espionage: Science-fiction or reality?
Cyber espionage involves the unauthorized probing to test a target computer's configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files. U.S. counterintelligence officials reportedly have stated that about 140 different foreign intelligence organizations regularly attempt to hack into the computer systems of U.S. government agencies and U.S. companies. Cyber espionage, which enables the ex-filtration of massive amounts of information electronically, has now transformed the nature of counterintelligence by enabling a reduced reliance on conventional spying operations.
Some government officials warn that criminals now sell or rent malicious code tools for cyber espionage, and the risk for damage to U.S. national security due to cyber espionage conducted by other countries is great. In 2003, a series of cyberattacks designed to copy sensitive data files was launched against DOD systems, and the computers belonging to DOD contractors. The cyber espionage attack apparently went undetected for many months. This series of cyberattacks was labeled Titan Rain, and was suspected by DOD investigators to have originated in China. The attacks were directed against the U.S. Defense Information Systems Agency (DISA), the U.S. Redstone Arsenal, the Army Space and Strategic Defense Installation, and several computer systems critical to military logistics. Although no classified systems reportedly were breached, many files were copied containing information that is sensitive and subject to U.S. export-control laws. In 2006, an extended cyberattack against the U.S. Naval War College in Newport, Rhode Island, prompted officials to disconnect the entire campus from the Internet. A similar attack against the Pentagon in 2007 led officials to temporarily disconnect part of the unclassified network from the Internet. DOD officials acknowledge that the Global Information Grid, which is the main network for the U.S. military, experiences more than 3 million daily scans by unknown potential intruders.
Cyber-Terrorism: Linkage to Cyber-Crime and Hackers
The proportion of cyber crime that can be directly or indirectly attributed to terrorists is difficult to determine. However, linkages do exist between terrorist groups and criminals that allow terror networks to expand internationally through leveraging the computer resources, money laundering activities or transit routes operated by criminals. For example, the 2005 U.K. subway and bus bombings, and the attempted car bombings in 2007 also in the United Kingdom provide evidence that groups of terrorists are already secretly active within countries with large communication networks and computerized infrastructures, plus a large, highly skilled IT workforce. London police officials reportedly believe that terrorists obtained high-quality explosives used for the 2005 U.K. bombings through criminal groups based in Eastern Europe. A recent trial in the United Kingdom revealed a significant link between Islamic terrorist groups and cyber crime.
In June 2007, three British residents, Tariq al-Daour, Waseem Mughal and Younes Tsouli, pled guilty, and were sentenced for using the Internet to incite murder. The men had used stolen credit card information at online Web stores to purchase items to assist fellow jihadists in the field such as night-vision goggles, tents, global positioning satellite devices, hundreds of prepaid cell phones and more than 250 airline tickets -- all through using 110 different stolen credit cards. Another 72 stolen credit cards were used to register over 180 Internet Web domains at 95 different Web hosting companies. The group also laundered money charged to more than 130 stolen credit cards through online gambling Web sites. In all, the trio made fraudulent charges totaling more than $3.5 million from a database containing 37,000 stolen credit card numbers, including account holders' names and addresses, dates of birth, credit balances and credit limits.
Cybercriminals have made alliances with drug traffickers in Afghanistan, the Middle East, and elsewhere where illegal drug funds or other profitable activities such as credit card theft are used to support terrorist groups. Drug traffickers are reportedly among the most widespread users of encryption for Internet messaging, and are able to hire high-level computer specialists to help evade law enforcement, coordinate shipments of drugs and launder money. Regions with major narcotics markets, such as Western Europe and North America, also possess optimal technology infrastructure and open commercial nodes that increasingly serve the transnational trafficking needs of both criminal and terrorist groups. Officials of the U.S. Drug Enforcement Agency (DEA) reported in 2003 that 14 of the 36 groups found on the U.S. State Department's list of foreign terrorist organizations were also involved in drug trafficking. A 2002 report by the Federal Research Division at the Library of Congress, revealed a growing involvement of Islamic terrorist and extremists groups in drug trafficking, and limited evidence of cooperation between different terrorist groups involving both drug trafficking and trafficking in arms. Consequently, DEA officials reportedly argued that the war on drugs and the war against terrorism are and should be linked.
Child Endangerment: A Widespread Problem
In order to quantify the severity of this problem, let's look at some statistics provided by the National Center for Missing and Exploited Children and Cox Communications, which surveyed up to 1,000 children in their study. The numbers are indeed very scary. Out of 1,000 children surveyed, 71 percent of teens ages 13 to 17 reported to have received messages online from someone they do not know. After receiving these messages, 40 percent reported that they usually tend to reply and chat with that person but only 18 percent of them said they will tell an adult. Forty-five percent of teens in the same age range have been asked for personal information by someone they do not know. Thirty percent of them have considered meeting someone that they have only talked to online and 14 percent have actually had such an encounter.
Even more frightening are the results provided by the National Center for Missing Children. In this report they claim that 1 in 4 youths ages 10 to 17 has been exposed to sexually explicit pictures online without seeking or expecting them, while 1 in 5 has even received unwanted sexual solicitations online. Less than 10 percent of sexual solicitations and only 3 percent of unwanted exposure episodes were reported to authorities such as a law enforcement agency, an Internet Service Provider or a hotline. One in 17 youths ages 10 to 17 has been threatened or harassed online. Only about one-half of the children who were threatened or harassed reported the incident to their parents. Only 17 percent of youths ages 10 to 17 and approximately 10 percent of parents could name a specific authority, such as the Federal Bureau of Investigation, CyberTipline or an Internet Service Provider to which they could make a report.
About the Author
In his career, Antonio has published more than 30 papers for international conferences and professional journals, served on several Technical Program Committees (IEEE Infocom 2005/2006, ACM Sigmetrics 2005, IP-QoS 2005, LSNI 2005), and was referee for more than 130 papers from five different professional journals and 10 international conferences. He is a member of the IEEE where he was elected to the grade of Senior for contributions in the area of modeling and analysis of network performance.
Antonio received the Dr. Ing (B.S. and M.S.) and Ph.D. degrees in Electrical Engineering from Politecnico di Torino. He was also a scholar visitor at the Computer Science Department of the University of Montreal leading a project in optical networks.
About Narus
Narus is the leader in real-time traffic intelligence for large IP networks, and is the only company that provides security, intercept and traffic management solutions within a single, flexible system. With Narus, service providers, governments and large enterprises around the world can immediately detect, analyze, mitigate and target any unwanted, unwarranted or malicious traffic. Narus provides its customers with complete, real-time insight into all of their IP traffic from the network to the applications. Combined with the ability to enable numerous actions, Narus customers have the ability to take the most appropriate actions quickly. Narus' system protects and manages the largest IP networks around the world including AT&T, KT (Korea), KDDI (Japan), Telecom Egypt, Reliance (India), Saudi Telecom, US Cellular and Pakistan Telecom Authority. Narus is headquartered in Mountain View, California with regional offices around the world. For more information, please visit www.narus.com.
Send us your response to this article.
Learn How to Get Your Column Published on this Site
