Cybercrime and Terrorism
The Future of Cybercrime and Cyberterrorism
adapted from A Survey of Terrorism
by Robert T. Thetford, JD
It has been estimated that by the end of the year 2000, 90% of all criminals will be computer literate.(1) This percentage would indicate a dramatic increase in the number of computer crimes overall, including the use of computers for terrorist acts. As the computer literacy of criminals and terrorists increases, so should the number of cyberattacks and cybercrimes show a corresponding increase.
There has never been a greater need for joint government and private industry cooperation to meet what will likely be the next great threat to the security of our nation's infrastructure. Reaction on the part of cyberattack victims (in both government and private industry sectors) continues to vary widely to both published and unpublished attacks. Some companies have taken an extremely aggressive stance, even to the point of reversing organized attacks against their systems (usually Denial of Service attacks) and actually counterattacking the attack originators.(2) On the opposite end of the spectrum, many companies merely attempt to close the door opened by the attacker and quietly look for ways to defeat attacks in the future, giving as little publicity as possible to the attack and hoping the attacker will seek another victim in the future. Still other companies have opted for litigation and criminal action to stop the attacks, understanding that only by pursuing actions which inflict legal pain will attacks be stopped.
Recent technology has enabled government agencies to electronically search an attacking computer for evidence of the attack, (3) and the potential is not limited to purely defensive methods. According to the New York Times, The U.S. Department of Defense has set up a Cyberwarfare Center which provides offensive cyberwarfare capabilities, including strategies designed to “infect enemy software, upset enemy logistics, and disable enemy air defense systems.” One immediate usage for the Center's programmers during the war in Kosovo was to conduct “attacks on Serbian computer systems in an effort to change banking records and deplete Serbian assets.” (4)
A review of published data indicates no unified approach in the defense of cyberattacks, whether they be from teenage computer hackers or from dedicated terrorist groups bent on destroying the United States. While recent changes in state and national criminal laws have closed some of the more obvious loopholes, the basic fact is that as a nation we have failed to recognize the enormous nature of the threat to our society. Law enforcement attempts to plug gaping holes in electronic fences have been repeatedly and effectively thwarted by those who consistently place privacy above security.
Law enforcement agencies have been persistently plagued by administrators who fail to grasp the significance of cybercriminals to their community. Because the investigation of these attacks is quiet, receives little initial publicity, and takes resources away from more visible property and personal crimes, many departments have opted to leave the investigation to state and federal authorities. This has not solved the problem, however, and now state and federal authorities are stretched to the limits of their resources working these crimes. The solution is for each department to receive training in the cybercrimes most likely to be encountered in their jurisdiction. Often, private industry will work with law enforcement to provide this training. If not, there are many programs furnished at the federal, state and university level which can provide an officer with the basic skills necessary to successfully investigate these crimes.
Until the threat is recognized as not random and isolated, not the pranks of a few talented but misguided individuals, but is rather the opening salvo of a massive and deadly serious assault against the very fabric of our technological culture, no effective steps will be taken to prevent and neutralize the threat. It may just be that until we experience an “Electronic Pearl Harbor,” we will continue to approach the problem in a piecemeal and ineffective manner, always playing catch-up with the other side and always at least one step behind in the ongoing war against computer literate criminals and cyberterrorists.
Footnotes
------------------------------------------------------
1. Richard S. Groover, “Overcoming Obstacles: Preparing For Computer-related Crime,” FBI Law Enforcement Bulletin, August, 1996, <http://www.fbi.gov/library/leb/1996/aug962.txt> (4/26/00).
2. “Can you hack back?” CNN News, 6/1/00, <http://www.cnn.com/2000/TECH/computing/06/01/hack.back.idg/index.html> (6/3/00).3. Patrick Riley, “Feds Use Convicted Pedophile To Create Internet Spy Software,” Fox News, 8/16/00, 4. Elizabeth Becker, "Pentagon Sets Up New Center for Waging Cyberwarfare," New York Times, 10/08/99, p. A16.