Wilfredo W Cintron American Military University Professor Bryan Bechard ISSC451 Cybercrime
Cyberwarfare In our current state of affairs
a) Introduction
Globalizations and proliferation of computers and networks across the globe have increased cyber warfare between different parties such as nations to destroy and compromise information networks and computers for financial and social gains at the victim’s expense. Cyber-warfare took shape when the parties engaged in it, such as international organizations or nations and states implement cyber threats and risks on each other’s computers and network systems (Florida Department of Law Enforcement,1989). The most common cyber-warfare is in the form of attacks that involve computer hacking and viruses by one party to another to disrupt the systems by creating destruction, death and damage. Equally important, cyber-warfare can be implemented in different forms and types that include malware attacks, phishing, man-in-the-middle attack, Denial of service attacks zero-day exploit, SQL injection and DNS tunneling. Moreover, the state and non-state actors pose serious threats to the security and safety of other parties. Cyber-warfare has serious and negative impacts on the victims as it makes them vulnerable since attacks destroy the system, compromise the existing data and steal the data at the expense of the victim and thus the victim needs to adopt the relevant security measures and best practices to counter cyber-warfare threats and risk in the interests of safety and efficiency in operations. Cyber-warfare covers different aspects of parties contributing to cybercrime, challenges experienced in cyber-warfare and the impacts of cyber-warfare that need to be understood to enhance decisions making in countering threats and risks related to cyber-warfare.
b) Background
Definition of Cyber-warfare
o Variety of acceptable definitions of cybercrime
Different definitions are attached and used to explain cyber-warfare in terms of the parties involved, crimes committed impacts and the countermeasures to address and prevent the attacks. RAND (research and development) terms cyber warfare as the non-state or international organization’s actions to launch attacks with the intention of damage and destroy another organization’s computers and information networks (Carr, 2012). Nation and non-state actors engage in different wars to destroy computer and network systems to sabotage and compromise the national and organizational operations between rivals involved. The cyber-warfare threats and risks are used in achieving clandestine reasons such as compromising security operations, derailing economic operations and negatively affecting the general nations and organizational operation to the point of causing irredeemable losses.
Protection of the interdependent ICT devices and components
Cyber-warfare causes a wide range of losses and damages to the victims of risks and threats associated with cyber-warfare, and thus there is a need for the adoption of the relevant countermeasures to protect the state or organizational infrastructure, resources, ICT components and ICT devices. In this case, ICT devices need to use components that need to be protected through whitelisting. Whitelisting selectively allows authorized applications to run (HM Government, 2016). This approach ensures that adversaries cannot access the ICT system, thus preventing malicious software and unauthorized applications from existing.
Organizations and nations need to enhance patching of operating systems and applications to eliminate the system’s weaknesses and vulnerabilities. Patching software is designed to fix problems or update computer programs. Regular patching ensures that mitigating security strategies consistently eliminates vulnerability and handles regular security threats and risks.
Additionally, nations and organizations need to develop a defense-in-depth system that combines different protection strategies and ICT infrastructure approaches. In this regard, there is a combination of whitelisting, regular patching, and restrictive administrative privileges. The in-depth defense system makes it impossible for adversaries to run malicious codes or continue to run them undetected.
Relation to the elements of intelligence collection, privacy, information sharing, and surveillance
Protection and handling cyber warfare entails a combination of aspects and operations to attain the highest security and safety levels for computer and network systems. In this regard, privacy ensures that data, information and operations are protected from third parties or unauthorized parties. Consequently, the sharing of information entails transferring information from one party to the other to enhance operation. Hackers and attackers can compromise the data and information on transit, thus negatively affecting information privacy, leaving the victims vulnerable. On the other hand, the protection of computers and network systems from cyber warfare needs to be done by conducting intensive surveillance and intelligence collection. Surveillance ensures that the computer and network system is closely monitored to detect and addresses malicious activities. Finally, intelligence collection ensures that information relating attacks, risks and threats in the system is collected to mitigate the attacks by adopting the relevant security measures.
The significance of cyber-warfare
Cyberwarfare has consistently become an issue of concern and importance to nations worldwide due to its impact in global economics, politics and cultural aspects. In this regard, espionage and offensive capabilities have increased across the globe, and there is a need for nations to have the appropriate knowledge and skills to handle and deal with cyber-warfare to prevent instances where they are disadvantaged (Robinson, Jones and Janicke, 2015). Cyberwarfare interest ensures that organizations and nations can take measures to combat threats, attacks and risks.
Cyber-warfare is a significant determinant of military and political power and the future among nations. Cyber-warfare interferes with military intelligence and political influence; thus, it can be used to consolidate power. Hegemonic power is gained through effectiveness in handling cyber-warfare to ensure that one is not disadvantaged. In this regard, nations and organizations have consistently invested in cyber aspects to advance their political and economic agenda across the globe.
c) Major threats contributors to cybercrime
1) Terrorists
Terrorist groups across the globe have consistently used the internet to implement cyber-related crimes to gain economically, socially and politically at the expense of their victims that include organizations and nations. The proliferation of computers, devices, and the internet has made terrorism manifest itself through the use of the internet to implement their terrorism goals across borders and amplify their victims’ potential impact (Robert, 2013). The terrorists use the internet to achieve their different goals of recruiting new members, disseminating information for terrorism goals, incitement to engage in terrorism, training, spreading propaganda and financing their terrorist activities. In the dissemination of propaganda, terrorists send information with the intention of communicating ideologies, practical instructions, justification and explanation of terrorist activities. Propaganda enables them to promote violence, extremist rhetoric, and fundamental threats. Consequently, terrorists use cybercrimes to finance their activities through fraud, collecting funds, and raising funds and resources. Cybercrime activities by terrorists are classified in different categories that include direct solicitation, charitable organizations, exploitation of online payment services, and e-commerce exploitation. Additionally, terrorists launch cyber-attacks on a computer and network systems with the deliberate intention of exploitation. The attacks disrupt the appropriate functioning of targets such as servers, computer systems, and underlying infrastructure through hacking, computer viruses, malware attacks, advanced persistent threat techniques or malicious access. For instance, in January 2012, terrorists launched cyber-attacks on various Israeli websites such as the Tel Aviv Stock Exchange, national airline, and bank details disclosure.
2) Unethical hackers
Unethical hackers launch attacks on the computer and network system without knowing the target to break into the system, thus stealing money and causing other damages such as infecting the program with malware programs or viruses. In this regard, the unauthorized access into a computer and network system makes the hackers implement cyber-related crimes while they are in control of the system (Robert, 2013). The hackers exploit systems and programs by cracking passwords, adopting software packages for writing computer viruses and developing scripts for disabling or breaking computer websites and networks. The unethical hackers attack the information infrastructure and resources of nations and organizations, thus making it possible to implement cybercrimes such as launching malware attacks, infecting systems with viruses, ransomware, phishing attacks, Denial of service attacks. For instance, an unethical hacker can hack a hospital computer system to commit fraud or compromise, steal or damage the hospital data at the hospital’s expense and the users of the system.
3) State-sponsored threats
Governments and nations worldwide have launched cyber-attacks on each other to probe and exploit national infrastructure vulnerabilities, gather intelligence for political, social or economic reasons, and exploit money from the national systems and the citizens. Nations launch prolonged cyber campaigns using attack and defense methodologies that inhibit cyberspace (Ministry of Economic Affairs, 2014). In this case, nations use their professionals, resources and technical instruments to access critical infrastructures such as government and military systems. Additionally, the state-sponsored cyber-attacks can be launched on businesses since they massively contribute to the state’s wellbeing through money or information. In this regard, the state-sponsored attacks can be directed towards state resources, and systems offer services to the general public, such as gas, internet, medicine, waste management, education or electricity. In this case, cyber risks and threats are directed towards security resources; they make the country vulnerable to the point that the citizens lose confidence.
4) Electronic Ware Threat
Cyber-crime can further be implemented through electronic ware threats that take the use of electromagnetic spectrum intending to impede enemy attack, attack an enemy and control the spectrum. The electronic warfare systems are developed with the ability to receive sensors in their environment, conduct an analysis in their environment and respond appropriately to the environment through high power transmission (Maher, 2017). The electronic warfare system can be configured to launch attacks, support, and protect an organization or nation system and resources. Configuring the system to implement attacks ensures that an attacker or a hacker can access the computer and network systems, thus making it possible to implement cyber-attacks. In this case, the attacker nation or organization can launch malware attacks, phishing attacks, ransomware attacks, virus attacks, Denial of service attacks and compromise, stealing and damaging data at the expense of the owners.
d) Major challenges associated with Identity Theft
o Smartphones
The proliferation of smartphones that are constantly connected to the internet poses an identity theft risk. Mobile devices are prone to be inappropriate uses leading to identity theft. When a fraudster accesses a consumer-ready digital device such as smartphones, fraudsters can access personal information from them, and they could use them to impersonate the real owner in different ways such through gaining access to banks accounts, credit card information or other services (Kshtri, 2010). Smartphones pose a high risk to identity theft due to a wide range of reasons that include that it contains sensitive information such as credit card information and can be used to make purchases, the phone can be stolen as it is mobile and portable, it is impossible to identify scams on smartphones especially when they are sent in through applications, texts or emails, the smartphone is highly mobile, and lack of effective mobile security system possess security threats such as hacker software and viruses that can be used to gather information. Therefore, smartphones are prone to identity theft, thus risking the lives of the owners and holders.
o Cloud computing
Cloud computing increases the chances of identity theft risk affecting victims as data is stored remotely and transmitted from one target to another. Errors of commissions and omission in the cloud computing environment expose data to wrong parties leading to identity theft (Kshtri, 2010). In this regard, data and information can be exposed to unauthorized parties through mistaken identities where data lands on the wrong hands, automation failure, monitoring failure, thus enabling hackers and attackers to access the cloud environment.
o Insufficient skills and training
Insufficient skills and training among the staff members or the general population in handling data, information, and internet-connected devices results in identity theft. People need to have sufficient knowledge and skills such that they use the best practices, approaches and solutions in handling devices, data and information (Thomas, 2018). Appropriate skills and training ensure that people take caution in handling data to the point that vulnerability and gaps that can be used to allow the implementation of identity theft are sealed. Therefore, insufficient skills and training among the employees or the general public make them vulnerable to identity theft.
o Data security
The form and type of data security systems and approaches used to ensure data and information safety is a significant determinant in identity theft. Data security and control are meant to ensure that authorized parties can only access to data, thus protecting the users’ identity and owners of data (Tonge, Kasture, Chaudhari, 2013). In this regard, effective data security used in data protection includes encryption, tokenization, hashing, key management practices, and effective access control. On the contrary, failure to incorporate effective data management strategies exposes data amounting to identity theft.
o Ease of access to hacking resources
The ability to hack computer and network systems due to the availability of skills, knowledge and hacking resources increases successful identity theft (Simonsohn, Simmons and Nelson, 2015). In recent times there has been an increase in hacking techniques and tools, making it easy and possible to implement hacking. Hackers have consistently developed tools and resources for hacking such as Burp Suite, ActiveScan++, BurpSentinel, Autorepeater Burp, Authorize, thus increasing hacking increasing identity theft cases.
e) Impacts of Cyberattacks
1) Impacts on the economy
Successful cyber-attacks have different negative impacts on the economy and businesses, making financial operations in the affected areas less attractive (Clark and Hakim, 2017). In this regard, cyber-attacks have increased the financial loss among businesses and people, thus instilling fear and unwillingness to engage in business. In this case, the financial losses arise from corporate information theft, theft of financial information, theft of money, loss of business or contracts, and disruption of trading.
Increased cybercrime in the economy causes reputational damage that pushes potential customers and businesses persons from engaging in business operations. Trust is a vital aspect of a business, and consistent cybercrime erodes the trust leading to loss of customers, reduction in profit and loss of sales. Reputational damage further scares away suppliers, partners and third parties, leading to reduced business operation.
2) Impacts on the private sector
The private sector suffers due to the cyber-attacks making the business environment un-favorable for existing and upcoming businesses. In this case, the cost of running businesses increases due to the need to protect and secure business operations and data for cybercriminals and attackers (Watkins, 2014). The businesses need to invest in protecting their investment and IT system from interferences from the attackers, thus making running a business much expensive.
The private sector experienced increased legal liability as a result of data breaches affecting their customers. In this case, there are successful cyber-attacks that affect customers through losses and exposure of confidential information inclines them to file legal suits (Watkins, 2014). The increased civil reliability, fines and regulatory obligation reduce the profit levels for the business.
Additionally, businesses experience continuity issues when the cyber-attack was severe, leading to slow business operations, loss of productivity and accumulation of costs that can overwhelm the business, thus threatening its continuity.
3) Impacts on national security
Cyber-attacks have negative impacts on national security that affects a high number of people across different nations. In this case, cyber-attacks interference of service management systems resulting in a disruption in the different services rendered (Relia, 2016). In this case, waste management, electricity supply, and water supply system affect and disrupt people’s lives.
Cyber-attacks result in breaches of national security secrets, thus making the nation vulnerable. National security secrets contain confidential information relating to national security and wellbeing, such as military operations and equipment (Relia, 2016). The fact that such information lands on the wrong hands or adversaries they leave the nation exposed and vulnerable to attacks.
f) Conclusion
Cyber-attacks and crimes disrupt the entire society in terms of individuals, organizations and the government by the attackers and hackers gaining financial, social and political gains at the expense of the society; thus, there is a need to adopt the necessary measures and strategies to combat the attacks. Different parties launch Cyber-attacks in their capacities based on their intentions. The attackers range from individual, organization, groups and event nations. Consequently, identity theft is an issue of concern that has increased across society, thus increasing successful cyber-attacks. In this regard, there is a need to address the factors leading to the increase in identity theft. Moreover, cyber-attacks have negative impacts on the economy, private sector, and national security, meaning that strategies to counter the attacks need to be taken at every level and across the globe to ensure that computer and network systems’ security and safety are upheld.
References
Florida Department of Law Enforcement (1989). “Computer Crime in Florida.”
An unpublished report prepared by the Florida Department of Law Enforcement, Tallahassee, FL.
Relia, S. (2016). Cyber Warfare: Its Implications on National Security. New Delhi: United Service Institution of India
Watkins, B. (2014). The Impact of Cyber Attacks on the Private Sector. Retrieved from https://www.amo.cz/wp-content/uploads/2015/11/amocz-BP-2014-3.pdf
Robert W. Taylor (2013). Digital Crime and Digital Terrorism Retrieved from December 4, 2017 From https://online.vitalsource.com/#/books/9781323288689/first!/4/2@0:0.00
HM Government (2016). National Cyber Security Strategy 2016-2021. Retrieved from https://www.ncsc.gov.uk/content/files/protected_files/document_files/National%20Cyber
%20Security%20Strategy%20v20.pdf
Carr, J. (2012). Inside cyber warfare: Mapping the cyber underworld. ” O’Reilly Media, Inc.”.
Viano, E. C. (2017). Cybercrime, organized crime, and societal responses. Springer International Publishing.
Maher, D. (2017). Can artificial intelligence help in the war on cybercrime?. Computer Fraud & Security, 2017(8), 7-9.
Simonsohn, U., Simmons, J. P., & Nelson, L. D. (2015). Better P-curves: Making P-curve analysis more robust to errors, fraud, and ambitious P-hacking, a Reply to Ulrich and Miller (2015).
Thomas, J. (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Thomas, JE (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management, 12(3), 1-23.
Clark, R. M., & Hakim, S. (2017). Protecting Critical Infrastructure at the State, Provincial, and Local Level: Issues in Cyber-Physical Security. In Cyber-Physical Security (pp. 1-17). Springer, Cham.
Bertino, E., & Ferrari, E. (2018). Big data security and privacy. In A Comprehensive Guide Through the Italian Database Research Over the Last 25 Years (pp. 425-439). Springer, Cham.
Kshetri, N. (2010). The Global Cybercrime Industry: Economic, Institutional and Strategic Perspectives. Heidelberg: Springer.
Tonge, A., Kasture, S. & Chaudhari, S. (2013). Cyber Security: Challenges for Society- Literature Review. IOSR Journal of Computer Engineering (IOSR-JCR), 12(2), 67-75.
Ministry of Economic Affairs and Communication (2014). Cyber Security Strategy. Retrieved from https://www.mkm.ee/sites/default/files/cyber_security_strategy_2014- 2017_public_version.pdf
