Cyber Crime and Cyber Warfare - Essay Example

?Cyber Crime as opposed to Cyber warfare Chapter Introduction 1 - Background The world has become a global village after rapid developments and advancements in information and communication technology, media resources, transportation and networking. The interaction and coordination among people has improved tremendously in last 3 decades after the advent of internet and use of desktop PCs and laptop notebooks. Indeed, businesses have also received innumerable benefits from this free flow of information, opinions, knowledge and ideas across the globe. Nevertheless, new business and investment opportunities are created because of developments in infrastructure and modes of transportation that has enabled businesses to ensure utility of form, place and time. The use of intranet, extranets, internet and information systems across organisations have contributed significantly in growth and prosperity because it facilitates timely communication with business parties. However, the emergence of hackers and criminals that develop viruses and malwares have jeopardised the security of public and private business information and records in an organisation. The author, therefore, has decided to conduct extensive research over growing menace of cyber crimes and cyber warfare because the present 21st century is known as ‘information era’. Nonetheless, the organisations now consider greater focus on information and knowledge, which is viewed as most precious asset in today’s business environment. 1.2 – Cyber Crime and Cyber Warfare: Cyber crimes refer to online frauds and internet-based crimes such as hacking email address, user accounts, stealing personal information (credit, visa and debit card pins, bio data, etc) from information systems of firms and from computers of end users, attacking computers through viruses in spam emails etc. Cyber Warfare is different from cyber crimes in a way it refers to online information war between two rival countries. Indeed, the hackers from Country A may attack government websites, information databases and networks of Country B through use of hacking tools in order to obtain clandestine information regarding foreign policy and agenda, military spending and power, diplomatic relationships and back channel diplomacy etc, economic and trade agreements etc. For instance, the main aim is to access implicit information and to destroy existing data warehouses and governmental networks to bring economic, technical and social losses to rival nation. 1.3 - Problem Statement Although systems and software developing IT organisations (such as Microsoft, Apple, IBM) have been striving to deal with the rising menace of cyber crime, there is dire need to develop strong anti-virus softwares to ensure information security. Nevertheless, cyber crimes (specifically viruses) do not only threaten security of software components, but also they may sabotage hardware resources, especially computer hard disks. In addition, the cyber warfare may disrupt a nation’s strategic functioning as it could damage mainframe and super computer systems used for keeping military and government records. 1.4 - Significance of Problem The issue of cyber crimes is not concerted to boundaries rather it could affect any end-user residing in any geographical region. The hackers do not target users in any specific area (or from any ethnicity, religion, cast, colour or language) but they may batter (virtually) any person for unidentified reasons. Still, the world has been seeking appropriate solutions that could help improve their security in cyberspace. The researcher would like to argue that the probability that many nations worldwide may have Cyber Wars in future will increase, as more countries will enter cyberspace and send satellites in the orbit. 1.5 - Aims and Objectives The major aim of this research paper is to analyse the growing menace of cyber crimes from cyber terrorists and identify the weaknesses that should be overcome to avert cyber crimes. The objectives are as under: 1) To identify the weaknesses in computer networks that boost confidence of cyber terrorists to conduct cyber attacks. 2) To demonstrate how law has prohibited these attacks. 3) To determine what are the underlying reasons and aspirations, which compel independent groups of cyber felons to launch such attacks? 1.6 - Hypotheses 1) Cyber warfare may sabotage diplomatic relationships between or among nations as well as has potential to indulge nations in physical war (end result) in near future. 2) Most of the available anti - virus softwares in the market do not guarantee security from malwares and internet viruses. This failure of IT companies has boosted hackers’ confidence and increased cyber crime rates. 3) Cyber warfare is also state sponsored because nations consider cyber attacks, on rival nation’s information databases, a source for obtaining secret information that, in turn would help improve National Security. 4) Law enforcement agencies still lack considerable quantity of IT professionals and specialists who could help investigating all cyber crimes. Hence, most of the cases go uninvestigated due to scarcity of personnel. 1.7 - Importance / Benefits of Study 1) The research will provide a comprehensive analysis over recent developments in IT sector regarding information security. 2) The paper will demonstrate how cyber crimes % could be controlled or reduced. 3) The project will provide a thorough overview on problems and concerns of internet users that have become the target of cyber terrorists, which damage their tangible and intangible assets. 1.8 – Dissertation Structure and Organisation The comprehensive research project will start with a formal background about advent of internet, formation of networks and developments in information technology (IT). The paper will then introduce terminologies such as cyberspace, cyber crimes and cyber security and elaborate on the significance of highlighted problems and threats. The researcher will then discuss the research aims and objectives, research questions and hypotheses. The paper moves on with a comprehensive literature review, inclusive of models, latest available statistics and example, on the cyber warfare and crimes. The chapter will be prepared from secondary sources and will consider above mentioned problem, objectives, questions and hypotheses. The next chapter throws light over Primary Research, which will be conducted in the form of face-to-face interviews and surveys from end-users. The researcher will then present data analyses and findings obtained from empirical research. In fact, both qualitative and quantitative analysis will be presented to enhance the scope of research project. In addition, the research will point out the major research limitations followed by a discussion over ethical considerations and principles. Finally, the project will end on pertinent conclusions drawn from entire practical research work after which the research will provide some useful suggestions and recommendations, which may help improve cyber security and eradicate crimes. Chapter # 2 – Literature Review The research will first throw light over definitions of terminologies such as Cyber Terrorism, Cyber Attack and Cyber Warfare provided by previous researchers. Wilson (2005) highlighted that Cyber Terrorism could be defined as the use of computers from the terrorists groups or criminals or hackers, which enjoy expertise in breaking operating system codes and damaging installed softwares (programmes), to target other computer users, communication and information networks. Without any doubt, the computers are used as ‘weapons’ to sabotage other computers and intervene in someone else’s tangible and intangible assets because of any unknown evil intentions or nefarious designs. These felons either work in isolation or are endorsed by government authorities or political institutions. The attack launched by these terrorists is known as ‘cyber’ or ‘computer network’ attack (CNA), which aims to disturb functioning of networked systems. For example, an ordinary system that has exposure to external world via internet could come under virus attack that would adversely impact ‘equipment operations’, would automatically slowdown processing speed, remove necessary data, negate installation of new programmers or just simply make previously ‘stored data as corrupt’. It is worthwhile to mention that malefactors break into an external system(s) through virus, which is defined as a ‘malicious’ code that could destroy a software system if there are no firewall settings or protection from unknown resources. The viruses enter either during browsing / downloading (when a user visit websites) activities or opening of emails (including spam or junks) (Boyd, 2009). Undoubtedly, some viruses are weak that are detected on PCs but do not necessarily harm functioning of system. On the other hand, strong viruses are proved to be disastrous because they have capability to destroy security measures or even anti-virus softwares. In addition, the attacker(s) may use passwords or codes that enable entry in ‘restricted computer systems’ and then filch information surreptitiously. This happens because the virus code conquers software programming, which is responsible for data inputting, processing, storage and outputting. The hacking tools, available in the market, provide a hacker or intruder the chance to identify drawbacks in systems configuration and then select the target that could easily fall prey to assault. In this way, the hackers could download data from one system to another through commands provided via internet to affected PCs or servers (Wilson, 2005). Amit (2010) has pointed out that leading anti - virus software developers such as McAfee, Norton, Kasper sky, Web root etc. have although put great efforts by constantly adding new features to their anti-viruses; however, the products could not security against all viruses. This failure in ensuring complete security to end-users and organisations provide cyber terrorists a psychological edge and increases their morale. Hence, cyber crimes such as ‘fraud, phishing and identity theft’ have become extremely common in this information world. In fact, the increasing use of internet has sharply increased the number of online business transactions through e-cards, debit, visa and credit cards. Indeed, this also provides hackers an opportunity to steal pin numbers and passwords by intruding in either bank’s or company’s information systems (Boyd; Shackelford, 2009). Lewis (2002) has revealed that electric supply firms have also inducted advance computerised systems to facilitate routine business operations, power transmission, record keeping and decision – making. In addition, many related and supporting industries such as “financial, military and telecommunications” (Matus, 2010) are directly or indirectly dependent on power supplied by these electric transmission firms. Hence, terrorists during cyber warfare, usually launch attacks on power transmission systems so that they could disrupt entire supply chain and hamper nation’s growth. 2.1 – Facts and Figures: Lewis (2002) mentioned that 70% firms in power sector across USA were attacked during 2002 to hamper growth and sustainability. He also presented the facts that the cumulative financial losses to internet users from ‘Love Bug virus’ alone were estimated to be $10 - 15 billion, a figure much higher than infrastructure and monetary losses caused by floods or hurricanes. Other major losses from cyber crimes include “loss of intellectual property, damage to reputation and goodwill, lower productivity, and third party liability” (Lewis, 2002). In addition, Kshetri (2005) confirmed that losses incurred by ‘U.S. consumers and businesses from cyber crimes were nearly $14 billion’. Kshetri, (2005) has summarised the statistics garnered by International Data Corporation (IDC), according to which international / multinational / supranational corporations had become a major target of cyber terrorist groups, which were against spread of free market enterprise system. They, therefore, launched attacks against many Fortune 500 companies and threatened to stop maximising wealth at the expense of citizens in developing countries. Ford Motors was also ravaged when hackers successfully accessed its private information networks that later disrupted functioning of system for 15 days. Obviously, the motive behind the attack was nothing but to hamper growth of international car maker and its home country, which enjoys significant market share worldwide. Microsoft is another example that came under attacks for the same reason; however, it survived due to implementation of relatively better security practices. In addition, 40% of global IT professionals expressed their concerns over measures adopted for systems’ security and revealed preference for information security to ensure business sustainability (Kshetri, 2005; 2006). Matus (2010) has quoted US President Obama’s grave concern regarding cyber crime activities and cyber warfare by highlighting that American could not ensure its ‘national security’ without securing its information centres, warehouses and databases. It should be recalled that cyber terrorists, allegedly from Al-Qaeda (defunct organisation), Iran or North Korea (axis of evil nations), launched attacks during 2004 - 2005 to hack information systems and websites of the ‘Pentagon, White House and NATO’ in an attempt to access covert agendas and military plans against those rivals (Kshetri, 2006). Chapter # 3 – Research Methodology 3.1 - Data Collection Tools 3.1.1 – Secondary Quite unequivocally, the best way to initiate a research task is to garner and analyse the current literature that was contributed and researched by previous authors on the related topics. The researcher could, therefore, identify the strengths, relevancy, accuracy, acceptability, limitations and weaknesses of existing information and could demonstrate what the new research should focus on. In the way, the researcher could make his contribution worth reading for the specialists, professionals, analysts and general readers. Taking the aforementioned into account, the researcher will first utilise secondary data, as this form of data is more useful for an exploratory study and will be able to yield a great deal of quantitative and qualitative information. To analyse and critically evaluate the threat of cyber terrorism and cyber warfare, the economic and social disadvantages and the proposed solutions of previous authors, I will collect secondary information from computer related books, press releases, IT companies’ reports, analysts’ reviews, scholarly journals, news, internet and magazine articles etc. In fact, this would facilitate in preparing literature review, supporting and testing hypotheses, drawing conclusions and demonstrating the scope of this project. 3.2.2 – Primary Having begun the research with secondary data, any misfits, inaccurate or in-concise information will be explored with primary data through face-to-face interviews with the experts, professionals and business executives in the IT industry. Another research tool is to conduct a survey (formulating a questionnaire comprising of close- and open-ended questions) with people that have become the victims of cyber crime. In addition, any inside or private information will have to be primary (if contributed by company officials during interviews) as many data is not published due to corporate confidentiality. Nevertheless, this approach aims to obtain first-hand from direct affectees of either cyber crime or cyber warfare. The researcher will then analyse the findings and responses to prepare a compare and contrast analysis between the two terminologies and will reach appropriate conclusions. 3.3 – Research Design: The research will be descriptive in nature that will include both qualitative and quantitative information. In fact, the researcher has planned to use analytic induction method for analysis of qualitative data and statistical models for quantitative data analysis. Quite unequivocally, the above mentioned research tools will enable to test hypothesis in a professional manner as well as enhance the scope of research findings and conclusions. A questionnaire will be developed consisting of 10 - 15 questions for hardcore and casual internet users (including IT specialists, office workers, young adults and other participants etc.) to determine how cyber crimes have impacted general public and how they judge the strengths and weaknesses of available internet security softwares. Indeed, the researcher will use the Likert Scale to produce the questionnaire in which 5-6 options will be provided to participants to judge the threat of cyber crimes among the general public. Almost 100 participants / internet will be picked up randomly from different neighborhoods to answer the survey questionnaire. The sample will include equal representation of internet users from all age groups. In order to enhance the scope of study, ‘focus groups comprising 6-8 participants’ will also be used as an effective methodology. Finally, the interviews will be conducted with executives of leading IT companies to obtain useful primary information on cyber crimes and cyber warfare. 3.4 - Ethics Ethical principles, rules and laws have to specially considered whenever a research project is initiated. Without any doubt, it plays a significant role because the researcher has to ensure that information presented in thesis is highly authentic, reliable, accurate, updated and obtained from credible sources in an ethical manner. Nevertheless, the research should be very clear, graphic and concise, yet thorough along with the evident information demnstrated in any research project. The information / data presented in the research should be permissible and identifiable for public because this allows new researchers to use this literature, to identify any perceived weaknesses and formulate new research questions and hypotheses. In addition, the researcher has to ensure that any unethical or illicit behaviour is not used to access information nor participants are exploited in any way to reveal an organisation’s core business and financial secrets. Rather, every single piece of first-hand information is attained after mutual informed consent from managers of chosen business entity. Second, it should be pointed out that this research project, which includes an analysis of both Primary and Secondary sources, does not contain any fake or fabricated data usually self-created by various false researchers who have zero inclination towards commencing any Primary Research project. Rather, they sham themselves as being the contributors to existing literature. Hence, in order to make this project worth reading for miscalleneous readers, teachers, analysts, professionals and students, the researcher will include direct quotes and statistics supported with actual page numbers so that any person could corroborate from original sources. Next, the research project does not contain any copying, imitation or plundering of existing data because all in-text citations are mentioned as well as original sources provided in References / Bibliography sections. 3.5 - Limitations and Assumptions: 1) The researcher will mainly use available secondary information provided by previous authors and institutions. The accuracy of quantitative data, facts and statistics presented or summarised by those researchers is not guaranteed. 2) The responses obtained from participants of survey may be biased or fake. 3) Representatives of IT companies may deliberately hide or refuse to share pertinent implicit information because of organisational code of conduct. References: Amit, Iftach (2010) “Cyber [Crime | War]” Security & Innovation [Online] Available at https://media.blackhat.com/bh-eu-10/whitepapers/Amit/BlackHat-EU-2010-Amit-Cyber-%5BCrime_War%5D-Connecting-the-dots-wp.pdf Lewis, James (2002) “Assessing the Risks of Cyber Terrorism” Center for Strategic and International Studies [Online] Available at http://www.steptoe.com/publications/231a.pdf Kshetri, Nir (2005) “Pattern of global cyber war and crime: A conceptual framework” Journal of International Management 11, 541–562 [Online] Available at http://www.cs.wright.edu/cop/cybw/Kshetri_Nir.pdf Kshetri, Nir (2006) “The Simple Economics of Cybercrimes” IEEE Computer Society, pp. 33-39 [Online] Available at http://see.xidian.edu.cn/hujianwei/papers/098-The%20Simple%20Economics%20of%20Cybercrimes.pdf Matus, Paul (2010) “Strategic Impact of Cyber Warfare Rules for USA” National Security Agency Civilian [Online] Available at http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA522001 Denning, Dorothy (2001) “Obstacles and Options for Cyber Arms Controls” Arms Control in Cyberspace [Online] Available at http://faculty.nps.edu/dedennin/publications/Berlin.pdf Wilson, Clay (2005) “Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress” Congressional Research Service [Online] Available at http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA444799&Location=U2&doc=GetTRDoc.pdf Boyd, Bradley (2009) “Cyber Warfare: Armageddon in a Teacup?” University of California, [Online] Available at http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA512381 Shackelford, Scott (2009) “From Nuclear War to Net War: Analogizing Cyber Attacks in International Law” Berkeley Journal of International Law, Vol. 27(1) pp. 191-252 [Online] Available at http://www.boalt.org/bjil/docs/BJIL27.1_Shackelford.pdf Read More