04/12/2013

Crime, Conflict and Security in Cyberspace

Today, cyberspace is where new forms of criminality are being exploited; and cyberspace has become the economic and military battlefield where conflicts of all kinds are played out. The ability to control information and telecommunication infrastructure, to respond to cyberattacks and to ensure cybersecurity offers real power and has become one of the most significant political, economic and technological issues of this twenty-first century. Information and communication technologies (ICT) have grown to become a critical part of our society’s infrastructure, and their potential misuse affects us all, from the individual citizen to private and public organizations and states. thus cyberpower has become the newest means for organisations – both legitimate and criminal – to demonstrate their capabilities.


The facts

Citizens into have been robbed, children in danger, ruined corporations, threatened states – cybercriminals are spreading their influence as fast as the Internet is developing. Since we do not see or know them, we inadvertantly trust cybercriminals, thus giving them their strength. No one is immune. Whether via the manipulation of opinion, spying, identity theft, terrorism, harassment, swindles, financial fraud or various types of crimes, cybercrime touches all of society. By simply using services offered by the Internet, users are vulnerable to criminal threat and can become a victim or an unwilling author of a crime. Cybercrime has become a reality of contemporary life. It has had greater or lesser consequences for people, organizations and states, but over a few short years, it has grown into a veritable plague on society. Information and communication technologies (ICT) allow huge amounts of information to be stored, processed, accessed, searched, transmitted, exchanged, and disseminated, regardless of geographic distance. These unprecedented possibilities lead to new services that can improve economic development and the dissemination of knowledge. But at the same time, new types of crime have appeared, as well as old crimes committed with new technologies. Spam, computer viruses, cyberattacks, and identity theft, for example, increase in frequency by the day.

Internet technologies are facilitators for many kinds of infringements: theft; sabotage of information; copyright infringements; breach of professional secrecy, digital privacy, or intellectual property; dissemination of illegal contents; competing attacks; industrial espionage; breach of trademark laws; dissemination of false information; denial of service; various frauds; money laundering – the list of possible offences goes on. Information technology resources have become the potential hostages of cybercriminals. Thus, organizations can no longer neglect these real dangers and must accept the need to protect their infrastructures, their processes, flows, and information. They must be prepared for the threat of cybercriminality, a threat that one day may become reality. Some examples from the press Cybercriminality is a reality of the world today. Not a day goes by without mention in the media of incidents relating to cybercriminal activities, as the examples below indicate. From the media

Case 1

After Anonymous ransacked think tank Stratfor’s computers and stole away thousands of credit card numbers and other personal information, it claimed to have also clipped the company’s confidential client list. That list contains sensitive information about Stratfor’s high- profile clients, such as Apple, the U.S. Air Force, and the Miami Police Department. However, Stratfor denies that Anonymous got the think tank’s family jewels. […]

Case 2

Four residents of Romania have been charged for their alleged participation in a multimillion-dollar scheme to remotely access point-of-sale systems at more than 150 Subway restaurants and other U.S. merchants and steal payment card data, the U.S. Department of Justice said.The four-count indictment, unsealed Wednesday, charges the four Romanians with conspiracy to commit computer fraud, wire fraud and access device fraud. Charged in U.S. District Court for the District of New Hampshire .

Case 3

The U.S. can expect more aggressive efforts from countries such as Russia and China to collect information through cyberespionage in areas such as pharmaceuticals, defense and manufacturing, according to a new government report released Thursday3. D.C. was an engineer with Rockwell and Boeing and was sentenced in 2010. He worked on the B-1 bomber program and was found to have 250,000 pages of documents in his house, which would have filled four, fourdrawer filing cabinets. If converted to digital format, the information would fit onto one CD. “Cyberspace makes possible the near instantaneous transfer of enormous quantities of economic and other information,” the report said.

Case 4

Sony suffered a massive breach in its video game online network that led to the theft of names, addresses and possibly credit card data belonging to 77 million user accounts. The cost to Sony and credit card issuers could hit $2 billion […] Sony Computer Entertainment and Sony Network Entertainment acknowledged that an ‘unauthorized person’ has stolen the following kinds of information that was provided by its by PlayStation and Qriocity customers: “Name, address, country, email, address, birth date, PlayStation Network/Qriocity password and login and handle/PSN online ID.

The background

The standardization of the computing and telecommunication worlds by the global adoption of Internet technologies, the dependency of organizations and states on those same technologies, as well as the interdependency of critical infrastructures, make society vulnerable to computing crimes and cybercrime. The insecurity generated by computing – criminal or not – can no longer be ignored. There is a need to rethink the security of individuals, organizations and states with reference to the possible risks. In general, three different approaches can be adopted: accept, transfer, or control the risks. In an information society, acceptance would constitute a huge mistake; however, the idea of being able to transfer computing risks is downright utopic. That leaves one option. We have to control the risks by developing an educated culture regarding security, while respecting the democratic values of our society. Cybercrime forms a continuation of classic criminality wherein the computer, with the programs and data that are inside and the networks it uses, can become both a target of an attack and a means of carrying one out (Figure 1.2). Cybercrime benefits its sponsors. Organized crime has quickly understood how to take advantage of information and communication technologies to communicate, organize, and identify both victims and opportunities, thereby increasing efficiency in drug and human trafficking, illegal commerce of rare or protected species, money laundering, selling of counterfeit products, or other economic crimes. As a side effect, criminality also benefits legal enterprises that take advantage of insecurity, such as antivirus or anti-spam providers, vendors and consultants of computing security products, without forgetting those who:

• generate fear in order to destabilize, manipulate, sell, or influence decision processes with different objectives;
• sponsor attacks to increase security budgets where they find a certain benefit;
• directly benefit from the overflow of information generated by spamming (Internet, storage and infrastructure providers);
• enrich themselves from money laundering;
• take advantage of industrial spying performed through the Internet or of actions against a country or institution’s image.

The synergy and the convergence between mob crime, economic crime, and cybercrime require a complete multilateral and transnational answer to satisfy requirements for protecting national security, organizations, or individuals. This answer will be linked to the sensitization of the actors to the stakes of controlling security, to the criminality in question, and to the elementary precautions that, if clearly announced and defined and intelligently used, will reinforce the actors’ confidence in ICT technologies while limiting criminal opportunities.

Cybercrime is not only a matter for international awareness, the subject of political and judicial debates, and the basis for technological, sociological and economical research, but also an issue that concerns everyone and cannot be understood from one single perspective, or apprehended in a uniquedimension, be it legal or technical. Only an interdisciplinary approach to the phenomenon of cybercriminality leads to the understanding required to define appropriate preventive and reactive measures.

The challenges

cyber.jpgFighting effectively against cybercrime requires a strong political position that brings together public and private bodies and mobilises them to work together nationally and internationally. Let us hope that such collaboration could be operational quickly, given the stakes of the war against cybercrime,and the way that success would benefit the whole of society and the economic stability of a country. “We do not inherit the Earth from our ancestors, we borrow it from our children,” remarked Antoine de Saint-Exupéry. In a similar way we have not inherited the Internet or cyberspace in general, but are building it for our children. We have to be participants, aware that the information society is under construction, aware that changes are being driven by the commercial logic of information technologies. This understanding will oblige us to ask ourselves what we can expect and accept from these technologies and of the criminality that they permit Information security is a matter of state sovereignty, national security, the cultural heritage of nations, and the protection of critical infrastructure, systems, networks, goods and values. As of recent years, the computer has also impacted personal security.

While technical security measures have to be developed and implemented, concomitant legal measures have to exist to prevent and deter criminal behaviour. In the general context of dependencies and interdependencies of ICT infrastructures, society has to have an effective justice and police system in order to master computer related crimes.

It has become imperative that states not only introduce measures to fight gainst cybercrime, but also to control the security of their information technologies infrastructures. Information security and cybersecurity constitute a driving force for the economic development of regions and must be implemented simultaneously with the development of the infrastructure. Organizing the protection and defence of the values of our information society must account for criminal threats and the growing convergence of organized crime, economic crime, and cybercrime. A comprehensive, multilateral, international response is required, and it must satisfy the security needs of countries, organizations and individuals. Many different points of view, needs, and participants should be taken into consideration in order to find an acceptable compromise between “freedom” and “security.” It is also necessary to take up the challenge of simple and effective security as opposed to the complex environment in which security must be implemented. It is not necessary to search for “best practices,” but rather find good practices for each participant, including law enforcement activities. The global information society and knowledge economy are constrained by the development and overall acceptance of an international cybersecurity framework. The validity of such a framework or model requires a challenging multi-dimensional and multi-stakeholder approach for everyone – from individuals to organizations to states.

Cybercrime is not restricted by geographic or national boundaries. A criminal can be located in a country different from the one in which the crime is committed. This presents a fundamental legal question in light of technical possibilities. Domestic laws are confined to specific territories, but electronic exchanges or data flows do not know any geographic boundaries. The only possible answer is to address legal issues related to cybersecurity and cybercrime at an international level. Within the context of the Internet and cyberspace, it is essential to adopt adequate international frameworks and instruments that respect human rights.


Too often, the complexity of technology benefits cybercriminals. However, this is not an insurmountable problem. Even if the security solutions available are sometimes fallible, this book demonstrates that it is wrong to think that we are unarmed against this new criminality. Largely illustrated by real cases, it proposes a clear synthesis of what cybercriminality is and the means by which it is carried out. It presents key methods for learning how to identify threats, to avoid risky behaviour and to discover multiple forms of cybercrime on the Internet. This book also provides pragmatic answers for people who use the Internet for private or personal reasons and have concerns about risks, threats and security.

Extract from Cyber Power 
By Solange Ghernaouti 
Published by the Presses polytechniques et universitaires romandes

Les commentaires sont fermés.