The rapid development of computers and networks, including the Internet, has brought huge benefits to people and organizations around the world. With this development comes a threat, as these systems have become a major target of attackers. Additionally, computers have become a tool and a resource for people who want to attack or commit crimes using computer technology. The world has become an increasingly interconnected. A person with a laptop can sit in a restaurant in Instanbul and pay bills, trade stocks, transfer funds between bank accounts, and chat with friends across the world via the Internet. These are the conveniences that many have become accustomed to with today’s communications technology. People in the same scenario with bad intentions could use a stolen identity to grab funds from a victim’s checking account, hack into the stock exchange, or create and send a Trojan horse to spread around the world to gather private information. These are just a few examples of the benefits growing network technology brings, while also highlighting how this easy access can also be a threat.
To set the stage of this threat, it is important to realize that the world is highly connected. Cisco predicts that 50 billion devices will be connected to the Internet by the year 2020. The company’s analysis claimed that 8.7 billion devices were connected to the Internet in 2012. These devices can range from items for personal use such as a smartphone, tablet, laptop, or desktop computer all the way to an Automated Teller Machine (ATM), military network, computers and machines in a water treatment facility, to the processors controlling our electrical system.
Cyber attacks usually consist of directed intrusions into computer networks to steal or alter information or damage the system. Malicious code, such as viruses or worms, can propagate from computer to computer and disrupt their functionality. Denial of service attacks can bombard networks with bogus data so they cannot function properly. Using these types of intrusions, cyber attackers could target financial institutions, communication systems, energy infrastructure, government operations, hospitals, and many more functions that rely on computer networks to operate. Whereas cyber attacks used to be something that were only a nuisance in the I.T. industry, they now have become something that can disrupt the entire U.S. economy. This would affect individuals across the country as well as endanger national security. The ripple effect of this type of disruption would hit the international community as well.
Due to the nature of networked computers (the Internet), attacks no longer require the perpetrator to be in close proximity to the victim. Cyber attacks can be launched from anywhere in the world, at breakneck speed, and at extremely low cost. Additionally, our current technology makes it almost impossible to predict ahead of time when an attack may occur. Also, since cyber attacks require only a computer and an Internet connection, there is not much of a barrier to entry. This means anybody from teenage hackers in their parents’ basements to terrorist groups to actual country-sponsored terrorism have the capability to wreak havoc. The amount of damage inflicted on the victim mostly depends on the level of defenses and technological skill put in place by the target. This has become such a problem that there have been entire segments of government agencies created or restructured to fight and prosecute cyber crime. One example is the FBI’s Cyber Crime Unit and the U.S. Department of Justice’s Computer Crime section.
There are many different motivations for these cyber attackers and criminals. Some many choose to attack just to practice or prove their skills to others. Some may be intent on stealing credit card information or other personal data. Some may be in it for extortion purposes. Still others could be foreign groups or governments trying to steal military secrets or wanting to cause damage to the U.S. economy, infrastructure, or the military. In some cases we may not even know or understand the motive behind attacks.
Nigeria, an African country often attributed to hosting criminals perpetrating computer crimes around the world, brought stakeholders together recently to discuss how to facilitate information security, reduce security breaches, and steps to contain cyber crime in Africa. At the conference, Dr. Martins Ikpehai, chief executive officer for a security firm, went so far as to say that the third world war might be fought on the computer using different attacks launched through the Internet.
There are a lot of examples of types of computer crimes that are committed, according to Terry D. Willis. Disgruntled employees taking action out of anger, revenge, or even what they may term as harmless mischievousness, is one example. What some may consider mischief can actually be a serious computer crime. A good example given by Mr. Willis is a case of a recently graduated young accounting graduate from a California university. She had been hired by an art gallery to accomplish basic bookkeeping duties. When she learned she would not be promoted to an accountant position, she deleted the customer database and sent a false email to all of the gallery’s clients announcing that the gallery was under investigation by the Internal Revenue Service. She also mentioned in the email that a major upcoming gallery event was cancelled. Due to her actions, the art gallery was unable to successful operate for weeks, and incurred losses exceeding $400,000. This young woman’s dreams of becoming a certified public accountant were cut short when she was arrested and convicted on felony charges.
There is no easy solution to these computer crimes. The prevalence of computers, the relatively low cost of computers and Internet access, along with the high amount of connected devices makes this an area that is ripe for crime and abuse. It would be a rare person reading this blog who has not either already been the victim of some level of computer crime or known somebody who has. Going forward, the end user needs to push more for increased security methods, whereas the corporations, utilities, and other organizations should work together to come up with mechanisms to increase security. It is to be determined whether or not the government can effectively help towards increased security as well. Too much government involvement could become governmental interference. Too little government involvement would make it appear that the government doesn’t care, while also leaving it more vulnerable.