Problems of counteraction to computer crimes and cyber terrorism
New opportunities of the Internet transformed many legal forms of activity, having cut down terms, simplified procedures of arranging deals and reduced distance between contracting parties along with increasing attendant costs. Almost no one controls modern computer networks. At the beginning, almost no one could foresee that it was possible to attack, steal data or money through the Internet. Information security became one of the most crucial social tasks. Topicality of the given article is conditioned by thousands of revealed annually attempts to illegally interfere with bank, military and corporative networks. According to most experts, today this phenomenon poses greater cyber security threat than 5 years ago. In spite of law enforcement and special services efforts directed to fighting computer crimes and cyber terrorism, their quantity, unfortunately, is not reducing, and vice versa their social danger is constantly growing. Under present day conditions, face of terrorism is changing, appearance of so-called cyber terrorism illustrates this trend. Actuality of observed in this article issues is determined also by the necessity of law enforcement to maintain scientifically based recommendations on computer crimes and cyber terrorism counteraction in view of newly passed Concept of National Security of Ukraine.
Number of crimes committed in cyber space is growing impetuously. Now we have 60 thousand of known different virus programs, the number of data bases and network breaches is increasing. According to estimation of many analysts, the character of hackings is changed now fundamentally. Earlier hackers acted generally alone, now we should speak about hacker groups.
Annual losses from illegal activity applying new Internet technologies are over $ 80 billion. Manufacturers and bankers spent about $ 30 billion on fighting hackers and viruses last year.
Now international terrorism has different face and nature than 10-15 years ago. Terrorists have at their disposal more powerful financial base, high tech opportunities and huge military potential. Terrorists employ computer technologies and the Internet along with traditional kinds of frightening. For example, well known sect Aum Sinrike (AS) worked on creating electromagnetic impulse cannons that can destroy computer systems, they carried out experiments on creating new dangerous network viruses, also recruited new members in the Internet.
Arabian Electronic Jihad Team (AEJT) declared about its existence in the beginning of 2003 year and about their goal to conquer the Internet. They said they would destroy all Israeli and American web sites and also all other “improper” sites. In August 2003, an overall electricity break happened in USA, resulting in preliminary material damage of $ 2-6 billion. During investigation of this accident, new facts showed that fails in computer networks were the main reason for emergency accident. “Blaster” worm jammed communication channels between control centers on the day of cascade breakdown. In a result, time of data transfer significantly increased and personnel didn’t manage to prevent breakdown development. And it is really difficult to say now whom to blame for this: Blaster or terrorist gang “Abu-Nafsa Brigade”.
Hacker activity directed to hacking of bank computer systems causes serious anxiety of law enforcement.
Several months ago Ukrainian hackers had attacked computer payments system of The Royal Bank of Scotland Group (Great Britain). As a result the system of payments (WorldPay) was put out of action. The Royal Bank of Scotland took measures to renew the computer system of retail payments. By means of this system The Royal Bank served 27,000 clients by WorldPay and accepted payments on Visa, MasterCard, Diners and Eurocard in more than 27 countries all over the world.
Maxim Kovalchuk, 25 years old resident of Ternopol, Ukraine, who, as known, was arrested in Bangkok, was nominated as the “Best hacker” of October. As experts assert, he is one of the most dangerous hackers in the world and had caused damage of 100 million USD to leading computer companies of the USA.
On our opinion, owing to application of the newest information technologies on the criminal purpose, today this phenomenon poses more serious danger, than 5 years ago and also it results in increasing vulnerability of information infrastructure of our state. Despite efforts of many countries aimed at fighting cybercrimes, their number did not decrease, and, on the contrary, is constantly increasing. And Ukraine is also involved in this negative process.
According to official statistics of Economic Crime Unit of the Ministry of Internal Affairs of Ukraine [1] for 11 months of 2003 year there were 119 criminal cased initiated on computer-facilitated crimes. For comparison: in 2001 year 7 cybercrimes were revealed, in 2002 – 25, for 6 months of 2003 - 51 crime. The most common are offences with ids (logins - passwords, PIN-codes) which are committed both by outsiders, and workers of communication and Internet services companies; infringement of information of restricted access applying remote access technologies.
National infrastructure is associated with the Internet and obviously is becoming convenient target for cyber terrorism. Terrorists can be, first of all, interested in control systems of nuclear reactors, large storages of strategic raw materials (gas, oil), systems of water supply and electric power distribution, traffic centers, communications, secret biological labs, chemical plants.
Legal criminal problems in sphere of information relationship are getting particular actuality, in view of such situation. It is necessary to agree with opinion of A. Muzyka and D. Azarov [2] that theoretical concept of computer information crimes is the most controversial. Significant amount of scientists refused to develop it. So, experts in field of criminal law of European Council, during development of recommendations on counteraction to computer crimes, only list such offences and give up to give a certain definition.
V. Krylov [3] suggests, as alternative, more wide concept of “information crimes”, that allows to leave field of certain technical facilities. However, in respect to development and improvement of methods for concerned crimes, abstracting from certain technical means won’t allow to give full criminalistic definition of such crimes, it will be of little use and too bulky for practical application. It will make examination of tactical peculiarities of operative search, control revision, other measures and investigatory actions significantly difficult. Also it will make main regulations on tactics of special knowledge application dimmer in respect of revealing and investigating crimes of such group.
V. Bykov, A. Nekhoroshev, V. Cherkasov [4] point out that conditionally opinions of specialists on computer crimes can be divided into three groups:
- Computer crimes are separate kind of criminal activity.
- Computer crimes are not a separate kind of crimes, they should be qualified as common, traditional crimes. At this, computer is an object of a crime, instrument of a crime, mean with help of which crime is prepared and environment where it is committed.
- There is broad interpretation of computer crimes concept, it covers all infringements of relations and connections of people, that mean application and using of computer facilities.
While analyzing current law, mentioned authors say that criminal legal regulation in computer-related crimes does not comply with reality in full extent. Number of existing (or probable in nearest future) criminal actions cannot be qualified according to the current Criminal Code. In number of cases they suggest to widen qualification features for crimes by introducing a definition “with use of computer technologies” (when its application obviously sharpens danger of certain crime).
Free access to information, information technologies and the Internet give relatively secure ways of carrying out information wars. Foreign analysts note that number of cyber activists that mean to extend movements of civil disobedience to cyberspace is growing. At this they apply new kinds of civil disobedience – electronic protest – instead of traditional (blockage of highways, buildings of state authorities, public buildings and premises of corporations). Work of D. Denning [5], a well-known expert in this field, is devoted to research into the Internet network as an instrument for influencing external policy. Author inquires three aspects of possible activity in the Web: social activity, hacking and cyber terrorism.
Electronic or cyber terrorism is intentional, politically motivated attack on information, processed by computer, computer system and network that would create danger for life or health of people, or other weighty consequences, if these actions were committed on purpose of violating social security, frightening of population, provoking armed conflict. Causing or threatening to cause damage is a peculiar warning about possible more weighty consequences if conditions of cyber terrorist are not fulfilled. Typical feature of cyber terrorism and its distinction from cyber criminality lies in its openness, when terrorist’s requirements are widely announced.
Cyber criminality is criminality in so called virtual space. Virtual space can be defined as fashioned with help of computer information space where data on persons, objects, facts, events, phenomena or processes are represented in mathematical, symbol or any other way and are transferred via local and global networks, or data stored in other physical or virtual device, or other carrier, designed for its storage, processing and transmission.
Conflict in Kosovo is considered as the first Internet-war [6]. Governmental figures and individuals aspired to use Web for distribution of information, carrying out propaganda, causing damage to opponents, recruiting new adherents. Hackers used networks for condemnation of military actions of both Yugoslavia and NATO, by breaching government computers and obtaining control on websites. Politicians and public figures used World Wide Web so that their slogans could reach as much audience as possible. People all over the world discussed controversial questions and exchanged text, images and video that could not be found in other mass media means. In April 1999, Los-Angeles Times newspaper wrote that conflict in Kosovo transformed cyber space into virtual battle field, where war is waged for minds and hearts with help of electronic images, mass emails and hacker attacks.
One of the key factor in fighting computer crimes and cyber terrorism is improvement of legal provision and efforts’ coordination aimed at counteraction to such dangerous in conditions of global informatization phenomenon as cyber terrorism. Several countries including USA had directed initiatives to conclude mutual agreements on juridical support, extradition, investigatory authorities’ delimitation, unification of laws so that cyber criminals can be impled even in case when crime crosses borders. These initiatives are concentrated on solving such problems as computer fraud, child porn in the Internet, electronic piracy, all kinds of illegal access. Actions of governments on waging cyber war and using cyber attacks, as military weapon, fall under these agreements too.
In July 1996, President Clinton announced about forming President’s Commission on Critical Infrastructure Protection (PCCIP). In October 1997 report, Commission informed that “threats to critical infrastructure are real and, through interdependence and interrelation, infrastructures can be vulnerable to new kinds of attacks”. Intentional exploitation of such weak spots may rouse serious after effects to economy, life and health.
PCCIP also noted that cyber threats changed the whole scenery. “In the past we were protected from attacks on infrastructure by broad oceans and friendly neighbors. Today cyber threats’ evolution fundamentally changed the situation. There are no national borders in cyber space. Potentially dangerous cyber attacks may be planned and prepared without their preparation detection. They can be invisibly investigated, rehearsed in secret and then fulfilled in minutes or even seconds without identification of an attacker or establishing his allocation”.
PCCIP concluded that in estimating of both threats – physical and cyber – “physical means that use physical vulnerability remain today the most probable and disturbing threat for critical infrastructure. But almost all interrogated groups showed anxiety about new cyber vulnerabilities and cyber threats. They underlined importance of developing approaches in protecting infrastructure from threats before these threats arise and cause tremendous damage to such systems. PCCIP recommendations led to the Protecting America’s Critical Infrastructures: Presidential Decision Directive 63.
PDD-63 set up a new structure to deal with this important challenge:
- a National Coordinator whose scope will include not only critical infrastructure but also foreign terrorism and threats of domestic mass destruction (including biological weapons) because attacks on the US may not come labeled in neat jurisdictional boxes;
- The National Infrastructure Protection Center (NIPC) at the FBI which will fuse representatives from FBI, DOD, USSS, Energy, Transportation, the Intelligence Community, and the private sector in an unprecedented attempt at information sharing among agencies in collaboration with the private sector. The NIPC will also provide the principal means of facilitating and coordinating the Federal Government’s response to an incident, mitigating attacks, investigating threats and monitoring reconstitution efforts;
- An Information Sharing and Analysis Center (ISAC) is encouraged to be set up by the private sector, in cooperation with the federal government;
- A National Infrastructure Assurance Council drawn from private sector leaders and state/local officials to provide guidance to the policy formulation of a National Plan;
- The Critical Infrastructure Assurance Office will provide support to the National Coordinator’s work with government agencies and the private sector in developing a national plan. The office will also help coordinate a national education and awareness program, and legislative and public affairs.
In June 1997 National Security Agency carried out tests of critical systems that are potentially vulnerable to cyber attacks. The goal was in determining vulnerability of military computers and some civil infrastructures to cyber attacks. Certain parts of military infrastructure were under cyber attack, including Pacific Command of US at Hawaii, that observed 100 000 squads in Asia. At this one person was an attacker, second person had to watch systems and be able to repulse cyber attack. Using only available hacker tools that can be easily found in the Internet, hackers of NSA had successfully obtained access to many systems. They draw a conclusion that activity of military infrastructure can be interfered and deployment military of troops can be hindered. Trainings included drafting scenario for attacking 911 emergency system. It was supposed theoretically that if hackers sent many emails all over the country saying that 911 service has some problems, many curious people would call 911 immediately and this would cause system overload. There were no attacks carried out on civil infrastructures.
Vulnerability of commercial infrastructures to cyber attacks was demonstrated repeatedly by results of different reviews similar to the mentioned above. There is no evidence of greater or less vulnerability of commercial systems as compared with governmental.
As was mentioned, in six weeks after terrorists had attacked New York and Washington, US Congress adopted new antiterrorism law, known as 2001 year Act. Similar processes are observed in Europe. Issues of regulating computer networks usage are in the list of the most priority. Urgent measures are also developed in Japan, France and UK.
There is a separate article on terrorism and actions of terrorism direction in the current Criminal Code of Ukraine. Article 258 – Terrorism Act – consists of number of rules that provide for criminal liability for committing terrorism act. Disposition of this article defines terrorism act as application of weapons, accomplishment of explosion, burning or other actions that create danger to life and health of people, causing significant material damage or other weighty consequences if these actions were perpetrated in order to violate social security, population frightening, armed conflict provocation, international complication or in purpose to influence on decision making, commitment or non-commitment an action by state or local authorities, officials, or attracting attention of public to certain political, religious or other judgement of a terrorist and also threat of committing mentioned actions on the same purpose.
The Criminal Code of Russian Federation such socially dangerous actions fall under force of Article 205 – Terrorism. It defines terrorism as “accomplishment of explosion, burning or other actions that create danger to life of people, causing significant material damage or other socially dangerous consequences if these actions were perpetrated on purpose of social security violation, population frightening or influencing on decision making of authorities and also committing mentioned actions on the same purpose.
Definition of terrorism in Article 2 of Fighting Terrorism Law 1998, emphasize three aspects of terrorism activity:
- violence or threat of its application to individuals or organizations, also destruction (deterioration) of property and other material objects, creating danger of loss of life, causing significant material damage or other socially dangerous consequences, committed on purpose of violating social security, population frightening or influencing on authorities to make decisions, favorable for terrorists or satisfaction of their unlawful material and/or other interests;
- violating life of civil or public figure, committed on purpose of cessation of his state or other political activity or in revenge for such activity;
- attack on representative of other country or official of international organization that are under international protection, as also on office or transport facilities of persons that are under international protection, if it is committed on purpose of provoking war or complication of international relationship.
July 30, 2003: a National Security of Ukraine Law enured. This law defines list of 67 threats to national interests and security of the country. Computer crimes and cyber terrorism are named among prior threats to national security of Ukraine.
Nowadays cyber terrorism poses peculiar social national and international danger. In this relation, it is particular measure of terrorism activity with specific causal background and particular actions are needed in order to control it and fight against.
Similar terrorism activity, as well as any other, can be carried out by alone or groups of persons, but still the important subjects of cyber terrorism are organized criminal groups, criminal communities and criminal organizations of national and transnational character.
Preventive measures and control over cyber criminality in Ukraine is a complex problem. Today laws should meet requirements made by modern technologies development. Law enforcement, special services and judicial system cooperation, their efforts coordination and their material security are priority directions. None of the countries is able to prevent cyber crime independently and international cooperation in this field is vital.
[1] A. Koryagin, Computer and internet technologies crimes: urgency and problems of fighting with them. - http://www.crime-research.ru/library/Koragin.html [2] A. Muzyka, D. Azarov, Main concept of computer information crimes. - http://www.crime-research.ru/library/Muzika.html. [3] V. Krylov, Information computer crimes, - Moscow: Infra-M-Norma, 1997, p. 11. [4] V. Bykov, A. Nekhoroshev, V. Cherkasov, - Improvement of criminal liability for crimes related to computer technologies, Criminal law, 2003. #3, p.9-11. [5] Dorothy E. Denning Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy. - http://www.crime.vl.ru/docs/stats/stat_92.htm. [6] T. Tropina, Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, - http://www.crime-research.ru/library/Tropina0104.html.