Chapter 10<\/p>\n
Terror attacks have been a substantial problem around the world, driven in large part by regional interests and issues. For instance, members of various Irish Republican Army (IRA) groups engaged in terror attacks against English targets from the mid-1970s through the early 2000s. Similarly, domestic extremist groups within the USA have engaged in a number of attacks over the past few decades, such as Timothy McVeigh\u2019s 1995 bombing of a federal building in Oklahoma City, Oklahoma (Schmid and Jongman, 2005).<\/p>\n
The terror attacks of September 11, 2001 in the USA, however, demonstrated the substantial threat posed by international terror groups who may operate in nations around the globe, though their agendas and interests may not be directly caused by their target (Schmid and Jongman, 2005). Major terror incidents have occurred worldwide, including attacks against commuter trains in Madrid, Spain in 2004, various targets in Mumbai, India in 2008, as well as more recent attacks such as the Bataclan Theater in Paris, France in 2015 and the Ataturk Airport attack in Istanbul, Turkey in 2016.<\/p>\n
Although these incidents were perpetrated by radical Islamist extremist groups such as the Islamic State of Iraq and Syria (ISIS), various entities have attempted or succeeded in committing attacks of all sorts. For instance, various domestic extremist and radical groups in the USA are responsible for more combined deaths than that of Islamic radicals generally (Caspi, Freilich, and Chermak, 2012). As a consequence, physical security measures have been implemented in order to increase the successful identification and disruption of further attacks. The USA have radically changed their airport screening procedures to identify dangerous materials prior to entering flight terminals. In addition, many governments have recalibrated their law enforcement and intelligence-gathering agencies to focus on the prevention of terror and increased collaborative information-sharing programs.<\/p>\n
Although the focus on real-world attacks is an obvious necessity due to the tremendous potential for civilian casualties and property damage, there has been less attention paid to the prospective threat of attacks through cyberspace. This is surprising, since virtually all industrialized nations are dependent on technology in order to engage in commerce and manage utilities, like water and power, as well as communications. A carefully targeted attack against any critical infrastructure resource could cause serious harm to the security of the network and potentially cause harm in the real world. Such a scenario has become increasingly popular in media and films, as in the movies Live Free or Die Hard and Skyfall, where groups of cyberterrorists compromise traffic control systems, government computers, utilities, and financial systems through a series of coordinated hacks.<\/p>\n
The sensationalized appearance of cyber-attacks in film has led to significant debate over the realities of virtual attacks against critical infrastructure. In the mid-1990s, when the World Wide Web and computer technologies were being rapidly adopted by industrialized nations, individuals in government and computer security theorized that such attacks were possible (Drogin, 1999; Verton, 2003). For instance, Deputy Secretary of Defense John Hamre and Richard Clark, an advisor on cyber-security, used the term electronic Pearl Harbor to refer to a cyber-attack against the USA that would take the nation by surprise and cause crippling harm (Verton, 2003). The lack of concrete evidence that such attacks were happening led some to dismiss these claims.<\/p>\n
Their predictions, however, were surprisingly accurate, given the scope of attacks occurring around the world on a regular basis. There are now numerous examples of hackers gaining access to sensitive electrical grid networks and sewage control systems around the world. Perhaps most concerning is the emergence of military entities engaging in systematic attacks against corporations and government networks. In fact, the security firm Mandiant (2013) recently published a report linking multiple years of attacks to a single unit of the People\u2019s Liberation Army of China (PLA) that was previously unidentified. This group, designated Unit 61398 in the Third Department of the General Staff Department of the PLA, is thought to be staffed by dozens if not hundreds of workers with specialized knowledge of computer security and network attacks. The unit has actively compromised various targets for years, including attempts to gain access to companies managing electrical grids and pipelines for oil and gas. In addition, the attackers were able to stay inside of targeted systems for up to a year at a time and maintain backdoor access to systems. As a result, Mandiant refers to their attacks as Advanced Persistent Threat (APT) 1 due to their persistence and effectiveness. Such high-level attacks with direct connections to the military suggest that we may be in the middle of a new \u201ccold war\u201d that is otherwise unknown to the citizens of these nations.<\/p>\n
For more on the APTI report, go online to: http:\/\/intelreport.mandiant.com\/Mandiant_APT1_Report.pdf.<\/p>\n
These issues raise complex questions about the very nature of how these threats should be viewed and who has the responsibility to respond. For instance, when does an event move from being viewed as a crime to that of an act of war? Should cyberterror be defined or viewed differently from traditional acts of terror? This chapter will attempt to address these questions in a systematic fashion. First, we will define crime, terror, cyberterror, and war. In addition, the ways in which extremist groups and terror organizations use the Internet in order to support their activities or engage in attacks will be explored in detail. Finally, the legislative efforts in place to deal with terrorism as well as coordinate the response to cyberwar will be discussed in depth.<\/p>\n
For more debate on the controversies of an electronic Pearl Harbor, go online to:<\/p>\n
http:\/\/blog.radware.com\/security\/2013\/12\/electronic-pearl-harbor\/<\/p>\n
www.washingtonpost.com\/blogs\/innovations\/post\/digital-deterrents-preventing-a-pearl-harbor-of-cyberspace\/2010\/12\/20\/gIQASNKyoL_blog.html.<\/p>\n
Defining terror, hacktivism, and cyberterror<\/p>\n
In order to understand the problem of terror, online or offline, we must first understand its relationship to crime. Both criminals and ideologically driven extremist or terror groups may use the same skills or behaviors in the course of an activity. Many nations charge terrorists under criminal statutes (Brenner, 2008). One way that we may be able to discern the differences between these behaviors is to consider both the motive of the actor and the number of people harmed. Criminals often target single individuals in order to increase their likelihood of success and are often driven by economic or emotional desires. For instance, an individual may assault another individual in order to get money in the course of a robbery or kill a person in retribution or cold blood. A terrorist or extremist group, however, tends to target large groups of people or physical locations that can cause massive collateral damage while at the same time drawing attention to a specific ideological, political, or religious agenda. In addition, many acts of terror are designed to target innocent people in order to cause general panic and fear among the larger populace, rather than simple economic gain (Brenner, 2008).<\/p>\n
Recognizing the role of motivation is necessary to identify an act of terror. There are, however, a wide range of activities which people engage in that express their political or ideological beliefs. Thus, it is necessary to situate acts of terror within the spectrum of political behaviors online and offline, ranging from non-violent expression to serious physical violence (Holt and Kilger, 2012; Schmid, 1988, 2004). There are myriad forms of non-violent resistance in which individuals engage on a day-to-day basis. Prior to the emergence of the World Wide Web, individuals could express their dissent with political positions through letter-writing campaigns to print media outlets as well as their legislative representatives. Freedom of speech throughout the industrialized world also enables individuals to express their opinions in public settings, regardless of how negative they may be. The Web has extended this capability, as individuals regularly post messages about their views on politics and social issues on Face-book, Twitter, and other social media (Martin, 2006; Schmid, 1988, 2004). In fact, individuals now contact politicians and representatives through the Internet at the same rate as postal mail and telephone (Best and Krueger, 2005).<\/p>\n
The development of social media has had a substantive impact upon the acceptance and growth of social movements across the globe. Individuals posting messages on Facebook, YouTube, or web forums can have their message viewed by others who share their point of view, or who may come to support their cause through convincing stories (Ayers, 1999; Chadwick, 2007; Jennings and Zeitner, 2003; Stepanova, 2011). The use of social media to develop networks of social support is crucial in the formation of a collective identity that can move into real spaces in order to affect social change. This was demonstrated during the Arab Spring protests across the Middle East in 2009, as participants planned and promoted their activities via social media (see Box 10.1 for details). Similar steps were taken by protesters in the USA opposing the Dakota Access Pipeline, a major oil pipeline that would be built near Native American tribal lands (Dreyfuss, 2017). In fact, social media allow for the formation of so-called flash mobs, where individuals coordinate organized activities, like dances or organized marches, through Facebook or Twitter which take others by surprise. In turn, videos and messages posted online about the events are able to generate additional attention to their causes. Thus, organized forms of non-violent expression can be enabled by virtual experiences and communication (Chadwick, 2007; Earl and Schussman, 2003; Jennings and Zeitner, 2003; Stepanova, 2011; Van Laer, 2010).<\/p>\n
Box 10.1 The use of technology in protest activities<\/p>\n
www.huffingtonpost.com\/andrew-lam\/social-media-middle-east-protests-_b_1881827.html?.<\/p>\n
From Arab Spring to autumn rage: the dark power of social media<\/p>\n
Mohamed Bouazizi [.] set himself on ablaze protesting police corruption, became literally the torch that lit the Arab Spring revolution that spread quickly throughout the Middle East. Bouazzi achieved this in his very public death because many who had cell phones recorded his protest and the subsequent videos kick-started the uprising.<\/p>\n
This article describes the Arab Spring uprising and how social media and cell phone technology engendered these events. The content provides a valuable example of how everyday technologies can be used to subvert the status quo in government and society as a whole.<\/p>\n
Political expression in the real world can also include the use of destruction or vandalism in order to express dissent (Brenner, 2008; Denning, 2010; Holt and Kilger, 2012). For instance, individuals may deface images of politicians or burn flags in order to express their dissent over a nation\u2019s position toward an event. In virtual spaces, individuals may engage in similar forms of vandalism against websites or specific resources in order to express their disagreement with a policy or practice (Denning, 2010; Woo, Kim, and Dominick, 2004). One such example is an individual claiming to belong to the Animal Liberation Front (ALF) who defaced the website of a fur and leather retailer. The hacker also added the following message to the content of the site:<\/p>\n
To the owners of \u201cThe twisted pine fur and leather company\u201d you have no excuse to sale [sic] the flesh, skin and fur of another creature. Your website lacks security. To the customers, you have no right to buy the flesh, skin or fur of another creature. You deserve this. You\u2019re lucky this is the only data we dumped. Exploiters, you\u2019ve been warned. Expect us.<\/p>\n
Can you really put that much faith into the security of a company that sales [sic] the fur, skin and flesh of dead animals to make a profit?<\/p>\n
We are Anonymous.<\/p>\n
We are Legion.<\/p>\n
We do not forgive.<\/p>\n
We do not forget.<\/p>\n
We are antisec.<\/p>\n
We are operation liberate.<\/p>\n
Expect us.<\/p>\n
This simple message quickly expressed their point of view and disagreement with the company\u2019s practices. In addition, the hackers indicated that they were able to view the customer database information maintained by the company, and that they could potentially steal the credit and debit card information of individuals who had purchased goods through the site.<\/p>\n
This sort of attack is what some researchers refer to as hacktivism, in that the actors use hacking techniques to promote an activist agenda or express their opinion (Denning, 2010; Jordan and Taylor, 2004; Taylor, 1999). Such an attack may be illegal, but it does not create a high degree of fear or concern among the larger community (Jordan and Taylor, 2004). As a result, hacktivism provides a way to classify criminal acts of protest involving hacking techniques that are in some way analogous to offline political action (Denning, 2010). The use of this term, however, does not help refine our understanding of cybercrime or terror, as it is more a nebulous concept than anything else.<\/p>\n
For more on hacktivism, go online to:<\/p>\n
https:\/\/opinionator.blogs.nytimes.com\/2013\/01\/13\/what-is-a-hacktivist\/<\/p>\n
www.thenation.com\/article\/154780\/wikileaks-and-hacktivist-culture.<\/p>\n
At the most extreme end of political expression are planned acts of violence in support of a social agenda, typically referred to as terror (Schmid, 2004). This may include the creation of major explosions, such as the Oklahoma City bombings of the early 1990s in the USA, or the 9\/11 attacks on the World Trade Center. These incidents can cause massive harm to both people and property, and generate fear of future attacks (Martin, 2006; Schmid, 2004; Schmid and Jongman, 2005). Although there is no single agreed-upon definition for what constitutes an act of physical terror, these elements are present in almost all of the existing frameworks used (Schmid and Jongman, 2005).<\/p>\n
The definitional issues present for physical terror are exacerbated when attempting to define what constitutes cyberterror. In fact, the term cyberterror developed in the mid-1990s as technology was increasingly adopted by consumers and industry alike (Foltz, 2004). Increasing focus was placed on defining physical terror through the use of violence to promote fear; this challenged the notion of cyberterror, since there have been few instances where individuals in the real world have experienced any physical harm from a cyber-attack (Britz, 2010; Denning, 2010; Foltz, 2004; Martin, 2006; Pollitt, 1998).<\/p>\n
An attack against the electronic infrastructure supporting financial institutions or power grids, however, could produce a catastrophic loss of service that results in economic harm or disruption of vital services (Brenner, 2008; Britz, 2010; Brodscky and Radvanovsky, 2010; Denning, 2010). For instance, if an attacker was able to knock out power to a major city, this could potentially result in significant dollar losses for corporations and lead to physical death if outages affected hospitals or medical services. The unexpected nature of such an attack would also, no doubt, generate panic over the prospect of future attacks occurring with almost no warning. Such fear and concern over cyber-attacks may rival that of a physical terror incident (Britz, 2010; Denning, 2010; Kilger, 2010). As a result, physical harm may be less relevant in the definition of cyberterrorism compared to the fear that may stem from such an attack.<\/p>\n
It is also important to recognize that some terror or extremist groups may not attempt to use the Internet as an attack vehicle. Instead, they may simply find value in using online communications in order to contact others, spread their message globally, and engage in fundraising activities to support their cause (Britz, 2010; Foltz, 2004). For instance, there has been substantial concern over ISIS using various encrypted applications such as WhatsApp and Telegram to communicate (Rotella, 2016). The use of various instant messaging protocols makes it difficult to track actor networks and validate threats (see Box 10.2 for details).<\/p>\n
Box 10.2 The use of encrypted chat applications by terrorists<\/p>\n
https:\/\/techcrunch.com\/2016\/01\/16\/isis-app\/.<\/p>\n
ISIS has its own encrypted chat app<\/p>\n
Terrorists are communicating over a new secure Android app after getting kicked off WhatsApp, Telegram, and other messengers. Called \u201cAlrawi,\u201d the encrypted chat app makes it harder for governments and security agencies to spy on terrorist plans.<\/p>\n
This article provides an overview of the emergence of a new app being used by ISIS to shield its communications from government agencies and counterterror groups. The article also explains why ISIS and other groups are using encrypted apps developed in-house rather than continuing to use popular messaging apps due to the risk of identification. The implications of these developments for not only terrorist group planning but also counter-terrorism efforts are explained as well.<\/p>\n
With that in mind, a truly expansive definition of cyberterror must recognize the variations that may be evident in the way an organization uses technology to further its agenda. Criminologist Marjie Britz (2010: 97) has developed an inclusive definition for cyberterror that recognizes both of these issues:<\/p>\n
The premeditated, methodological, ideologically motivated dissemination of information, facilitation of communication, or attack against physical targets, digital information, computer systems, and\/or computer programs which is intended to cause social, financial, physical, or psychological harm to noncombatant targets and audiences for the purpose of affecting ideological, political, or social change; or any utilization of digital communication or information which facilitates such actions directly or indirectly.<\/p>\n
We will use this definition in order to frame the remainder of this chapter so as to recognize the various ways in which extremists and terrorists use technology to further their agendas online and offline.<\/p>\n
The role of nation-state vs. non-nation-state attacks<\/p>\n
Since technology may be used to facilitate acts of crime or terror, we must consider the source of an attack and how this might relate to the actor\u2019s motivation and target. With that in mind, we must define a nation-state and contextualize how it might engage in an attack. Creveld (1999) argues that a nation-state has three characteristics: (1) sovereignty, (2) territoriality, and (3) abstract organization status. Sovereignty involves the authority or power to rule, as well as to make and enforce laws within a given area. Territoriality recognizes that a state or governing body exerts power within specific, recognized borders (Creveld, 1999). The idea of \u201cabstract organization\u201d involves the concept that each state has a distinct and independent persona which is separate from that of its people. Specifically, the state is a political entity, while the culture and\/or ethnic composition of a place makes up its national identity (Creveld, 1999). For instance, the USA utilizes a democratic system of government, while its national identity is a cultural m\u00e9lange of various heritages and backgrounds based on the influx of immigrants over time.<\/p>\n
Given their sovereignty and territorial control, nation-states have the capacity to exert influence over their citizens, as well as other nation-states, in order to further their interests. As a result, some nation-states may utilize their citizen populations to engage in illegal activities in order to gain either economic or political advantage over another nation. For instance, a nation-state may encourage individual citizens to engage in the theft of trade secrets or intellectual property in order to gain economic advantage over another country with which they must compete in the open market. The originating nation may offer indirect economic support to actors in order to facilitate their activities, but it does not provide any overt recognition or direct orders that can be traced back to the government. Thus, the use of state-sponsored actors allows a government to perform illegal activities without directly engaging in the act.<\/p>\n
The role of state sponsorship in cyber-attacks that involve hacking and data theft has gained substantial attention over the past two decades. One of the most notable incidents of the past few years involved a major attack against Sony Pictures Entertainment in the USA. In 2014, a group calling itself Guardians of Peace (GOP) hacked Sony Pictures Headquarters and notified the company of the compromise by flashing a message featuring a red skull on every employee\u2019s computer, stating: \u201cif you don\u2019t obey us, we\u2019ll release data shown below to the world\u201d (Robb, 2014). The hackers used a variety of malware tools to compromise the network, eventually obtaining as much as 100 terabytes of data from the company, including personal emails, scripts, and details on all employees.<\/p>\n
The hackers dumped massive amounts of intellectual property and personal information online, including films that had not yet been released in theaters, details on employee salaries, medical histories, and embarrassing email exchanges between executives regarding various actors and film projects (Robb, 2014). They also threatened Sony employees with physical violence, and eventually any US movie theater if they screened the film The Interview, a comedy where two reporters attempt to assassinate North Korean leader Kim Jong-un (Robb, 2014).<\/p>\n
While it is possible that these attacks were driven by individual hackers without state support, it is important to note the massive quantity of data acquired by the hackers, and the use of somewhat sophisticated attack tools suggest that these were no ordinary economically motivated hackers (Zetter, 2016). In addition, the fact that they targeted Sony Pictures and made no attempt to sell the information they acquired or blackmail the company, but rather dumped it online in multiple batches over time, appears to be designed to embarrass the company and its employees (Robb, 2014). The eventual expressed interest of the hackers to prevent the company from releasing a film that painted North Korea in a negative light, even including threats of physical violence (Robb, 2014), is more in keeping with the interests of a nation-state rather than that of the larger criminal hacker community that seeks access to sensitive data. Finally, the source of these attacks has some connections to the nation of North Korea, including the use of malware containing Korean-language characters that were identified in subsequent attacks against South Korean targets (Zetter, 2016). All of these points provide circumstantial evidence that the attacks were the result of state-sponsored actors working on behalf of the North Korean government (Zetter, 2016).<\/p>\n
The lack of concrete evidence to support the role of the state in sanctioning this activity makes it difficult to identify a clear policy response. It may be best to treat this incident as a crime due to the lack of substantial evidence that the North Korean government ordered this attack to take place. The totality of circumstances would suggest it is something greater than a crime, but the use of a military response may not be appropriate. As a result, the US government engaged in a series of economic sanctions against the North Korean government in retaliation for the attacks (Robb, 2014). As such, the use of actors with no direct ties to a government entity makes it difficult to clearly define this incident as an act of crime, espionage, or war.<\/p>\n
By contrast, individuals operating without state sponsorship, or non-nation-state-sponsored actors, tend to have fewer resources at their disposal and may target resources differently in order to affect the operational capabilities of a government or corporation, gain a direct profit from data theft, or cause fear among a population. Their attacks may not be as sophisticated as those used by nation-states, but they can still prove effective, depending on the target of an attack. In addition, actors without state sponsorship do not have to operate within specific military hierarchies of command and may organize in any way necessary in order to succeed. This does not mean that there are not leaders within groups; they may be driven by a small core of actors who come together and rally others to their cause. Often, this may be done through the use of web forums, IRC, instant messaging groups, and social networking sites that enable the rapid formation of groups. Thus, non-nation-state-sponsored actors can more quickly come together to complete attacks with a wide network of participants who can just as rapidly disband upon completion of the act in the absence of chains of command or hierarchies.<\/p>\n
One excellent example of non-nation-state-sponsored attacks based on loosely connected actors is a series of DDoS attacks against US financial institutions beginning in the fall of 2012 by the group Izz ad-Din al-Qassam Cyber Fighters (Gonsalves, 2013). The attacks themselves were directed at US Bank-corp, JP Morgan Chase & Co., Bank of America, PNC Financial Services Group, SunTrust, and other institutions. The group utilized compromised web servers located in the USA as a launch point and caused some interruptions of service for the banks. It is not clear how successful the attacks were, though one estimate suggests at least seven banks were taken down for minutes to hours, depending on the institution (Gonsalves, 2013).<\/p>\n
The group indicated in posts on the website Pastebin that they were engaging in the attacks because of the treatment of the Islamic faith by the West and the US government\u2019s refusal to remove clips of a movie that disparages the prophet Mohammed from YouTube (see Box 10.3 for details). They claimed that they would engage in attacks against banks as retribution for these videos and base the duration of their attacks on the perceived damages that will result against these institutions relative to the number of times these videos have been viewed and the length of time they have been posted. While some of these institutions were able to use mitigation services to reduce the effectiveness of the DDoS attacks, it is likely the attacks will continue so long as the Cyber Fighters feel they are accomplishing some goal.<\/p>\n
Box 10.3 Ultimatum For DDoS attacks against US banks<\/p>\n
http:\/\/pastebin.com\/EEWQhA0j.<\/p>\n
Operation Ababil, AlQASSAM ULTIMATUM. [.] We, the Cyber Fighters of Izz ad-Din al-Qassam, had previously warned multiple times that, if the insulting movies not be removed from the Internet we will resume the Operation Ababil.<\/p>\n
This story provides the details of the Cyber Fighters\u2019 campaign against various financial institutions in the USA beginning in February 2013 as retaliation for the publication of a video on YouTube that insulted the image of the Prophet Mohammed. The announcement includes their future targets and demands.<\/p>\n
Since the individual hackers engaging in these attacks appeared to be motivated entirely by their religious backgrounds to target and affect business endeavors, it is reasonable to suggest that this is a crime. The religious component and the desire to change the attitudes and behaviors of the nation and the stance of those who posted the content may also lead some to call these attacks hacktivism. Regardless, it is important to consider how the role of state associations may affect both the activities of the attackers and the way in which an incident is defined.<\/p>\n
The use of the Internet in the indoctrination and recruitment of extremist groups<\/p>\n
Due to the prospective variations in the behavior and motives of actors, it is necessary to consider how technology may be used and to what ends. First and foremost, the Internet has tremendous value as a communications vehicle for extremists, terror entities, and nation-state actors. The easy and immediate access to technology, coupled with the anonymity and scale afforded by computers and the Internet, make email, forums, instant messaging, and virtually all other forms of CMC ideal for interpersonal communications. Almost every nation on earth now has some form of Internet connectivity, whether through cellular service providers, high-speed fiber optic connectivity, or even dial-up Internet access. Groups can maintain contact and reach out to others, no matter where they may be located, through plain text messages, email, or forums.<\/p>\n
The ability to communicate regularly with others from diverse backgrounds ensures that individuals can be slowly but steadily introduced to the core principles of a movement (Gerstenfeld, Grant, and Chiang, 2003; Gruen, 2005; Weimann, 2005). Constant exposure to and reinforcement of an ideology allows individuals to become accepting of an otherwise unusual perspective, and it may eventually enable the acceptance of an extremist ideology or identity (Gersten-feld et al., 2003). There are myriad web forums operating to support various white nationalist and neo-Nazi ideologies, including The Daily Stormer, the National Socialist Movement (NSM), and even portions of the relatively broad Reddit community (Hankes, 2015). One of the oldest of these forums is Stormfront.org, which is extremely popular among neo-Nazis to discuss all facets of their movement and even day-to-day activities through a white-power perspective (Castle, 2011; Gerstenfeld et al., 2003; Weimann, 2005). The site serves as a venue for individuals to engage in conversations and connect with others virtually and through the real world via localized subforums by nation, state, and city. There are also multiple sections devoted to politics, technology, philosophy, and entertainment.<\/p>\n
For more information on Stormfront in their own words, go online to: \/www.stormfront.org\/forum\/.<\/p>\n
In addition to direct communications, the Internet also allows groups to directly communicate their beliefs and ideologies to the world without the need for mass-media marketing or news media coverage. Any terror or extremist group can post messages on blogs or websites in order to directly control the delivery of their message to the media and the public at large (Forest, 2009). For instance, members of the hacker group Anonymous regularly use Twitter, YouTube, and even written letters posted on websites in order to explain their actions or notify prospective targets that they may be attacked (see Box 10.4 for details).<\/p>\n
Box 10.4 Anonymous open letter example<\/p>\n
Greetings Citizens of the World, We are Anonymous<\/p>\n
This is an open call to establish travel bans on United States citizens, boycott US made products, divest of US or Trump related business interests, and apply sanctions on the Trump regime and all of its associates. Until the danger the United States today possesses against the world is resolved. Reciprocity measures must be enacted against the United States to challenge its shameless actions under the Trump regime. Global response must also come in the form of economic sanctions on products directly associated with the Trump corporate brand.<\/p>\n
As citizens of the world we must unite against tyranny wherever it emerges and challenge it. As Trump reveals himself to be a danger not just for the US but the rest of the international community it is our right to protect and defend ourselves from the madness of rogue entity with no regard for international law, human rights, or common decency.<\/p>\n
We call on the international community from all backgrounds and ideologies, across social stratas and religions, to resist the madness leaking out of the United States. We call for the creation of global boycotts against US made products, we call on you to contact your representatives and members of parliament and congress to apply sanctions on the Trump regime, we call on you to take part in divestment of US shares. BDS the US until the maleficent Trump regime is brought to justice.<\/p>\n
To the citizens of the United States, this is not an attack on you but firm and necessary action against the rising tyranny that today befalls you. Participate in your own liberation from the Trump regime by applying economic and political pressure on your house and senate representatives to push the impeachment of the Trump regime. The Trump regime will not listen to protests in the streets, but it will crumble under protests in the work force & sanctions, divestment, and boycotts abroad. We call on you, the citizens of the United States, to organize rolling work strikes nationwide. Remove your labour from the pockets of the tyrants, disrupt the markets they are so proud of, and take the reins of your governance back by building society and mass collaboration. Forget making America great again, together we can make humanity great again.<\/p>\n
We are Anonymous.<\/p>\n
We are everywhere.<\/p>\n
We are legion.<\/p>\n
We are those you have left without a home.<\/p>\n
We are those you have murdered.<\/p>\n
We are voiceless no more.<\/p>\n
The world will change. We\u2019ll change it.<\/p>\n
Tyrants of the World,<\/p>\n
Expect Us!<\/p>\n
The Islamic State also uses Twitter as a key platform for recruitment and radicalization. The relatively limited territories which ISIS controls offline in Iraq and Syria demand that they find ways to attract individuals to their ideology, making social media play an essential role in promoting their message to recruit participants globally. Twitter is a vital resource, as individuals can create accounts easily and use them even from basic mobile phones. The use of hash-tags in Twitter messaging also allows ISIS to find ways to reach the top trending tags to ensure they are seen by a broad audience (Berger and Morgan, 2015). These practices, however, also make it possible for Twitter to identify and suspend accounts engaged in ISIS posting, although many suspended users are able to get back on the service almost immediately. They treat a suspension as a badge of honor, validating that they are truly members of the movement and that they continue to operate in the face of Western security strategies (Stewart and Maremont, 2016).<\/p>\n
To that end, ISIS operates a coordinated campaign of posting, using a network of thousands of accounts, some live actors and some that are bots, to immediately retweet any messages posted by main accounts within the organization (Berger and Morgan, 2015). In addition to messaging, ISIS recruiters will attempt to engage any individuals in conversation who appear sympathetic to their cause (see Box 10.5 for an example). Their conversations transition from simple discussions of Islam or of the movement, to more engaged long-form conversations on Skype or other platforms, including messaging applications created specifically for ISIS to use (Stewart and Maremont, 2016). Eventually, the individual may be radicalized and encouraged to either engage in violence in their home nation, or to travel to the Middle East to join the fight for the Caliphate in Iraq.<\/p>\n
Box 10.5 The role of social media in recruitment and radicalization<\/p>\n
www.nytimes.com\/2015\/06\/28\/world\/americas\/isis-online-recruiting-american.html.<\/p>\n
ISIS and the lonely young American<\/p>\n
She kept teaching at her church, but her truck\u2019s radio was no longer tuned to the Christian hits on K-LOVE. Instead, she hummed along with the ISIS anthems blasting out of her turquoise iPhone, and began daydreaming about what life with the militants might be like.<\/p>\n
This article details one young woman\u2019s experience engaging with, and eventually accepting, the radical ideology promoted by ISIS. She engaged in discussions with members of ISIS via various social media feeds, eventually engaging in regular conversations and even converting to Islam. Her story provides an excellent example of the types of individuals ISIS and other radical movements seek out, and the processes they employ to indoctrinate them.<\/p>\n
Computers and software suites for multimedia creation, like Photoshop, also allow groups to create and manipulate videos, photos, and stylized text. This enables extremist groups to develop more media-friendly materials or misrepresent facts in support of their own ideologies. In turn, they can promote their ideas and images to a larger audience in a subtle and convincing way that may instill anger and hostility toward groups that are perceived as oppressors or socially unacceptable (Forest, 2009; Gruen, 2005).<\/p>\n
The terrorist group Al Qaeda in the Arabian Peninsula (AQAP) operates an English-language magazine called Inspire which provides information on the perspectives of the group and the jihadist movement generally. An issue from March 2013 featured an article on the 11 public figures from the West who it feels should be wanted dead or alive for crimes against Islam (Watson, 2013). It also features regular details on techniques to engage in terrorism, ranging from simple bomb making to how to handle firearms.<\/p>\n
The glossy magazine format allows the authors to promote their agenda in a way that is both attractive and appealing to readers. At the same time, the writing style may be more engaging and promote the jihadist agenda to those who may never have considered this point of view (Watson, 2013). In fact, the Tsarnaev brothers who performed the Boston Marathon bombing frequently sought and read extremist websites and the magazine Inspire which served as the basis for their method of attack. The brothers acquired the information needed to build improvised explosive devices from pressure cookers, nails, ball-bearings, and explosive materials via articles published in the magazine (Cooper, Schmidt, and Schmidt, 2013).<\/p>\n
For more information on the magazine Inspire and its role in radicalization, go online to: www.dailymail.co.uk\/news\/article-2287003\/Al-Qaeda-releases-guide-torch-cars-make-bombs-naming-11-public-figures-wants-dead-alive-latest-edition-glossy-magazine.html.<\/p>\n
In much the same way, the extremist group Stormwatch operates a website about the civil rights leader Dr. Martin Luther King Jr., which appears to discuss his role as an activist (martinlutherking.org, 2013). The content of the site, however, decries his role in the pursuit of equality and suggests that he was actually a mouthpiece for Jews and Communists, in keeping with the perceptions of the White Supremacist movement generally (Weimann, 2005). It is written in a relatively persuasive fashion that may make an unsuspecting reader with little knowledge of King\u2019s role in social change believe the content to be factual. For instance, the writers argue King to be a fraud and not a religious man by taking facts and quotes out of context. In fact, they repeatedly argue that he stole materials from other figures and claimed them as his own, stating:<\/p>\n
The first book that King wrote, \u201cStride Toward Freedom,\u201d \u2013 was plagiarized from numerous sources, all unattributed, according to documentation recently assembled by sympathetic King scholars Keith D. Miller, Ira G. Zepp, Jr., and David J. Garrow.<\/p>\n
And no less an authoritative source than the four senior editors of \u201cThe Papers of Martin Luther King, Jr.\u201d \u2013 (an official publication of the Martin Luther King Center for Nonviolent Social Change, Inc., whose staff includes King\u2019s widow Coretta), stated of King\u2019s writings at both Boston University and Crozer Theological Seminary: \u201cJudged retroactively by the standards of academic scholarship, [his writings] are tragically flawed by numerous instances of plagiarism. [.] Appropriated passages are particularly evident in his writings in his major field of graduate study, systematic theology. \u201d<\/p>\n
This content derides the success of King and argues that there should be no national holiday or recognition of his work. In fact, they provide a link to downloadable flyers about these issues which reads, \u201cBring the Dream to life in your town! Download flyers to pass out at your school.\u201d These are excellent examples of the way in which multimedia content can be used by extremist groups to help indoctrinate individuals into their ideological or political worldview.<\/p>\n
In addition, cell phone cameras and web cams allow individuals to create training videos and share these resources with others through video-sharing sites like YouTube (Gruen, 2005). Posting videos and news stories through social media also provides a mechanism to publicly refute claims made by media and governments to ensure that the group is presented in a positive light (Forest, 2009; Gruen, 2005). For instance, participants in the recent Arab Spring created videos on camera phones to show violent repression by government and police agencies, as it happened, to news agencies around the world (Stepanova, 2011). Similarly, ISIS members have posted videos of the conflict in the city of Mosul, Iraq, and other parts of the country where they have attempted to take control of the population. Their videos are intended to validate or refute claims by the US military and coalition forces regarding their attempts to retake cities where ISIS has dug in (Tawfeeq, Formanek, and Narayan, 2016). Such \u201con the ground\u201d reporting allows individuals to provide evidence of their experiences.<\/p>\n
This same capability, however, can be abused by extremist groups in support of their ideologies. One of the most extreme examples of such an act was a video posted by members of Al Qaeda in Pakistan on February 21, 2002. In the video, members of the group executed a journalist named Daniel Pearl who was kidnapped while he was traveling to conduct an interview (Levy, 2003). He stated his name for the camera, described his Jewish family heritage, and then condemned America\u2019s foreign policy strategies in the Middle East. Following these statements, his captors then slit his throat and cut off his head, ending the video with a statement demanding the release of all Guantanamo Bay detainees, or otherwise more deaths would result (Levy, 2003). The gruesome video became a key piece of propaganda for the group and the jihadist movement generally, while inciting massive outrage in the USA. Such a chilling example demonstrates the value of interactive media and the Internet in the promotion of extremist movements generally (see Box 10.6 for an additional example).<\/p>\n
Box 10.6 An example of Facebook live being used for terrorism<\/p>\n
www.mirror.co.uk\/news\/world-news\/isis-killers-chilling-facebook-live-8190208.<\/p>\n
ISIS killer’s chilling Facebook live video threatening Euro 2016 minutes after murdering police chief and wife<\/p>\n
Homegrown jihadist Larossi Abballa broadcast his extremist views on a Facebook live stream after repeatedly stabbing Jean-Baptiste Salvaing and his wife at their home on the outskirts of Paris last night.<\/p>\n
This article details the messages Larossi Abballa posted via Facebook live after stabbing two people to death while holding their 3-year-old child hostage, including his thoughts on the ways in which the French were increasing the threat of terror attacks based on their policies toward Muslim nations. The article demonstrates the value of live streaming content for extremists and radical groups to promote messages of violence to the world.<\/p>\n
In addition to video, social movements on the fringes of society have successfully utilized music and video games as a means to expose individuals to their perspectives in socially acceptable and engaging ways (Britz, 2010; Weimann, 2005). For instance, Resistance Records is a record label that produces and distributes music by bands that feature white power and right-wing extremist messages in a direct-downloadable format (Jipson, 2007). The label is owned and run by the National Alliance, a white power group, which gains a profit from album sales. Music allows what are otherwise extreme or socially unacceptable positions to be heard in ways that may appeal to younger generations or the general public.<\/p>\n
Video games have also become a key resource for extremist groups to promote their beliefs in a socially acceptable, approachable, and extremely engaging way to younger audiences. The rewards and reinforcement which individuals can receive through successfully completing the objectives of a game, coupled with the underlying themes of the content, can promote an extremist view in a very digestible format. One of the most well-known of these games is called Ethnic Cleansing, which was developed and released through Resistance Records using no-cost open-source software. This is a so-called \u201cfirst-person shooter,\u201d wherein the game is played from the point of view of a skinhead or Klansman who kills blacks, Jews, and Latinos in various urban and subway environments (Anti-Defamation League, 2002). This game, and its sequel, White Law, costs $14.99 and, may be downloaded directly through the Resistance Records website (Anti-Defamation League, 2002). Similarly, Islamic extremists have released several video games that place the player in the role of a jihadist fighting against Jews, Westerners, and the US military (Gruen, 2005). The content utilizes pro-Islamic imagery, rap and popular music, as well as various images of and messages from Osama Bin Laden and the 9\/11 terror attacks. The game has been posted and reposted across various websites online, ensuring its spread to various interested groups (Weimann, 2005).<\/p>\n
In addition to lifestyle publications and materials that encourage or support extremist ideologies, there are a number of training and support manuals distributed online. In fact, the open nature of the World Wide Web allows individuals to post information that could be used to engage in violence or cause physical harm in the real world. There are a number of training manuals and detailed tutorials for bomb making, gun play, and improvised weapons use on the Internet, many of which have been available online for years (Wall, 2001). This is because individuals can easily post a text file or word processor document and repost it in repositories, send via email, or share via social networks in different formats and languages. For example, the Mujahadeen Poisons Handbook from Hamas and the Encyclopedia of Jihad published by Al Qaeda are available in various online outlets (Weimann, 2005). Even the Earth Liberation Front and Animal Liberation Front have tutorials on how to engage in civil disobedience and protests against logging companies, construction sites, and animal testing facilities (Holt, 2012). These resources engender planning and tactical strategy development, regardless of the expertise of the individuals in a given area.<\/p>\n
For an example of a tactical manual, go online to: www.direkteaktie.net\/osh\/.<\/p>\n
Electronic attacks by extremist groups<\/p>\n
Although the communications capability afforded by the Internet is unparalleled, it is also important to consider how these technologies could serve as a target for attacks by extremists, terror groups, and even nation-states. The range of interconnected computer systems and sensitive data that could be compromised online presents a diverse array of high-value targets for attackers (Britz, 2010; Denning, 2010; Holt, 2012; Kilger, 2010). For instance, individuals could immediately target financial institutions in order to limit the functionality of online banking systems or harm databases of consumer information in order to cause chaos. Alternatively, attackers may target the computer systems that support the processes within nuclear power plants, hydroelectric dams, or sewage treatment plants. These systems, called Supervisory Control and Data Acquisition Systems (SCADA), are vital to the management and processing of critical infrastructure and are often connected to the Internet in some fashion (Brodscky and Radvanovsky, 2010). As a result, an attacker who can affect the functionality of these computers may cause substantial physical harm in the real world along with fear over future attacks (see Box 10.7 for details; also Brenner, 2011; Denning, 2010).<\/p>\n
Box 10.7 Examples of cyber-attacks against SCADA systems in water treatment<\/p>\n
www.infosecisland.com\/blogview\/18281-ICS-Cybersecurity-Water-Water-Everywhere.html<\/p>\n
ICS cyber-security: water, water everywhere<\/p>\n
Since then there have been numerous articles and events that have driven the public conversation about the security of the cyber systems at American water treatment facilities. The question at hand is whether this moment of attention will result in any improvements in cybersecurity of the nation\u2019s water supply.<\/p>\n
This article provides a timeline of the cyber-security incidents that have occurred over the past two decades that specifically target water management systems. The piece is invaluable in understanding the ways in which systems have been compromised and what this may mean for the future.<\/p>\n
The use of cyber-attacks by extremist groups is infrequent, though they are facilitated in part by the nature of information sharing in the hacker subculture (see Chapter 3; also Britz, 2010; Denning, 2010). Hackers regularly provide information on vulnerabilities present in the software and hardware of systems across the world (Taylor, 1999). This information can be leveraged by anyone with the time or inclination to identify systems with this vulnerability and attempt to attack them. As a result, open disclosure may do more to facilitate attacks than to provide public awareness of weaknesses. In fact, hackers in support of Al Qaeda have posted various resources to facilitate cyber-attacks, such as Youni Tsoulis, who published a hacker tutorial entitled The Encyclopedia of Hacking the Zionist and Crusader Websites (Denning, 2010). This guide provided detailed information on vulnerabilities in US cyber infrastructure, as well as techniques to engage in data theft and malware infections. In addition, the ability to obtain free attack tools or malware and hacking resources through open markets (see Chapters 3 and 4) reduces the amount of resource development needed to successfully complete an attack. Thus, the modern hacker subculture facilitates both legitimate and illegitimate hacking behaviors which can be used by any motivated actor.<\/p>\n
One of the most common types of attack used in support of extremist or terror agendas is the denial of service attack (DDoS) (Denning, 2010; Kilger, 2010). These attacks may not cause significant system damage, though the fact that they prevent users from accessing resources can cause massive dollar losses. In addition, they can be relatively easy to perform and are enabled in part by downloadable tools that will complete the attack at the click of a mouse.<\/p>\n
The history of downloadable DDoS tools stems from the hacker group the Electronic Disturbance Theater (EDT; Denning, 2010). The group developed a program called FloodNet that could be downloaded directly from their website to be used by individuals who shared their perspectives on the use of the Internet as a space for social activism. It was first used in an attack against the Mexican government owing to their treatment of Zapatista separatists who were fighting against what they perceived to be governmental repression (Denning, 2010). The EDT first used FloodNet against the Mexican President Zedillo\u2019s website, and then attacked US President Clinton\u2019s website because of his support of Mexico. A third, and even larger, attack was then launched against Zedillo, the Pentagon, and the Frankfurt Stock Exchange for its role in supporting globalization (Denning, 2010).<\/p>\n
For more on the EDT, go online to: www.youtube.com\/watch?v=O-U-he8LN3k.<\/p>\n
The success of FloodNet led to its adoption by other activist groups to engage in DDoS attacks, such as an attack by animal rights protesters in Sweden and a British group called the Electrohippies Collective (Denning, 2010). In more recent years, additional DDoS tools have been developed by groups with diverse interests. For instance, a tool called Electronic Jihad was released through the Arabic-language forum al-Jinan for use against various Western targets (Denning, 2010).<\/p>\n
Anonymous also uses a DDoS tool called the Low Orbit Ion Cannon (LOIC) in support of attacks against personal, industrial, and government targets around the world (Correll, 2010). This simple tool allows individuals to simply select a website to target and give parameters for the duration of the attack, then click the ready button. LOIC requires no technical knowledge to successfully complete an attack; the interest in targeting a specific entity is all that is necessary.<\/p>\n
For more on the Low Orbit Ion Cannon, go online to: http:\/\/sourceforge.net\/projects\/loic\/.<\/p>\n
Another useful tool in the arsenal of hackers seeking to express their opinions are web defacements, where the normal HTML code of a web page is replaced by images, text, and content of the attacker\u2019s choosing (see Chapter 3; Denning, 2010; Woo et al., 2004). Web defacements began as a vehicle for hackers to call out system administrators who used poor security protocols and to generate a reputation in the hacker community for their actions (Woo et al., 2004). As hackers increasingly recognized the value of web defacements as a means to express their political or ideological motives, the nature and targets for defacements began to change.<\/p>\n
Specifically, web defacements appear increasingly to be triggered in response to real-world events. For instance, the Turkish military shot down a Russian fighter jet within its borders on November 24, 2015 on the basis that it was from an unknown country of origin at the time of the incident and was nonresponsive to repeated requests to change direction (BBC, 2015). The Russian government contended that the jet was engaging in a bombing run as part of their operations in fighting ISIS within Syria, which borders Turkey. Shortly after this incident, the Turkish web infrastructure was hit with a DDoS attack by hackers claiming to be part of Anonymous, indicating that this was revenge for the Turkish government\u2019s support of ISIS (Cimpanu, 2016). Turkish hacker groups responded by engaging in a campaign of web defacements and attacks against Russian websites, including defacing the websites of the Russian Embassy in Israel (Cimpanu, 2016) and the Russia Joint-Stock Commercial Bank for Reconstruction and Development (Waqas, 2016).<\/p>\n
In light of the ways in which the Internet may be used by ideologically driven groups in order to affect action or cause harm, we will now explore two different extremist group subcultures and their online activities: (1) the Radical Far Right movement, and (2) the e-jihad.<\/p>\n
The Radical Far Right online<\/p>\n
The term \u201cthe Radical Far Right\u201d is often associated with white supremacist groups like the Ku Klux Klan, though it can actually be applied as an umbrella term to capture the collective of groups with overlapping perspectives, such as neo-Nazi groups, white nationalists, Aryan skinheads, and other Christian separatist movements. In addition, the term Alt-Right or Alternative Right has been used to characterize aspects of these movements in an attempt to rebrand these ideologies. Although they have different individual views, they generally share a framework that the white race has been harmed by non-white racial and ethnic groups, Jews, and Catholics. These groups operate around the world and take various forms. The Southern Poverty Law Center (2017) suggested that there were 917 active hate groups operating in the USA in 2017. Although they are spread across the country, the white power movement is<\/p>\n
For more information on the different types of hate groups in the USA and where they are located, go online to: www.splcenter.org\/hate-map.<\/p>\n
most prominent in the South, upper Midwest, and Southwestern United States. Similar groups are evident in Europe and Asia, including the National Socialist Movement, which has offshoots in England and the Philippines (National Socialist Movement, 2014).<\/p>\n
The value of the Internet for the Radical Far Right movement cannot be understated. Technology allows individuals from marginalized communities across the world to become indoctrinated into the culture and to find social support for their attitudes and beliefs over time. Donald Black, former KKK member and founder of the website Stormfront, stated that \u201cwhereas we previously could only reach people with pamphlets and by sending out tabloid papers to a limited number of people or holding rallies with no more than a few hundred people \u2013 now we can reach potentially millions of people\u201d (Faulk, 1997). Considering he made this statement in 1997, the white power movement has had a long history of Internet use.<\/p>\n
For more information on the Alt-Right, go online to: www.splcenter.org\/fighting-hate\/extremist-files\/ideology\/alternative-right.<\/p>\n
Some of the most common tools used by the Radical Far Right movement are websites, forums, chatrooms, blogs, and other forms of CMC. Individuals who find these sites may be initially directed to them through Google searches or links through radical church websites (McNamee, Peterson, and Pena, 2010). Spending time reading the content and getting to know users may increase their willingness to accept their point of view. In fact, continuous involvement in these sites may help individuals accept extremist perspectives, even if their peers or family do not agree with these positions. In addition, the ability to make multiple friends and associates online in addition to their real-world social relationships can help insulate their perceptions.<\/p>\n
It is important to note that CMCs used by these movements do not necessarily encourage violence. Some do and are overtly inflammatory in their language about the need to rise up in armed conflict or engage in a \u201crace war\u201d (McNamee et al., 2010). Many sites and discussions, however, simply revolve around the importance of the movement and the need to develop a strong white race. In fact, many users in forums and other sites communicate their interpretation of historical events, as in the discussion of Dr. Martin Luther King, Jr. mentioned earlier in this chapter (McNamee et al., 2010). They may also promote the idea that the white race has been appointed by God or by natural right to dominate the world over other races and ethnic groups (McNamee et al., 2010). Constant exposure to these messages will help encourage an individual to believe them and be drawn into the movement as a whole.<\/p>\n
At the same time, the Internet allows users to regularly access cultural currency related to Far Right movements generally. For example, music became an important tool in the indoctrination of individuals through heavy metal bands and other musical styles in the mid-1990s (Simi and Futrell, 2006). Large concert venues became an important rallying point, drawing multiple acts to play at day-long festivals. The development of e-commerce sites and music-sharing services aided the spread of white power and neo-Nazi music. In turn, the movement began to use music as a key resource to communicate their message through accessible media that may be more engaging to youth culture (Simi and Futrell, 2006).<\/p>\n
The ability to access the Web has also enabled individuals to develop lifestyle-related content that incorporates their racial attitudes (Simi and Futrell, 2006). Images of tattoos, concerts, organized meetings, video games, music, and clothing are all easily identified via the Web. There are now even streaming music services available for those interested in white power bands. In addition, the group Women for Aryan Unity (WAU) publishes a magazine called Home Front on parenting issues, home schooling, and ways to socialize children into the movement. There are also child-specific materials available to download, such as coloring pages, crosswords, and stories that are \u201cage appropriate\u201d (Simi and Futrell, 2006). They can also get positive reinforcement from peers and ask questions about how to stay loyal to the movement despite the problems they may face from other parents. Thus, the Web is a key resource in the communication of subcultural values within radical movements as a whole.<\/p>\n
The e-jihad<\/p>\n
Over the past ten years, academic researchers and popular media have focused heavily on Al Qaeda, and more recently on ISIS, and their role in global terror activities (Forest, 2009; Martin, 2006). Much of this work has helped inform our knowledge of the real-world threat that these groups pose, though there has generally been little evidence demonstrating their role in successful cyber-attacks (Denning, 2010; Ulph, 2006). There is, however, some evidence that loose associations of hacker groups are interested and attempting to engage in cyber-attacks against the West. This so-called e-jihad has ties to Al Qaeda, ISIS, and other Islamic extremist groups across the Middle East and Africa, and depends on technology for communications infrastructure and as an attack platform (Denning, 2010; Ulph, 2006).<\/p>\n
The use of the Internet as a platform for e-jihad has been supported by a variety of individuals tied to Muslim extremist groups. For instance, Mohammad Bin Ahmad As-Sa -lim wrote a book entitled 39 Ways to Serve and Participate in Jih\u00e2d, which was designed to promote discussion about the issue of war with the West and jihad generally (Denning, 2010; Leyden, 2003). The book discussed the issue of electronic jihad as the thirty-fourth principal way to engage in jihad. He identifies the need for both discussion forums for media campaigns and more specific applications of hacking techniques in order to harm the West. Specifically, he wrote: \u201cHe [anyone with knowledge of hacking] should concentrate his efforts on destroying any American websites, as well as any sites that are anti- Jih\u00e2d and Muj\u00e2hid\u00een, Jewish websites, modernist and secular websites\u201d (As-Sa -lim, 2003). Thus, terror groups realize that Western nations\u2019 dependence on the Internet for both commerce and communications is a major vulnerability that can be exploited to cause economic harm and fear in the general populace.<\/p>\n
For more information on US citizens being radicalized, go online to: www.cnn.com\/2017\/03\/03\/politics\/homeland-security-assessment-radicalization\/index.html.<\/p>\n
To that end, the first hacker group to emerge with specific ties to Al Qaeda was the \u201cal-Qaeda Alliance Online,\u201d an offshoot of the hacker group \u201cGForce Pakistan.\u201d Members of the Alliance defaced a web server operated by the National Oceanic and Atmospheric Administration (NOAA) on October 17, 2001 (McWilliams, 2001). The defacement contained interesting, if not contradictory, information by condemning the September 11 attacks, stating: \u201cbin Laden is a holy fighter, and whatever he says makes sense\u201d (McWilliams, 2001). They went on to say that they would attack major websites in the USA and Britain, though \u201cwe will not hurt any data as its [ sic ] unethical\u201d (McWilliams, 2001).<\/p>\n
A subsequent defacement occurred ten days later, on October 27, though that was the last attack attributed to the group (Denning, 2010). It is not clear what happened to the Alliance, but it was replaced by a variety of forums and hacker groups actively engaged in the promotion of attacks against the West and others who disparaged the Islamic faith. For instance, the al-Farouq forum established a section encouraging electronic jihad, along with a downloadable library of tools and tutorials for engaging in attacks (Denning, 2010; Pool, 2005). Similarly, the al-Jinan forum created and offered a free download of a DoS tool called Electronic Jihad and gave awards and electronic medals to those who were the most effective attackers against sites that harmed Islam (Bakier, 2007).<\/p>\n
One of the most well-known examples of information sharing was from a hacker named Youni Tsoulis, who used the handle Irhabi007. He developed multiple web forums and sites supporting Al Qaeda and even set up hidden links to propaganda websites on various forums (Corera, 2008). He also promoted hacking and gave multiple tutorials on hacker sites with substantial detail on methods of attack and tactics to compromise websites (Jamestown, 2008). Due to the degree to which he actively engaged and shared information about cyber-attack techniques with others in the e-jihad movement, Tsouli came to the attention of law enforcement and military agencies around the world. In fact, his name was found on a laptop belonging to a member of an Al Qaeda cell in Bosnia who was arrested after making threatening videos against various European nations. Tsouli was arrested by the London Metropolitan Police during a raid in 2005 and was found guilty of charges under the Terrorism Act of 2000 (Corera, 2008). He received a 16-year sentence; he was 23 years old at the time.<\/p>\n
More recently, Ardit Ferizi was detained in Malaysia in October 2015 based on allegations that he compromised US computer systems on behalf of ISIS (Perez, Shoichet, and Bruer, 2015). Ferizi used the handle Th3Dir3ctorY, and admitted to compromising a server hosting a US company, enabling him to gain access to a database containing the personally identifiable information (PII) of almost 1,300 military and government personnel (Department of Justice, 2016). He then gave these data to Junaid Hussain, an ISIS recruiter, and discussed using the data to produce a hit-list based on the victims\u2019 PII. The data then appeared in a tweet posted by the Islamic State Hacking Division (ISHD), claiming that they would pass the \u201cpersonal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!\u201d (Department of Justice, 2016). He was extradited to the USA for prosecution, and was eventually found guilty and sentenced to 20 years in federal prison on charges related to violations of the Computer Fraud and Abuse Act, as well as providing material support to a terrorist organization.<\/p>\n
These two incidents are examples of the few successes in the e-jihad campaign against the West. Other attempts have been less successful. For instance, individuals attempted to engage in a DoS attack against the Vatican website after Pope Benedict made comments about the Prophet Mohammad and Islam which were viewed as critical of their faith (Denning, 2010). Individuals involved in the e-jihad also planned a coordinated series of attacks against US financial institutions and the stock exchange in 2006. All of these attacks failed to materialize, calling into question the skill of the attackers relative to the preparations taken to defend against such attacks (Alshech, 2007; Denning, 2010; Gross and McMillan, 2006). This should not be taken as an indication that Al Qaeda, ISIS, and e-jihad should not be taken seriously, but rather that they recognize the value of the Internet and are searching for ways to leverage it toward effective attacks.<\/p>\n
Box 10.8 Questioning the reality of cyberterror<\/p>\n
This chapter provides substantive detail on the role of the Internet in facilitating communications, fundraising, and planning for terror groups. There is, however, scant evidence of actual cyber-attacks performed by terrorist groups. Pundits and politicians have heralded this potential for almost two decades since the coining of the phrase \u201cdigital Pearl Harbor.\u201d<\/p>\n
As a result, some scholars argue that the absence of actual evidence of attacks coupled with the expansion of the information collection and security apparatus of governments leads to a distinct conclusion: cyberterror is a social construction (Furedi, 2005; Yar, 2013). Specifically, the threat posed by terrorism is built up by media and seized upon by claims makers. The resulting public support may be used as a means to gain greater control over resources like the Internet and impose restrictions and surveillance on user activity. This position is supported by the recent revelations regarding the US National Security Agency\u2019s access to email and phone records, as well as a larger global surveillance mechanism (discussed later in this chapter).<\/p>\n
This is a challenging position, as the general public does not gain access to information on attacks against government systems and critical infrastructure. The classification of information makes it difficult to know the reality of terrorist group capabilities or their use of cyber-attacks (Denning, 2010). At the same time, there has been a massive build-up in security spending and resource allocation to government agencies for what are otherwise extremely rare events (Yar, 2013). In the end, it is necessary to consider this position and ask, \u201cWhat is the correct balance between national security and citizens\u2019 rights?\u201d<\/p>\n
Cyberwar and the nation-state<\/p>\n
As cyberspace plays an increasingly critical role in managing the everyday aspects of communication and critical infrastructure, governments and military agencies are increasingly attempting to establish their role in cyberspace. Many industrialized nations recognize the threat that cyber-attacks can pose to military and governmental infrastructure. Some consider cyberspace to be a new warfare domain just like land, sea, air, and space (Andress and Winterfeld, 2011). As a consequence, it is necessary to consider how fighting a war in this domain may operate and what constitutes an act of cyberwar.<\/p>\n
There is no single agreed-upon definition for warfare, even among the United Nations. The historical literature on war and warfare tactics, however, suggests that it may be viewed as an act of force or violence which compels the opponent to fulfill the will of the victor (Andress and Winterfeld, 2011; Brenner, 2008; Schwartau, 1996). When applied to cyberspace, the use of war tactics appears designed to control and affect the activities of an opposing force. Brenner defined cyberwarfare as nation-states\u2019 \u201cuse of military operations by virtual means [.] to achieve essentially the same ends they pursue through the use of conventional military force\u201d (2008: 65). Thus, the domain of conflict for cyberwar is different from traditional conflicts in that the operations take place in a virtual space (Rid, 2013).<\/p>\n
The weapons of cyberwar are also different from those of traditional combat, in that actors may utilize malware and hacking techniques in order to affect system functionality, access to information, or critical infrastructure (Rid, 2013). The outcomes and goals of cyberwar, however, are similar to physical war in that fighters may attempt either targeted tactical strikes against a specific target or try to cause as much damage as possible to the operational capacity of a nation-state.<\/p>\n
Although there has been some debate about the actual threat of cyberwarfare and the utility of this term generally (see Andress and Winterfeld, 2011; Rid, 2013), we must recognize why it may be a fruitful environment for attack. Nearly all critical systems in modern industrialized nations depend on the Internet for commercial or logistic support. For example, water and sewage treatment plants, nuclear, hydroelectric, and other power grids are dependent on the Internet for command and control. Virtually all facets of banking, stock exchanges, and economic systems are run through the Internet. Even aspects of the military and related defense contractors of the world are run through civilian or commercial telephony. Any attack that could effectively disrupt the communications capacity of the Internet could effectively cripple our society, which would have ripple effects throughout the real world. At the same time, the sensitive data maintained by government or military agencies could be compromised and\/ or stolen in order to gain an economic or defensive advantage. Thus, hacking sensitive systems would be an easy and immediate way to affect an enemy through cyberwarfare.<\/p>\n
Over the past ten years, there have been an increasing number of incidents that might practically be viewed as cyberwar. A key example is the conflict between Russia and Estonia in 2007. A conflict developed between Russian and Estonian factions in April 2007 when the Estonian government removed a Russian war monument from a memorial garden in a national cemetery (Brenner, 2008; Jaffe, 2006; Landler and Markoff, 2007). The statue, called The Bronze Soldier of Tallinn, was installed as a monument to the Russian involvement in World War II, and was viewed as a relic from Estonia\u2019s time as part of the former Soviet Union. Now that Estonia was its own independent nation, the government felt it appropriate to have the statue removed (Guadagno, Cialdini, and Evron, 2010). Russian citizens living in Estonia and elsewhere were enraged by this action, leading to protests and violence in the streets of both countries. Over 1,300 were arrested during protests in Estonia, many of whom were ethnic Russians living in the country.<\/p>\n
The conflict quickly grew into online spaces, with hackers in both Estonia and Russia attempting to engage in different hacks and spam campaigns (Brenner, 2008; Jaffe, 2006). Russian hackers also leveraged online forums and hacker sites in order to rally attackers together to increase the volume of their attacks and used huge botnets of compromised computers for DDoS attacks (Clover, 2009; Davis, 2007). The attacks incorporated many individuals who were interested in attacking Estonia out of their love and respect for their homeland, many of whom had little knowledge of computer hacking. As a consequence, Russian attacks were able to shut down critical components of Estonia\u2019s financial and government networks, causing significant economic harm to citizens and industry alike (Brenner, 2008; Landler and Markoff, 2007). The Estonian Parliament and almost every governmental ministry website was affected. In addition, three of the six national news agencies and two of its largest banks also experienced problems (Clover, 2009). In fact, banks were knocked offline for hours and lost millions of dollars due to DDoS attacks (Landler and Markoff, 2007).<\/p>\n
In the wake of this onslaught, the Estonian government accused the Russian government of supporting and encouraging these attacks. To date, there has been no concrete evidence provided to support Russian state sponsorship (Denning, 2010). Many observers, however, have argued that this incident is a clear demonstration of how nation-states may engage in conflicts in the future. The actors involved may be driven by their own sense of duty to their country or by actual military doctrine. Regardless, the severity of the attacks demonstrates the need to identify how cyber-resources might be affected by conflicts in the real world.<\/p>\n
A more recent example is the appearance of a piece of malicious software called Stuxnet. This computer worm was used in attacks against the Natanz uranium enrichment facility in Iran (Clayton, 2010; Kerr, Rollins, and Theohary, 2010). Stuxnet was designed to specifically compromise and harm computer systems in order to gain access to the SCADA systems and related programmable logic controllers (PLCs) inside of centrifuges in these plants (Clayton, 2010; Kerr et al., 2010.) Specifically, the code would allow the PLC to be given commands remotely by the attacker, while shielding the actual behaviors of the centrifuges from the plant\u2019s SCADA control systems. As a result, attackers could surreptitiously disrupt the plant\u2019s ability to process uranium and cause confusion among operators and controllers. It is unknown how long the malware was able to operate inside of the facility, though estimates suggest it may have impacted 1,000 of the 5,000 centrifuges in the plant and delayed the overall functionality of the nuclear plant by months or even years (Kerr et al., 2010; Sanger, 2012).<\/p>\n
For more information on Stuxnet, go online to:<\/p>\n
www.youtube.com\/watch?v=n7UVyVSDSxY<\/p>\n
www.youtube.com\/watch?v=863SNTqyYto.<\/p>\n
Recent evidence suggests that Stuxnet was developed by the USA under the Bush administration as evidence grew regarding the Iranian nuclear program aspirations. The program, called Operation Olympic Games, was proactively implemented by an executive order of President Obama because it was thought that this sort of attack would be more targeted, difficult to detect, and produce fewer civilian casualties or collateral damage than a physical strike (Sanger, 2012). In addition, the use of this code was thought to have reduced the likelihood of a conventional military strike by Israel which would have dangerous consequences for the region as a whole. The USA has not acknowledged any of the claims made related to Stuxnet, though its release in the wild has given computer security professionals and hackers access to this extremely sophisticated malware. The program may serve as a basis for the development of tools in order to exploit or attack critical infrastructure across the globe (Brodscky and Radvanovsky, 2010; Clayton, 2010). The US Department of Homeland Security expressed substantial concern over the use of Stuxnet-like code in attacks against US power installations (Zetter, 2011). Thus, cyber-attacks may be an increasingly common way for nation-states to engage one another to cause harm.<\/p>\n
For information on US cyber attempts to attack the North Korean missile program, go online to: www.nytimes.com\/2017\/03\/04\/world\/asia\/north-korea-missile-program-sabotage.html?hp&action=click&pgtype=Homepage&clickSource=story-heading&module=span-ab-top-region®ion=top-news&WT.nav=top-news&_r=0.<\/p>\n
Besides overt or covert cyber-attacks, governments are increasingly using cyberspace as a platform to engage in subtle information warfare campaigns against various nations. Information warfare involves the use of information and communications technology to gain advantage over an opponent, and may involve multiple strategies to collect information from an opponent or spread your own information (Andress and Winterfeld, 2011). To that end, the Internet is a critical resource used to spread false information, called disinformation, in order to either manipulate or demoralize a nation and its populace (Andress and Winterfeld, 2011). Since most people now find news stories online, whether through traditional news media sources or via social media sites like Facebook, governments can leverage this as a resource to engage in campaigns of misinformation or disinformation.<\/p>\n
For instance, there is substantial evidence that the Russian government operates a \u201ctroll factory\u201d out of St. Petersburg where individuals are paid to actively create and spread false information, whether through social media posts, comments in news stories and videos posted on traditional journalistic outlets, or via websites created by the trolls themselves (see Box 10.9 for details; also Keneally, 2017). The individuals engaged in this effort are referred to as trolls as a historical reference to individuals who actively seek fights and cause trouble in online platforms. They also operate covertly through false online profiles that attempt to make the user seem like a citizen from a specific place and a true believer in a specific ideology in order to make their arguments more compelling and believable to others (Timberg, 2016). In turn, trolls seek to turn average people against their governments or against their fellow citizens in order to sow mistrust and discontent, and to challenge the ability of a nation to be effectively led.<\/p>\n
Box 10.9 Inside the Russian troll organization<\/p>\n
www.nytimes.com\/2015\/06\/07\/magazine\/the-agency.html.<\/p>\n
The Agency<\/p>\n
One Russian newspaper put the number of employees at 400, with a budget of at least 20 million rubles (roughly $400,000) a month. During her time in the organization, there were many departments creating content for every popular social network.<\/p>\n
This article exposes the existence and operation of \u201cThe Agency,\u201d wherein a group of people are paid to engage as professional online trolls for the benefit of the Russian government. The depth of their efforts is unparalleled, and affects various nations in ways that no one could necessarily appreciate on the surface. This is required reading to understand the depth of the Russian information warfare apparatus.<\/p>\n
The Russian troll brigade is thought to have actively engaged in a long campaign of misinformation to interfere in the 2016 US presidential election. Throughout the election, there were various news stories and websites designed to spread deliberately false information about the Democrat candidate Hillary Clinton to diminish the perception she was fit to serve. These stories quickly took on the moniker of fake news in an attempt to delineate their fictitious nature and differentiate it from news from traditional news stories (Timberg, 2016). Fake news stories, however, were quickly disseminated and shared via social media through professional trolls, which helped reinforce the perceived legitimacy of the story and may have influenced a proportion of voters\u2019 perceptions of each candidate.<\/p>\n
Although this was the first demonstrated instance of an attempt to influence the USA, the troll brigade has engaged in a long-standing campaign to destabilize European politics in order to increase Russian power within the region (Higgins, 2016). There have been repeated attempts to influence German voters\u2019 views, as well as the population of Finland which directly borders Russia. They have also attempted to whitewash and legitimize the Russian invasion of the Ukraine via fake news, propaganda, and trolling (Higgins, 2016).<\/p>\n
The persistence and prevalence of false news stories, conspiracy theories, and misleading comments online led the EU to create a specialized task force designed with the express purpose of identifying the Russian campaign\u2019s strategies and exposing them to the public (TEPSA, 2017). The EEAS East StratCom Task Force was created in March 2015 by the European Council to provide information to the European Union and its Member States on the extent of Russian disinformation campaigns. They now publish two weekly newsletters. The Disinformation Review publishes every Tuesday to show the latest examples and trends in Russian trolling (TEPSA, 2017). The Disinformation Digest is released every Friday, showing what the pro-government media outlets in Russia are saying compared to independent media voices, along with trends in Russian social media feeds (TEPSA, 2017). These two sources demonstrate that information warfare is a real, powerful, insidious, and ultimately challenging form of cyberwarfare for any nation to defeat.<\/p>\n
For more information, go online to:<\/p>\n
http:\/\/us11.campaign-archive2.com\/?u=cd23226ada1699a77000eb60b&id=c1a08c5bb9<\/p>\n
http:\/\/us11.campaign-archive2.com\/?u=cd23226ada1699a77000eb60b&id=76c07966f0&e=15f1448f20.<\/p>\n
Legislating extremism and cyberterror<\/p>\n
The Internet and CMCs clearly provide a mechanism for individuals to spread hurtful messages and ideas based on prejudice, racism, and other ideological and political stances. There is some tension in how to sanction hate speech, as nations like the USA protect freedom of speech under the First Amendment to the Constitution. The only real way that speech is limited in this country is through the \u201cimminent danger\u201d test, where one\u2019s comments are unprotected if the speaker attempts to incite dangerous or illegal activities (Abrams, 2012). Recognizing that the Internet dramatically increases the risk of exposure to hurtful ideas and prospective radicalization of individuals toward violence, the Obama administration began to take steps to combat the problem of domestic and foreign terror and extremist groups without changing existing protections to free speech.<\/p>\n
The White House released a policy and strategy document in August 2011 entitled Empowering Local Partners to Prevent Violent Extremism in the United States. This document detailed their desire to use a community-based approach to reduce the problem of extremist groups and violent behavior through the integration of law enforcement and public\u2013private partnerships with stakeholders in local communities (White House, 2011b). It was argued that religious leaders in mosques and Islamic centers of worship, as well as schools and community groups, should be brought together in order to foster trust between community residents, law enforcement, and the federal government. In fact, this strategy involved multiple federal agencies ranging from the Treasury, Department of Defense, Department of Justice, Department of Homeland Security, and the Federal Bureau of Investigation (White House, 2011b). The hope was that these inter-agency and community partnerships could better improve the scope of engagement with communities on issues that they were concerned about, and develop better partnerships that would make communities resilient to radicalization, whether from online groups or those in the real world.<\/p>\n
The USA is unique with regard to its equal protection of free speech, as many nations around the world have criminalized hate speech in some form. The UK\u2019s Public Order Act 1986 criminalized expressions of threats, abusive, or insulting behavior to any group of persons based on their race, color, ethnicity, nationality, or ethnic origin with a punishment of up to seven years in prison and\/or a fine (Mendel, 2012). This law was amended in 2006 to include religious hatred and again in 2008 for protection of sexual orientations (Mendel, 2012). Similar legislation is present in Australia, Canada, Denmark, France, Germany, the Netherlands, Singapore, and South Africa (Mendel, 2012). Although these statutes do not primarily identify the Internet as a venue for the communication of hate speech, the laws can be extended to these environments.<\/p>\n
The European Convention on Cybercrime also includes language criminalizing the use of the Internet in order to disseminate hate speech. Specifically, the CoC identifies \u201cracist and xenophobic material,\u201d including writing, images, videos, and any other content designed to promote or encourage hate or discrimination against any group (Brenner, 2011). The distribution or posting of such material online is defined as criminal under the CoC, as is making online threats to any person on the basis of their racial, ethnic, or religious background, and the distribution of information that denies or otherwise attempts to misinform individuals regarding genocide and crimes against humanity (Brenner, 2011). This legislation has tremendous value in addressing the development and radicalization of individuals through the Internet, particularly white supremacist movements.<\/p>\n
In addition to hate speech, many of the examples provided throughout this chapter reflect the use of hacking techniques in furtherance of terror or extremist group plots. As a result, several nations have extended their laws pertaining to computer hacking so that they may be applied to these offenses (see Chapter 3 for more details). For instance, one of the few nations to specifically use the language of cyberterror in their legislation is India, which amended its Information Technology Act, 2000 to recognize cyberterror as:<\/p>\n
1) When an individual with intent to threaten the unity, integrity, security, or sovereignty of India or strike terror in the people by:<\/p>\n
Denial of access to a computer resource<\/p>\n
Penetrating or accessing a computer resource either without authorization or exceeding authorized access<\/p>\n
Introducing or causing the introduction of a computer contaminant (e.g. malware) that may cause injury to persons or death, damage or destruction of property, or adversely affect critical information infrastructure<\/p>\n
Accessing a computer resource without authorization or exceeding access to obtain information, data, or a database that is restricted due to state security concerns in order to cause injury to the State, its security, or relationships with other nations.<\/p>\n
Anyone either found guilty of engaging in these behaviors or conspiring to commit them may be imprisoned for life.<\/p>\n
The USA expanded the Computer Fraud and Abuse Act following the 9\/11 attacks through the introduction and passing of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001. This Act strengthened the existing CFAA laws to include any computer in the world so long as it is \u201cused in a manner that affects interstate or foreign commerce or communications of the United States\u201d (Brenner, 2011). This provision enables US law enforcement to engage in investigations in foreign countries, so long as the investigation is recognized as legitimate by that nation. In addition, the PATRIOT Act modified the law to also include any unauthorized access to a computer or network that:<\/p>\n
modifies or impairs access to medical data;<\/p>\n
causes physical injury to a person;<\/p>\n
poses a threat to public health or safety;<\/p>\n
damages a computer used by a government entity in the administration of justice, national defense, or national security.<\/p>\n
Although this language does not specifically recognize cyberterror, the expansion of the statute enabled greater latitude for federal law enforcement to pursue cybercriminals and more effectively prosecute those who would target either critical infrastructure or sensitive data sources that could cause significant harm in the real world.<\/p>\n
In addition, the PATRIOT Act also relaxed the legal provisions needed for law enforcement agencies to engage in the surveillance of electronic communications. For instance, the Act revised provisions of the Electronic Communications Privacy Act (ECPA) related to subpoenas of ISPs and cable companies. The Act enabled law enforcement to obtain the names and addresses of subscribers, along with their billing records, phone numbers called, duration of sessions while online, services used, communication device information, and other related data. The release of such information can enable law enforcement to more effectively trace the activities of a user to specific websites and content during a given session of Internet use. In addition, the ECPA now defines email that is stored on a third-party server for more than 180 days to be legally viewed as abandoned. As a result, law enforcement can request that this data and the content of the email, whether opened or unopened, be turned over without the need for judicial review. Finally, the PATRIOT Act allowed ISPs to make emergency disclosures of information to law enforcement in instances of extreme physical or virtual threats to public safety. Such language allows for greater surreptitious surveillance of citizens with minimal government oversight or public awareness.<\/p>\n
At the state level, there is generally little legislation that exists with regard to cyberterrorism. Arkansas, Connecticut, Georgia, Illinois, Indiana, and West Virginia all have statutes that relate directly or indirectly to cyberterrorism (Brenner, 2011). For example, Arkansas recognizes an act of terror as any act or series of two or more acts that attempt to disable or destroy data, computers, or computer networks used by industry, government, or contractors. Connecticut more narrowly defines an act of \u201ccomputer crime furtherance of terrorist purposes\u201d as an attempt to use computer crimes in order to intimidate or coerce either the government or civilian populations. Georgia has criminalized the use of a computer in order to disseminate information related to terrorist activities (Brenner, 2011). The lack of state-based legislation may stem from the recognition that an act of terror, whether virtual or real, will more immediately fall under the investigative responsibility of the federal government. At the same time, the presence of such legislation suggests that these states are progressive in their thinking about these issues and may serve as models for other states across the country.<\/p>\n
Other nations have adopted similar language to that of the US PATRIOT Act, such as Canada\u2019s Anti-terrorism Act of 2001, which changed standards for the interception of domestic communications of all kinds (Brenner, 2011). For instance, this law allows the Communications Security Establishment of Canada (an analog to the NSA) to intercept communications that either begin or end in Canada and involve a foreign source. Prior to this law, any domestic information acquired in the process of an international intercept would have been destroyed or ignored. Although there has been substantive public debate surrounding the legitimacy of these new laws, the Canadian government has not moved to strike them down. Similar legislation in Australia and New Zealand has, however, been repealed due to the perception that they are too extreme and degrade public trust in government (Rid, 2013).<\/p>\n
Investigating and securing cyberspace from the threat of terror and war<\/p>\n
Over the past decade, governments around the world have been making strides to improve their nation\u2019s cybersecurity posture. In the USA, President Obama\u2019s Comprehensive National Cybersecurity Initiative (CNCI) was adopted in May 2009 in order to strengthen America\u2019s digital infrastructure (White House, 2011a). This involved three main goals to secure the USA from cyberthreats:<\/p>\n
Establish a front line of defense against immediate threats and a response capability through federal and local partnerships.<\/p>\n
Defend against the full spectrum of threats.<\/p>\n
Strengthen the future cybersecurity environment through education and research.<\/p>\n
This plan involved long-range strategic planning and development in order to effectively develop an integrated response to cyber-threats. To that end, the CNCI had to achieve 12 major initiatives over the following decade (White House, 2011a):<\/p>\n
Move towards managing a single federal enterprise network.<\/p>\n
Deploy intrinsic detection systems.<\/p>\n
Develop and deploy intrusion prevention tools.<\/p>\n
Review and potentially redirect research and funding.<\/p>\n
Connect current government cyber operations centers.<\/p>\n
Develop a government-wide cyber intelligence plan.<\/p>\n
Increase the security of classified networks.<\/p>\n
Expand cyber education.<\/p>\n
Define enduring leap-ahead technologies.<\/p>\n
Define enduring deterrent technologies and programs.<\/p>\n
Develop multi-pronged approaches to supply chain risk management.<\/p>\n
Define the role of cybersecurity in private sector domains.<\/p>\n
Some of these steps are more easily achieved than others (White House, 2011a). For instance, there is now a White House cybersecurity advisor who provides direct guidance to the President on cyber-threats and security issues. In addition, the government is developing an intrusion detection and prevention system referred to as \u201cEINSTEIN\u201d in order to help reduce the success of any attack against government systems.<\/p>\n
In addition, the National Security Agency (NSA) has begun to develop a massive data center in Utah in order to improve the cybersecurity response of the nation. This center, called the Community Comprehensive National Cybersecurity Initiative Data Center, is designed to process, aggregate, and verify threats across DoD and federal cyberspace (Fidel, 2011). As a result, there is some evidence that this plan is actually taking shape in the real world.<\/p>\n
The scope of NSA data collection was recently and dramatically brought to light by the whistle-blowing efforts of a former contractor named Edward Snowden. He revealed the existence of multiple programs designed to capture and mine sensitive data from various electronic data sources around the world, including the PRISM program (Gidda, 2013). The NSA implemented this program in 2007 to collect email and other electronic communications data of all sorts, and it was carried out through cooperative relationships with various technology companies, including Apple, Facebook, Google, Microsoft, and Skype (Gidda, 2013). In turn, this data could be mined and queried for intelligence-generation purposes to assess terror threats and networks of actors, as well as identify tactical and strategic information. News of this program drew tremendous outrage from various governments, particularly Germany and Brazil (Gidda, 2013). The United Kingdom, however, indicated that it received access to PRISM data and used this source in addition to its own surveillance and data-collection programs (Gidda, 2013). It is unclear how such data-collection programs will change or adapt with changing attitudes toward the Internet and data privacy generally, though it will continue to be a core issue for national security.<\/p>\n
The Federal Bureau of Investigation<\/p>\n
As noted earlier, the Federal Bureau of Investigation (FBI) plays a critical role in the investigation of both traditional crimes and cybercrimes. In fact, the investigation of terror attacks and foreign intelligence operations is among the top priorities of the Bureau. The National Security Branch (NSB) of the FBI is designated with the task of gathering intelligence and coordinating investigative efforts to disrupt terrorist groups and foreign intelligence groups (FBI, 2017). The NSB was established in 2005 as the result of a presidential directive to combine the mission and resources of the counterterrorism, counterintelligence, and intelligence mission of the Bureau under a single unit. This branch includes five components: (1) the FBI\u2019s National Joint Terrorism Task Force, which manages over 100 FBI Joint Terrorism Task Forces, shares intelligence, and works cooperatively on terrorism investigations; (2) the Counterintelligence Division deals with traditional and non-traditional espionage and intelligence gathering in the USA; (3) the Weapons of Mass Destruction Directorate (WMDD) designed to reduce the threat and proliferation of nuclear, biological, and chemical weapons; (4) the Terrorist Screening Center, which generates actionable intelligence for state and local law enforcement agencies and maintains the consolidated Terrorist Watchlist; and (5) the High-Value Detainee Interrogation Group that actively collects information from terror suspects in order to gain information to deter attacks against various targets (FBI, 2017). Thus, the NSB plays a critical role in both law enforcement, homeland security, as well as in the intelligence community generally.<\/p>\n
For information on the recent DOJ indictment of two Russian spies allegedly responsible for Yahoo hacks, go online to: www.cnn.com\/2017\/03\/14\/politics\/justice-yahoo-hack-russia\/index.html.<\/p>\n
The Department of Energy<\/p>\n
While most generally think of law enforcement agencies with regard to the investigation of crime and terror threats, other government agencies play an increasingly pertinent role in this space. For instance, the US Department of Energy (DOE) plays a critical role in the maintenance and protection of energy programs and production generally. As our energy infrastructure is becoming dependent on the Internet and computer technology for operation and management, the threat of external attacks and compromise has increased dramatically (Department of Energy, 2013). Thus the DOE operates the Office of Intelligence and Counterintelligence in order to generate intelligence on various threats to our energy infrastructure, as well as those of foreign governments and nations. In addition, the Office of the Chief Information Officer at the DOE supports various resources to communicate information on cybersecurity threats to national security in general (Department of Energy, 2013). They support computer security protocols for DOE employees and techniques to secure various resources from external threats.<\/p>\n
The DOE also operates an Incident Management Program, coordinated with US-CERT, to respond to various cyber-threats. This includes reporting incidents, generating security bulletins for vulnerabilities in various desktop and SCADA systems, as well as incident response management and tracking (Department of Energy, 2013).<\/p>\n
The Department of Homeland Security<\/p>\n
The Department of Homeland Security (DHS) is a cabinet-level department which consolidated various federal agencies under a single department heading. Created in 2001 following the September 11 attacks, the DHS handles civilian infrastructure and populations within the borders of the USA (DHS, 2016). Their mission includes a variety of agencies focused on traditional physical resources, such as Customs and Border Protection and finance through the Secret Service, though the cybersecurity role of the DHS has expanded over the past decade. In fact, the DHS now operates the Office of Cybersecurity and Communications, which plays multiple roles in coordinating cybersecurity strategies, along with communications in the event of major emergencies and disasters (DHS, 2016).<\/p>\n
One of the key components under this Office is the National Cyberse-curity and Communications Integration Center (NCCIC), which opened on October 30, 2009 (DHS, 2016). The NCCIC\u2019s mission is to minimize the likelihood of successful attacks against both critical information technology and communications networks. The NCCIC also serves to connect multiple government organizations together in order to protect computer systems and networked infrastructure in general. It also plays a role in linking the public and private sectors together in order to help promote information sharing and improve the state of cybersecurity through awareness of emerging threats.<\/p>\n
For more on the organizational structure of the US DHS, go online to: www.dhs.gov\/organizational-chart.<\/p>\n
The Center consists of four branches to secure all aspects of the nation\u2019s information technology infrastructure (DHS, 2016). The first is the US-Computer Emergency Readiness Team, or US-CERT, which serves as a response center and information clearinghouse for cyber-threats across the world (DHS, 2016). The CERT provides reporting mechanisms for vulnerabilities and threats to systems, as well as security tools to help patch and protect systems from attack (DHS, 2016). The CERT can also serve to analyze and track threats as they evolve for virtually any branch of government and civilian networks through the National Cybersecurity Protection System (NCPS) (DHS 2016).<\/p>\n
The NCCIC also houses the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which plays a similar function to the US-CERT, but focuses solely on control systems used in critical infrastructure and systems, such as water and energy providers. The ICS-CERT can also provide incident response operations to restore services and analyze attacks. They also serve as a key point of communication between the private and public sector to share information on control system-related threats (DHS, 2016).<\/p>\n
The National Coordinating Center for Communications (NCC) serves as the hub for any efforts to either restore or initiate telecommunications services and facilities on behalf of National Security and Emergency Preparedness. Finally, the NCCIC Operations and Integration branch (NO&I) serves as the hub for planning, coordinating, and integrating all capabilities across the NCCIC (DHS, 2016).<\/p>\n
Other nations use similar mechanisms to secure various infrastructures from cyber-threats. For instance, the Centre for the Protection of National Infrastructure (CPNI) in the UK exists to inform critical infrastructure owners of emerging threats and coordinate responses in the event of a compromise (CPNI, 2014). Similarly, Australia now has the Critical Infrastructure Center which was founded on January 23, 2017 to coordinate the response to threats to the nation and its territories against the various systems and networks (AGAGD, 2017).<\/p>\n
Cyberwar and response<\/p>\n
Although law enforcement has general oversight over cybercrimes and incidents of terror, the military has exclusive response to acts that may be defined as cyberwar, such as attempts to compromise DoD networks or those of related defense contractors. To that end, the Pentagon established the US Cyber Command (USCYBERCOM) in 2009 in order to manage the defense of US cyberspace and critical infrastructure against attacks (Andress and Winter-feld, 2011). The new Cyber Command is a sub-command of the United States Strategic Command (USSTRATCOM), which has responsibility over space, information operations, intelligence, nuclear arms, and combating weapons of mass destruction. This is sensible given the fact that cyberspace is an overarching environment that cuts across all branches of military service. This command focuses on DoD networks only, while all civilian aspects of cyberspace are managed by the Department of Homeland Security.<\/p>\n
In addition, the Department of Defense is now placing a specific emphasis on the need for careful responses to theft of data, destructive attacks to degrade network functionality, and denial-of-service attacks, due to the direct threat they pose to the communications capabilities of the nation, as well as the maintenance of secrecy and intellectual property (Department of Defense, 2011). In order to reduce the risks posed by malicious actors and attacks, the report calls for improved relationships with private industry in order to develop an improved total government response and an expanded workforce focusing on cybersecurity.<\/p>\n
In addition to the DoD, the NSA plays a critical role in the protection and investigation of attacks against sensitive military networks (NSA, 2013). The NSA serves as a key resource in both data encryption and protection of nearly all federal government computer networks. They also investigate attacks against computer networks from nation-state and non-nation-state actors alike (NSA, 2013). Finally, they play a critical role in intelligence gathering of foreign nations\u2019 cyber infrastructure in order to map vulnerabilities and develop offensive cyber strategies (see Box 10.10 for examples of tools developed by the NSA). The NSA combines agents with skills in computer science, engineering, mathematics, and linguistics in order to better investigate various issues related to cybersecurity threats. Similar agencies are present in various nations, such as Australia\u2019s Defence Signals Directorate (DSD), Canada\u2019s Communications Security Establishment (CSE), New Zealand\u2019s Government Communications Security Bureau (GCSB), and the UK\u2019s Government Communications Headquarters (GCHQ).<\/p>\n
Box 10.10 The tools created by the NSA for espionage and attack<\/p>\n
https:\/\/medium.com\/@botherder\/everything-we-know-of-nsa-and-five-eyes-malware-e8eac172d3b5#.cw0vpzc84.<\/p>\n
Everything we know of NSA and Five Eyes Malware<\/p>\n
After years of publications, and even a massive commercial speculation [.] it comes to no surprise that Western governments are also engaged in malware attacks. However, we still know very little on their capabilities and sophistication.<\/p>\n
This article provides an overview of all the malware and tools that were disclosed by Edward Snowden in the large dump of NSA documents he made available to reporters. This analysis details myriad programs used for both active surveillance and cyber-attacks. The scope of tools and the systems they compromise is extremely surprising and demonstrates the technical sophistication of some of the programs used to various ends in the wild.<\/p>\n
The development of USCYBERCOM emerged around the same time as those of other similar command infrastructures across the world. For instance, Australia established the Cyber Security Operations Centre (CSOC) in 2009 as a coordinated response to cyber-attacks against government systems. Canada, France, Japan, and the UK have established similar agencies in order to help defend against attacks. The Chinese government has established both offensive and defensive military organizations housed within so-called Information Warfare Militia Units, Technical Reconnaissance Bureaus (TRBs), and the General Staff Department (GSD; Andress and Winterfeld, 2011). At the same time, these forces may be augmented by the larger population of active hackers operating within the bounds of the nation with or without state sponsorship. The Russian government also has cyberwarfare capabilities which are housed within the Federal Security Service of the Russian Federation, the Federal Guard Service, and the General Staff (Andress and Winterfeld, 2011). Even North Korea has established units in order to support cyberwar, though the lack of information about the nation makes it difficult to assess their true functionality (Andress and Winterfeld, 2011). Incidents like the Sony Pictures Entertainment hack, if truly performed by North Korea, would suggest they have substantive capabilities that must not be taken lightly.<\/p>\n
Summary<\/p>\n
This chapter demonstrates the complex and very real threat posed by acts of online extremism and cyberterrorism, including the application of hacking techniques in furtherance of war between nation-states. These threats require a sophisticated response from law enforcement and military agencies alike in order to properly defend against attacks. At the same time, it may not be immediately clear when an attack is motivated by an extremist agenda or when it is simply criminal. Thus, the problem of cybercrime, hacktivism, and cyberterror will involve investigative resources and initiatives to determine the origins of an attack and the actors responsible. This issue will continue to evolve along with technology adoption and use across the globe. Hopefully, however, we will not experience an electronic Pearl Harbor incident in the years to come.<\/p>\n
Chapter 15<\/p>\n
The range of cybercrimes discussed throughout this book illustrates the complexity of these offenses and the unique ways in which technology is being used by criminals to hide themselves, make it easier to engage in crimes online and offline, and connect with others. Since technology is constantly changing, it is difficult to know when or how offenders will adopt a new mode of offending based on access to the Internet.<\/p>\n
This issue was exemplified on December 11, 2016, when John Rayne Rivello, using the twitter handle @jew_goldstein, sent an animated gif, or Graphic Interchange Format image, to journalist Kurt Eichenwald\u2019s twitter account (Kang, 2017). A gif is a series of images strung together to create a short animated scene, typically featuring cats, celebrities, or scenes from popular films. In this case, Rivello created a gif that acted as a strobe light to flash bright lights on and off in the hopes of causing Eichenwald, an epileptic, to have a seizure. In addition, the images contained the message \u201cyou deserve a seizure,\u201d suggesting the sender intended to cause Eichenwald harm (Kang, 2017).<\/p>\n
Rivello was angry at Eichenwald, a reporter for\u00a0Newsweek, for his critical stories detailing the potential criminal activities of Donald Trump throughout the presidential election. Eichenwald\u2019s work drew a great deal of fire from Trump supporters online who would frequently spam him with anti-Semitic messages and death threats. Rivello felt that Eichenwald deserved to be punished for his\u00a0comments and even texted friends saying, \u201cSpammed this [gif] at [Eichenwald] let\u2019s see if he dies\u201d (Kang, 2017).<\/p>\n
Upon seeing the gif, Eichenwald reported that he had an eight-minute seizure that caused him to lose control of his bodily functions and left him incapacitated for several days (Kang, 2017). Eichenwald\u2019s wife subsequently contacted police and the FBI to investigate the sender. The FBI\u2019s investigation subsequently led them to identify Rivello, despite his use of a disposable cell phone and twitter account with no identifying information. Rivello is currently charged with cyberstalking with the intent to kill or cause bodily harm, which is a rare set of charges to pursue with a cybercrime case. A grand jury in Texas hearing the case supported the notion that the gif constituted a deadly weapon in the course of the assault because it was clearly designed to affect Eichenwald\u2019s physical condition. Rivello is also being charged with committing a hate crime on the basis that he decided to attack Eichenwald on the basis of his religious identity.<\/p>\n
The use of an online image to cause real-world harm is rare, making this entire case relatively unprecedented. This case demonstrates the difficulty present in forecasting the future of cybercrime. There are a range of factors that will influence any trends in cybercrime, including the popularity of a given technology, the recognition among offenders of how to use these devices, and the ability of law enforcement to investigate these offenses. This chapter will attempt to consider all of these issues in order to provide some context for the future of cybercrime from the standpoint of offenses, researchers, and policing. We will also discuss the challenges inherent in legislating against cybercrimes in an increasingly borderless world.<\/p>\n
For more information on one of the first instances of individuals using the Internet as a means to cause physical harm to others in the real world, go online to:\u00a0www.news.com.au\/technology\/anonymous-attack-targets-epilepsy-sufferers\/news-story\/702ed0bbf0b49dd63aaee33f295ba1d4.<\/p>\n
Considering the future of cybercrime<\/p>\n
It is extremely difficult to forecast the future of cybercrime due to the inherent changes in technology use and implementation both nationally and internationally. As one type of product gains a large market share, hackers and\u00a0cybercriminals will find ways to exploit it to their advantage (see\u00a0Chapters 3\u00a0and\u00a04). This is particularly true of primary operating systems, as attacks affecting Linux and Mac users increased in 2016 (Symantec, 2016). In fact, a number of vulnerabilities and exploits were identified that directly affected iOS users in 2016, which is a reflection of the global popularity of iPhones, iPads, and other Apple products (Cunningham, 2016).<\/p>\n
The growth of tablets and smart phones has created a new and stable platform for hackers and malware writers to target, as is evident in the substantial number of malware infected apps available on both the Apple Apps store and Google Play. The Android application market is a somewhat greater target as it is largely unregulated and can easily serve as a vehicle to distribute malicious software under the guise of a legitimate application (see\u00a0Chapter 4\u00a0for details). However, McAfee (2016) identified over 37 million malware-installed applications across both Apple and Google\u2019s app stores during the last six months of 2015 alone. This trend will no doubt continue until such time as mobile phone users recognize the threat they face and take steps to secure their systems through antivirus software and regular updates (McAfee, 2016).<\/p>\n
The increased use of cloud storage, where files and documents are stored remotely on web servers that can be accessed via the Internet rather than stored on individual devices, also creates a novel attack point for hackers (Mulazzani, Schrittwieser, Leithner, Huber, and Weippl, 2011). Individuals and corporations are increasingly turning to\u00a0cloud storage\u00a0providers like Google and Dropbox to provide both easy remote access to files to enable working in groups from any location and simple backups for data in the event of loss. In fact, estimates suggest that Dropbox has over 500 million users around the world, making them one of the largest cloud storage providers to date (Hansen, 2017).<\/p>\n
While this sort of storage provides an invaluable mechanism to share files securely, individuals may place files that contain sensitive information on these servers, including personally identifiable information or intellectual property that could be stolen (Mulazzani\u00a0et al., 2011). In addition, there are multiple ways in which hackers could compromise user accounts to capture shared files, from stealing a username and password to more complex methods involving the use of tools to capture data while in transit (Mulazzani\u00a0et al., 2011). In fact, the use of iCloud to store photos and videos was what led hackers to target celebrity nude content leading to the Fappening, as discussed in\u00a0Chapter 7. Given the tremendous popularity of these services, it is likely that this will become a valuable resource for hackers to identify sensitive information and affect individuals and corporations worldwide.<\/p>\n
For more information on the ways in which cloud storage may be abused by cybercriminals, go online to:\u00a0www.technologyreview.com\/s\/518506\/dropbox-and-similar-services-can-sync-malware\/.<\/p>\n
An additional trend that is likely to occur is the use of ransomware, or malware that requires victims to actively pay fees in order to regain access to encrypted system files and data (see\u00a0Chapter 4\u00a0for details; also Ferguson, 2013). The cybersecurity vendor Symantec (2016) noted that ransomware attacks increased by 35 percent from 2014 to 2015 and began to target mobile devices, including smart phones, web servers, and the Mac and Linux operating systems for laptop and desktop PCs. This is likely due to the fact that attackers can readily profit from these types of attacks, and victims are highly likely to pay the ransom rather than allow their data to be lost forever. Thus, it is expected that ransomware-style attacks will continue to increase and evolve over the next few years (see\u00a0Box 15.1\u00a0for details on the evolving state of ransomware).<\/p>\n
Box 15.1 Understanding changes in ransomware<\/p>\n
www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/the-evolution-of-ransomware.pdf.<\/p>\n
Security response: the evolution of ransomware<\/p>\n
The modern-day ransomware has evolved considerably since its origins 26 years ago with the appearance of the AIDS trojan. The AIDS trojan was released into the unsuspecting world through snail mail using 51\/4 floppy disks in 1989.<\/p>\n
This article provides a detailed review of the evolution of ransomware from the first trojan malware in 1989 to the spread of various scareware programs in the mid-2000s, to present-day ransomware tools by the computer security vendor Symantec. It demonstrates the way in which ransomware developers target victims and prey upon unsuspecting or unsophisticated victims.<\/p>\n
It is also likely that person-based cybercrimes such as bullying and harassment will continue to increase over the next decade (see\u00a0Chapter 9). As digital natives continue to use various forms of social networking through mobile phones and tablets, the opportunities for individuals to be targeted by bullies and stalkers will increase. Applications such as Snapchat, Twitter, and Instagram allow anyone easily to post personal information about where they are, with whom they are hanging out, and preferences for activities. The ability to now live-stream video on Facebook and Instagram also enables individuals to share their experiences of bullying and abusing others with anyone online. As a result, individuals can now be easily singled out and embarrassed or shamed via social media in ways that may only be seen by their target or by a truly global audience. In fact, several high-profile incidents of harassment and bullying via social media occurred during 2016, ranging from a Playboy playmate body shaming an overweight woman on Instagram to the experiences of Kurt Eichenwald discussed above (see\u00a0Box 15.2\u00a0for an additional story of Leslie Jones\u2019s harassment). Thus, the evolving state of social media use will continue to create a problematic environment for person-based cybercrimes.<\/p>\n
Box 15.2 Examining the harassment experienced by Leslie Jones on Twitter<\/p>\n
www.nytimes.com\/2016\/07\/20\/movies\/leslie-jones-star-of-ghostbusters-becomes-a-target-of-online-trolls.html.<\/p>\n
Leslie Jones, star of Ghostbusters, becomes a target of online trolls<\/p>\n
\u201cOk I have been called Apes,\u201d she wrote on Twitter, \u201ceven got a pic with semen on my face. I\u2019m trying to figure out what human means. I\u2019m out.\u201d<\/p>\n
This article provides a harrowing look at the ways in which actress Leslie Jones was harassed in an organized fashion by a group of Twitter users led in part by Milo Yiannopoulous. They specifically targeted Jones for her race, appearance, and performance in the 2016 remake of the film\u00a0Ghostbusters. This incident demonstrates that no one is immune from online harassment and the ways in which social media enables access to virtually anyone from anywhere.<\/p>\n
How technicways will shift with new technologies<\/p>\n
As is evident throughout this book, human beings readily adapt their social habits and methods of engaging with the world to fit with available technologies. This process of behavioral changes based on technological changes is referred to as technicways, and can lead to large-scale institutional changes based on evolutions in behavior (see\u00a0Chapter 1; also Odum, 1937). For instance, individuals now use email and electronic communications to connect with others rather than traditional hand-delivered mail through a postal service. How technicways will continue to lead to behavioral change is not immediately apparent, though it will most likely stem from the success or failure of several new technologies that are becoming available to consumers over the next few years.<\/p>\n
For instance, there are a range of Internet-enabled\u00a0wearable devices\u00a0that have become popular which more completely integrate technology into our daily lives. In fact, it is estimated that there will be 780 million wearable devices in use by 2018 (Maddox, 2015). Devices like the FitBit, iWatch, Pebble, and various Samsung smart tools can be connected to mobile phones via bluetooth to capture data on daily eating habits, exercise, heart rate, and even sleep cycles. Information captured by these devices are presented to the user via applications that assess overall wellness, health information, and calorie intake in the hopes of providing behavioral management strategies for those looking to lose weight, track fitness, or generally feel better.<\/p>\n
The information collected by wearable devices may seem generally insignificant, as a person\u2019s daily caloric intake does not have the same immediate economic value as their credit or debit card information. When viewed in the aggregate, however, the data developed and stored by smart device programs can generate substantial granular details on a person\u2019s general level of health and lifestyle that may be monetized by companies and in turn by criminal organizations. For instance, Fitbits and other health-tracking wearable devices are being used by corporate health and wellness plans as a means to more effectively track and price company health insurance plans (Olson, 2012). The ability to directly capture behavioral patterns of employees can ensure that companies reduce health care plan costs by rewarding those who exercise and maintain better lifestyles with reduced cost coverage, or raising rates for those with poor health choices (Olson, 2012).<\/p>\n
The use of such data collection methods creates massive opportunities for data breaches affecting health-based application services (Collins, Sainato, and Khey, 2011). As noted in\u00a0Chapter 6, data breaches have become a common\u00a0problem leading to the loss of consumer financial information. It is likely only a matter of time before hackers begin to target the companies that store wearable device data in order to find ways to monetize their data for fraudulent purposes. In fact, a number of Fitbit user accounts were targeted by fraudsters who were able to take over the user accounts, and then fraudulently obtain replacement devices under the guise that they had been damaged (Krebs, 2016a).<\/p>\n
Although this is a relatively simple form of fraud with minimal impact upon user data, it is likely the first step in the larger process of monetization by cyber-criminals. The problems of account takeovers to data breaches are likely due to several issues in managing these devices. Specifically, many wearable devices have little to no security products to minimize the risk of loss, whether through password protection on the device, antivirus products, or solid encryption of communications between the device and the smart phones which manage the applications (Maddox, 2015). There is also a relative lack of transparency in the ways in which the data collected by companies may be kept private, or the extent to which the data may be resold to third parties (Maddox, 2015).<\/p>\n
For more on one of the first attacks targeting Fitbit users, go online to:\u00a0https:\/\/krebsonsecurity.com\/2016\/01\/account-takeovers-fueling-warranty-fraud\/.<\/p>\n
In much the same way, companies and utilities providers are encouraging consumers in the USA and the UK to adopt thermostats and home security systems that can be accessed and controlled via wireless Internet connections (Curtis, 2013). These devices allow consumers to easily manage their energy use and view goings-on in their home with great ease. Some of these devices can even be controlled through applications on smart phones or web browsers, creating what some refer to as the\u00a0Internet of Things (IoT), or all non-computing devices connected together via the Internet (Curtis, 2013).<\/p>\n
The convenience afforded by these technologies cannot be understated, though the implications they have for our personal security are significant. For instance, running an app on your phone that allows you to access and control home security settings in effect turns the device into a set of keys (Curtis, 2013). If you were to lose your phone, then an individual who picks it up may be able to remotely control the security of your home. Similarly, controlling the heating and cooling system of your home through a wireless device means\u00a0that hackers could potentially access these systems remotely. To that end, two white-hat hackers were able to implement a ransomware attack targeting a smart thermostat at the 2016 Defcon hacker conference. The malware was intended as a proof of concept to demonstrate the insecurity of these devices, but could just as likely have been implemented by a black-hat hacker in the wild.<\/p>\n
Even more concerning is the fact that many IoT devices like televisions, web cameras, and appliances do not have much by way of security features to protect them from compromise. While a smart TV may not contain much sensitive information about you, it is constantly online and connected to the Internet. As a result, it can be used as an attack platform by enterprising hackers whose misuse may never be noticed by the device owners. This was first observed in September 2016 when a massive DDoS attack was launched against security journalist Brian Krebs\u2019s website by IoT devices infected with a botnet malware variant called Mirai (Krebs, 2016b). This same form of malware was used in a DDoS attack targeting the service provider Dyn which supports the websites for GitHub, Twitter, Netflix, AirBnB, and many other major groups. The attack was successful enough to prevent many Internet users on the East Coast of the USA from being able to access various websites for several days (Newman, 2016). Thus, we should give careful consideration to the impact that our rather immediate adoption of technologies can have upon our lives before we take the equipment out of the box.<\/p>\n
For more on the threats to IoT devices, go online to:\u00a0https:\/\/iotsecurityfoundation.org\/the-iot-ransomware-threat-is-more-serious-thanyou-think\/.<\/p>\n
Social movements, technology, and social change<\/p>\n
While technology will no doubt force subtle shifts in patterns of human behavior, it will also be at the forefront of rapid social changes in political and government structures. The Internet and CMCs provide individuals with an outlet to express dissent with policies and practices of their own government or those of foreign nations (see\u00a0Chapter 10; also DiMaggio, Hargittai, Neuman, and Robinson, 2001; Van Laer, 2010). These technologies also allow nation-states\u2019 most vulnerable and critical systems to be attacked with greater secrecy and fewer resources than might otherwise be required offline (Brodscky and Radva-novsky, 2010). Now that attack techniques like Stuxnet have made cyber-attacks\u00a0against critical infrastructure a reality rather than a theoretical potential, we can expect this to become increasingly problematic.<\/p>\n
As discussed in\u00a0Chapters 3\u00a0and\u00a010, an increasing number of hackers target government and industry resources based on their individual political, nationalistic, and religious motives (Holt, 2009; Kilger, 2011). In fact, web defacements by politically motivated hacker groups are common following political events in the real world (Denning, 2010; Kilger, 2011; Woo, Kim, and Dominick, 2004). Denial-of-service attacks have also become a common tactic to disrupt the electronic resources of a nation-state when physical conflicts emerge, as evident in the Russia\u2013Estonia conflict. As a result, we can expect these sorts of attacks to increase over the next decade as more countries gain consistent Internet access and become technologically sophisticated (McAfee, 2016).<\/p>\n
At the same time, the proliferation of the Internet may play a vital role in transforming the nature of violent extremist activity in the real world. Since the Internet and social media have revolutionized access to extremist groups and messaging, it is possible for individuals to be exposed to radical messaging from anywhere at virtually any time. Acceptance of an ideology may no longer be dependent on intense or proximal real-world social relationships, but rather on the extent to which messaging connects with the individual. Some may refer to this process as \u201cself-radicalization,\u201d in that the individual comes to accept a radical ideology on the basis of exposure to extremist content online without the need for actual physical social engagements with those in the movement. Even if a person makes tangential ties on the basis of interactions via social media, email, or a forum, this sort of contact constitutes a social interaction within the context of a larger extremist or terrorist subculture.<\/p>\n
The problem of self-radicalization via the Internet was also evident in the mass shooting targeting patrons at the gay nightclub Pulse in Orlando, Florida on June 12, 2016. The shooter, Omar Mateen, killed 49 people and wounded 53 others, making it both the deadliest shooting by one person, and the most deadly attack against the gay community in US history (Wilber, 2016). Mateen had no immediate prior affiliation with any known terrorist group. He had, however, been placed on the FBI\u2019s Terrorist Screening Database due to threats of violence made toward co-workers as well as claims that he joined Hezbollah, while his family had ties to Al Qaeda (Goldman, 2016). A ten-month investigation by the FBI found no substantive evidence to support the fact that he was a threat, though it was determined that he knew an American Muslim who traveled to Syria and performed a suicide bombing in May 2014.<\/p>\n
When Omar Mateen attacked the Pulse club, he repeatedly made statements to victims, 911 operators, and an Orlando news station that he pledged allegiance to ISIL. He also made mention of the Boston Marathon bombers by name, as well as his acquaintance who engaged in the suicide attack in Syria. The lack of concrete support for these claims caused confusion among law enforcement and intelligence agencies. There is, however, limited evidence that he engaged with radical jihadist groups online through open web searches for Islamic State websites and content. Specifically, he was trying to find a speech made by the ISIS leader Abu Bar al-Baghdadi (Ross, Schwartz, Dukakis, and Ferran, 2016). He also actively sought out and watched videos uploaded by radical groups, including beheadings of various people (Goldman, 2016; Wilber, 2016).<\/p>\n
Mateen also made several posts on Facebook the same day that he engaged in the shooting. For instance, he wrote: \u201cYou kill innocent women and children by doing us airstrikes..now taste the Islamic state vengeance. [.] In the next few days you will see attacks from the Islamic State in the usa\u201d (Ross\u00a0et al., 2016). He also wrote, \u201cAmerica and Russia stop bombing the Islamic State\u201d as well as a statement pledging allegiance to the leader of ISIL: \u201cI pledge my alliance to abu bakr al Baghdadi [.] may Allah accept me. The real muslims will never accept the filthy ways of the west\u201d (Zimmerman, 2016). While these posts had been deleted, it appears that Mateen made some overt expressions of sympathy to Islamic terror group positions.<\/p>\n
As a result, he was exposed to radical messaging online which enabled him to self-radicalize. The connections made to the larger ISIL movement and subculture suggest that Mateen may be appropriately classified as a colleague rather than as a lone wolf. His online connections, no matter how brief, coupled with his lone involvement in the attack, suggest that the role of the Internet in potential real-world violence cannot be underestimated. Future study is needed to further understand the behavioral, psychological, and social factors that may spur self-radicalization so that we may better understand how terror and extremism will evolve as a result of technology.<\/p>\n
Need for new cyber criminological theories?<\/p>\n
Chapters 3\u00a0through\u00a010\u00a0illustrated the various ways in which technology has influenced the commission of many forms of crime. In most instances, \u201cnewer\u201d forms of crime were not born out of technology. Instead, criminals were able to use the Internet and various devices to commit traditional forms of crime and deviance in more effective and efficient ways. Thus, the notion that cybercrime\u00a0may be viewed as \u201cold wine in a new bottle\u201d (Grabosky, 2001: Wall, 1998; see also\u00a0Chapter 11, this volume) has strong merit. In fact, the current body of criminological research on cybercrime as discussed in\u00a0Chapter 11\u00a0demonstrates that traditional theories of offending apply well to cybercrimes that have substantively similar counterparts in the physical world, such as theft, harassment, bullying, and pornography. In addition, traditional criminological theories have provided considerable insight into somewhat more technical cybercrimes, such as unauthorized access to computer systems. For example, one of the strongest predictors of cybercrime offending is the same as that of traditional crime \u2013 associating with delinquent or criminal peers (Holt and Bossler, 2014, 2016). Having friends who engage in various forms of cybercrime increases the likelihood that the individual will engage in these same offenses as well. In addition, definitions (e.g., values, norms, statements, etc.) that support involvement in cybercrimes are also associated with an individual\u2019s willingness to engage in cybercrime, as is their acceptance of techniques of neutralization that justify offending behavior. In the social control literature, low self-control has been repeatedly found to be a substantive predictor of almost all types of crime, including various forms of cybercrime (Holt and Bossler, 2014, 2016).<\/p>\n
Given the support that these theories have in the larger literature, one of the most critical steps researchers can take to move the discipline forward is to elaborate on these existing theories. For instance, though it is clear that deviant peer relationships directly increase the risk of cybercrime offending, few have identified whether virtual peer networks or those in the real world have a greater impact on activity (Higgins, 2005; Holt, Burruss, and Bossler, 2010). It may be that having friends in the real world who engage in cybercrime is more pertinent to the introduction of these activities. A recent case study analysis performed by Leukfeldt and colleagues found that offline relationships were important in the formation of criminal networks to facilitate phishing and malware use (Leukfeldt, Kleemans, and Stol, 2017). Those who had access to online social networks of cybercriminals via forums, however, were more likely to engage in technical offenses with greater ease and efficiency. This analysis points to the need for additional studies using data from unique sources to better understand the intersections of virtual and real relationships in order to disentangle the relationship between peers and cybercrime generally.<\/p>\n
There is also a need for research considering how certain demographic factors affect the likelihood of engaging in or becoming a victim of cybercrime. In criminological research on real-world offenses, there is a significant relationship between living in poverty and the risk of offending and victimization (see\u00a0Bradshaw, Sawyer, and O\u2019Brennan, 2009; Bursik and Grasmick 1993). While technology use has become more ubiquitous, even for those living in low-income communities, it is possible that the degree to which individuals use these devices on a daily basis may significantly affect the risk of cybercrime victimization. Individuals living in poverty may generally have little disposable income for Internet connectivity or online shopping and may be less inclined to own their own computer. Instead, they may use computers in local libraries or other publicly accessible locations, which may reduce their risk of malware infections or computer hacking (Smith, 2013). The same individual may be more likely to use a mobile phone in order to access social media and email, which may increase their risk of cyberbullying and harassment (Smith, 2013).<\/p>\n
Recent research by Holt, Turner, and Exum (2014) found that in a large sample of North Carolina youth, those living in disorganized communities were more likely to experience verbal, physical, and cyberbullying victimization over and above individual characteristics like self-control. A recent study by Udris (2016) found that disorganization was unrelated to youth involvement in digital piracy downloading behaviors but was associated with a measure asking, \u201cDid you ever use your computer for \u2018hacking\u2019?\u201d This is a rather nebulous measure that does not provide sufficient detail to understand whether this includes password guessing or more serious criminal activities. Thus, further study is needed to understand the potential association between neighborhood conditions and the risk of both cybercrime offending and victimization.<\/p>\n
At the same time, this book has demonstrated that there is something unique about cybercrime offending that separates it from traditional crime. There are some instances of \u201cnew wine,\u201d such as malware creation, that have little connection to either the physical world or the second part of the analogy \u2013 the new bottle. In this case, examining the uniqueness of cybercrime may allow us to better understand these phenomena as well as provide brand new insights on traditional forms of crime. For instance, studies examining the prevalence of technically complex forms of cybercrime like malware creation are relatively rare among university student samples and generally find few behavioral correlates (e.g. Rogers, Smoak, and Liu, 2006; Skinner and Fream, 1997). More research is needed to identify not only the prevalence and activities of these technically sophisticated forms of malware writers and users, but also what behavioral or attitudinal drives make these criminals distinct from other criminals and their acts that require less knowledge or skill on the part of the offender.<\/p>\n
Considering that criminological theory development has slowed over the past few decades, discussions of new cyber-specific criminological theories may\u00a0be the catalyst that rejuvenates this field. For instance, the discussion of digital drift (Goldsmith and Brewer, 2015) presented in\u00a0Chapter 11\u00a0demonstrates that there may be utility in revisiting older criminological frameworks that recognize the unique nature of criminality. Individuals need not view themselves as criminals or delinquents in order to engage in such activities online; opportunities to offend are omnipresent, and it is up to the person to avoid offending. Although this framework has potential value, no empirical research to date has tested propositions of digital drift. Thus, more study is needed to understand its true capability. Taken as a whole, the future of cybercrime research is bright. The field will help elaborate complex associations that have been held in the traditional literature for decades while also providing new insights into the commission of crime \u2013 both traditional and cyber-related.<\/p>\n
Shifting enforcement strategies in the age of the Internet<\/p>\n
As noted throughout this text, law enforcement agencies across the world are engaged in the investigation of cybercrime. The capabilities of these agencies to investigate cybercrimes range greatly based on both the specific agency in question as well as the type of cybercrime being investigated. Governments have provided substantive resources to fund policing agencies to pursue child exploitation crimes and child pornography as individual units and in connection with one another (see\u00a0Chapter 8). Few mechanisms, however, exist to help connect the investigative capabilities of local, state, federal, and international agencies in their investigations of malicious software use and data theft.<\/p>\n
In order to move beyond the limits posed by limited inter-agency cooperation, some degree of innovation is required in order for police agencies to disrupt and deter some forms of cybercrime. One strategy which has promise at the local level involves collaboration between the public and police through the use of principles derived from community-oriented policing. Community policing has shaped modern police practices over the past 30 years through innovative programs that not only identify but address local problems through community-based partnerships (Skogan, 2006). The actual implementation of community policing varies from agency to agency, though there are three consistent components observed: (1) a responsibility shared by the community and police to address crime through non-arrest proactive strategies (Adams\u00a0et al\u00a0., 2002; Bayley, 1998; Mastrofski, Worden, and Snipes, 1995; Skogan, 2006; Sko-gan and Hartnett, 1997); (2) solutions to problems considered to be the greatest\u00a0concerns of the community (Miller, 1999); and (3) organizational changes which support partnerships in the public and private sector (Braga, 2008; McGarrell Chermak, Wilson, and Corsaro, 2006).<\/p>\n
A community-oriented policing program to deal with cybercrimes may be best designed around the use of an online strategy that can integrate the community in the spaces where they may observe offenses as they happen. Such an idea has been supported by academics (Brenner, 2008; Forss, 2010; Jones, 2007; Wall and Williams, 2007) and practitioners alike, including the International Association of Chiefs of Police (2009). Although there is no practical example of such a program to deal only with cybercrimes, there are several examples of agencies using social media platforms as a venue for the public to share information with the police regarding major crimes and for the police to share information back to the public on crimes or disorder issues as they happen (see\u00a0Box 15.3\u00a0for an example; also Heverin and Zach, 2010; Wang and Doong, 2010).<\/p>\n
Box 15.3 Understanding the Burgernet in the Netherlands<\/p>\n
www.cgi.com\/sites\/default\/files\/pdf\/Burgernet-gets-citizens-involvedpolice-work-Netherlands.pdf.<\/p>\n
Burgernet, Netherlands: Burgernet gets citizens involved in police work<\/p>\n
Burgernet participants receive a voice or a text message on their (mobile) telephone giving them a clear description of a specific person or vehicle and asking them to keep a look out. If a participating citizen sees the person or vehicle concerned, they call the free Burgernet number and are automatically put through to the control room.<\/p>\n
This article provides an important example of the Burgernet, an app-based mechanism for citizens and the police to share information and protect their community in real time. The benefits of this tool and its rollout across the Netherlands is described in this short research piece, and demonstrates how modern technologies may be leveraged to better engage in community policing.<\/p>\n
Using a similar structure to produce intelligence on cybercrimes could be extremely valuable, as citizens who want to participate could engage with law enforcement agencies at any time and in a medium that may be more accessible to young people and technologically-savvy Internet users (Brenner, 2008; Jones, 2007; Wall, 2001; Wall and Williams, 2007). In addition, online reporting mechanisms may allow individuals who may be engaged in deviant or criminal communities to anonymously report crimes they observe that may otherwise be unknown to police, particularly on proxy-supported networks like Tor that require technical proficiency to access (Wall, 2001, 2007; Wall and Williams, 2007).<\/p>\n
Box 15.4 Investigating Tor users<\/p>\n
www.techweekeurope.co.uk\/news\/tor-anonymisation-nccu-cyber-crime-129249\u00a0.<\/p>\n
New UK cyber police chief: we need skills to de-anonymize Tor crooks<\/p>\n
The National Cyber Crime Unit (NCCU), launched alongside the National Crime Agency earlier this week, has continued an ongoing project to break the anonymisation of Tor users where it believes illegal activity is taking place, NCCU chief Andy Archibald told\u00a0Tech-Week\u00a0this morning, during a discussion hosted by Symantec.<\/p>\n
This article provides an important example of the ways in which law enforcement agencies are attempting to diminish the available resources cybercriminals have at their disposal to hide their identity. The discussion also demonstrates the difficulty agencies have in terms of hiring the right people with the right skills to combat cybercrime.<\/p>\n
Law enforcement agencies have also taken steps to weaken the utility of anonymization tools like Tor that help shield the identity and location of computer users (Dredge, 2013). As noted in\u00a0Chapter 1, Tor is a widely popular and relatively secure service that individuals download and install on their system. Once downloaded and activated, Tor encrypts an individual\u2019s web traffic and routes it through a network of other Tor users\u2019 systems that is randomized, making it difficult to locate the actual source of any user\u2019s computer (Dredge, 2013).<\/p>\n
Because of the security that Tor affords, a wide range of cybercriminals use this service to conceal their activities, including child pornography trading, drug markets, and sensitive information exchanges. As a result, the FBI, NSA, and GCHQ in the UK have begun to develop rather sophisticated resources to help identify vulnerabilities in Tor\u2019s infrastructure that can give them information on individual users (see\u00a0Box 15.4\u00a0for details; also Brewster, 2013).<\/p>\n
The legality of these efforts has recently been challenged in the USA through a child pornography investigation of a website hosted on Tor called Playpen. The site began operating in August 2014 and allowed individuals to both upload and download images of child sexual exploitation (Krause, 2017). A foreign police agency contacted the FBI about the site, and was able to direct them to the location of the server hosting the site. Since the content was hosted on Tor, the FBI was not able to identify the location or identity of participants who were actively uploading and downloading content hosted by Playpen. As such, the FBI obtained a search warrant from a federal judge to actually take control of the site and the over 22,000 images of child pornography it hosted, in order to run it for 30 days on a government-controlled server (Krause, 2017).<\/p>\n
Once in control of the site, the FBI used what they called a\u00a0network investigative technique\u00a0(NIT) to compromise the browsers of individuals who visited the Playpen site and determine their real identity and location via IP address information (Farivar, 2017). This strategy enabled the FBI to bring child pornography charges against 180 people across the USA as part of what they dubbed Operation Pacifier. Several of the individuals charged accepted plea deals in order to minimize their sentences and quickly end their time in court, though one of the accused, Jay Michaud, challenged the government\u2019s case on the basis that their information was acquired illegally (Farivar, 2017). Michaud of Washington state claimed that the NIT employed was actually a form of malicious software that may not have been legal for the FBI to use. The district judge hearing the case ordered the government to hand over the details of the NIT so that attorneys could understand how their clients\u2019 information was obtained, and to what extent the tool may have acquired other data. The government felt they were unable to disclose the details of the NIT which are currently classified. As a result, they dropped all charges against Michaud in favor of retaining the possibility of prosecution at a time when the disclosure of the NIT will not affect their ability to use the technique (Farivar, 2017). Although this case is still ongoing, it points to the potential legal scrutiny that law enforcement techniques may face when attempting to subvert legal security tools for the purposes of engaging in criminal activities.<\/p>\n
Considering the future of forensics<\/p>\n
The globalization of technology has vastly changed the field of digital forensics. Traditional computer forensics focused only on dead-box forensics involving cases of inappropriate use policies or unauthorized computer access. Today, almost every criminal investigation will involve at least one form of digital evidence due to the increased use of technology in our daily lives; in addition, criminal cases are likely to involve more than one form of digital evidence (mobile phone, Internet browsing history; see\u00a0Chapter 12\u00a0for discussion). Approximately 47 percent of the world\u2019s population (7.3 billion) was using the Internet by the end of 2016 (International Telecommunication Union (ITU), 2016), which is up from 30 percent in 2010. However, there is still a disparity in that Internet penetration rates are only at 40 percent for developing countries and 15 percent for least developed countries compared to 81 percent for developed countries (ITU, 2016). Finally, the ITU (2016) report indicates that an estimated 95 percent of the global population are living in an area covered by a basic Gmobile cellular network.<\/p>\n
This continued increase in technology globalization guarantees that the criminal justice system (e.g., law enforcement, prosecutors, judges) will need to become more familiar with the basic, if not more advanced, forms of digital forensic investigation. In addition, the digital forensics investigator will need to sort through a variety of digital devices (e.g., IoT) as well as filter out irrelevant digital information from massive volumes of data (e.g., 10-TB hard drive). As a result, this will likely force changes in the ability of criminal justice personnel to become more adept at recognizing technological devices and their role in offending. In addition, this understanding of basic digital evidence collection will have to take place at crime scenes themselves to ensure a successful prosecution (see\u00a0Chapter 13\u00a0for discussion).<\/p>\n
The expansion of technology also has implications for the forensic sciences generally. For example, the National Research Council (NRC, 2009) issued a report on the status of forensic science in the USA that recognized the field of digital and multimedia analysis as a new subfield within the larger discipline of forensic science (NRC, 2009: 178\u2013185). Although the NRC acknowledged that the digital forensics discipline \u201chas undergone a rapid maturation process\u201d (2009: 181), the report noted that several challenges still remain if digital forensics is to be a rigorous, forensic science discipline: (1) lack of an agreed-upon certification program or list of qualifications for digital forensic examiners; (2) clarifying whether the examination of digital evidence is an investigative or\u00a0a forensic activity, and (3) wide variability in, and a degree of uncertainty about, the education, experience, and training of digital forensics professionals (p. 181). To that end, there are currently a number of professional certifications available, both vendor neutral (e.g., GIAC Certified Forensic Analyst) and vendor specific (i.e., tool specific, such as EnCase\u00ae Forensic Training Series; Ryan and Ryan, 2014). Unfortunately, there is no standardized list of certifications or qualifications required in the digital forensics discipline in order for one to be considered a digital forensics professional or expert.<\/p>\n
From this report, it is important to recognize that some progress has been made in the field of digital forensics. Researchers are working toward the development of a unifying professional code of ethics in digital forensics (Losavio, Seigfried-Spellar, and Sloan, 2016). By developing a professional code of ethics in digital forensics, researchers and practitioners hope to move the field of digital forensics to a unified profession (Seigfried-Spellar, Rogers, and Crimmins, 2017). Also in response to the NRC report, the Department of Justice and the National Institute of Standards and Technology (NIST) established the National Commission on Forensic Science (NIST, 2013) to strengthen and enhance the forensic sciences. Under the Forensic Science Standards Board, the National Commission on Forensic Science administered the Organization of Scientific Area Committees (OSAC), which includes the field of digital forensics. The OSAC Digital Evidence (DE) subcommittee is specifically made up of digital evidence, facial identification, speaker recognition, and video\/imaging technology and analysis. The OSAC-DE focuses specifically on the development of \u201cthe standards and guidelines related to information of probative value that is stored or transmitted in binary form\u201d (NIST, 2014).<\/p>\n
Overall, the future of digital forensics relies on the discipline\u2019s ability to conquer each of the concerns highlighted by the NRC. The discipline needs to establish a standard of accreditation for digital forensic laboratories as well as a standard for training and continued education for digital forensic examiners. In addition, the digital forensics community needs to create a standardized protocol for the process of conducting a digital forensics investigation that focuses on the forensic scientific method (Casey, 2011). By following a scientific method, the examiner is less likely to overlook potential digital evidence or report erroneous findings. According to Casey (2011), a protocol that focuses on the scientific method will encourage digital forensics examiners to follow procedures that are \u201cgenerally accepted, reliable, and repeatable\u201d as well as more likely to lead to \u201clogical, well-documented conclusions of high integrity\u201d (p. 224).<\/p>\n
The challenge to policy makers globally<\/p>\n
The trends identified in this chapter all demonstrate that technological innovations create myriad opportunities for crime and deviance. One of the most common ways in which policy makers, particularly in government and private industry, discuss how we may combat these problems is through the cultivation of better cyber-security principles that can be employed by the common person every day. Every time an individual uses their antivirus software or carefully reviews an email message before responding, they are taking basic steps to secure their computer or device from compromise. As digital natives age, their use of and appreciation for technology may provide them with an even greater degree of computer security awareness than that of the digital immigrants of older generations. This may create a slight improvement in the general security posture of society as a whole.<\/p>\n
Any benefits provided by improvements in security awareness, however, may be diminished by vulnerabilities and flaws in the computer systems and servers managed by ISPs and industry. When a new vulnerability in an otherwise secure product is identified and weaponized by hackers, this directly threatens the security of all computer users through no fault of their own. The resources owned and operated by private and public entities that have a responsibility to protect personal information and resources should be secured through the best practices available. There is no guarantee that such protection may matter when large-scale vulnerabilities are found that directly impact the security of sensitive information. For instance, researchers identified a way to attack an older application in the OpenSSL (Secure Socket Layer) library used to encrypt sensitive data as it moves between systems online in March 2016 (Higgins, 2016). The attack, called\u00a0DROWN, or\u00a0Decrypting RSA with Obsolete and Weakened eNcryption, uses an existing but obsolete protocol to break encryption and steal sensitive information from web browsers, email servers, and VPN sessions. More than 33 percent of all secured servers online were susceptible to the attack, though a patch was made available shortly after the public acknowledgment of this potential attack technique.<\/p>\n
For more information on the DROWN attack and its impact, go online to:\u00a0www.darkreading.com\/attacks-breaches\/ssl-drowns-in-yet-another-serious-security-flaw\/d\/d-id\/1324521.<\/p>\n
The DROWN incident clearly demonstrates that cyber-security extends beyond the individual and cannot be easily guaranteed. While nothing can ever be guaranteed to be \u201chack proof,\u201d if developers are careful to identify as many bugs and flaws as possible during the design phase, it may help minimize the likelihood of attacks once a product is available on the open market. Such a model is not currently in use among software and hardware developers, as it is viewed as too prohibitive and costly. Instead, vulnerabilities are often identified and patched once the product is adopted and in use in the field.<\/p>\n
As a result, some government agencies have begun to push for standards of cyber-security that promote the development of products that are more secure by design. For instance, the ISA Security Compliance Institute (ISCI) in the USA has developed multiple testing and compliance specifications, along with a certification program for SCADA system hardware and software, which are used in various critical infrastructure (Andress and Winterfeld, 2013). By emphasizing and establishing basic guidelines, the hope is that these systems may be both hardened against attacks and better designed generally. Similar entities exist throughout North and South America, Europe, and the UK to promote more secure products and create a degree of compliance that may be enforced by industrial regulatory bodies (Andress and Winterfeld, 2013). Although these entities cannot guarantee that a product will be completely hardened to compromise, the creation of standards and guidelines provides a measurable standard that can be considered by regulators and policy makers when attempting to improve cyber-security practices among private industry.<\/p>\n
In addition to the development of regulatory and industrial standards, lawmakers must create legislation that is both broad and flexible enough to be applied to a range of technological misuse while at the same time having substantive legal sanctions to deter individual offenders. Such a task is extremely difficult, as there is no way to know how a new device or application will be adopted by offenders for nefarious purposes. For example, the failure to successfully prosecute Lori Drew for misuse of the website MySpace under the CFA laws (Chapter 9) suggests that there is a potential need to develop legislation against extreme outcomes resulting from cyberbullying. At the same time, legislative overreach can have negative outcomes as well. This is exemplified in the ongoing legal challenges to the FBI\u2019s strategies to investigate Tor, as outlined on page 639. The use of exploitive malware by law enforcement to capture data that could be used against any citizen may be excessive and violate individual rights to privacy. Thus, legislators and law enforcement agencies alike must walk a fine line when developing new methods to prosecute or pursue cybercriminals.<\/p>\n
At the global level, there is also a need for improved international mechanisms to help combat serious financial and hacking-related cybercrimes. As noted in\u00a0Chapter 8, there are a number of working groups that exist to coordinate transnational responses to child exploitation crimes. There are few similar entities to pursue hacking and fraud-related crimes, making it difficult to effectively sanction and deter offenders. In fact, the lack of resources may account for the continuing number of mass data breaches that also foster the global market for stolen data (Peretti, 2009).<\/p>\n
One way to expand the response to cybercrime is through the integration of corporations and private industry that either own or control sensitive systems and networks (Wall, 2007). In fact, corporations like Microsoft have formed working groups to combat cybercrimes through the creation of their\u00a0Digital Crimes Unit\u00a0(Adhikari, 2013). This unit recently worked with law enforcement agencies in the USA and Europe to track the addresses of computers infected with the ZeroAccess botnet malware and push security updates to those systems to disrupt the size of the network. This effort was combined with a civil lawsuit filed by Microsoft against the botnet operator, which was eventually dropped after the company was able to work with law enforcement to directly identify infected systems. Such a strategy is interesting, as it means that victim systems can be cleaned and repaired without the need to directly arrest the botnet operator. At the same time, this technique actually harmed legitimate computer users whose systems were not infected but were associated with the infected nodes (Adhikari, 2013). In addition, there are substantive questions concerning the impact of corporate entities playing a major role in the investigation of cyber-crimes and how this may diminish the perceived ability of law enforcement.<\/p>\n
For more on the Microsoft Digital Crimes Unit, go online to:\u00a0http:\/\/blogs.microsoft.com\/blog\/2013\/12\/19\/zeroaccess-criminals-wave-white-flag-the-impact-of-partnerships-on-cybercrime\/.<\/p>\n
An additional strategy that some have proposed to aid in the investigation and prosecution of cybercrimes internationally is to develop an\u00a0international criminal tribunal\u00a0for cyberspace that can sanction offenders (Schjolberg, 2012). The formation of a truly international court that would represent the victim nations could be a valuable tool to pursue cases where multiple nations were affected by a group of actors. There is also a precedent for the use of tribunals\u00a0at the international level, such as the International Criminal Court, to provide a venue for prosecution (Schjolberg, 2012). There are substantive concerns among nations that such a strategy could both hinder the investigation of cybercrimes and obviate justice mechanisms within their own nations. Furthermore, there is a high probability that not all nations would be willing to participate in a tribunal owing to the perceived legitimacy of such a body. Thus, it is not clear if such a strategy can ever truly be implemented in the real world.<\/p>\n
Summary<\/p>\n
Computers and the Internet have radically changed how we communicate, engage in business, and interact with the larger world, in a very short space of time. The benefits of these technologies are substantial, though they also create a range of threats to personal safety and national security. As a result, we have to continuously identify these threats and the ways in which technologies are being abused by offenders to facilitate criminal behaviors. Only then can we improve our understanding of the influence of technology on the nature of crime and deviance in the twenty-first century and better protect ourselves.<\/p>\n
Key terms<\/p>\n
Cloud storage<\/p>\n
DROWN or Decrypting RSA with Obsolete and Weakened eNcryption<\/p>\n
International Criminal Tribunal<\/p>\n
Internet of Things<\/p>\n
Microsoft Digital Crimes Unit<\/p>\n
Network Investigative Technique (NIT)<\/p>\n
Self-radicalization<\/p>\n
The Onion Router (Tor)<\/p>\n
Wearable devices<\/p>\n
Discussion questions<\/p>\n
Can you think of any distinct technologies you use that could be exploited by hackers? In what way could they be harmed? What information could be gathered from their compromise?<\/p>\n
How could innovations like unmanned aerial vehicles (UAVs) or drones be used by cybercriminals to effectively collect information or offend? How could law enforcement agencies around the world use these devices to disrupt cybercriminals generally?<\/p>\n
Based on everything you have read throughout this book, what do you think the future of cybercrime offending and offenders will look like?<\/p>\n
What other solutions can you think of to better prepare law enforcement to investigate cybercrimes? How can we improve the overall response?<\/p>\n
References<\/p>\n
Adams, R. E., Rohe, W. M., and Arcury, T. A. (2002). Implementing community-oriented policing: Organizing change and street officer attitudes.\u00a0Crime and Delinquency, 48, 399\u2013430.<\/p>\n
Adhikari, R. (2013). Microsoft\u2019s zeroAccess botnet takedown no \u201cmission accomplished.\u201d\u00a0TechNewsWorld, December 9, 2013. Available at:\u00a0www.technewsworld.com\/story\/79586.html.<\/p>\n
Andress, J., and Winterfeld, S. (2013).\u00a0Cyber Warfare: Techniques, Tactics, and Tools for Security Practitioners\u00a0(2nd edn). Waltham MA: Syngress.<\/p>\n
Bayley, D. H. (1998).\u00a0What Works in Policing.\u00a0New York: Oxford University Press.<\/p>\n
Bradshaw, C. P., Sawyer, A. L., and O\u2019Brennan, L. M. (2009). A social disorganization perspective on bullying-related attitudes and behaviors: The influence of school context.\u00a0American Journal of Community Psychology,\u00a043, 204\u2013220.<\/p>\n
Braga A. A. (2008). Pulling levers focused deterrence strategies and the prevention of gun homicide.\u00a0Journal of Criminal Justice, 36, 332\u2013343.<\/p>\n
Brenner, S. W. (2008).\u00a0Cyberthreats: The Emerging Fault Lines of the Nation State.\u00a0New York: Oxford University Press.<\/p>\n
Brewster, T. (2013). New UK Cyber Police Chief: We need skills to de-anonymise Tor crooks.\u00a0Tech Week Europe, October 10, 2013. Available at:\u00a0www.techweekeurope.co.uk\/news\/tor-anonymisation-nccu-cyber-crime-129249.<\/p>\n
Brodscky, J., and Radvanovsky, R. (2010). Control systems security. In T. J. Holt and B. Schell (eds),\u00a0Corporate Hacking and Technology-driven Crime: Social Dynamics and Implications\u00a0(pp. 187\u2013204). Hershey, PA: IGI-Global.<\/p>\n
Bursik, R. J., and Grasmick, H. G. (1993).\u00a0Neighborhoods and Crime: The Dimensions of Effective Community Control.\u00a0New York: Macmillan.<\/p>\n
Casey, E. (2011).\u00a0Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet\u00a0(3rd edn). Waltham, MA: Academic Press.<\/p>\n
Collins, J. D., Sainato, V. A., and Khey, D. N. (2011). Organizational data breaches 2005\u20132010: Applying SCP to the healthcare and education sectors.\u00a0International Journal of Cyber Criminology, 5(1), 794\u2013810.<\/p>\n
Cunningham, A. (2016). Apple releases iOS 9.3.5 to fix 3 zero-day vulnerabilities.\u00a0Ars Technica, August 25, 2016. Available at: https:\/\/arstechnica. com\/apple\/2016\/08\/apple-releases-ios-9-3-5-with-an-important-security-update\/.<\/p>\n
Curtis, S. (2013). Home invasion 2.0: How criminals could hack your house.\u00a0Telegraph, August 2, 2013. Available at:\u00a0www.telegraph.co.uk\/technology\/internet-security\/10218824\/Home-invasion-2.0-how-criminals-could-hack-your-house.html.<\/p>\n
Denning, D. E. (2010). Cyber-conflict as an emergent social problem. In T. J. Holt and B. Schell (eds),\u00a0Corporate Hacking and Technology-driven Crime: Social Dynamics and Implications\u00a0(pp. 170\u2013186). Hershey, PA: IGI-Global.<\/p>\n
DiMaggio, P., Hargittai, E., Neuman, W. R., and Robinson, J. P. (2001). Social implications of the Internet.\u00a0Annual Review of Sociology,\u00a027, 307\u2013336.<\/p>\n","protected":false},"excerpt":{"rendered":"
Chapter 10 Terror attacks have been a substantial problem around the world, driven in large part by regional interests and issues. For instance, members of various Irish Republican Army (IRA) groups engaged in terror attacks against English targets from the mid-1970s through the early 2000s. Similarly, domestic extremist groups within the USA have engaged in […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[10],"class_list":["post-80452","post","type-post","status-publish","format-standard","hentry","category-research-paper-writing","tag-writing"],"_links":{"self":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/80452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/comments?post=80452"}],"version-history":[{"count":0,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/80452\/revisions"}],"wp:attachment":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/media?parent=80452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/categories?post=80452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/tags?post=80452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}