Threats on Internet
There are many types of threats information systems face today. Accidents, software errors, hardware failures, or environmental influences such as fire may affect business’ operation. Each of these threats require proper planning and range of activity to resolve.
Perpetrator of criminal threats often take control of communication systems. Malicious threats can also be internal or external to organization. Activity may be from an individual, loosely it group, organized criminal elements, Corporations, or governments. While motive and criminal threats is important in evaluating risk, any attack against information and Infrastructure of business can cause severe disruption and may result in loss of funds, productivity, market share, or reputation.
Criminal activity against information systems is growing. This increase is partly due to:
- Traditional business are increasingly moving to computer- based operations.
- General knowledge of basic computer concepts and possibilities for exploitation are becoming pervasive within public.
- Increased connectivity and ineffective security controls allow greater access to information and services while providing anonymity.
- Some elements of stereotype amateur “hacker” are evolving into more criminally motivated activities.
Almost every type of crime in physical world has or probably soon will have an online, computer-based counterpart. In fact, networks become another tool which often become easier criminal targets. With this said, there are several fundamental criteria for most profit motivated criminals to use information systems.
Information systems provide low level of authentication and therefore higher degree anonymity. This lessens chance of arrest in some cases, even though the crime is detected.
Today, criminal activity against information systems can be categorized as follows :
- Low-Level Intruders –
This group images up a subset of stereotypical “hacker”. These individuals may evolve from online trespass and vandalism to more criminal activity such as theft of information, extortion, and credit card fraud. In addition, this group has a pool of potential resources for more conditional criminal elements to exploit either directly or indirectly.
For example, in 1995, loosely knit group of low-level “hackers” was arrested for using computer systems to steal credit card numbers. These numbers were sold to European-based organized crime groups for telecommunication fraud.
- For-Profit Fraud –
Online activity of this group is highly variable and may include scams, extortion, deceptive advertising. theft, securities fraud or illegal fund transfers. Many of these cases are classified as computer assisted crimes. In other words, information systems are used as tool, not target.
For example, document fraud was involved in multi-million dollar case involving theft from a pair of California banks last year using desktop publishing software and equipment to create false payroll checks.
- Organized Crime –
Many elements of organized crime are recognizing that they need to understand and use information systems to maintain their traditional level of influence and revenue. Motivation for organized crime to become involved in high technology information systems goes beyond simple fraud and extortion to include surveillance of law enforcement, money laundering, and secure and anonymous communication.
- Fringe Groups – Political, Religious, and Anarchists –
Although this group rarely has fraudulent motives, there has been an increased use of information systems by some groups to further their agendas. Most of the attacks in this arena are in either theft of information or denial of service attacks.
A recent example was the attempt by German Chaos Computer Club to disrupt French telecommunications and Internet infrastructures to protest against French Nuclear Testing.
- Industrial Espionage and Sabotage –
Because few companies report cases of industrial espionage, accurate statistics are difficult to produce.
- International Espionage and Information Warfare –
Several well documented cases have come to light of national intelligence agencies gathering economic information to assist their nation’s businesses in competitive situations. Some of methods for gathering this information have extended into attempts to access information and communication systems.
- Terrorism –
Several indicators have been discovered that traditional terrorist organizations are viewing information systems as both potential tools and targets. In particular, ability to gather targeting information from credit records, financial institutions and healthcare providers appears to be an increasing threat recently demonstrated by IRA.