Computer Crime Research Center

staff/gva2.jpg

Problems of counteraction to cybercrime and cyberterrorism in Ukraine

Date: January 02, 2005
Source: Computer Crime Research Center
By: Vladimir Golubev

... Exchange and governmental sites.

In North Korea's mountainous Hyungsan region, a military academy specializing in electronic warfare has been churning out 100 cybersoldiers every year for nearly two decades. Graduates of the elite hacking program at Mirim College are skilled in everything from writing computer viruses to penetrating network defences and programming weapon guidance systems. Yet Pentagon and State Department officials say they are unable to confirm South Korea's claims that Mirim or any other North Korean hacker academy even exists. And some US defence experts accuse South Korea of hyping the cyber threat posed by its northern neighbour, which they claim is incapable of seriously disrupting the US military. Representatives of South Korea's National Intelligence Service, as well as its Institute for Defence Analyses and Information Security Agency, did not respond to requests for more information about Mirim College or North Korea's information warfare capability. In its 2000 annual report, South Korea's Ministry of National Defence said a 5 per-cent budget increase was allocated mainly for projects such as "the buildup of the core capability needed for coping with advanced scientific and information warfare." The report also revealed that South Korea's military has 177 "computer training facilities" and had trained more than 200,000 "information technicians." Meanwhile, in North Korea the lack of basic necessities, such as a reliable electrical grid, presents huge obstacles to the creation of information-technology infrastructure, according to Peter Hayes, executive director of the Nautilus Institute, who published a recent study of North Korea's information technologies aspirations.

Arabian Electronic Jihad Team (AEJT) declared its existence in the beginning of year 2003 and their goal to conquer the Internet. They said they would destroy all Israeli and American web sites and also all other “improper” sites.

More and more often hackers choose computer systems of governmental institutions (Pentagon above all) and NASA. Many cases like that became public, for example, in 1990 a group of hackers attacked government sites in the United States, United Kingdom, and Australia over the weekend, according to Attrition.org, a Web site that monitors hacking attacks.
The attack was one of the largest, most systematic defacements of worldwide government servers on the Web, Attrition.org said on its site. A number of U.S. governmental and military Web sites, including those of the Army, the Navy, and the Air Force; the National Institute of Health; the Department of Treasury; the US court system; the National Aeronautic and Space Administration (NASA); and the Department of Energy, have all previously fallen victims to hackers claiming to represent the same group.
Events that happened in Ukraine in January 2002 can be an example of cyberterrorism.

In order to get one million of Ukrainian hryvnas (about $185-190 thousand) unknown people phoned the director of Odessa Airport, Ukraine and informed that they have placed an explosive device on board of a plane bound for Vienna and also they blew up a bomb in the building opposite to the airport building to confirm the severity of their intentions.

Security Service of Ukraine and Air Security Office were informed of the accident right away. Criminals placed on the Internet detailed instructions for their requirements. The main demand was one million of Ukrainian hryvnas. Criminals planned to use Privatbank's system of the Internet payments "Privat-24" to get the money. One of the advantages for criminals in that case was that this system allowed creating an account and controlling it anonymously with only login and password. Therefore they used information technologies to secure anonymous and remote notification of threats and getting money.

Besides typical operational measures taken there was a need to operationally establish data on technical information in computer networks as criminals used the Internet at all stages of their criminal offence. Security Service decided to engage experts of a unit aimed at fighting crimes in the sphere of high technologies at the Ministry of Internal Affairs, they were committed to establish people that sent e-mails with threats and the initiators of bank payments.

Response of the ISP, the Internet services of which were used by criminals to send e-mails with threats helped to determine phone numbers and addresses related to criminals, and also allowed to get definite evidential information stored in log data bases of Internet Service Providers and Privatbank.

Logs allowed finding out Internet protocol (IP) addresses of computers, e-mails and phones that helped to review concrete computers at the scenes.

The chronicle of events evidences that timely and qualified aid, provided by the unit aimed at fighting crimes in the sphere of high technologies at the Ministry of Internal Affairs in January 2002, to officers of departments fighting terrorist and protecting state organization at Security Service allowed to reveal a criminal group, to prevent their criminal activity, and thus cyber terrorists got due.

Present-day hackers are different from hackers of the 90’s, those were harmless wags-hooligans (such type of hacking is known as “look-see”, i.e. contemplative, passive hacking). Now they more and more attack on governmental computer networks. According to mi2g, a London-based computer security company, there has been a huge growth in electronic crimes noticed since 2003, therein, besides purely criminal cases, their reports showed a several times increase in activity of extremist groups.

Researches conducted by the Computer Crime Research Centre in September 2004 shows that personality traits of a person and environment in its interaction successively define motivation of decision-making about criminal activity in computer technologies sphere. Motivation includes a process of emergence, forming of reason and purpose for criminal conduct. Having generalized the experience it is necessary to outline the following :

in 36 per-cent of cases computer crimes are committed by women, in 64 per-cent by men;
people that committed computer crimes aged between 16 and 57 years old;
By social status, computer criminals are:
6 per-cent school students;
6 per-cent high school students;
6 per-cent high school employees;
18 per-cent bank employees;
12 per-cent programmers.

Many people including high-skilled experts and amateurs are involved in computer crimes. Criminals have different social status and education level. They can be divided into two big groups:

- people that have business and working relations with victims.
- people that do not have any business relations with a victims.

Officials abusing their official position are referred to the first group. They are clerks, security officers, inspecting officials, persons dealing with organizational questions and engineering-technical staff. According to our research, a part of programmers, engineers, operators and other organization officials obtaining access without right to computer systems made up 42,3 per-cent. In 18,1 per-cent of cases other officials committed such crimes, 8,6 per-cent cases showed that former employees committed computer crimes. Service staff of other organizations engaged in service of computer systems also represents a potential threat.

People possess considerable knowledge in the field of computer technologies and being mostly guided by mercenary motives are referred to the second group. This group also includes experts-professionals considering security of computer systems as a challenge to their professional skills. Some of them gradually begin to enjoy such activities and conclude that it is possible to combine material and intellectual incentives.

All computer criminals can be divided into the following separate groups by purposes and spheres of their activities:

hackers-researchers – a small, but the most educated and talented part of the computer underground, the main occupation of them is examining of various software for vulnerabilities, that will allow a potential hacker some kind of attack, they improve operation of computer systems, networks, enhancing its efficiency ;
pure hackers – a sufficient part of the computer underground involved in “pure hack”. Pure hack, from computer lingo, is a hacking, intrusion when information on some carriers is not erased, the system continues to work without decrease in efficiency, after intrusion the hacker informs people who are responsible for security of this system about his intrusion, way of intrusion and describes it in details.
hackers-vandals – people that plan and perform intrusion in computer systems for some reasons and with a deliberate purpose to damage these systems, this group of hackers uses a great number of possible attacks, but still there are no mercenary intentions;
crackers – people who conduct “commercial” hack of computer systems and networks for mercenary purposes;
computer pirates – people, often groups of people, who specialize on cracking software with the purpose to sell it in future, almost always they act in groups;
cyberterrorists – a new category of computer underground related to phenomenon of virtual terror. Virtual terror during Palestine-Israeli conflict in the 1990s was one of the first clear manifestations of cyberterrorists, here we deal with people who deliberately try to cause harm to a state or some group of people from considerations of ideology...


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo