Timothy Gutmann

Ingram
UWRT-1102
16 Mar 2015

Traditional Research Paper

In the past decade cyber-crime has become an increasing problem due to the
exponential growth of technology year over year, combined with the relatively
cheap cost of producing and procuring such. The financial impact of this problem to
consumers is roughly 113 billion dollars, and cost the corporate sector even more.
Up until recently we have generally put the liability of this squarely on the shoulders
of individual people for if their information is stolen or compromised. Is it feasible
though to provide themselves with adequate protection in terms of time, money and
accessibility? The current law puts the perpetrator as the sole person responsible
for the crime, and any damages caused due to their unlawful act. More times than
not though financial assets are rendered as unrecoverable, and any additional
damages are unable to be reversed. In addition to this the culture surrounding this
problem has become more that of a reactive response to this problem rather than a
proactive one. This is a serious problem because the impact of a cyber-attack can
range anywhere from stealing your personal information from on-line, all the way to
shutting down our power infrastructure. This is why there must be a shift in how we
view and protect from cyber-crime, in addition to some changes in current
legislation surrounding this.
The first part to understanding the problem is actually understanding how a
device communicates on the internet, and what cyber-crime actually is. So focusing
on that first part, when you connect a device to the internet it assigned what is

called an IP address. The IP address is like a mailing address for your computer, and
determines how your internet service provider (i.e. Time warner) routes data
through there servers to your computer based on geographic location. When your
computer sends information to another device it is done by breaking that data into
small segments called packets. This process is similar to how computers
communicate on private networks and can be in succession to after information
travels through the internet to a private network. Now that the basics of how a
computer communicates have been established, we need to define cyber-crime.
Section 1030 in chapter 47 of title 18 of the U.S. Code defines cyber-crime as
intentionally accesses a computer without authorization or exceeds authorized
access and thereby obtains information from any protected computer or
knowingly causes the transmission of a program, information, code, or command,
and as a result of such conduct, intentionally causes damage without authorization,
to a protected computer (U.S. Code Section 1030 Ch. 47 Title 18). What I have
quote from the U.S. Code is the coverall clause of the legislation that would
adequately cover everything that comes prior to those clauses. So what cyber
criminals do is use the data stream that your computer creates with other servers to
alter those packets of information to gain access to or recover information from
those packets of information. In addition software can be transferred to your device
via a download which secretly uses that data stream to transfer information to the
attacker. There are many methods in which this process can be accomplished,
success of the attack though is dependent on the vulnerability of the end users
system.
The motivation of the offender plays a strong role in the target of the attack,
as well as the level of attacked being used against the selected target. Generally

this divides hackers up into a few different groups based on these motivations for
performing such actions. This is important to understand, because understanding
why hackers do what they do helps us predict different aspects of an attack. One
such group is called hacktivists, which are groups with decentralized leadership that
try to change policy or bring moral wrongdoings of companies, individuals and
governments to light. This is the group with the least amount of malicious
intentions, and attempt to disrupt more than destroy or steal. Their actions closely
parallel to physical forms of protest, a group may send millions of page requests to
a website causing it to go down. This is very similar to an old fashioned sit in, in
which it disrupts the ability of the business to operate under normal conditions. One
such group is the infamous group called Anonymous, they have done everything
from helping the U.S. government attack terrorists to making the government
accountable for its own actions.
The second group of hackers are known as your actual cyber criminals who
have complete malicious intentions. They normally work on their own or with
traditional types of criminal organizations with their main motivation clearly being
to obtain money. This can be done through a variety of means whether it be
obtaining personal/corporate information and selling it on the internet, breaching
financial institutions or just general identity theft through various means. This
group targets roughly 554 million people per year, while accounting for
approximately 100 billion dollars in damages per year. Over fifty percent of these
attacks are accomplished while using malicious programs such as worms, trojans
and viruses. About thirty percent more were accomplished via deceptive methods,
and the rest were accomplished through physical means. This specific group
depending on an individuals experience can be moderately difficult to protect

against for most individuals. As most basic protection methods arent readily taught
or can become increasingly expensive for a single individual. In addition, there are
most of these attackers work alone, which in turn makes it more difficult for our
crime divisions to keep track of all offenses. Some of the most notorious cyber
criminals include Kevin Mitnick, Adrian Lamo, Jonathan James and Kevin Poulsen. All
of which caused considerable damage to government, corporate and individual
sectors.
The final type of hacker is whats called state sponsored attackers. This
specific group generally is directly part of a foreign countrys government, or is a
third party entity thats directly financed by a specific country. This specific group
poses the greatest and most direct threat to us, because governments are easily
able fund such actions, which allow for more complex attacks.