Sunday, December 9, 2012

CyberEspionage Threat

China is the biggest espionage threat. Innovation is "key to American competitiveness" and economic success (Collins). New inventions are the key to maintaining the United States' present in the manufacturing game. China's ability to compromise our new inventions is threatening to our manufacturing, national security and the security of our economy. In 20 years the FBI has had a total of four investigations dedicated to Chinese espionage and only one was successful. 'According to Nicholas Eftimiades author of the book "Chinese Intelligence Operations," Chinese espionage is focused on the theft of American technology" (Collins). According to the U.S. Army War College, China has gathered information on electronic warfare systems, navy propulsion systems, stealth technology, and nuclear weapons through espionage. For example, China stole technology for silent submarines from the United States Navy (Brenner 3). The U.S. invested five billion dollars to create this technology, and Chinese hackers stole this critical information for free. The U.S. lacks the money to devlelop a weapon, necessary to maintain a military edge over other countries, and then lose the secret formula rendering the technology antiquated. 

More Examples of Cyber Spying:


  • David Yenb, an employee of Valspar, downloaded proprietary paint formulas valued at $20 million with the intent to sell them to China.
  • Meng Dong, a DuPont Corp. research chemist, downloaded proprietary information on organic light emitting diodes with the intent of sending them to a Chinese University.
  • Yu Xiang Dong, a product engineer with Ford Motors copied 4,000 Ford documents onto an external hard drive with the intent of transferring the data to an auto company in China.
  • McAffe Company attributed an intrusion attempt by a company with a Chinese IP address to steal data from a computer system of a petro chemical company.

All examples above come word for word from http://www.manufacturing.net/articles/2012/01/how-china-is-stealing-our-secrets (cited below).


An ad for foreign economic espionage awareness.                                                                                            http://www.ncix.gov/publications/posters/poster_240m_1.php



Brenner, Joel. America the Vulnerable: Inside the New Threat Matrix of Digital Espionage, Crime, and Warfare. New York: The Penguin Press, 2011. Print. 
Collins, Mike. "How China Is Stealing Our Secrets." Manufacturing.net. Advantage Business Media, 18 Jan. 2012. Web. 09 Dec. 2012.

Trident Breach


Rock Center: Easy Money [http://video.msnbc.msn.com/rock-center/46808850#46808850]
Visit NBCNews.com for breaking news, world news, and news about the economy
     Everyone knows you should NEVER click on link with an unknown destination; however, human curiosity has a way of making us do stupid things and THAT is what hackers count on. Once you click on that link, attachment, email file, etc.. they have access to your computer.


     In a case called Trident Breach, “hackers stole $70 million from the payroll accounts of some 400 American companies and organizations” by e-mail links and attachments infected with ZeuS, a Trojan bug that targeted and recorded passwords and usernames of online banking accounts (“University Professor”).
      Let it be clear that these hackers stole $70 million dollars from the safety of their homes in Eastern Europe. They used a key logger program, that recorded the keystrokes when infected users typed in their password. Talk about hurting the economy, random people in another country stole $70 million dollars from Americans, and generally we don't catch the hackers. So, this number is big, but in the scheme of things it's not.


“University Professor Helps FBI Crack $70 Million Cybercrime Ring.” Rock Center With Brian Williams. MSNBC. 21 Mar. 2012. Web.  
          21 Apr. 2012.

Easy Money: Hackers pull of $70 million cybercrime. Msnbc.msn.com. 21 April 2012. MSNBC. Web. 21 April 2012.


Cyber Criminal's Have a New Priority

According to the 2012 North Cyber Report the price tag on cybercrime in the U.S. is 21 billion dollars, out of a worldwide total of 110 billion dollars. A contributing factor to the increasing cost of cybercrime (40% increase according to HP Research on the 8th of October 2012) is because of the changing profile in cyber criminal. A few years ago hackers hacked to make a name for themselves, but because of the increase of commerce on the web hackers also want a piece of it, so their main goal is to steal money. And hackers have perfected organized crime, with some of most sophisticated crime rings.
For  example Sky News made an example of how easy it is for a hacker to hack into your phone.  So,  ethical hacker, Jason Heart, in five minutes download free software from the internet and with it set up a free Wi-Fi hotspot outside a popular cafe. To demonstrate, Heart only targeted Sam Kiley, Sky's Security editor, which is called spear phishing. When Kiley connected to the Wi-Fi Heart had instant access to Kiley's email passwords, skype and twitter. And as most don't turn off their Wi-Fi connection hackers have unconditional access to their personal information such as financial accounts and contacts. In 2011, 40% of phones purchased have been smart phones, and the number of people affected are increasing. 
                                                                       http://www.youtube.com/watch?v=s7XbdNqvVmY
The comparison of the economic impact of cybercrime and other crimes.  Cybercrime interacts the most with financial institutions. 
                                                    http://zerodollarbill.blogspot.com/2012/07/zero-dollar-bill-how-to-implement.html


      
    Peter Baxter, a global executive at AVG, a web security company talks about cybercrime as organized crime (0.28-1.07) [http://www.youtube.com/watch?v=ghCrVyrNmxQ]
    1. On June 1, Westin Hotel receives email informing that three suitcases of RDX have been placed there
    2. Threatens to blow up the hotel if Rs 5 cr is not paid in 24 hours Security intensified at hotel
    3. Cyber Crime Cell tracks the IP address
    4. Police find mails were sent between 10 and 11 am
    5. Police reach cyber cafe in Bangalore
    6. Suresh arrested
                  
    News Release." HP Research: Cybercrime Costs Rise Nearly 40 Percent, Attack Frequency Doubles. Ed. Kristi Rawlinson and Michelle Doss. HP Research, 08 
              Oct. 2012. Web. 08 Dec. 2012.
    World Is Facing A Wave Of Cyber Crime. By Sam Kiley. Perf. Sam Kiley. Youtube.com. Sky News, 17 Oct. 2011. Web. 9 Dec. 2012.

    Political/Legal Problems

    The problem with cybercrime is that it is generally international. In order to investigate and prosecute there must be cooperation, and generally the countries with cybercrime hotspots aren't the most cooperative, like China and Russia. And if two countries cannot reach a state of cooperation where is the justice? All the money a cyber criminal stole cannot be retrieved and the economic impact grows.

    There is also no international definition of cybercrime. So countries all have their own set of rules, but as cybercrime generally starts in one country and attacks another it makes it unclear whose rules should be followed, because the crime occurs in one country, but affects another country. And the evidence generally is not just one country so it cannot be easily collected.

    Even when cybercrime is local, the chance of finding enough evidence to prosecute in slim. For example, In 2010, fraud tax returns totaled 1.5 million which equals $5.2 billion dollars in revenue for criminals. This means 1.5 billion people who don't get their tax returns, and the IRS says this problem is growing. 

    Then there is the problem, who should be legally responsible?  Should a cafe that provides Wi-Fi be responsible for crimes committed on that Wi-Fi? And should botnet infected computers have legal responsibility in their actions?

    For example, in January, Anonymous, infamous hacking group, attacked the US government in response to the FBI shutting down Megaupload. Followers of Anonymous on Twitter would receive tweets containing links that contributed to the hack. According to legal terms DOS attacks are illegal; however many participants believed they were tricked so they shouldn't be held accountable. So should they be held accountable?

    megaupload.com/



    More information about political and legal problems can be found at the website below:
    cps182cybercrime.wordpress.com/politicallegal-issues/

    Group GT2-S1. "Political and Legal Issues." Cybercrime. WordPress.com, n.d. Web. 09 Dec. 2012.
    Lizette Alvarez. With personal data in hand, thieves file early and often. New York Times, May 2012. 


    Report of 2011 Cyber Threats





    Norton Symantec released their Internet Security Threat Report: 2011 Trends in the early months of 2012. In the early pages of the report they summarized the attacks that had taken place in the year of 2011 by month.
    One of the biggest accomplishments of 2011 was when the FBI received the court order to take down the Coreflood botnet. The botnet was controlled by 13 individuals who manipulated 2 million computers and stole millions of dollars from those computers through bank accounts and credit cards. The hacker's used a key logger to steal the passwords, usernames and financial information. They also had "the ability to launch massive denial-of-service attacks." Civil complaints were filled against the 13 individuals by a Michigan real estate company ($115,771 stolen), a South Carolina law ($78,421 stolen), and a Tennessee defense contractor ($241,866 stolen). This decade old botnet was shut down April of 2011 with the help of Microsoft's Digit Crime Unit.

    For more information about the Coreflood botnet visit the website below:
    http://www.eweek.com/c/a/Security/FBI-Shuts-Down-Coreflood-Botnet-Zombies-Transmitting-Financial-Data-767165/

    Rashid, Fahmida Y. "FBI Shuts Down Coreflood Botnet, Zombies Transmitting Financial Data." EWeek.com. QuinStreet    
                 Inc., 13 Apr. 2011. Web. 09 Dec. 2012.

    2011-2012 Norton Cybercrime Report


    2012 norton cybercrime report from Marian Merritt
    http://www.slideshare.net/marianmerritt/2012-norton-cybercrime-report

    Norton is well known for it's recent Cybercrime Reports, because of their staggering statistics. The fact that cybercrime encompasses 556 million people; "MORE THAN THE ENTIRE POPULATION OF THE EUROPEAN UNION"(Norton).

                          AND
    According to the Norton Study,         
           "1.5 + million victims per day"
           "18 victims per second"
    In the total amount of cyber attacks, almost half occured last year!
    The 2012 Norton Cybercrime Report is a report created by over 20 analysts, developers, and directors that take data from 24 countries and measures the effect of cybercrime on our world. Symantec has recorded Internet threat data through Symantec's Global Intelligence Network which "records thousands  of events per second" in over 200 countries. They catch phishing and malware data through Symantec Probe Network, and they have a strong anti-fraud network.


    "Did you know? Internet Security Threat Report, Volume 7"
    http://www.symantec.com/tv/shows/details.jsp?vid=1582508944001


    "The Internet Security Threat Report [2011 Trends]"
    http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_2011_21239364.en-us.pdf       

    Wood, Paul, ed. Internet Security Threat Report. Rep. no. 21239364. Mountain View: Symantec Corporation, 2012. Print.

    The Cybercrime Threat




                                                                                                                                           Visit NBCNews.com for breaking news, world news, and news about the economy
         The FBI director, Robert Mueller proposes cybercrime will outweigh terrorism as the FBI’s number one priority. 
    As computers continue to become more prevalent in our everyday society the cybercrime threat only increases, because the magnitude of participates increases the possible amount of bots. Hacking is an undeniable alternative to the James Bond lifestyle. Now, you don’t have to be incredibly fit, agile and know martial arts to wield magnificent power. You don’t have to know how to wield a knife or a gun, you just need a computer and some codes. People can be lazy, sit around in their pajamas sipping coffee in their bed and steal money from half way around the world, or compromise company codes and data by wielding thousands of bots or injecting a computer virus, and it’s almost impossible to track. If you had a choice, why would you steal any other way?
    The problem?         
                                                                                                                                                                                                 NOBODY TAKES CYBER THREATS SERIOUSLY!
    FBI Executive Director Shawn Henry said, “If I tell them (American public) there was a bomb in their house they would get it but if I tell them there is someone in their computer it just doesn’t resonate, because they often don’t see anything missing” 
    (Easy Money: Hackers Pull of $70 Million Cybercrime). 
         Who cares if someone can access my files, or if someone is using my computer in a botnet to steal money, because I’m not doing it. Wrong! A major discussion topic now, is whether citizens should be responsible for the actions of their computers. And I think the answer is YES, if people know that their computer is messed up or contributing to a botnet well they better try to do something about it. However, the problem? People don’t know their computer has a bot. So why should you be punished for being naive? Well, the information is there; as an active citizen YOU need to inform yourself. Because a lack of education or proper protection against cybercrime could lead to a zero balance in your debit cards, savings account or credit cards charged up the ying yan.
    According to the Department of Homeland Security, “During the five-month period between October and February,    there were 86 reported attacks on computer systems in the United States that control critical infrastructure, factories and databases compared with 11 over the same period a year ago"(qtd. in Schmidt). And half of power plant operators and “other critical infrastructure admit to infiltration by an adversary (Robertson). The Department of Homeland Security documented more than 50,000 incidents of cyber intrusion since October, 10,000 more than last year  
     Cybercrime is a REAL-LIFE threat. It is a legitimate crime; therefore it is naturally that it should have all the repercussions of a more accepted crime like physically stealing money from a bank. According to a research done by HP, released on October 8th this year, "cybercrime costs rise nearly 40 percent" (News Release).
     

    Easy Money: Hackers pull of $70 million cybercrime. Msnbc.msn.com. 21 April 2012. MSNBC. Web. 21 April 2012.
    "News Release." HP Research: Cybercrime Costs Rise Nearly 40 Percent, Attack Frequency Doubles. Ed. Kristi Rawlinson and Michelle Doss. HP Research, 08 Oct. 2012. Web. 08 Dec. 2012.
    Robertson, Jordan. "Power Plants, Other Infrastructure Under Hacking Assault; 54 Pct Say They've Been Infiltrated." Canadian Press, The Newspaper Source Plus. 28 Jan. 2010. Web. 22 Apr. 2012.
    Schmidt, Michael S. “New Interest in Hacking as Threat to Security.” The New York Times. New York Times Corporation, 13 Mar. 2012. Web. 25 Apr. 2012.

    “University Professor Helps FBI Crack $70 Million Cybercrime Ring.” Rock Center With Brian Williams. MSNBC. 21 Mar. 2012. Web. 21 Apr. 2012.