Dealing with Criminal Techniques as Cyber Security Assessment
Cyber Security Assessment perpetrated by some users individually is undoubtedly form the most dynamic and creative computer crime.
Indeed it is she that emerge all new criminal techniques, which has the effect of highlighting the extreme vulnerability of most systems of information, including a more sensitive.
Computer hackers vs the Cyber Security Assessment
The form of computer crime the best-known of the echo media give updates catches modern States to individuals skilled hackers still referred to as "hackers" in Anglo-Saxon terminology.
The motivations of these protagonists are not new: they lie mainly in the illicit acquisition of computer products for use of personal first, the greed, sometimes to the desire of revenge or to a form of technical challenge simply. The novelty of this crime comes from opportunities offered by technology unprecedented to pitch the legality, replication and dissemination for example of technology become available to any individual.
Aspects under which this form of crime manifests are extremely varied. The most common illegal acts include computer forgery. It applies to software copied on Internet or from CD reproduction. It poses a serious problem in the field of artistic creation and intellectual property generally. This type of activities gives rise to small resale or Exchange traffic between individuals.
Criminal Techniques of Cyber Security Assessment
Illegal copies of Windows operating systems, software suites desktop software for games, music files are now commonplace to the point that many consider that use of these products today exposes user at no risk.
In the United States, software and computer industry association estimated 7.5 billion dollars per year the losses suffered by the American software industry in copies and illegal distribution of software in the world. Music publishing and film worlds also vigorously protested against this loss of profits which would endanger the artistic creation, but nothing seems to be able to stop this phenomenon.
A very important part also deals with fraud committed in electronic commerce. These offences are carried out for credit card numbers recovered after trespassing on databases of companies or firms. These numbers are then used fraudulently either to pay for downloading software, online services or to connect on pornographic servers or to make purchases of materials from merchant sites.
But hackers are sometimes animated as mercenary other motives. They are driven by a sort of thirst for exploration of this fabulous space what is Internet. They claim a right to explore and free access to this network. This right because they comply with the spirit of the Internet to its origin, they have not really feeling transgress the laws. In addition, often endowed with great technical talent, sometimes living on the fringes of society, they aspire to fame and argue with the greatest possible impact their exploits.
One of their favourite passion is to enter any type of networks and to visit the most emblematic sites and best protected. The Pentagon sites subject as regular intrusion without any possible security to prevent them. NASA, which represents a sort of standard for United States, is the target of an increasing number of cyber-attacks. In 1999, to included more than 500 000.
Unfortunately, vandalism is also part of their actions and intrusions are regularly followed by destruction of data or programs. Viruses are another means of degradation free sensible here still demonstrate technical skill out of the ordinary. These are small programs being developed by hackers that are transmitted through networks and degrade the functionality of the computers on which they settled. They often hide in electronic messages (mail) or programs downloaded from the Internet. Their effects are sometimes daunting and overwhelming spread. This was the case, for example, virus "I love you" has created a real panic in May 2000 by infecting a few hours of thousands or even millions of computers. He had access to victims address books and return itself messages to these new recipients allowing it to reproduce property. It was moreover on the hard disk of the computer hosting the files. The damage he has caused are difficult to quantify and published figures here and there are not easily verifiable. According to some experts, they may be a few billion dollars.
Mercenaries vs the Cyber Security Assessment
One of the most troubling aspects of this form of crime is the spontaneous pooling of technical information about the means of committing illegal acts. Spirit of challenge to the authorities, hackers have indeed unhealthy need to boast about their accomplishments and give evidence. The existence of thousands of forums to Exchange disseminating unrestricted online technical attacks, visited information systems faults with in addition supply of ready to use intrusion or destruction programs evidenced.
For example, it is possible to find online a guide to Internet fraud on a site called "Ad Cops" located in the United States. This site explains in detail how to steal passwords and credit card numbers and then reuse without getting caught.
Others give with forces details: recent technology intrusion, how to implement devices type "Trojan horse" for accessing timely to a computer, the most advanced to crack passwords, those best programs adapted to generate credit card numbers or new types of virus data.
Here provide a detailed list of all the techniques (the "social engineering", the "hacker" password, "stripes" passwords, the intrusion by means of a "Trojan horse", attack by virus, denial of service) attack is not possible as its content would be rich and constantly changing (cf. Annexe2).
It is created by these exchanges of circumstance virtual communities whose members to emulate one another. Occasionally, they will invest even a mission, while uniting their talents to achieve the purpose they are fixed. To libertarian claims they are taking such as governmental infrastructure charging authorities threaten the privacy of citizens. This was the case of the "Chaos Computer Club" during the 84-85 suspected the German Government, under the guise of counter-terrorism, implement a file of individuals. Others, such as "2600. " claim with force release of the most famous hacker Kevin Mitnick among others had reported crimes 17 000 credit card numbers to be shut down.
Can sometimes be a combat less peaceful nature since some forums do not hesitate to disseminate information on topics such as: racist propaganda techniques of manufacture of explosives, harcèlement…etc technical gear.
Hackers who participate in these virtual communities are likely to become mercenaries. They unite then temporarily to sell their services without any qualms.
According information published in the journal "Jane's Intelligence Review s', Colombia drug cartels have rented pirates services to install and manage a sophisticated communications secure; system" This review is also the case of Dutch gang who used professional hackers to paralyze the system of information and communication police service responsible for the monitoring of their activities.
Thus, Cyber Security Assessment perpetrated individually more, organized to the point of interest in the highest criminal organizations which nor fail to exploit their purposes highlighted security breaches.
Cyber threats facing the evolution of the Cyber Security Assessment
The evolution of the Internet can lead to disturbing cyber threats both damage to State Governments to the armed forces to businesses
The Internet is an international computer network through the interconnection of a growing number of networks of all sizes. It was launched, originally by the US military. Originally intended for research, it has considerably developed.
From the Arpanet Network Internet is created at the 1969 United States through D.A.R.P.A. (Defense Advanced Research Projects Agency). Arpanet had a twofold objective: exchanging information between universities and military a share and experiment with other widespread subsidized part data transmission techniques, network and research on communication protocols have experienced significant growth.
In the middle of the 1970s, other types of networks emerge, especially corporate local networks (Ethernet, for example). It appeared interesting to be able to link all these networks, regardless of their respective, technology to offer a global network. Two protocols were developed and took their final form: TCP (Transport Control Protocol) and IP (Internet Protocol). They were implanted on the Arpanet, network became the basis of the Internet at the beginning of the 1980s. The military part separated from the network and was called Milnet. The academic portion retained the name of the Internet.
By connecting a LAN to the Internet, a business there connects de facto all of its computers, provided that they are equipped with the appropriate software. It is therefore so very strong growth in the number of computers connected to the Internet. At the beginning of the year 2000, there were approximately 6 million users in France and hundreds of thousands of networks interconnected worldwide.
Thus, exponential power microprocessors increases, digitization, image, then the rise of multimedia technologies, deployment of accelerated by optical fibre networks and satellites draw the contours of the society of the twenty-firstGriffithcentury: society of information
The revolution in information and communication technologies thus led to the development computer heavily dependent companies and organized networks. The Internet in particular plays a vital role in modern societies as it takes place interface to all networks and gives them by then a global dimension. As such, it brings together around the world over 200 million people who communicate , pass commands, pay bills or doing business through it.
At the beginning of the 1980s, Internet was used to connect researchers in computer science. At this time, the circulation of documents was no problem of confidentiality and data were sent in the clear on the network. Internet protocols have evolved to cope with the increase in the number of users. With the commercial use of the network, confidential information now circulate on the bonds. Communications security tends to become a major concern of users and companies looking to protect against fraudulent use of data or against malicious intrusions in computer systems.
Furthermore, it should protect themselves against the virus, transmitted many unbeknownst to users in downloaded files. These viruses are capable of destroying documents or even cause total loss of information stored on the hard disk of the machine. Generally, more information system is open to the outside, it is vulnerable to attacks and more should protect.
In many ways and tools exist to secure systems. A security policy must combine several methods to make a very difficult intrusion. Among the tools used, there are very simple to install (multiple passwords, for example). Consist of other ways to encrypt data (i.e. to encrypt to the unusable by a spy make do not possess the decryption key). Finally firewall or "firewalls" to protect the corporate network prohibiting access to unauthorized persons. Currently, technology Biometric (biological characteristics of an individual) allow to identify a user with certainty and utilization tends to develop systems to a maximum security.
Naturally, securing systems leads to an increase in it costs and a ballast access procedures system. These constraints are sometimes poorly accepted by users.
Furthermore, evolution of today's world back promoted, in more developed countries technologically, the appearance of a form of new crime, cyber-crime. It, as its name suggests, takes advantage of new and formidable potential computer systems and their associated technologies. It can be characterized by the use of computer resources as an instrument of unlawful. She takes herself in most cases to target other computer systems.
One of its key features is to operate in to completely opt out borders. Computing opportunity indeed shares extremely powerful remote to anyone wishing to make a criminal use. It allows including and without great difficulties in accessing protected from compromising the integrity of data, operate illegally or prevent their normal use by the users information.
On the other hand, signs of its devastating power and organization of this crime are that some States see even a potential threat to national security or international. The United Nations on its side also spent a special place in his work on the prevention of crime. In this context, it seems natural to look closely at this new crime.
The armed forces & cyberwarfare against the Cyber Security Assessment
In the delicate exercise of control of information, modern armies, like companies, see the emergence of new vulnerabilities as their systems as opposing systems.
Interest of the armed forces: preparation to the Cyber Security Assessment
A reflection on "the future of land forces commitments" developed by the staff of the army French, hackers or hackers are cited among actors capable of transforming the landscape of war: "is placing in service of State organizations or groups occult for ideological reasons or giving to the highest bidder, hackers may try to attack our operational information systems and reduce, or even cancel the operational superiority we expect tomorrow, even though these systems will be more and more a centre of gravity of our forces".
Also it might be thought that cyberspace has become a real battle field: the guns, bullets and barbed wire there are replaced by computers, the data packets and filtering software. James ADAMS in his book "The next war" was chosen as the subtitle: "the weapons are computers and the front is everywhere". The u.s. military are aware of this issue. At this position, Bill CLINTON made the following at the Naval Academy speech us: "our security is increasingly being challenge traditional adversaries, both threats old and new, hostile regimes, but also of criminals and terrorists who can not beat us in the field of battle, but who nevertheless seek new ways we attack exploiting new technologies and globalization".
Cyber Security Assessment: Vulnerability armed forces
Initially, the military networks were inaccessible from outside of civilian users. However, imperceptibly armies could not completely resist the facilities offered by the Internet in particular as a cheap and effective communication tool. His job is in principle limited to official sites informing the public activities of the armed forces who are vulnerable to the same way as all official sites.
There are also doubts the perfect separation of the networks and that it does not exist in some organizations depending on the Ministry of defence of computers simultaneously connected on internal networks and the Internet. The proximity of Internet and defence positions is on the other hand favour the transmission of virus in the first network to the second.
The use of electronic mail, in particular in external operations, equals real tank crucial information for who would bother TUF. This was presumably the case of a group of Dutch pirates in the Gulf war. It would have provided its services but without success to Saddam Hussein against one million dollars.
The benefits of general computerization of defence systems are enormous and no modern army could be the economy. It however also promotes the vulnerability of these forces, which interconnects are numerous and are not only confined to national linkages. Risk of indirect defence system penetration increase so parallel to the rise of networks, the weakest serving as a gateway.
Another point of vulnerability is now quasi-systématique adoption architectures based on civilian systems are wanting more and more open and giving access to remote databases. Hacking techniques can only be enhanced because they are therefore directly applicable to the networks of the armed forces.
Cyber Security Assessment: Asymmetric risk
Last conflicts with dedicated digital Western forces and technological superiority in a direct confrontation, it becomes clear that the search for new fields of battle is necessary for an adversary determined and notified. Information systems will probably be part of specified targets because without exaggerating the effects and give him alone means to overthrow the balance of forces, a computer attack carefully prepared extensive has a nuisance that may affect a country without great risk for the leading national security capability. In fact, a cyber becomes low hands an instrument particularly well suited for attacking fort.
Advantage of the first order, a cyber gives its user an attack strategic initiative because it can reach to at the outset of vital centers of the opponent. This type of attack and has the advantage of expose the offender to reduced risks. The build-up phase can be extremely discreet because of the nature of the equipment used.
Also on the technical side, it is not always easy to identify the origin of the attacks. Assuming that this is the case, it is also highly probable that appear to come from multiple points of the world without apparent direct relationships with the warring parties. Even formally recognised, if the author belongs to the category of developing countries, it becomes practically insensitive to retaliation of the same nature. Response by military strikes, would hardly justifiable on the part of democracy and the public would be likely to strongly condemn.
Cyber Security Assessment can attack or even destroy computer systems related to the functioning of the vital infrastructure of a country and people able to carry out such actions train freely every day, which brings us to a disturbing reality.
After an awareness of the risks generated by cyber threats, sought solutions include better protection, surveillance networks with its possible abuses privacy and technologies of detection, deterrence and retaliation.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The fight against cyber-crime against the Cyber Security Assessment
The fight against Cyber Security Assessment raises, among other problems, the complexity of technical problems, taking into account a number of offenders extremely high and the character of extraterritoriality linked to most offences, may make sense only if it deals with indeed all forms of computer crime and in particular those which may endanger national security or international.
Cyber danger awareness facing the Cyber Security Assessment
States whose vital infrastructure of a country depend more and more Internet networks must be aware of the threat generated by the cyber and protective measures not only for their official bodies but also for private companies.
Large work remains to be done in this area. The Yahoo! site trouble could have been avoided because servers could be configured to not respond to requests that eventually block. The lack of vigilance and refusal to devote sufficient resources to Security facilitate disaster. Indeed, the RSA Data Security reported that more than 50% of companies have not downloaded patches to fix 200 best known faults in the computer security of the computers used for electronic commerce. One of the major priorities of companies should be their budgets dedicated to safety.
As the whole global players must prepare a policy of prevention of cyber threats. For three years, many countries began just waking up to this new reality . They implement governmental structures follow the phenomenon and test security infrastructure. They seek to protect businesses and better monitor telecommunications networks. The United States, the Canada so that European countries are preparing their policy to combat cyber threats under all its forms
The United States engage in the fight against cyber-terrorism
The United States were the first to become aware of this danger. Since October 1997, a u.s. presidential commission released a report on Cyberterrorism and concluded that the United States critical infrastructure vulnerable to computer attacks. The commission recommended the Government to intensify its actions to protect themselves against potential threats. It notes that computer systems, leading airports, command networks and communication systems are open to attacks.
It can be seen as the police respond only to piecemeal and are thus reduced to the role of prevention too little pro-actif. The creation of specialized next to the FBI in combat units remains recent in the United States.
In January 2000, President CLINTON announced the next implementation of a national plan for the protection of American technical information against cyber-terrorism. Twenty-two federal agencies working with private sector communications companies are part of this plan. Particular importance was given to the research and development. This plan includes educational grants in the field of technology in exchange for a time of public service information. It would also support the creation of a new institution bringing together scientists and specialists from the private sector, universities and laboratories in order to expedite and expand research in the field of computer security. President CLINTON wants to "the establishment of a system alarm across the Federal Government to detect any attempt to breach in its systems with as purpose the protection of the privacy of citizens." of $ 1.4 billion would be needed to build this system.
The France makes evolve its official structures against the cyberterrorism.
By Decree of 15 May 2000, the France has created a central office for combating crime related to information and communication technologies in order to ensure the safety and confidence in cyberspace. He is also responsible for strengthening international cooperation in judicial matters. French State confit at the General Secretariat of national defense setting policy for the protection of critical infrastructure in the country. For this purpose, the NWMO must put in place a centre of Eve, prevention and relief, intended to strengthen and coordinate the fight against intrusions in systems of Government and public services (CERT A there is also link the Direction Centrale de la sécurité des Systèmes d'Information.) The DCSSI has a function control and national safety authority. To prevent attacks on information systems, management also has an operational function to evaluate threats, give warning and develop the capacity to counter them and prevent and function of scientific and technical expertise in relying on accredited laboratories. The DCSSI also performs a function consulting to companies such as the State apparatus. The France seeks to reposition itself in computer security to its neighbors. European
Impunity thrown against the Cyber
Implementing a legislative arsenal needed for the treatment of crime and computer crime could persuade some cybercriminals to cease their illicit activities.
Indeed, the cyberdélinquant has many to commit its harm on the unpreparedness of the current process computer crime laws. He plays skillfully ambiguities to evolve at the borders of law and the States. All facilities it are also available when it is known that many countries mention in their penal code any computer-related crime.
In fact, it would be to harmonize emergency international legislation because the problem of computer crime cannot meet a single territorial approach. Cyberspace will have to run to see apply a legal regulation of the kind that you reserve space activities or issues of global dimension such as the transportation of petroleum products and fishing.
Initiatives already taken in this direction in recent years in Europe. Consequently, the Council of Europe has presented a draft international convention on Cyber Security Assessment in 2000. The proposed text is designed to harmonize the laws and would include the fight against piracy, financial fraud, the use of computer viruses or paedophilia on the Internet.
However, it should be noted that this project resulted in an impressive lifting shields on the part of many associations for the defence of the rights of Internet users.
Still in this context of lifting of impunity, it becomes important to organize monitoring the Internet and who practise activities. In France, policing themselves are invested in this mission, although efforts remain modest. The responsible agencies include gendarmerie(Brigade_Centrale_de_Répression_de_la_Criminalité_Informatique), judicial police (investigations into fraud in the information technology service) SEFTI BCRCI and ISSD branch of surveillance of the territory (Board of Directors of information systems security).
However, these monitoring activities should not be restricted to only police services but must mobilize all users.
Examples exist: institutions such as the General Directorate for armament, the Ministry of the Interior, or even bank BNP have joined together in 1993 to a body, RECIF (research and studies on the French computer crime) to respond to the threats of intrusion. Citizens also play a role, the Dutch police encourage them to report e-mail porn cases involving children, they could meet.