1 / 19

Pattern of Global Cyber War and Crime: A Conceptual Framework

Pattern of Global Cyber War and Crime: A Conceptual Framework. Nir Kshetri Bryan School of Business and Economics The University of North Carolina-Greensboro. Flourishing synergy between organized crime and the Internet.

haig
Download Presentation

Pattern of Global Cyber War and Crime: A Conceptual Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pattern of Global Cyber War and Crime: A Conceptual Framework Nir Kshetri Bryan School of Business and Economics The University of North Carolina-Greensboro IBRF-2005

  2. Flourishing synergy between organized crime and the Internet • Cyber criminals have attacked almost all of the Fortune 500 companies (FBI) • 39% suffered a security breach in 2003 • Hackers have attacked the networks of: • Pentagon • White House • NATO’s military websites • Microsoft, etc. • Cybercrime and cyber-terrorism: FBI’s No. 3 priority only behind counterterrorism and counterintelligence. IBRF-2005

  3. Top sources of cybercrimes IBRF-2005

  4. Goal of this paper • To Provide an understanding of web crimes in terms of: • the principles and purposes • necessary and sufficient conditions • the patterns of origin and targets • Integrate streams of literatures from psychology, e-commerce, warfare and international affairs. IBRF-2005

  5. Characteristics of the source nation • Institutions • Regulative • Normative • Cognitive • Stock of hacking skills relative to economic opportunities Motivation of attack Types of attack Extrinsic motivation Targeted attacks Community/obligation based intrinsic motivation Characteristics of an attacking unit Opportunistic attacks (no pre-defined target) Enjoyment based intrinsic motivation The Pattern of the Global Cyberattacks: A Proposed Model • Profile of targetorganization • Symbolic significance and criticalness • Digitization of values • Weakness of defense mechanisms IBRF-2005

  6. Motivations of cybercrimes • Wars are fought for material goals as well as for intangible ends such as honor, dominance and prestige (Hirshleifer 1998). • Two categories of motivations: • Intrinsic motivation • Enjoyment based intrinsic motivation • Obligation/community based intrinsic motivation • Extrinsic motivation IBRF-2005

  7. Characteristics of the source nation • Institutions • Regulative • Normative • Cognitive • Stock of hacking skills relative to economic opportunities Motivation of attack Types of attack Extrinsic motivation Targeted attacks Community/obligation based intrinsic motivation Characteristics of an attacking unit Opportunistic attacks (no pre-defined target) Enjoyment based intrinsic motivation The Pattern of the Global Cyberattacks: A Proposed Model • Profile of targetorganization • Symbolic significance and criticalness • Digitization of values • Weakness of defense mechanisms IBRF-2005

  8. Types of cyber attacks • Opportunistic attacks: releasing worms and viruses that spread indiscriminately across the Internet • Targeted attacks: specific tools are used against specific cyber targets. • carried out by highly skilled hackers • also initiated by terrorists, rival companies, ideological hackers or government agencies • some motivated by financial gains IBRF-2005

  9. Characteristics of the source nation • Institutions • Regulative • Normative • Cognitive • Stock of hacking skills relative to economic opportunities Motivation of attack Types of attack Extrinsic motivation Targeted attacks Community/obligation based intrinsic motivation Characteristics of an attacking unit Opportunistic attacks (no pre-defined target) Enjoyment based intrinsic motivation The Pattern of the Global Cyberattacks: A Proposed Model • Profile of targetorganization • Symbolic significance and criticalness • Digitization of values • Weakness of defense mechanisms IBRF-2005

  10. Characteristics of the source nation Regulative institutions • Cybercrimes benefit from jurisdictional arbitrage • A strong rule of law: • punishment of transgressors • ability to successfully litigate fraudulent online dealings • Eastern Europe: cybercrime laws but lack of enforcement mechanisms • P1: The rate of origin of online attacks in an economy is negatively related to the strength of rule of laws applied to such attacks. IBRF-2005

  11. Characteristics of the source nation Normativeinstitutions • Cybercrimes are more justifiable in some societies compared to others. • Indonesian hackers: cyber fraud is wrong but acceptable, if the victim is from a developed country. • P2: The rate of origin of online attacks in an economy is positively related to the existence of social norms that justify such attacks. IBRF-2005

  12. Characteristics of the source nation Cognitiveinstitutions • Cognitive programs: affect the way people notice, categorize, and interpret stimuli. • A number of cyber attacks are linked with fights for ideology. • Ideological hackers express nationalistic longings or act against the nation-state where they live. • P3: Perceived attack on the Ideology of an attacking unit contributes to the strength of cognitive legitimacy of its hacking of the adversary’s network. IBRF-2005

  13. Characteristics of the source nation Stock of hacking skills relative to economic opportunities • Cybercrimes are skill intensive • Crime rates: linked to economic opportunities. • Over-educated and under-employed network specialists in Russia/Eastern European countries. • P4: The rate of origin of online crimes in an economy is positively related to the stock of hacking skills relative to the availability of economic opportunities. IBRF-2005

  14. Characteristics of the source nation • Institutions • Regulative • Normative • Cognitive • Stock of hacking skills relative to economic opportunities Motivation of attack Types of attack Extrinsic motivation Targeted attacks Community/obligation based intrinsic motivation Characteristics of an attacking unit Opportunistic attacks (no pre-defined target) Enjoyment based intrinsic motivation The Pattern of the Global Cyberattacks: A Proposed Model • Profile of targetorganization • Symbolic significance and criticalness • Digitization of values • Weakness of defense mechanisms IBRF-2005

  15. Profile of target organization Symbolic significance and criticalness • Attacks initiated by terrorists: likely to be targeted against decisive and critical infrastructure • Attacks initiated by ideological hackers: Symbolic significance • U.S.-China cyberwar (2001) • Chinese attacked: the White House's site, the California Department of Justice, etc. • Americans attacked: sina.com, Xinhua news agency, sites of local governments • P5: The symbolic significance and criticalness of a network increases its likelihood of being a cybercrime target. IBRF-2005

  16. Profile of target organization Digitization of value • Crimes target sources of value • Businesses with a high dependence on digital technologies • online casinos, banks, and e-commerce hubs • P6: The degree of digitization of value of an organization increases its likelihood being a cybercrime target. IBRF-2005

  17. Profile of target organization Weakness of defense mechanisms • Weakness of defense mechanism co-varies positively with the likelihood of attack. • female-headed households in a city is positively related to the number of crimes (Glaeser and Sacerdote 1999). • P7: The weakness of defense mechanisms of a network is positively related to its likelihood of being a cybercrime target.. IBRF-2005

  18. Managerial implications • Higher proportion of targeted attacks: Probability of being a cybercrime target varies. • Large companies start putting stronger defense mechanisms: • SMEs are more likely to become cybercrime targets. • Timely reporting to authorities helps combat cyber threats • Ransom money: positive cognitive messages • further cyberattacks by making criminals more sophisticated and organized. IBRF-2005

  19. Policy implications • Cooperation and collaboration among national governments, computer crime authorities and businesses • Enacting laws requiring • organizations to deploy appropriate defense mechanisms • reporting of cybercrimes mandatory • Increasing probability of arrest rather than severity of punishment. IBRF-2005

More Related