Home / Articles

Problems of counteraction to cybercrime and cyberterrorism in Ukraine

January 2, 2005 · Vladimir Golubev

Processes of globalization and development of the modern civilization are described by transition of industrial society to information. Wide introduction of modern information technologies creates new, unique opportunities for more active and efficient development of economy, politics, country, society, social consciousness and a citizen. However, enhancement of technologies leads not only to strengthening of industrial society, but also to introduction of new sources of danger to the society unknown before. The economy and defense of top countries of the world in a growing way depend on normal operation of the global computer networks. Halt of their operation can cause serious sequels; in fact, national and international legal institutes are not ready to counteract adequately to these new threats.

A well-known Russian criminologist, professor Vladimir Luneev in his monograph entitled “Criminality of the Twenty First century” shows dynamic, initiative and creative character of modern criminality; it immediately uses new rising and available areas that are poorly monitored by the government; modern criminals change kinds, forms and ways of their activity depending on the situation, they are not bound by any legal, moral and even technical norms and rules. “Unlike clumsy governmental bodies, criminals can use latest achievements of science and engineering very fast”.

Obtaining undoubted advantages in the use of information systems built on the basis of global computer networks, Ukraine gradually becomes more dependent on their proper functioning as well. This fact pushes us to elaborate new approaches to protect the interests of a personality, society and state in this sphere. The Concept (Bases of the State Policy) of the National Security of Ukraine determines threats to national security and interests of Ukraine; computer crime and cyber terrorism are among them.

After awful by scales and cynicism events of September 2001 in New York and Washington, global community’s attitude became more sharp, their reaction became more conscious, coordinated and consequent. In the recent years various national and worldwide forums raised discussions of terrorism in general, and cyberterrorism in particular, resulting in consultations of specialists of “narrow” separate fields and even roundtables at governmental levels. Documents signed at these meetings create favorable conditions for straight actions directed at counteraction to terrorism.

One of the most serious steps taken to regulate this problem was the adoption of Cybercrime Convention by European Council on 23 November 2001, the first international agreement on juridical and procedural aspects of investigating and prosecuting cybercrimes . It specifies efforts coordinated at the national and international level and directed at preventing illegal intervention into the work of computer systems. The Convention stipulates actions targeted at national and inter-governmental level, directed to prevent unlawful infringement of computer system functions. The Convention divides cybercrimes into four main kinds: hacking of computer systems, fraud, forbidden content (racist websites and child porn content) and breaking copyright laws.

By ways and mechanisms these crimes are specific, have high latency and low exposure levels. There is another descriptive feature of these crimes: these crimes are mostly committed only with the purpose to commit other more gravy crimes, for example theft of money from bank accounts, getting restricted information, counterfeit of money or securities, extortion, illicit production of audio and video materials, espionage.

According to the Ministry of Internal Affairs of Ukraine, 95 cases related to computer crimes were disclosed for the first 6 months of 2004; in 2003 – 122 cases, 2002 – 25 cases and 7 cases for 2001.

As compared to the data of the Russian police, 4995 cases related to computer crime were opened in 6 months of 2004, 7053 cases in 2003, 3872 cases in 2002 and 1619 in 2001.

According to Department “K” (a department on fighting high tech crimes), the analysis shows that 16 per-cent of malefactors who acted in the sphere of “computers” were young men below 18 years; 58 per-cent aged between 18 and 25 years, 70 per-cent of these had high or incomplete high education. The main share of crimes relates to illegal access to information and use of malicious software. It was noted that officers of the department were quite successful in their struggle against such crimes.

According to Ukraine Antivirus Center, the losses caused by cyber attacks for 6 months 2004 made about 45 million Euro. It is 30 per cent more than for 6 months 2003.

The biggest damage per one PC falls to the share of the average business, where companies have numbers of computers and minimum information security budgets. Most of huge Ukrainian companies began to pay more attention to the antivirus protection after the last year’s epidemics. These efforts helped them to minimize their losses this year.

Besides, attacks related to home users significantly increased for this period. For instance, more than 90 per-cent of Ukrtelecom Internet Service Provider users were affected by virus attacks for the first six months of 2004 .

The Ukrainian Antivirus Center experts note that the increase in the quantity of personal computers, bandwidths’ capacity leads to ever-increasing scaled virus epidemics and accordingly losses caused by them.

Ukrainian experts and criminologists are greatly interested in statistics from the USA brought by the FBI annual report. The report pointed that overall financial losses totalled from 494 survey respondents were $141,496,560, it is down significantly from 530 respondents reporting $201,797,340 last year .

The amount of successful attacks on computer systems is constantly decreasing starting from 2001. Only 53 per-cent of interviewed companies noted that their companies incurred damages due to unauthorized access to their computer systems this year. It is the lowest showing since 1999. The number of companies that haven’t encountered any unauthorized access problems rose up to 35 per-cent, while 11 per-cent do not know whether they have or haven’t experienced unauthorized access problems and this makes up the lowest mark since 1999 again.

Taking into account social danger represented by cyberterrorism, it is necessary to outline displays of high-tech terrorism, especially computer terrorism or cyberterrorism. This kind of terrorism causes special anxiety of experts due to high vulnerability of computer systems in the sphere of critical infrastructure management (transport, nuclear power stations, water supply and energy) that are connected to the Internet.

A threat of terrorism on the Internet has become more scaled than appeared; opportunities of cyberterrorism became more sophisticated along with the total spread of the Internet. It is a serious threat, similar to nuclear, bacteriological and chemical weapons. It is still not understood and studied well. The worldwide experience in fighting against cyber-terrorism shows the vulnerability of every state. As computer-terrorism has no frontiers, cyber-terrorists target information systems everywhere.

D. Malyshenko in his article entitled “Counteraction to Cyberterrorism – Important Task of the Present-Day Society and State”, said that computer terrorism should be observed as

• one of kinds of unlawful access to computer information stored on a separate computer or a network of computers;
• with the purpose to modify, delete this information or to learn it,
• causing situation where functioning of the given computer or a network goes beyond established normal mode of operation;
• it creates danger to people’s lives, material damage or other socially dangerous sequels. The main purposes of the given above actions are: social security violation, bringing fright to the population, armed conflict provocation, international complication or influence on decision making, commitment or non-commitment an action by state or local authorities, officials, or attracting attention of public to certain political, religious or other judgement of a terrorist and also threat of committing mentioned actions on the same purpose.

Therein the most probable is the manifestation of activities of international terrorist groups directed to the detriment of efficient activities of international organizations acting in restless regions of the world according to the authorities delegated by the UN.

Cyber attacks and special advanced skills of hackers are widely utilized and sponsored at governmental levels, though as any special operation, it is performed without publicity.

Hackers of Pakistan and India are involved in a real jihad for Kashmir. According to Hindustan Times news, Pakistani hackers defaced 477 Indian websites – 270 of them in April, 2003 alone – against the 288 sites they hacked in all of 2002. Some of these websites belonged to Indian governmental bodies. In turn, Indian hackers calling themselves “Indian Snakes” spread Yaha worm as “cyber revenge”. The virus aimed at performing DDoS attacks on some Pakistani sources, including ISPs, website of Karachi Stock Exchange and governmental sites.

In North Korea’s mountainous Hyungsan region, a military academy specializing in electronic warfare has been churning out 100 cybersoldiers every year for nearly two decades. Graduates of the elite hacking program at Mirim College are skilled in everything from writing computer viruses to penetrating network defences and programming weapon guidance systems. Yet Pentagon and State Department officials say they are unable to confirm South Korea’s claims that Mirim or any other North Korean hacker academy even exists. And some US defence experts accuse South Korea of hyping the cyber threat posed by its northern neighbour, which they claim is incapable of seriously disrupting the US military. Representatives of South Korea’s National Intelligence Service, as well as its Institute for Defence Analyses and Information Security Agency, did not respond to requests for more information about Mirim College or North Korea’s information warfare capability. In its 2000 annual report, South Korea’s Ministry of National Defence said a 5 per-cent budget increase was allocated mainly for projects such as “the buildup of the core capability needed for coping with advanced scientific and information warfare.” The report also revealed that South Korea’s military has 177 “computer training facilities” and had trained more than 200,000 “information technicians.” Meanwhile, in North Korea the lack of basic necessities, such as a reliable electrical grid, presents huge obstacles to the creation of information-technology infrastructure, according to Peter Hayes, executive director of the Nautilus Institute, who published a recent study of North Korea’s information technologies aspirations.

Arabian Electronic Jihad Team (AEJT) declared its existence in the beginning of year 2003 and their goal to conquer the Internet. They said they would destroy all Israeli and American web sites and also all other “improper” sites.

More and more often hackers choose computer systems of governmental institutions (Pentagon above all) and NASA. Many cases like that became public, for example, in 1990 a group of hackers attacked government sites in the United States, United Kingdom, and Australia over the weekend, according to Attrition.org, a Web site that monitors hacking attacks. The attack was one of the largest, most systematic defacements of worldwide government servers on the Web, Attrition.org said on its site. A number of U.S. governmental and military Web sites, including those of the Army, the Navy, and the Air Force; the National Institute of Health; the Department of Treasury; the US court system; the National Aeronautic and Space Administration (NASA); and the Department of Energy, have all previously fallen victims to hackers claiming to represent the same group. Events that happened in Ukraine in January 2002 can be an example of cyberterrorism.

In order to get one million of Ukrainian hryvnas (about $185-190 thousand) unknown people phoned the director of Odessa Airport, Ukraine and informed that they have placed an explosive device on board of a plane bound for Vienna and also they blew up a bomb in the building opposite to the airport building to confirm the severity of their intentions.

Security Service of Ukraine and Air Security Office were informed of the accident right away. Criminals placed on the Internet detailed instructions for their requirements. The main demand was one million of Ukrainian hryvnas. Criminals planned to use Privatbank’s system of the Internet payments “Privat-24” to get the money. One of the advantages for criminals in that case was that this system allowed creating an account and controlling it anonymously with only login and password. Therefore they used information technologies to secure anonymous and remote notification of threats and getting money.

Besides typical operational measures taken there was a need to operationally establish data on technical information in computer networks as criminals used the Internet at all stages of their criminal offence. Security Service decided to engage experts of a unit aimed at fighting crimes in the sphere of high technologies at the Ministry of Internal Affairs, they were committed to establish people that sent e-mails with threats and the initiators of bank payments.

Response of the ISP, the Internet services of which were used by criminals to send e-mails with threats helped to determine phone numbers and addresses related to criminals, and also allowed to get definite evidential information stored in log data bases of Internet Service Providers and Privatbank.

Logs allowed finding out Internet protocol (IP) addresses of computers, e-mails and phones that helped to review concrete computers at the scenes.

The chronicle of events evidences that timely and qualified aid, provided by the unit aimed at fighting crimes in the sphere of high technologies at the Ministry of Internal Affairs in January 2002, to officers of departments fighting terrorist and protecting state organization at Security Service allowed to reveal a criminal group, to prevent their criminal activity, and thus cyber terrorists got due.

Present-day hackers are different from hackers of the 90’s, those were harmless wags-hooligans (such type of hacking is known as “look-see”, i.e. contemplative, passive hacking). Now they more and more attack on governmental computer networks. According to mi2g, a London-based computer security company, there has been a huge growth in electronic crimes noticed since 2003, therein, besides purely criminal cases, their reports showed a several times increase in activity of extremist groups.

Researches conducted by the Computer Crime Research Centre in September 2004 shows that personality traits of a person and environment in its interaction successively define motivation of decision-making about criminal activity in computer technologies sphere. Motivation includes a process of emergence, forming of reason and purpose for criminal conduct. Having generalized the experience it is necessary to outline the following :

• in 36 per-cent of cases computer crimes are committed by women, in 64 per-cent by men; • people that committed computer crimes aged between 16 and 57 years old; By social status, computer criminals are: • 6 per-cent school students; • 6 per-cent high school students; • 6 per-cent high school employees; • 18 per-cent bank employees; • 12 per-cent programmers.

Many people including high-skilled experts and amateurs are involved in computer crimes. Criminals have different social status and education level. They can be divided into two big groups:

• people that have business and working relations with victims.
• people that do not have any business relations with a victims.

Officials abusing their official position are referred to the first group. They are clerks, security officers, inspecting officials, persons dealing with organizational questions and engineering-technical staff. According to our research, a part of programmers, engineers, operators and other organization officials obtaining access without right to computer systems made up 42,3 per-cent. In 18,1 per-cent of cases other officials committed such crimes, 8,6 per-cent cases showed that former employees committed computer crimes. Service staff of other organizations engaged in service of computer systems also represents a potential threat.

People possess considerable knowledge in the field of computer technologies and being mostly guided by mercenary motives are referred to the second group. This group also includes experts-professionals considering security of computer systems as a challenge to their professional skills. Some of them gradually begin to enjoy such activities and conclude that it is possible to combine material and intellectual incentives.

All computer criminals can be divided into the following separate groups by purposes and spheres of their activities:

• hackers-researchers – a small, but the most educated and talented part of the computer underground, the main occupation of them is examining of various software for vulnerabilities, that will allow a potential hacker some kind of attack, they improve operation of computer systems, networks, enhancing its efficiency ; • pure hackers – a sufficient part of the computer underground involved in “pure hack”. Pure hack, from computer lingo, is a hacking, intrusion when information on some carriers is not erased, the system continues to work without decrease in efficiency, after intrusion the hacker informs people who are responsible for security of this system about his intrusion, way of intrusion and describes it in details. • hackers-vandals – people that plan and perform intrusion in computer systems for some reasons and with a deliberate purpose to damage these systems, this group of hackers uses a great number of possible attacks, but still there are no mercenary intentions; • crackers – people who conduct “commercial” hack of computer systems and networks for mercenary purposes; • computer pirates – people, often groups of people, who specialize on cracking software with the purpose to sell it in future, almost always they act in groups; • cyberterrorists – a new category of computer underground related to phenomenon of virtual terror. Virtual terror during Palestine-Israeli conflict in the 1990s was one of the first clear manifestations of cyberterrorists, here we deal with people who deliberately try to cause harm to a state or some group of people from considerations of ideology and making this harm greater where possible; • virus-makers – a term virus-maker was first introduced by members of Stealth, a famous group of virus creators, these people are involved in creating computer viruses, they are often called vexers (from Virus EXchanER) or technorats; • carders – (from card) one of the most closed communities in the computer underground almost in all countries of the world due to its relation to law, these people have chosen examination of features of credit cards and ATMs as their specialty, carders are famous for their illegal machinations with credit cards and successful hacks of ATMs, carders create there own societies (carderplanet.ru is the most known carders forum in Russia) with strict hierarchy and high level of personal conspiracy; • phreakers - (from phreak) people who advocate the science and art of illegal connection to phone networks; late in the 1980s, along with the introduction of new, more protected standards of communication, such legendary concepts as “blue box” have sunk into oblivion; at present phreakers are mainly interested in cellular and satellite communication, they create the most marginal, criminogenic and illegal communities like carders .

Outlining of typical models of various categories of cybercriminals, knowledge and consideration of peculiarities of these people helps to reveal and investigate such crimes in good time .

Speaking about psychological relation of criminals to the committed act, in most cases computer crimes are performed intentionally. Software developers and security officers virtually cut down the probability of damage to computer systems by accident or carelessness.

Most computer crimes are accomplished intentionally. Software developers and specialists of security services practically reduced possibility of casual or careless harm for interests of users.

According to expert estimation of the Interpol, statistic interrelation of different reasons for computer crimes is the following: • mercenary motives - 66 per-cent; • political reasons (terrorism, political actions) - 17 per-cent; • research curiosity - 7 per-cent; • hooligan reasons and naughtiness - 5 per-cent; • revenge - 4 per-cent.

Prevention of crimes committed using global computer networks should prescribe the following: • suppression of computer crimes – undertaking measures to stop activity of people who prepare or attempt to commit a crime; • preclusion of crimes – definition of people who plan certain crimes and undertaking measures to exclude realization of these intentions; • precaution of crimes – revealing and removing of reasons and conditions of committing crimes on the network, establishing people inclined to commit such crimes, undertaking of some kind of influence on them.

Each of these approaches includes measures of general and individual character in respect of the given persons.

The most efficient part of salvation of this multifold problem of computer crimes prevention refers to organizational technical and legal approaches. The first prescribes mainly preventing computer crimes through measures of technical character: creation of architecture, protocols, hardware and software of processing systems that will prevent or impede criminal activity. The second approach proposes improvement of legal mechanism: strengthening of legal base, clear definition of corpus delicti for computer crimes, maintaining their efficient detection, investigation and legal prosecution.

It is noteworthy that lately the role of legal salvation of problems related to assuring of global networks security become more evident. For the last years governments of many countries took drastic steps to counteract computer terrorism. In particular, in 2002 Pentagon granted one of the biggest scientific institutions of the USA – a Carnegie Mellon University the amount of $35.5 million to conduct researches in the sphere of fighting computer terrorism. A five-year grant has been provided for development of identifying technologies that are to protect users on the Internet from unauthorized access to their confidential data.

A special Center for Computer Security and Communications Protection conducts research into creation of elements of artificial intelligence that could maintain automatic protection of information from hacker attacks without human assistance. Besides, they research possibilities to use individual features of users: their signatures, fingerprints, appearances and voices to suppress unauthorized access to data. Scientists believe that a symbiosis of these two technologies will be utilized in the future .

A new law has come in force in Great Britain; it equates computer hacker to Irish Republican soldiers. This law is to enhance suppression of different groups that use the territory of the UK for their actions. According to this document, if a hacker hacks a computer system that maintains national defense of the country, and if he attempts to influence somehow the governmental bodies or to threaten society, he will be charged with terrorism and will face all the ensuing consequences.

Thus activity on counteraction to cybercrime in Ukraine should be systematic and complex. It is necessary to build this job on the basis of clear cooperation of all law enforcement agencies, introduction of efficient techniques to reveal and prevent such kind of crime, and also on the background of improvement of legal norms. Today, none of the states is able to resist this wrong without assistance. Fighting computer terrorism, and against terrorism as the whole, is not for separate countries, therefore it is essential to maintain cooperation of secret services, including national security services and special units fighting terrorism at national, regional and international levels.

References

1. Victor Luneev. XX Century Crime: Global, Regional and Russian Tendencies. М., 1997.
2. Convention on Cybercrime http://conventions.coe.int/Treaty/en/Treaties/Html/185.htm.
3. Cyber Crime Statistics. http://www.crime-research.ru/news/29.07.2004/1314/.
4. Ukraine: 45 million EURO losses from cyber attacks. http://www.crime-research.ru/news/30.07.2004/1320/.
5. 2004 CSI/FBI Computer Crime and Security Survey Continue but Financial Losses are Down. http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2004.pdf.
6. Vladimir Golubev. Cyber Crime: Motivation and Subject. http://www.crime-research.ru/news/2004.10.21/1547/.
7. Erick S. Reimond. New Hacker Dictionary. - М.,1996.
8. Alexander Chernavski. Computer Underground in the Context of Modern Cyber Culture. - Computer Crime and Cyber Terrorism, Zaporozhye, №2, 2004.
9. Vladimir Golubev, Alexander Golovin. Problems of Investigating Cyber Crime. http://www.crime-research.org/library/New_g.htm.
10. D. Malyshenko. Counteraction to Cyber Terrorism – The Crucial Task of Modern Society and Government. http://oxpaha.ru/view.asp?13341.