Title: Pattern of Global Cyber War and Crime: A Conceptual Framework
1Pattern of Global Cyber War and Crime A
Conceptual Framework
- Nir Kshetri
- Bryan School of Business and Economics
- The University of North Carolina-Greensboro
2Flourishing synergy between organized crime and
the Internet
- Cyber criminals have attacked almost all of the
Fortune 500 companies (FBI) - 39 suffered a security breach in 2003
- Hackers have attacked the networks of
- Pentagon
- White House
- NATOs military websites
- Microsoft, etc.
- Cybercrime and cyber-terrorism FBIs No. 3
priority only behind counterterrorism and
counterintelligence.
3Top sources of cybercrimes
4Goal of this paper
- To Provide an understanding of web crimes in
terms of - the principles and purposes
- necessary and sufficient conditions
- the patterns of origin and targets
- Integrate streams of literatures from psychology,
e-commerce, warfare and international affairs.
5The Pattern of the Global Cyberattacks A
Proposed Model
- Profile of target organization
- Symbolic significance and criticalness
- Digitization of values
- Weakness of defense mechanisms
6Motivations of cybercrimes
- Wars are fought for material goals as well as for
intangible ends such as honor, dominance and
prestige (Hirshleifer 1998). - Two categories of motivations
- Intrinsic motivation
- Enjoyment based intrinsic motivation
- Obligation/community based intrinsic motivation
- Extrinsic motivation
7The Pattern of the Global Cyberattacks A
Proposed Model
- Profile of target organization
- Symbolic significance and criticalness
- Digitization of values
- Weakness of defense mechanisms
8Types of cyber attacks
- Opportunistic attacks releasing worms and
viruses that spread indiscriminately across the
Internet - Targeted attacks specific tools are used against
specific cyber targets. - carried out by highly skilled hackers
- also initiated by terrorists, rival companies,
ideological hackers or government agencies - some motivated by financial gains
9The Pattern of the Global Cyberattacks A
Proposed Model
- Profile of target organization
- Symbolic significance and criticalness
- Digitization of values
- Weakness of defense mechanisms
10Characteristics of the source nation
- Regulative institutions
- Cybercrimes benefit from jurisdictional arbitrage
- A strong rule of law
- punishment of transgressors
- ability to successfully litigate fraudulent
online dealings - Eastern Europe cybercrime laws but lack of
enforcement mechanisms - P1 The rate of origin of online attacks in an
economy is negatively related to the strength of
rule of laws applied to such attacks.
11Characteristics of the source nation
- Normative institutions
- Cybercrimes are more justifiable in some
societies compared to others. - Indonesian hackers cyber fraud is wrong but
acceptable, if the victim is from a developed
country. - P2 The rate of origin of online attacks in an
economy is positively related to the existence of
social norms that justify such attacks.
12Characteristics of the source nation
- Cognitive institutions
- Cognitive programs affect the way people notice,
categorize, and interpret stimuli. - A number of cyber attacks are linked with fights
for ideology. - Ideological hackers express nationalistic
longings or act against the nation-state where
they live. - P3 Perceived attack on the Ideology of an
attacking unit contributes to the strength of
cognitive legitimacy of its hacking of the
adversarys network.
13Characteristics of the source nation
- Stock of hacking skills relative to economic
opportunities - Cybercrimes are skill intensive
- Crime rates linked to economic opportunities.
- Over-educated and under-employed network
specialists in Russia/Eastern European countries. - P4 The rate of origin of online crimes in an
economy is positively related to the stock of
hacking skills relative to the availability of
economic opportunities.
14The Pattern of the Global Cyberattacks A
Proposed Model
- Profile of target organization
- Symbolic significance and criticalness
- Digitization of values
- Weakness of defense mechanisms
15Profile of target organization
- Symbolic significance and criticalness
- Attacks initiated by terrorists likely to be
targeted against decisive and critical
infrastructure - Attacks initiated by ideological hackers
Symbolic significance - U.S.-China cyberwar (2001)
- Chinese attacked the White House's site, the
California Department of Justice, etc. - Americans attacked sina.com, Xinhua news agency,
sites of local governments - P5 The symbolic significance and criticalness of
a network increases its likelihood of being a
cybercrime target.
16Profile of target organization
- Digitization of value
- Crimes target sources of value
- Businesses with a high dependence on digital
technologies - online casinos, banks, and e-commerce hubs
- P6 The degree of digitization of value of an
organization increases its likelihood being a
cybercrime target.
17Profile of target organization
- Weakness of defense mechanisms
- Weakness of defense mechanism co-varies
positively with the likelihood of attack. - female-headed households in a city is positively
related to the number of crimes (Glaeser and
Sacerdote 1999). - P7 The weakness of defense mechanisms of a
network is positively related to its likelihood
of being a cybercrime target. .
18Managerial implications
- Higher proportion of targeted attacks
Probability of being a cybercrime target varies.
- Large companies start putting stronger defense
mechanisms - SMEs are more likely to become cybercrime
targets. - Timely reporting to authorities helps combat
cyber threats - Ransom money positive cognitive messages
- further cyberattacks by making criminals more
sophisticated and organized.
19Policy implications
- Cooperation and collaboration among national
governments, computer crime authorities and
businesses - Enacting laws requiring
- organizations to deploy appropriate defense
mechanisms - reporting of cybercrimes mandatory
- Increasing probability of arrest rather than
severity of punishment.