Pattern of Global Cyber War and Crime: A Conceptual Framework

1
Pattern of Global Cyber War and Crime A
Conceptual Framework

• Nir Kshetri
• Bryan School of Business and Economics
• The University of North Carolina-Greensboro

2
Flourishing synergy between organized crime and
the Internet

• Cyber criminals have attacked almost all of the
  Fortune 500 companies (FBI)
• 39 suffered a security breach in 2003
• Hackers have attacked the networks of
• Pentagon
• White House
• NATOs military websites
• Microsoft, etc.
• Cybercrime and cyber-terrorism FBIs No. 3
  priority only behind counterterrorism and
  counterintelligence.

3
Top sources of cybercrimes
4
Goal of this paper

• To Provide an understanding of web crimes in
  terms of
• the principles and purposes
• necessary and sufficient conditions
• the patterns of origin and targets
• Integrate streams of literatures from psychology,
  e-commerce, warfare and international affairs.

5
The Pattern of the Global Cyberattacks A
Proposed Model

• Profile of target organization
• Symbolic significance and criticalness
• Digitization of values
• Weakness of defense mechanisms

6
Motivations of cybercrimes

• Wars are fought for material goals as well as for
  intangible ends such as honor, dominance and
  prestige (Hirshleifer 1998).
• Two categories of motivations
• Intrinsic motivation
• Enjoyment based intrinsic motivation
• Obligation/community based intrinsic motivation
• Extrinsic motivation

7
The Pattern of the Global Cyberattacks A
Proposed Model

• Profile of target organization
• Symbolic significance and criticalness
• Digitization of values
• Weakness of defense mechanisms

8
Types of cyber attacks

• Opportunistic attacks releasing worms and
  viruses that spread indiscriminately across the
  Internet
• Targeted attacks specific tools are used against
  specific cyber targets.
• carried out by highly skilled hackers
• also initiated by terrorists, rival companies,
  ideological hackers or government agencies
• some motivated by financial gains

9
The Pattern of the Global Cyberattacks A
Proposed Model

• Profile of target organization
• Symbolic significance and criticalness
• Digitization of values
• Weakness of defense mechanisms

10
Characteristics of the source nation

• Regulative institutions
• Cybercrimes benefit from jurisdictional arbitrage
• A strong rule of law
• punishment of transgressors
• ability to successfully litigate fraudulent
  online dealings
• Eastern Europe cybercrime laws but lack of
  enforcement mechanisms
• P1 The rate of origin of online attacks in an
  economy is negatively related to the strength of
  rule of laws applied to such attacks.

11
Characteristics of the source nation

• Normative institutions
• Cybercrimes are more justifiable in some
  societies compared to others.
• Indonesian hackers cyber fraud is wrong but
  acceptable, if the victim is from a developed
  country.
• P2 The rate of origin of online attacks in an
  economy is positively related to the existence of
  social norms that justify such attacks.

12
Characteristics of the source nation

• Cognitive institutions
• Cognitive programs affect the way people notice,
  categorize, and interpret stimuli.
• A number of cyber attacks are linked with fights
  for ideology.
• Ideological hackers express nationalistic
  longings or act against the nation-state where
  they live.
• P3 Perceived attack on the Ideology of an
  attacking unit contributes to the strength of
  cognitive legitimacy of its hacking of the
  adversarys network.

13
Characteristics of the source nation

• Stock of hacking skills relative to economic
  opportunities
• Cybercrimes are skill intensive
• Crime rates linked to economic opportunities.
• Over-educated and under-employed network
  specialists in Russia/Eastern European countries.
• P4 The rate of origin of online crimes in an
  economy is positively related to the stock of
  hacking skills relative to the availability of
  economic opportunities.

14
The Pattern of the Global Cyberattacks A
Proposed Model

• Profile of target organization
• Symbolic significance and criticalness
• Digitization of values
• Weakness of defense mechanisms

15
Profile of target organization

• Symbolic significance and criticalness
• Attacks initiated by terrorists likely to be
  targeted against decisive and critical
  infrastructure
• Attacks initiated by ideological hackers
  Symbolic significance
• U.S.-China cyberwar (2001)
• Chinese attacked the White House's site, the
  California Department of Justice, etc.
• Americans attacked sina.com, Xinhua news agency,
  sites of local governments
• P5 The symbolic significance and criticalness of
  a network increases its likelihood of being a
  cybercrime target.

16
Profile of target organization

• Digitization of value
• Crimes target sources of value
• Businesses with a high dependence on digital
  technologies
• online casinos, banks, and e-commerce hubs
• P6 The degree of digitization of value of an
  organization increases its likelihood being a
  cybercrime target.

17
Profile of target organization

• Weakness of defense mechanisms
• Weakness of defense mechanism co-varies
  positively with the likelihood of attack.
• female-headed households in a city is positively
  related to the number of crimes (Glaeser and
  Sacerdote 1999).
• P7 The weakness of defense mechanisms of a
  network is positively related to its likelihood
  of being a cybercrime target. .

18
Managerial implications

• Higher proportion of targeted attacks
  Probability of being a cybercrime target varies.
  
• Large companies start putting stronger defense
  mechanisms
• SMEs are more likely to become cybercrime
  targets.
• Timely reporting to authorities helps combat
  cyber threats
• Ransom money positive cognitive messages
• further cyberattacks by making criminals more
  sophisticated and organized.

19
Policy implications

• Cooperation and collaboration among national
  governments, computer crime authorities and
  businesses
• Enacting laws requiring
• organizations to deploy appropriate defense
  mechanisms
• reporting of cybercrimes mandatory
• Increasing probability of arrest rather than
  severity of punishment.