Threats to Computer Systems
The nature of computer crime has changed over the years as the technology has changed and the opportunities for crime have changed. Although thrill-seeking adolescent hackers are still common, the field is increasingly dominated by professionals who steal information for sale and disgruntled employees who damage systems or steal information for revenge or profit.
When Willie Sutton was asked why he robbed banks, he replied, "because that's where the money is." People attack computers because that's where the information is, and in our hyper-competitive, hi-tech business and international environment, information increasingly has great value. Some alienated individuals also gain a sense of power, control, and self-importance through successful penetration of computer systems to steal or destroy information or disrupt an organization's activities.
A common view of computer security is that the threat comes from a vast group of malicious hackers "out there." The focus of many computer security efforts is on keeping the outsiders out -- through physical and technical measures such as gates, guards, locks, firewalls, passwords, etc.
Yet, while the threat from outsiders is indeed as great as generally believed, the malicious insider with approved access to the system is an even greater threat! This discussion treats the insider threat and the outsider threat separately.
Insider Threat to Computer Security
The Computer Security Institute and FBI cooperate to conduct an annual CSI/FBI Computer Crime and Security Survey of U.S. corporations, government agencies, financial institutions, and universities.1 Of the information security professionals who responded to this survey, 80% cited disgruntled and dishonest employees as the most likely source of attack on their computer system.
Fifty-five percent of respondents reported unauthorized access by insiders, as compared with 30% reporting system penetration by outsiders. Many companies reported multiple instances of unauthorized access or system penetration. For a study of the threat of insider betrayal by insider computer system professionals themselves, see The Insider Threat to Information Systems in the Treason 101 module.
When tabulating attacks from all sources, both insider and outsider, the following numbers represent the percentages of respondents who reported each type of attack during the previous year: 32% denial of service, 26% theft of proprietary information, 19% sabotage of data or networks, and 14% financial fraud.
As discussed in Reporting Improper, Unreliable, and Suspicious Behavior, you are expected to report potentially significant, factual information that comes to your attention and that raises potential concerns about computer security. Reportable behaviors include the following:
Outsider Threat to Computer Security
In addition to foreign intelligence services, your computer network is at risk from many other types of outsiders.
The Internet has become a boon to intelligence collectors world wide.
Break-ins occur at an alarming rate because the Internet provides an especially comfortable and interesting place for hackers. The Internet was not designed with security in mind. It is a large, intricate network with many software flaws. It is easy to remain anonymous on the net. Because everything is interconnected, everything is vulnerable, and an expert intruder can cover his or her tracks by weaving a trail through a dozen systems in several different countries. Many hacker tools that required in-depth knowledge a few years ago have been automated and have become easier to use.
It is difficult to assess the overall dollar loss as a result of economic espionage and the theft of trade secrets. In order to gain a better understanding of the loss, the FBI developed a methodology to objectively assess and determine the scope of economic loss resulting from the theft of intellectual property. This Economic Loss Model was first applied to the facts of a case involving the theft of an unclassified software program that had been developed under contract to the Department of Defense and was being tested in space applications under contract to NASA. It was stolen by a foreign competitor. This case is described in Espionage Killed the Company under Spy Stories.
As a result of the theft, the foreign competitor captured the market and the company that developed the program went bankrupt. The model showed that this one case of theft resulted in over $600 million in lost sales, the direct loss of 2,600 full-time jobs, and a resulting loss of 9,542 jobs for the economy as a whole over a 14-year time frame. Analysis also determined that the U.S. trade balance was negatively impacted by $714 million and lost tax revenues totaled $129 million.3
Information warfare is now a very significant threat. The director of a task force of current and former government officials organized by the Center for Strategic and International Studies concluded that: "Information warfare weapons are changing the character of conflict more fundamentally than anything in history, including gunpowder and nuclear weapons." 4 In addition to our unclassified but sensitive military communications systems and data bases, our telecommunications, power, transportation, and financial systems are increasingly linked to the Internet, and they are vulnerable to attack from abroad. As Deputy Secretary of Defense John Hamre put it, "Very small numbers of people can now wage war on America."5 Organized hacking offers the potential for low cost, low risk, but high gain actions by small countries or groups against the most highly developed nations.
Related Topics: The Insider Threat to Information Systems in the Treason 101 module explores the psychology and motivation of the insider hacker and cites many examples. Hacking U.S. Government Computers from Overseas in the Spy Stories module describes three cases in which hackers working from overseas penetrated U.S. Government systems.