three page paper and journal
Print This Document
[experimental electronic music]
[pulsing beat]
[up-tempo electronic music] female narrator: The power of the virtual world increases every day. By the time you've watched this program, that power will have grown even more. A young student in a developing country will have accessed the library of a prestigious university. A senior citizen who's never traveled abroad will have visited a country on the other side of the world. A small-company manager will have attended an international conference without even leaving the office. With each of these achievements, the virtual world brings about another real-world victory for education, dialogue, and better understanding between people. But there's nothing virtual about the hazards that accompany modern communication technologies.
[gunshot]
- Now the tiniest country with computer experts, computer scientists, can develop the means to attack larger, much more powerful countries and maybe cause them just as much damage that you could do with a physical attack or a bombing raid.
- Cyber war today is something that does not really require a country to attack another country; I just have to be a cyber criminal and I have my 200,000 botnets, computers that have been hijacked, and I issue a command for them to launch massive attacks, as massive as a country could do.
- The scary phenomenon is that 26% of those attacks led to loss of data from governments; 14%, financial institutions; 15%, health care. So we talk about data, which I would argue, are sensitive.
- You don't know who's on the clickety-clack of the keyboard. Who's breaking into my system? Is it a kid? Is it a foreign intelligence service? Is it a competitor for economic espionage? You don't know when it's occurring, and it takes days to do robust investigations to identify the perpetrators. That, to me, is an important gap that needs to be filled in terms of intelligence and law enforcement. We do not have any capabilities to provide warning of attacks now, nor do we know who they are.
narrator: It's become clear that many future wars and acts of terrorism will take place in cyberspace rather than in the physical world. The reason: knowledge is power. The internet has made the knowledge base both accessible and vulnerable. Information warfare is the act of attacking this data. Information warfare is not limited to disputes between countries. It can include corporate and economic espionage, as well as bored teenagers looking to make a reputation as a hacker. And while it takes place in cyberspace, the impact can be felt on the street, as so many of our key infrastructures depend on computers to operate effectively. Cyber terrorism is the coming together of terrorism and cyberspace. All that the terrorists need is a personal computer and an online connection. They can get hold of their weapons without difficulty by creating and delivering computer viruses through a telephone line, a cable, or a wireless connection. And if they want to make a bomb, step-by-step guides on how to make one at home are easily available over the internet. In cyberspace, there are no physical barriers, such as checkpoints, to navigate, no borders to cross, and no customs agents to outsmart.
[whistle blowing] Cyber terrorism could be conducted remotely and anonymously, and it would not require a suicide mission. It's likely to attract extensive media coverage, as journalists and the public alike are fascinated by practically any kind of computer attack. Indeed, cyber terrorism could be immensely appealing precisely because of the tremendous attention given to it by the government and media.
- Information warfare may not be the ultimate means. If you're a terrorist, you don't want to abandon the bomb. The bomb gets headlines. The target's not the hundreds killed but the many thousands and millions watching it on TV. That's the target of the terrorist. Now, imagine if you have a terrorist who uses the bomb and then uses information warfare to disrupt emergency 911 communications so your policemen, your firemen, your EMTs can't respond to the crisis. That enhances the lethality by many times. So it's a multiplier. It augments the aggressor and makes them many times more lethal. That, in my eyes, is the ultimate concern.
narrator: Washington, D.C.: the seat of the U.S. government as well as that of the FBI. This institution has long been involved in the fight against organized crime, but times have changed, and so have crime-busting techniques. The FBI today is still engaged in its role of combating organized crime, fraud, and espionage, but it's also spearheading the U.S. government's determined battle against cybercrime. The NIPC, or National Infrastructure Protection Center, is based in the J. Edgar Hoover Building at the FBI. Here, all the major government agencies pool their knowledge and resources to work together in an effort coordinated by the FBI. Foreign governments have representatives here. So does the private sector.
- If one hacker is able to take down Wall Street, you know, what would be the eff- you know, what would be the effects of that on our economy, on our daily operations of the United States? We just don't know. You know, if hackers somehow could manage to wipe out all the records of all the last year's trading on the stock market, you know, what effect would that have on- if hackers were able to bring down the power grid at will, you know, how would that effect us? If hackers were able to hack in and get control of the air traffic control system...
- It's not a small club; it's not an exclusive club. Everyone can engage, and we have much more to lose. If a terrorist organization- if we respond in kind, what do they lose? A hard drive? And we have, unfortunately, our whole country to worry about. And when you're looking about Third World nations where we have a number of contingencies and crises, what's the big deal if we take down electric power? Can we do it? Yes. But we don't gain too much because they already operate without that. Whereas the United States and the European Union, we are so dependent upon information technology, and we continue to grow exponentially dependent, we have much more to lose. So yes, offensive is there, but it's not- it doesn't hold as much value as the defensive side because we have more to lose.
- [speaking French]
narrator: On April 27, 2007, the Estonian authorities decided to relocate a bronze monument honoring Soviet soldiers fallen in the defense of their country at the end of World War II. This move was seen by Russia, as well as the Russian minority population of Estonia, as an affront and a highly disrespectful act. Russia decided to go on the offensive, and it was the internet that was chosen as the main weapon.
- For roughly a period of 20 days, the critical infrastructure of Estonia suffered some significant blows by systematic and massive denial of service attack. Some attacks took as long as ten hours, basically completely disabling the ability of other people to collect- to connect online systems. We saw on the peak of the attack roughly 5,000 clicks per second on some of their targeted websites. We saw instances which were indicating a degree of coordination. The attacks were stopping at midnight, all of them, every day, so as if the hackers were going to sleep.
Tactics: switching of attacks depending on their discovered vulnerabilities was emerging, which was demonstrating a degree of, again, intelligence. Government ministries, local police all suffered.
narrator: The Crans Montana Forum was created in 1986. It's a place where top-level decision makers from the world's public and private sectors gather to get acquainted and share information and experience. They aim to align their projects and strategies with the most important political, economic, and social issues affecting today's world. In a recent gathering in the Principality of Monaco, a number of very sensitive issues dealing with transnational crime and cyber criminality were discussed by some of the world's top experts in the field.
- [speaking French]
narrator: Information warfare can be offensive or defensive. Offensive info war is attractive to terrorists and armies, as it's relatively inexpensive compared to the cost of developing, maintaining, and using advanced military capabilities. It may cost little to bribe an insider, create false data, manipulate information, or launch malicious logic-based weapons against a globally shared information system.
[experimental electronic music] For decades, information security has been a concern for both technology experts and risk managers. Now that we realize the seriousness of the info war threat, we need to concern ourselves with far more than passwords and dial-up access. We've migrated to distributed computing systems that communicate over shared networks but largely still depend on the use of fixed passwords as the first line of defense. We do this even though we know that network analyzers have been and continue to be used by intruders. They steal computer addresses, user identities, and user passwords from all the major internet and unclassified military networks. These stolen identities and passwords are then used to masquerade as legitimate users and enter into systems. Once in, they apply freely available software tools which ensure that they can take control of the computer and erase all traces of their entry.
narrator: The popular media conception is that there is a coordinated attempt by the Chinese government to hack into U.S. and other Western-based computers- military, government, corporate- and to steal secrets. The truth is a lot more complicated. There certainly is a lot of hacking coming out of China. Any company that does security monitoring sees it all the time. In 2006, other than the United States, six other countries, including France, Australia, New Zealand, the United Kingdom, and Germany suffered severe cyber attacks. The hackers are in this for a number of reasons: fame and glory and an attempt to make a living. The fame and glory come from their nationalistic goals. Some of these hackers are heroes in China. They feel they are upholding the country's honor against both anti-Chinese forces, like the pro-Tibet movement, and larger forces, like the United States. And the money comes from several sources. The groups sell owned computers, malware services, and data they steal on the black market. They sell hacker tools and videos to others wanting to play. What's more worrying, however, is that the Chinese government itself seems to be implicated at several levels.
narrator: Cyber war may also imply developing new doctrines about what kind of forces are needed, where and how to deploy them in the strike against the enemy, how and where to position what kinds of computers and related sensors, networks, and databases may all become as important as the question used to be for the deployment of bombers and their support functions. Cyber war may also have implications for the integration of the political and the psychological with the military aspects of warfare.
narrator: But it's the anonymity, the dominant feature of cyber attacks, that can be the cause of great difficulties when it comes to elaborating and implementing strategies to combat the threat.
- As we speak- as we speak now, there are also big attacks on our Pentagon. And again, we don't know who it is. So we do we respond militarily? It's anonymous. It's invisible. You don't see it, so we don't know. We don't know if this is actually an aggressor with hostile intent or whether it's a kid. And I think that that's something, in my eyes, that's the biggest concern about cyberspace. It's made for proxy warfare. If you are a foreign nation, you are never going to send your footprints back to your country; you're going to attack from another region. And you may think it's Iran, but actually it's Iraq. Or you may think it's North Korea, and actually it's someone else altogether.
narrator: The cyber attack on Estonia in 2007, again, clearly underlines this huge problem. Although many factors point an accusing finger at the Russian government, there's no single piece of evidence that allows the Estonian government to formally accuse Russia and take the case to a court of law.
narrator: Throughout Europe, cybercrime is also rife, and nothing short of a common policy can hope to eradicate it. Europe has also declared war on cybercrime, the only possible response to a phenomenon which has become global in reach. The Council of Europe organized a conference in 2008 focused on cooperation between service providers and law enforcement agencies, the state of cybercrime legislations, and the effectiveness of international cooperation. In the face of the increasing vulnerability of society to the threat of cybercrime, the conference provided a platform for enhancing cooperation among key stakeholders from around the world.
- The Convention on Cybercrime, it defines certain types of conduct that you have to make a crime in your criminal courts; and it defines a number of procedural law measures to help law enforcement and criminal justice authorities to investigate, more effectively, cyber crimes; and it provides, then, a legal framework for international cooperation.
- There is something in between the maximum that, in general, law enforcement agencies might be allowed to do more than we consider to be positive in the guidelines, but that does not necessarily mean that they're getting further with their investigation. They might just cause more harm or affect business in a different way. We've tried to show them ways where they could apply instruments with less interference but get the same results, and this is actually what we do.
- If we are tracing back hackers, we need traffic data, because hackers are jumping from one country to the other, and you need interception methods in various countries. You just have to understand what's the need. You need certain data to trace back, and then you can transfer this functional approach of the cybercrime convention in the system and in the wording of each country.
narrator: New technologies will always spawn new forms of crime. The internet is no exception, especially because it generates a constant, almost instantaneous flow of information, products, and services across the E.U.'s internal and external borders. As electronic media become accessible to all, cybercrime is spreading and diversifying at breathtaking speed, far outstripping the scale of conventional fraud and forgery. While it's true that the threat may be exaggerated, it cannot be denied or ignored. The increasing visibility of terrorism has led to these unconventional weapons being harnessed by a new computer-savvy generation of terrorists.
- The criminals are very good at working across borders. They trust each other. They work very efficiently together like effective multinational corporations. But our member states and our individual countries around the world do not trust each other. And you, I'm sure, all remember after 9/11 in the USA, the Americans tried to find out what went wrong, and part of their discovery was that the CIA and the FBI, both American organizations, weren't even cooperating together. So if they can't cooperate together inside their own country, how much more difficult it is for each of us from different countries to cooperate together, and yet the criminals do.
- [speaking French]
narrator: The Council of Europe's cybercrime convention of 2001 and the Convention on the Prevention of Terrorism of 2005 provide a legal response which is consistent with the protection of human rights and individual freedoms. The convention is the first international treaty on crimes committed via the internet and other computer networks. It deals particularly with infringements of copyright, computer-related fraud, child pornography, and violations of network security. It also contains a series of powers and procedures such as the search of computer networks and interception. Open to signature by non-European states, the convention also provides a framework for international cooperation in this field. An additional protocol outlaws acts of a racist and xenophobic nature committed through computer systems. These innovative and unique treaties have created a new dynamic at international level, fostered by the ever-increasing need for more international cooperation. But international cyber criminals cooperate among themselves much more efficiently than individual countries do, and this gap needs to be filled urgently.
narrator: As our wired world becomes more reliant on technology for its prosperity and security, so it becomes increasingly vulnerable. In geostrategic terms, the United States is still very much the uncontested superpower based on its arsenal of conventional and nuclear weapons. But on the electronic front, the field is much more fluid, and the internet could prove to be the great leveler. Unsurprisingly, the U.S. is thought to hold one of the most sophisticated and top-secret stores of so-called cyber bombs. But that by no means gives it a monopoly. In capable hands, a powerful computer hooked up to the web has the potential to be a relatively cheap, fast, and effective tool of war. So backed by an estimated $1.4 billion budget, the Pentagon has consolidated its offensive and defensive cyber warfare programs. In Europe, however, some worry that the right balance has not been struck between police and military powers and individuals' cyber rights.
narrator: Security is no longer defined by well-trained, well-equipped armies standing between the aggressor and the homeland. The weapons of information warfare can outflank and circumvent military organizations and compromise communications and technology upon which both military and civilian infrastructures depend. In this case, the enemy is not even in the line of fire. The battlefield has shifted from a place where military operations determine the winner to an electronic battlefield where a lone operator can cause as much damage as a whole battalion.
[dramatic percussive music] Banks, virtual corporations, cashless electronic transactions, and economies based on "just in time" deliveries make our entire commercial and industrial sector vulnerable to a cyber attack that could be just as damaging as an actual attack on actual material stores. A single email or website can reach millions of potential investors anywhere in the world instantly. With a convincing website, a confidence trickster can, for instance, artificially boost the value of a stock he or she has bought, off-loading it later at a massive profit and leaving hapless investors wondering why their rosy-looking investment went pear-shaped. It's simply, and very aptly, called "pump and dump." But unfortunately, things don't stop there.
narrator: They call it "pharming" and "phishing." These are two of the most widely used and successful methods for stealing personal information from unsuspecting people over the internet. Phishing typically involves fraudulent bulk email messages that guide recipients to legitimate-looking but fake websites and try to get them to supply personal information, like account passwords. Pharming tampers with the domain name server system so that traffic to a website is secretly redirected to a different site altogether even though the browser seems to be displaying the web address you wanted to visit.
- I normally explain the threat as, it's a tool. It makes old crimes better. It enhances old crimes. It's a weapon, if you want to bring down systems- denial of service- and it's a target. In terms of money laundering, by and large, they will try to- they will simply- there are issues in terms of offshore banking and the ability to launder money through those means. But by and large, these aren't the people that are going to bring down a system. They don't want to bring any attention to their lucrative business. By and large, they are using conventional means. But there's an old saying in the U.S., and there's an old bank robber, the most infamous of all time, named Willie Sutton, and when asked, "Why do you rob banks?" his answer couldn't have been more direct: "That's where the money is." And as electronic commerce continues to go online, it's safe to assume that crime will continue. And in most cases, the criminals are further along than the good guys. And our-we're a number of years behind the power curve, legally and otherwise.
- Criminals are well-funded. Criminals are well-organized, unlike, sometimes, the law enforcement authorities. I would certainly put that thesis forward, especially when it has to do with cybercrime, exactly because cybercrime is also difficult to detect and quite complex. They're targeted. They're secretive. They're designed to steal confidential information. So our ability to respond to these attacks, our ability to handle this threat, must be based not anymore on a defensive approach of, I built a huge castle, and I guard the gate, but rather, I go out, and I try to meet the enemy. I go out, and I try to collect information. Technology moves more and more towards intelligence, towards intelligence collection, analysis, and the ability to do predictive, proactive, and flexible defense.
narrator: Impasse de la Gendarmerie in the commune of Saint Ouen in Paris. At the bottom of this cul-de-sac is a very special type of school. Its specialty: hacking techniques and all the computer crimes imaginable. But here, the objective is certainly not to produce professional hackers and crackers but, rather, to demonstrate to network administrators and webmasters, as well as internet security consultants, the different techniques that hackers use to penetrate the databases of large corporations and financial institutions.
- [speaking French]
- [speaking French]
- [speaking French]
- [speaking French]
narrator: In the field of electronic warfare, as on a real battlefield, there's no advantage greater than knowing your adversary and being able to predict your enemy's moves and strategies in advance. Big companies and corporations are prepared to spend whatever's necessary in order to secure their databases and prevent deadly cyber attacks. Each year, 400 trainees enroll in this school. They're all professionals in the field of system and network administration and software development. They follow highly specialized training sessions with experts in the fields of internet security, intrusive auditing, and intrusion tests. If they pass their final exam successfully, they become what is know as Certified Ethical Hackers.
narrator: Cyber criminals always seem to be one step ahead of law enforcement agencies, as well as manufacturers and editors of software. In an attempt to keep up with them or at least not to lag too far behind, this school, like many others of its kind, are also research laboratories where experts spend a large amount of their time in finding new vulnerabilities and other weaknesses in software and networks.
[keys clicking]
narrator: Snooping, in a security context, is unauthorized access to another person's or company's data. Malicious hackers, known as crackers, frequently use snooping techniques and equipment to monitor keystrokes, capture passwords and log-in information, as well as to intercept email and other private communications. Quantum cryptography harnesses quantum mechanics to generate an encryption key, a secret sequence of zeros and ones, in such way that a hacker cannot intercept it without being detected. This key can then be used to scramble a message and decode it at the receiving end.
- First you have to distribute a key between two parties that we shall call Alice and Bob. So we first have this key which is being exchanged using quantum cryptography, and then because this key is very secure, you can use it to encrypt data so that its confidentiality is guaranteed.
narrator: An important and unique property of quantum cryptography is the ability of the two communicating users to detect the presence of any third party trying to gain knowledge of the key. This is the result of using quantum mechanics. The process itself of measuring a quantum system disturbs its whole operation.
- Alice is going to send some key to Bob, and because of the uncertainty principle, if someone tries to look at the key while it's being transmitted, it will induce noise, transmission errors, and Bob can realize that the line is being tampered with. Alice cannot really prevent that the transmission is being eavesdropped, but they can react to it. There is no way for a spy to look at the transmission without disturbing it. On the regular transmission, everyone can still extract the signal, copy it, and reuse it later, but with quantum physics, it's not possible.
narrator: As night falls, predators of all kinds, in the animal as well as the human kingdoms, begin roaming around for their prey. The World Wide Web is no exception, and the anonymity it provides is taken advantage of to the full. Child pornography and pedophilia are other kinds of internet crimes that are constantly on the rise throughout the world. Pedophiles, who in the past might have been nervous about obtaining printed material, can freely access a large number of sites, some involving children as young as two. There are also interactive sites, over which children are abused to order. Many of these are based in Russia, conveniently out of reach of Western legislation. In the West, generally, more and more households own several computers. Children have become very adept at using them. They're a good way of finding out about hobbies, interests, or schoolwork. There are thousands of online games to be played. But there are also a great many dangers. In the many chat rooms where children exchange information, it's impossible to tell if the person your child is talking to really is another child or a pedophile seeking contact, information, perhaps an address or a photo or even a meeting. The European police agency, Europol, based in The Hague, has coordinated major international police swoops aimed at smashing internet-based child pornography networks in the member states of the European Union. On the worldwide level, Interpol has made strides in recent years to move out of its traditional focus on organized crime and terrorism and tackle other issues troubling its member states. Pedophilia is certainly one of them, and unfortunately, it's on the rise. Every year, thousands of children become victims of crime, whether it's kidnappings, violent attacks, or sexual abuse. In U.S., for instance, the FBI has created a Crimes Against Children program with three clear objectives: to reduce the vulnerability of children to sexual exploitation, to develop a nationwide capacity for rapid and effective response, and to enhance the capabilities of state and local law enforcement investigators through training, assistance, and task force operations. At this office in Maryland, Operation Innocent Images tries to root out those who prey on children. Their activities have led to a large number of arrests; many of them of Europeans who travel to the United States in the expectation of indulging in sex with a child.
- Basically, what it amounts to is, we have agents who are online choosing profiles of young boys and girls, who go into predicated chat rooms- these are areas that we have knowledge that individuals will go there looking to meet young children. We go there posing as young boys or young girls, and we get contacted by these individuals who express an interest in having sex. And when they travel to a prearranged location, they're arrested and charged federally. The success rate has been phenomenal since 1995 in the fact that we have executed many, many search warrants on the individuals that have been convicted. We're running approximately a 99% conviction rate, which goes to show you that the evidence is very- is very substantial.
narrator: According to experts, the biggest danger comes when children are left alone to amuse themselves at the computer.
- Pedophiles do contact our children. Parents should be encouraged to teach their children to use the internet for something other than chat rooms. Children should never ever give out personal information on the internet to anybody that they don't absolutely know, because the individual that they're giving their phone number to or sending a photograph or their address could be a pedophile. A person that says they're a 13- or 14-year-old could be a 50- year-old male or whatever. People have to realize that the individual who's doing this is not what we would typify as a child molester or somebody with a big nose and a dark raincoat and dark glasses. These are people that live in our neighborhoods.
narrator: The market for fake and bogus goods is also growing with the help of the internet. A significant percentage of all enforcement activity is directed towards spam, internet auctions, retail sites, and other internet activities which sell or distribute counterfeit and pirated items. Other venues, such as internet chat rooms and private forums, are also being used by criminals and terrorists to provide information regarding manufacturing techniques and to distribute high-value items, such as fake ID papers, passports, driver's licenses, birth certificates, and medicines.
- [speaking French]
narrator: Counterfeit medicines, as well as spare parts for cars and especially passenger aircraft, have, to date, caused a significant number of deaths due to poor workmanship and the use of defective materials.
- [speaking French]
narrator: With an increase in internet users in both developed and developing regions- in particular, the Middle East, Africa, and Asia- the potential market for counterfeit goods, as well as illegal exports of arms and ammunition, is expanding rapidly.
- An Illusion 76 left a western European country- it was actually England; I'll name my own country- with a humanitarian aid flight into Africa. When the flight profile of the aircraft on the way out was compared to the flight profile of the aircraft on the way back- the aircraft on the way back was fully laden with 45 tons of frozen fish, 'cause, obviously, they like to make money on the return flights- the flight profiles were identical. We know that the British government only sent 30 tons of humanitarian aid. So some cheeky bastard has shipped 15 tons worth of ammunition or weapons into Africa on the back of a government's international aid flight. There is a lot of money to be made in large-scale arms trafficking. There's a lot of loopholes. The criminals are well ahead of us, and therefore, they will consistently exploit the loopholes in our systems, and they can exploit them quicker than they can get inside our decision-making circles.
[keys clicking]
narrator: Today industrial societies around the world rely on the internet. In fact, they would probably cease to exist without it. But just as viruses and bacteria can spread unchecked from region to region, computer viruses spread from computer to computer regardless of location. Just as crime and violence in one country can affect life in another by sending streams of displaced refugees seeking relief, cybercrime in one nation can find its victims anywhere. Just as pollution and destruction can cause climate change on a global level, child pornography from a single source pollutes minds around the world. This is one global threat that continues to elude us.
10/8/17, 20)47 Page 1 of 1