i,Robot: lets_hope_this_never_happens!

Before you read what I have to say, watch this video to put cybercrime into perspective:

In 2009, 148,000 zombie computers were created per day.[1]These consist of spammers, botnets, etc. If those numbers are true today (most likely significantly higher) over 1 million zombie computers are created between each time our class meets.  Movies like i,Robot and Eagle Eye present problems that may one day become a reality. We watch these movies and think of how farfetched it is to believe robots can have the ability to fight humans and attack us. Well, let’s hope it doesn’t become a reality; it would be an unimaginable nightmare to fight uncontrollable machines.

Cybercrime is an area not many individuals are familiar with, including our lawmakers themselves. It refers to the use of computer technology to achieve illegal ends.[2]Susan Brenner, professor of law and technology at the University of Dayton School of Law, presents two ways of looking at cybercrime. The first is that by virtue of referring to it as CYBERcrime there must be a difference compared to crime itself. However, there is also the “old wine” theory that cybercrime is “old win in new bottles.” This theory or idea posits the view of cybercrime being nothing more than the migration of real-world crimes into cyberspace.[3] An issue with cybercrime statistics is the unreliability of the numbers presented, crimes not reported, and the inclusion of traditional crimes considered to be cybercrimes by virtue of using a computer. The biggest threats related to the virtual world are the defined cyber-offenses such as hacking, denial of service attacks, or virus dissemination.

Professor Brenner argues the current reactive model of law enforcement ignores too many problems cybercrimes create and it is necessary to develop a new model to deal with cybercrime. This model must be prevention based and hold people who use cyberspace to a higher standard. Since cybercrime eliminates the physical aspect to crime, it can but fully automated which poses great problems for a reactive model. A person may commit thousands of crimes with little effort in a very short amount of time. Also, damage can be much harder to remedy when cyberspace allows you to do things like move money offshore with the click of a button. By the time a reactive model begins an investigation, the damage is done and the trail to the perpetrator nonexistent.

From an international perspective, 32 countries (including the United States) have signed the Convention on Cybercrime[4]. This piece of legislation seeks to harmonize already existing domestic criminal substantive law elements of offenses in the area of cybercrime and provide a regime of international co-operation.[5] It sets up an efficient system by having consistent approaches to the law and giving law enforcers the ability to react across jurisdictional borders. This strengthens the deterrent based goal of law and punishment.

One of the issues to consider in cybercrime is how do we sanction it? Professor Reidenberg, in States and Internet Enforcement, 1 U. Ottawa L. & Tech. J. 1, 18 (2004) , proposed the idea of using electronic sanctions. This could be very effective, efficient, and provide swift punishment. On the other hand, it may too swift to where they may due process issues and affect innocent by standers. Electronic sanctions may include something as an “electronic death penalty” which would prevent offenders from interacting on the internet or using hacking techniques to paralyze web pages in violation with laws.

In the realm of international security, cybercrime is a huge security concern. The only thing differing criminal activity from cyber terrorism is the motivation behind the acts. [6] For a great blog post on issues in connection with cyber terrorism you can visit an article posted in 2009 on this site (https://virtualcrimlaw.wordpress.com/2009/11/16/policy-issues-in-connection-with-cyberterrorism/). Some serious threats to consider are things that could disrupt society immediately; they may consist of manipulating air traffic control systems, hacking pharmaceutical company’s computers and altering formulas, taking control of military assets such as unmanned drones, and altering mechanical controls to machines in power plants, etc.

One such cyber attack occurred last summer with the use of the Stuxnet worm. This worm attacked thousands of computers worldwide and attempted to alter controllers which regulate the machinery in factories, power plants, etc. In essence, this virus could make a power plant shut down, machines that need to be regulated by computer to explode, and basically cause chaos worldwide. This virus in specific seemed to be targeting Iran, but the origin is unknown. What is known is that the amount of money and resources need to create a worm with this level of complexity would limit the suspects. Although Stuxnet was detected and dealt with, another malware referred to as the son of Stuxnet has been found on systems in Europe.[7] Thankfully, we don’t have to worry about Al-Qaeda getting their hands on something like this because they couldn’t afford it if they wanted to.

With a lot of focus on military efforts, cybercrime/terrorism is a huge concern in regards to military assets. One way of saving soldier lives is by using unmanned equipment that allows us to see more without putting soldiers in harm’s way. However, the possibility of equipment such as drones being susceptible to virus presents a huge problem. What’s to stop a virus from overriding the operators and targeting Americans or non-combatants? The movie Eagle Eye seems farfetched until you think of how easy it actually may be to become real. All it takes is one person for a virus to spread. Because of this very reason people using military computers are not allowed to use thumb drives, use personal computers on their networks, and must follow strict usage guidelines.

The U.S. government has even considered using cyberwarfare themselves. Before launching the attack against Libya, they considered breaking into Libyan government’s computer networks and ultimately severing communications and the relay of data. This in turn would bring down anti-air defenses aiming at NATO warplanes similar to what happened in the Great War on Eveonline.

 The biggest question I have is how do we effectively fight cybercrime? Cybercrime is too easy to engage in, cross notional borders, and get away with it. Did you ever really consider the possibility of drones being taken over to a virus?

                                                 \    _    /
                                            @  @  (](_o_)[)  @  @
                                                   o     o


~ by davidghassan on November 7, 2011.

10 Responses to “i,Robot: lets_hope_this_never_happens!”

  1. I think you are right that one of the biggest problems with stopping cyber crime is that most enforcement is after the fact, which may be too late for cybercrime. I am not advocating punishing before the cyber crime happens, but the damage could be so severe that we need to try to stay ahead of the technological curve to prevent this as much as possible. It is certainly scary though.

    At the end of the video on the Stuxnet worm, the speaker hypothesized that the United States was the only country with the know-how and money to make it. This was comforting in the fact other countries could not yet do it to us, but how long until they can. How easy are these worms and viruses to replicate? Could our enemies now have gained an advantage that the worm is public and we used it against them? Sure, our computers are protected against Stixnet, but how easy is it to alter a few bits of code to make it useable against us? Being able to infect a nuclear reactor by infecting somebody’s computer is certainly a great concern.

    I have thought in the past that these drone planes could be hacked and use against us. And if I have thought of this, I would hope and assume the government has as well and are taking the necessary precautions. I don’t know if you can make a kill switch that overrides anyone who may have hacked control but it seems to me like this would be essential. Still it seems as the more we read in this class, the more worried and concerned about the future I become. Technology is just so powerful.

  2. Countless movies, TV shows, and books have discussed the dangerous possibilities of computer viruses and machines becoming self-aware. While Will Smith can save the day in only two hours of cinematic adventures, this type of threat is legitimate. Movie villains seem to effortlessly hack into and control traffic grids, mass transportation and telecommunication equipment, and databases of all types, causing various forms of chaos in society.

    I know that there are many national and private organizations dedicated to cyber security, but as shown in one of the articles, it took a few teenage boys to steal countless dollars worth of credit card information. The disparity between their abilities and the protective measures of these organizations has more than likely been narrowed, although there is no saying that a given exceptional hacker couldn’t simply decide to take over the New York subway system – stranding, injuring, or killing hundreds of thousands of people at once.

    Anonymous continues to pledge to take down various websites including Facebook, Fox News, and the New York Stock Exchange to no avail, but for all anyone knows, these companies are being used as an example to lull everyone else into a false sense of security. The danger of these attacks is substantial, and the value of potential data to be stolen is limitless. Furthermore, instead of proving a point like taking down Fox News, mass chaos and panic could just as easily be created, given someone with the right abilities. Definitely food for thought and cause for some optimism that those in charge of cybersecurity are doing their jobs effectively.

  3. If 9.11 is any indicator, it appears that our enemies are not afraid of attacking us on our own soil. So, while it is imperative that the Department of Defense be given the cybersecurity necessary to protect our troops and defense contractors abroad, it is equally as vital that the same cybersecurity be utilized by the Department of Homeland Security in order to protect our infrastructure at home. Making our critical networks more secure is a race against the clock. Terrorists, and bored teenage hackers alike, are getting savvier in their cyber-attacking skills, and the government is racing to be ahead of the cybercrimes. As mentioned in the principle blog, one of the huge issues with cyberattacks is that they can create such chaos in such a short period of time. Within seconds a cyber-attacker can complete a billion dollar attack, and have the money transferred to an offshore bank account before the government will even know what happened. With attacks imminent, it will be necessary for private sectors companies and the government to share confidential information so that Americans can be better protected. If right now the DHS is restricted in helping private-sector companies because of legislation, this is something that I believe needs to be addressed immediately. There is no time to spare. As people are now putting all of there personal information online and online transactions are increasingly outdating in-person transactions, the amount of consumer information existing in cyberspace is unthinkable. Not to mention the power that is housed in cyberspace by utility and other power companies. The right hacker could literally paralyze America, or certainly physical sections thereof, by hacking into the right grid. It is daunting and frightening to think how vulnerable we are given the skills these hackers have.

  4. I agree with Jon’s post about reactive measures to combat cybercrime. It worries me how quickly certain plans and procedures are implemented, but technology issues are usually handled retroactively and post-occurrence. In today’s cyber-focused and technology-dependent world, you would think that THIS department would be spending more time working to master the known viruses and develop new strategies to effectively combat proposed new ones. Sadly, I understand that because many hackers—like the 16 year olds with the ability to effectively and secretly hack into such systems like NASA and NOAA—the technology and skill level of our nation is advancing faster than we can keep up, at least in our defense. It often takes something significant and life-changing to realize there’s a problem with the system or that there are holes in the security wall. But, if we spent more time proactively thinking about it and actively TRYING to find the holes, wouldn’t this be a better strategy then racing around after the fact to fix the problem? So we are prepared rather than caught completely off guard when some 15 year old nobody from the middle of nowhere, United States, hacks into our governmental databases and changes some crucial configuration and the FBI cannot function effectively for an entire 15 minutes… Do you know how much can be accomplished in under 15 minutes? The amount of money and identities that can be stolen? Data encrypted? Files copied (and now in the wrong hands) and maliciously compromised? The list goes on…

    There isn’t a feasible way to actively predict any and all virus or security attacks, but, we are able to proactively monitor, amend, advance, and control our security walls—if we know how to do it. Proactive efforts would exceedingly benefit this nation and individuals alike compared to a reactive reaction to a security breach.

    In addition, I wanted to comment on the potential punishment for those caught stealing someone’s identity online or a security breach. The possibility of “electronic sanctions” was suggested, but I’m uncertain this would pose any threat to someone as gifted and skilled as many hackers and cyberbuffs are. “Electronic sanctions may include something as an “electronic death penalty” which would prevent offenders from interacting on the internet or using hacking techniques to paralyze web pages in violation with laws.” I have to wonder how significant this block would be. In order for this to work effectively, you would have to essentially prohibit this individual from ever touching an electronic device. We learned early on in this course that simply removing a SL user’s avatar from the site does little to deter griefers who just come back in an alternative form/avatar and start all over again. What’s to stop a hacker from just assuming a new online identity, going online from a friend’s computer under a different username, or using a code that misleads anyone tracking his activities or hides his online activities. I’m sure there are individuals in this world that have the ability to take advantage of these possibilities. It’s just a matter of time before someone harnesses this online invisibility cloak and uses it to their advantage.

  5. Very interesting subject matter. The readings this week emphasized the rapid growth of cybercrime activity. I would like to argue for the “old wine” argument that cybercrime is “old wine in new bottles.” I am not totally convinced of this argument myself, but I do think that there is a strong argument to make. I will focus on drones and then expand to the stuxnet material. Finally, I will argue that we need to rethink our passive approach to how we use computers.

    First, there is no doubt that predator drones are a weapon system that is extremely powerful and raises interesting issues about what it means to go to war. I disagree that it is such a wild leap from weapons of the past. Many weapon systems have the capability to produce effects over long distances. Artillery for example, which has evolved out of archery and cannons, has long been a weapon system where the guns are many miles from the target. The individual “pulling the trigger” doesn’t see the effects on target. Moreover, navy ships employ weapon systems with extremely long range capabilities. These weapon systems require teams at computer systems coordinating the employment of missiles. Predator drones, therefore are more like a significant step than a giant leap. Drones do offer more precise attacks on small moving target while minimizing collateral damage and maximizing the safety of the human operator.

    As for drones being susceptible to hacking and being used against us, I admit the knee jerk emotional reaction of fear of “skynet”. Upon reflection, however, our weapon systems have always been subject to theft or sabotage. It is a fundamental principal of war that you don’t always target combat troops, but support assets and supply lines. Just as guards stand watch over a warehouse of weapons and ammunition, we need to have safeguards to protect our drones. This is merely old wine in a new bottle.

    As for the stuxnet attack, I think there is a similar argument that this is merely some more old wine. Again, this seems to be flashy packaging for the traditional practice of directing sabotage against an adversary’s infrastructure. I agree that the potential damage of stuxnet type attacks is substantial, but I found the language calling it “cyber weapon of mass destruction” to be inflammatory and inaccurate. Rather than being an actual class of weapons, the phrase “weapon of mass destruction” has become a recent buzzword used to signal political agendas.

    Finally, I think that it is important to discuss the passive attitude our society has demonstrated towards computer technology. We are taught to use computers, but generally we are not taught how to build them. I think that as these tools become more and more powerful, we should take on the responsibility of learning how these tools work. If everyone built their own computer and wrote their own code, or at least had a general knowledge of how the technology works under the hood, we would not be as easily manipulated by fear. Also, we may not put as much trust in unsecured systems as we do. These arguments are not new, however, just old wine (whine) in a new bottle.

  6. It seems that part of the problem with cybercrime is the fact that our lawmakers are uneducated and unfamiliar with technology. As we have discussed the last few week in class, our legislatures are always behind the curve. As technology changes so do the cyber offenses. It seems like every new technological advancement brings with it unscrupulous users who find ways to exploit the technology for their own, often criminal, purposes. Since technology changes so rapidly and legislatures have other (arguably more pressing) issues on their plate, it seems that cybercriminal law will continue to be reactive to cybercrimes. Adopting a solid cybercriminal law framework would prove difficult as definitions of different cybercrimes may change and might require legislatures to revisit the framework semiannually to keep up with developments in the field. While it may prove to be a noble and worthwhile endeavor, it would certainly take effort to maintain any framework that is established. With these considerations in mind, it might not be a bad idea to establish an administrative agency designed to submit findings or reports to Congress or state legislatures as to how to combat new cybercriminals. The agency would kill two birds with one stone as it would create jobs (solving some of Congress’s current problems) and protect American consumers.

    In regards to the national security threat that cybercrime/terrorism poses, the Air Force drone system was recently infected with a computer virus (http://security.blogs.cnn.com/2011/10/13/in-rare-admission-air-force-explains-and-downplays-drone-computer-virus/). Although the Air Force revealed that the virus posed no significant danger to the operation of the drones, it is a little unsettling to know that this vulnerability is real. Maybe the next virus won’t be so ineffective.

  7. Stuxnet is not really that closely analogous to traditional cyber-crimes which disrupt computer systems or steal information. As you pointed out, Stuxnet targeted physical infrastructure. It was very clearly targeted at an Iranian uranium enrichment facility. It worked by slowing down and speeding up the speed at which centrifuges in the plant rotated. This was malware whose only purpose was to damage physical infrastructure. I don’t really think this fits well with our ideas of cyber crime. As I’m arguing in my seminar paper for this course, because it was (probably) a cyber attack launched by Israel (or possibly US or Germany) against Iran, it should be analyzed under the laws of war.

    The use of cyber weapons to damage physical infrastructure raises a number of questions under the laws of war referring to the right to wage war (jus ad bellum) and the laws that govern conduct during war (jus in bello). For the former, Article 2(4) of the United Nations Charter prohibits the use of force by one State against another. Article 51 gives states to defend themselves from an “armed attack.” Stuxnet damaged a plant in much the same way a missile would (though there was no direct threat to life with the use of Stuxent). But it is not clear whether it would fall into the category of force or armed attack. If it were an armed attack, then Iran would have the legal right to defend itself under international law, but its right to do so would not be absolute- even if it knew who launched the attack (the anonymous nature of cyber weapons like Stuxnet makes attribution very difficult). A State’s response to an armed attack must be both proportionate and necessary. What does a proportionate response to the use of malware like Stuxnet look like? For that answer, you’ll have to read my seminar paper!

    One thing you said in your post got my attention, the idea that terrorists could not use cyber weapons like Stuxent because it is prohibitively expensive to develop and deploy. That of course, first concludes that it wasn’t developed by terrorists. I think it is unlikely that it was, but people will look at the code, as they have, and learn from Stuxent. Stuxent is the most impressive cyber weapon we have seen today, but that will not be so for long. In any case, even if Stuxnet is too complex or expensive for terrorists to develop, or to develop something similar, do you think the same is true for North Korea? For Syria?

  8. Anxious. That is the feeling I have been unable to shake after this week’s readings and blog posts. I mean, I’m not losing sleep at night with worry, but the increasing likelihood of cyber terrorism and/or cyber warfare has my stomach in knots. Why? Because it feels like we are facing a ticking time bomb.

    We now know that superworms like Stuxnet – sophisticated, complex, slow-moving viruses that are created to directly target critical national infrastructure – exist. Terrifying. I try to take comfort in the fact that experts attribute the creation of this supervirus to the United States, but it’s really not THAT comforting. Although the United States is still the world’s leading superpower, there is no denying that China is a technological beast. I have no doubt in my mind that the world’s most powerful countries are now dissecting Stuxnet to figure out how to create their own versions of the superworm, if they haven’t already done so.

    It seems to me that the world’s most technologically-advanced countries are now playing the waiting game. A new Cold Cyberwar, of sorts. Alarmingly, the United States has been inching towards making the first move! I mean, the Obama administration was intensely debating whether to use cyberwarfare against Libya in order to disrupt the Qaddafi regime’s air-defense systems. Could you imagine the repercussions has the United States actually broken the ice?! What a horrifying precedent that would’ve set.

    I feel that the use of cyberwarfare is inevitable and that terrifies me because it has the potential to result in a catastrophic nightmare. Could you imagine if some hostile country/group launched a massive and widespread cyberattack on our country’s critical facilities? As it stands, our sources of power, our water facilities, our modes and methods of communication, our transportation infrastructure, our banking systems, etc, are all vulnerable to corrupt. And if a hostile country was able to infiltrate our satellites? Our military and defense mechanisms could be disrupted! Our society, which is ridiculously dependent on these infrastructures and related technologies, would be crippled by such attacks.

    As a technological invalid, I simply cannot think of how our country could protect itself from such attacks, especially given that, as it stands now, our government’s computer networks (and their contractors’ networks) are being swarmed by cyberattacks daily! It’s like an insect infestation that has grown out-of-control!

    I really hope that, in the very near future, some computer whiz is able to create some kind of program that essentially acts as a computer’s immune system. I hope it is able to almost instantaneously detect a foreign worm/virus, combat and neutralize the worm/virus, and then is able to quickly “heal” the computer from the attack. If only it were that simple…

  9. The idea of a terrorist organization getting there hands on a super viruses like Stuxnet is troubling. I disagree with the statement that a terrorist organization could not afford to acquire such a super virus. One method a terrorist organization could use to create a super virus would be to find an elite group within there organization and pay for there education on the subject matter.

    In today’s world the internet is more important than guns when it comes to peoples rights. The thought of our or any government turning off the internet is a huge threat. I agree with Jillian that if the US used cyberwarfare against Libya repercussions may have been drastic.

    I went to Lows the other day to buy a light bulb and their computer system was down. It took a great deal of time to check out and the employees were frustrated and having trouble checking people out. We are so dependent on the internet the thought of someone attacking us due to this is scary.

  10. Electronic warfare coming sooner than expected?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: