Table Of ContentCybercrimes: A Multidisciplinary Analysis
•
Sumit Ghosh (cid:129) Elliot Turrini
Editors
Cybercrimes:
A Multidisciplinary Analysis
123
Editors
Prof.SumitGhosh ElliotTurrini
917JoelDrive 10BabbitRoad
Tyler,Texas75703 Mendham,NewJersey07945
USA USA
[email protected] [email protected]
ISBN978-3-642-13546-0 e-ISBN978-3-642-13547-7
DOI10.1007/978-3-642-13547-7
SpringerHeidelbergDordrechtLondonNewYork
LibraryofCongressControlNumber:2010936441
(cid:2)c Springer-VerlagBerlinHeidelberg2010
Thisworkissubjecttocopyright. Allrightsarereserved,whetherthewholeorpartofthematerialis
concerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,broadcasting,
reproductiononmicrofilmorinanyotherway,andstorageindatabanks.Duplicationofthispublication
orpartsthereofispermitted onlyundertheprovisions oftheGermanCopyrightLawofSeptember9,
1965,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsare
liabletoprosecutionundertheGermanCopyrightLaw.
Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply,
evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws
andregulationsandthereforefreeforgeneraluse.
Coverdesign:WMXDesignGmbH,Heidelberg,Germany
Printedonacid-freepaper
SpringerispartofSpringerScience+BusinessMedia(www.springer.com)
Preface
What’sso importantaboutcybercrime?Isn’titjustanotherformof crime–like a
violentorfinancialcrime?Theanswerisbothyesandno.Yes,inthiswaythatany
crimeisaviolationofa criminallaw.Butnointhreeimportantways.First,asin-
glecybercriminalwithjustonecomputer,rightknowledge,andInternetaccesscan
causeimmensesocialharmthatwaspreviouslyconsideredimpossible.Second,the
potentialharmfromcybercrimeincreaseseverysecondofeveryday,ascomputing
technologiesbecomemoreubiquitousinourlives.Third,cybercriminalsareoften
muchmoredifficulttoapprehendthantraditionalcriminals,renderingtheenforce-
ment of cybercrime laws even less effective at crime prevention than the general
enforcementofcriminalslaws.
Today, computers are everywhere, starting from cash registers in the grocery
stores to running our cars, medical instruments that automatically read our tem-
perature and blood pressure, routine banking, navigating airlines, and directing
electricitytoourhomesandbusinesses.Considerthefutureofbiotechnology,where
tinycomputersin theformof smartdeviceswillbe implantedinsideourbodies–
similarto,butmorepowerfulthanapacemaker.Thesedeviceswillinteractwithour
bodiesinsomeprofoundlyimportantways,andsendandreceivewirelesscommu-
nicationsfromourdoctors.Today,andevenmoresotomorrow,virtuallyallofthese
computersareinterlinkedthroughcomputernetworks.Increasingly,computersand
networkswillentrenchliterallyeveryaspectofourcivilizationwithoutexception.
For the first time in our civilization, computersand networks, together, consti-
tute an amplifier of the humanmind, where the amplification factor is at a billion
andgrowingfastwithnoupperboundinsight.Withsuchformidablepotentialand
power,computersandnetworksaredestinedtofundamentallyalterourworld–even
beyondwhatwecanreasonablyimagine.
Toanordinarycitizen,cybercrimesmaylogicallyappeartobedefinedascrimes
thatinvolvecomputersinanyroleorcapacity.Infact,governments,civilandcrim-
inaljustice systems, andlaw enforcementagencies,worldwide,chooseto use this
broad,workingdefinitiontohelpguidethemintheircraftingofthelawsoftheland,
legalthinking,andthedevelopmentoflawenforcementtactics.Thisunderstanding
of cybercrimesisveryuseful;however,it isof limited depthandmayimpedeour
abilitytoadequatelyaddressthelargeandgrowingcybercrimeproblem.
v
vi Preface
Thepotentialforcybercrimestoevolveintoinnumerableradicallynewformsat
incrediblespeed,ordersofmagnitudefasterthanthemutationrateofbiologicalbac-
teriaandviruses,isveryreal.Uncheckedandunabated,theycaneasilyoverwhelm
societiesandnations.
What prompted us, contributing authors, to come together and organize this
book? We fear the almost unlimited harm that cybercriminals can impose in the
future.Whilefilmedlongafterthisbookbegan,themovie,“LiveFreeorDieHard,”
isnotsciencefiction.Partsofitrepresentrealandgrowingthreats.But,moreimpor-
tantly, the authors believe that a multi-discipline, holistic approach to cybercrime
preventionisessential.
Overall,thisbookisacollaborativeeffortofallofthecontributingauthors,char-
acterizedbygreatmutualadmirationanddeeprespectforeachother.Specifically,
this book represents a coalescence of three motivating factors. First, each of the
authors had independently arrived at the same exact realization that cybercrimes
pose a formidable challenge to the fast approachingcyberage and that the impor-
tant underlyingissues must be addressed to ensure a bright future.Second, in the
courseofhisprosecutorialworkattheUSDOJ,co-authorElliotTurrinihadbecome
deeplyconvincedthatcybercrimeis an intellectuallyrich,multidimensionalprob-
lem, which requires a unique multidisciplinary approach. Third, in the course of
his interdisciplinary research spanning computer hardware description languages
to networking, network security, computer architecture, programming languages,
algorithms, banking, biology,genetics, medicine, business, financial services, and
modeling and simulation, co-author Sumit Ghosh experienced a profound revela-
tionthat,asanamplifierofthehumanmind,theunderlyingprincipleofcomputers
representstheseedofvirtuallyeveryknowndisciplineofknowledge,lawincluded.
The co-authors passionately hope that this book will serve to raise a general
awarenessamongeveryoneofwhatliesaheadinourfuture.Fromapessimisticper-
spective, unless we as a society are very careful, we risk being drowned literally,
notmetaphorically,incybercrimes.Beingnottooproudtoborrowtwicefromcon-
temporarycinema,considertheMatrixmoviesastheultimatecybercrimes–which,
by the way, are far more science fiction than “Live Free or Die Hard.” From an
optimisticperspective,withdiligentprevention/securityandeffectiveinvestigation
andprosecutionofcybercrimes,wewillbeabletoenjoythewonderfulbenefitsof
computerswithoutsufferingthehorrificpotentialharmsfromcybercrimes.
A betterunderstandingofhowperpetratorsmayhatchsinisterplans, todayand
in the future, will help us preempt most of the destructive cybercrimes and fos-
tergreateradvancementandfulfillmentforallhumanity.Computersandnetworks
encapsulate amazing and incredible power, not the thermo-nuclear weapon kind,
but groundedin thoughtand imagination with which we can shape our future for
centuries,millennia,andbeyond.AsexplainedinChap.1,ouroptimismshouldbe
temperedbyarecentlycoinedeconomicprinciplecalled,“convenienceovershoot,”
which shows that under America’s form of capitalism, the economicsof bringing
newtechnologiestothemarketandthedifficultiesofpredictingsafetyandsecurity
issuesoftenleadtothecommercialdistributionofunsafeorinsecureproducts.This
Preface vii
is an important principle, which should guide our thinking about cybercrime and
security.
Theunderlyingthemeof the bookrests onthree pillars. The first is thatcyber-
crime is a severe societal threat. The endemic vulnerability of computing as seen
throughthe constantbattle to controlthe CPU; futurechangesin computingtech-
nology; continued expansion of computing throughout our lives; and our proven
trackrecordofthe“convenienceovershoot”allcoalesceintoaseveresocietalrisk.
Second,criminalprosecutionisimportantbut,byitself,itisnotnearlyasufficient
response to the threat. Third, we need a multi-disciplinary, holistic approach to
cybercrime prevention and mitigation with a three-prong focus: raise attack cost;
increaseattackrisk,andreduceattackmotivation.
What sets this book apart is its unique and simultaneous blend of pragmatic
practice and fundamental scientific analysis. This tone permeates the entire book
and reflects the origin and genesis of the collaborationbetween Sumit Ghosh and
ElliotTurrini.In 2001,the USA DOJ was anxiousto find a way to trace an Inter-
net Protocol (IP) packet back to its origin, so they could tag and track suspect IP
data packetsinvolvedin moneylaunderingandterrorism andsubsequentlyappre-
hend the perpetrators.A numberof very well known networkingcompanieswere
eager to explore this urgent USA DOJ need and were willing to modify or alter
theIProutertechnology.Fromfundamentalanalysisofnetworking,however,itfol-
lowedthatIPpacketscouldneverbetracedbacktothelaunchpointwithanydegree
of certainty. Today, it has become mainstream knowledge that the design of the
store-and-forwardIPprotocolisfundamentallyincompatiblewithsecurity.Through
themany,manydiscussions,theco-authorsbecamethoroughlymotivatednotonly
to synergize their ideas but to extend the collaborationto include researchers and
practitioners from related disciplines. Inspired by this project, co-author Sumit
Ghoshhadco-organizedaUSANationalScienceFoundation-sponsoredworkshop
titled,“SecureUltraLargeNetworks:CapturingUserRequirementswithAdvanced
Modeling and Simulation Tools,” in 2003. The interdisciplinary approach of the
workshopwasverywellreceivedandsomeofthefar-reachingpresentationmaterial
havebeenincorporatedinthisbook.
Thisbookisorganizedintoninemajorparts,eachaddressingaspecificareathat
beardirectandundeniablerelationshiptocybercrimes.PartIservesasintroduction
andpresentsaworkingdefinitionofcybercrimes;PartIIfocusesonthecomputing
andnetworkingtechnologyasitrelatestocybercrimesandthetechnicalandpeople
challengesencounteredbythecyberdefenders;PartIIIexplainshowtocomputethe
economicimpactofacybercrimeanddevelopsecurityriskmanagementstrategies;
Part IV addresses the vulnerabilities of our critical infrastructures and notes that
the possibilities of Pearl Harbor-type and Katrina-type cyberattacksare very real,
which may be accompanied by catastrophic consequences; Part V describes the
psycho-socialaspect of cybercrimes;Part VI focuses on efforts and challenges to
regulatecybercrimesdirectly,throughcriminalpenalties,aswellasindirectly;Part
VII explains how cybercrimeseasily transcend national and other boundariesand
lists specific disciplines that face formidablechallengesfrom cybercrimes,world-
wide;PartVIIIelaboratesontechniquestomitigatecybercrimesandstressesona
viii Preface
multi-prongapproach;andPartIXconcludesthebookwithascientific,engineering,
andtechnologicalanalysisofthefutureofcybercrimes.Eachoftheseninepartsare
elaborated through a number of self-contained chapters, totaling twenty chapters
contributed by a total of 14 authors. Co-author/co-editorSumit Ghosh has edited
all ofthe chaptersin an effortto ensureuniformity,continuity,and a smoothflow
throughouttheentirebook.
Althoughthebookhasbeenprimarilyorganizedtoserveasareferenceforlegal
scholars,computerscientists,militarypersonnelinvolvedincyberwarfare,national-
levelpolicymakersentrustedtoprotectthecountry’scriticalinfrastructure,national
and internationalintelligence communities,economicanalysts, psychologists,and
social scientists whose interests in cybercrimesare both specific and holistic, it is
written to appeal to a much wider audience. The book may be read by anyone in
the legal communityor peripherallyrelated disciplines who plans to specialize in
cybercrimes, cyberattacks, and cyberlaws and their enforcement;front-line police
officers; computer forensicsspecialists; law students; law makers at the State and
Federal (Central) levels; judges; practicing lawyers; technical personnel involved
in patent litigation; patent lawyers; product liability lawyers, economic analysts;
centralbankers,financeministers,monetarypolicymakers,Interpol,andinsurance
companypersonnelinvolvedinriskandactuarialanalysisandinunderwritingpoli-
cies for data security. The book will also serve network and computer security
specialists as well as those who wish to redesign products to withstand product
liability lawsuits,groundedona fundamentalunderstandingof thenatureofcom-
puters, networking, and cybercrimes. Even ordinary citizens who may be called
from time to time to serve in the jury in litigations involving cybercrimes, espe-
ciallyintheUSA,mayfindthemselveswelleducatedbyreadingthisbooksothey
canblendtheirwisdomalongwithtechnologytoprotectsocietyandourcollective
future.
The co-authors/co-editors feel deeply honored and grateful to all of the con-
tributing chapter authors, namely, Alan Boulanger, Paul Schneck, Richard Stan-
ley, Michael Erbschloe, Michael Caloyannides, Emily Freeman, Dan Geer, Marc
Rogers, Stewart Baker, Melanie Schneck-Teplinsky, Marc Goodman, and Jessica
Herrera-Flanigan.A very special gratitude is due to Carey Nachenberg,Fellow at
SymantecCorporation;andLeonardBailey,seniorcounselortotheAssistantAttor-
ney General for National Security at the US Department of Justice for selflessly
giving their time and sharing their concerns, knowledge, and wisdom. Co-author
SumitGhoshisindebted,beyonddescription,toElliotTurriniforintroducinghim
totheworldofcyberlawandtoLeonardBaileyformentoring,guiding,andadvis-
inghimthroughthecomplexissuesofcriticalinfrastructureprotectionandcriminal
regulations.Wealsothankmanyothersfortheirtime.Weareespeciallygratefulto
AnkeSeyfriedofSpringer-Verlag(Lawdivision)forherincredibleenthusiasmand
patiencerelativetothisbookprojectandtheentireeditorialandproductionstaffat
Springer-Verlag.
March2010 SumitGhosh
ElliotTurrini
Contents
PartI IntroducingCybercrimes
1 APragmatic,ExperientialDefinitionofComputerCrimes ............. 3
1.1 IntroducingComputerCrimes......................................... 3
1.1.1 TheMelissaVirus:TheTurningPoint....................... 3
1.1.2 CybercrimesinEarly2001................................... 8
1.1.3 DefiningTechnicalCybercrime.............................. 9
1.2 TheBattletoControltheComputingProcess ........................ 11
1.2.1 TheNatureoftheBattle...................................... 11
1.2.2 TheCyberbattlefield.......................................... 11
1.3 ToolsforFightingtheBattletoControltheComputingProcess .... 18
1.3.1 DefiningTools................................................ 18
1.3.2 TheAttacker’sTechnicalTools.............................. 18
1.3.3 TheAttacker’sSocialTools.................................. 20
1.3.4 TheDefender’sTools......................................... 21
1.4 TheConvenienceOvershootWarning................................. 22
References...................................................................... 23
PartII ComputingandNetworkingTechnologyandCybercrimes
2 UnauthorizedIntrusionsandDenialofService........................... 27
2.1 UnauthorizedIntrusions................................................ 27
2.1.1 ToolstoExploitUnauthorizedIntrusions ................... 28
2.1.2 DeploymentofToolkitsforUnauthorizedIntrusions....... 34
2.2 DenialofService....................................................... 40
2.2.1 DifferentManifestationsofDDoSAttacks.................. 41
2.2.2 ToolkitsforDDoS............................................ 43
References...................................................................... 44
3 MaliciousCode................................................................ 45
3.1 Introduction............................................................. 45
3.1.1 TrendsthatFacilitateMaliciousCode
toThrive....................................................... 47
ix
