Chapter 5. Illegal Threats to Individual Privacy
In Chapter 4, “Legal Threats to Individual Privacy,” you gained an understanding of how you can be attacked by individuals, businesses, and governments who want to use laws or the lack of laws to legally invade your privacy. Through legislation and industry self-regulation, consumer information is almost up for grabs by anyone who is willing to devote a bit of time to searching for personal information. Individuals have become empowered through the use of technology to perform their own data mining for personal gain using other people's information. As if the few legal activities were not enough of a threat against our privacy, we are faced with illegal activities that can be even more damaging.
With any change in society, there always seems to be an element that takes advantage of that change for personal benefit, and by illegal means. Technology has opened up a host of possibilities that a criminal can use to take advantage of the consumer. Cybercrime is one of the fastest-growing criminal activities because of the widespread use of technology and easy access of technology. It is becoming easier on a daily basis around the world for anyone to have access to technology, specifically the Internet. With the wealth of information available through technology, we are faced with illegal uses of that information. Illegal activities ranging from financial scams, computer hacking, pornography, virus attacks, and cyberstalking are easily conducted because of the Internet. This obviously does not mean we will shut down the Internet because of illegal activity, but we should know what threats we face from the new technological criminal.
Cybercrime compromises a vast range of illegal activity. The ease of using the Internet and new technologies has just made it easier for criminals to take advantage of the consumer. The cost of cybercrime is escalating every year, with one estimate of cybercrime at $40 billion a year. Although actually determining the amount is impossible, we can see from security spending by corporation that each year sees an increase in cybercrime.
The main threats to individuals through illegal activities that we will cover include
Hackers— The term hacking was originally used to describe a practical joke or a modification of technology and software to solve a problem. But as technology and the Internet developed, it came to mean illegal activity.
Cyberterrorists— This new breed of criminal has developed because of the global use of technology and connectivity of just about every country to the rest of the world through the Internet and communications lines. Cyberterrorists target governments or organizations for attack, but rarely individuals.
Businesses— With access to a wealth of consumer information, it was inevitable that some businesses would take advantage of consumers through disguised business practices.
Credit card theft— This activity most directly affects the consumer. Having your credit card information stolen from a site where you make a purchase can be readily understood by the consumer when he sees a purchase on his credit card bill he did not make.
Spyware— These are insidious products that stealthily install themselves on your computer and can send out information about your system and your activities.
Governments— Governments around the world have always been covertly involved with illegal activities. With access to the Internet, a government easily can sanction such tactics as cyberterrorism without being blamed.
Identify theft— Probably one of the most damaging forms of illegal attacks on the individual consumer. Identity theft can destroy your financial reputation and bilk you out of money, as well as make recovery a living nightmare.
Fraud— Scams are prevalent on the Internet. Setting up fake companies and convincing people to spend money for products or services they will never get is easy. Once fraud happened only on an individual basis, but with Internet usage, whole groups of people can be deceived by a technologically savvy criminal.
The escalation of computer crime is a global event. Ninety percent of U.S. companies that responded to a Computer Security Institute survey in 2000 detected computer security intrusions last year, and 74% acknowledged financial losses as a result of breaches of security. Of the 273 organizations that quantified their financial losses, the number was a staggering $265 million. Fraud has been much easier to achieve with the ability to set up fake companies on the Internet; after they capture enough credit cards or personal information, the company can then disappear. Identity theft used to be a paper exercise, but with the availability of consumer information on the Internet, cybercriminals can steal your identify in a virtual world without ever making contact with you or your paper-based information. It is one of the fastest growing crimes in the U.S. Tables 5.1 and 5.2 show the kinds of attacks businesses face as reported by the 2000 Information Security Industry Survey.
| Breach | Percentage of Respondents Who Experienced It |
|---|---|
| Viruses, Trojan horses, worms | 80% |
| Denial-of-service attacks | 37% |
| Scripting/mobile code attacks | 37% |
| Protocol weakness attacks | 26% |
| Insecure password attacks | 25% |
| Buffer overflows | 24% |
| Attacks on bugs in Web servers | 24% |
| Breach | Percentage of Respondents Who Experienced It |
|---|---|
| Installation of unauthorized software | 76% |
| Infection of equipment via viruses/malicious code | 70% |
| Illicit or illegal use of systems | 63% |
| Abuse of computer access controls | 58% |
| Unauthorized hardware installation | 54% |
| Personal profit use (gambling and so on) | 50% |
| Physical theft | 42% |
| Electronic theft | 24% |
| Fraud | 13% |
One EWeek Survey, shown in Table 5.3, found that virus attacks and hacker attacks were the most common breaches found in organizations.
| Breach | Percentage of Respondents Who Experienced It |
|---|---|
| Virus attack | 82% |
| Attack from hackers | 50% |
| Breach of firewall policy | 32% |
| Denial-of-service attack | 31% |
| Authentication (identity fraud) | 19% |
| e-Commerce fraud | 7% |
| Other | 4% |
Lack of international laws has enabled criminals to easily avoid being caught and extradited if they're caught performing cybercrimes. Law enforcement must cross national boundaries to catch criminals, which currently poses many challenges for enforcement agencies around the world. National cyber boundaries pose the same threat as physical boundaries. Without the cooperation of other nations, prosecution of international criminals is next to impossible across national lines. Countries are very wary of cooperating even when it comes to hacking activities that affect more than one country and more than one group of people.
All is not lost to the cybercriminals, though. Many nations are making initiatives that can lead to the tracking and capturing of criminals. In the U.K., the National Hi-Tech Crime Unit is being set up with the intention of making the U.K. a safe place for consumers on the Internet. The U.S. FBI has a Computer Crime Squad with more than 200 agents across the United States that have become more tech savvy; they are now better at handling illegal attacks using technology. Recent virus epidemics around the world have made the lack of security on the Internet mainstream knowledge. With knowledge comes power—both for law enforcement agencies and consumers who can be cognizant of the dangers they now face. The Council of Europe produced a draft treaty on cybercrime that was instantly bombarded by privacy advocates. Laws that attempt to protect the consumer can end up doing as much harm as any criminal in some cases.
Consumers need to understand the changes in technology that have brought new threats to their security and personal information. These threats will only escalate in the future as technology expands and we are further tied together on a global basis. Criminal activity has been increasing because businesses are more connected and available to attack, a wider audience has access to knowledge and technology that can be used to an illegal end, and anonymity in committing crimes is easy using technology. Criminal activity in the real world will be completely duplicated eventually in the online world.