Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 237
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops Cybercrime and the Training of Specialists to Combat It in Russia Nikolay V. Medvedev Department of Information Security, Bauman Moscow State Technical University THE INTERNET AND CYBERCRIME IN RUSSIA The present stage of human development is characterized by the explosive growth of information technologies, a historically unparalleled situation that is irreversibly changing people’s way of life. All previous key inventions such as the telegraph, telephone, radio, television, and computer only paved the way for the unprecedented integration that is under way. In our times, global cyberspace—the worldwide Internet—simultaneously represents a repository for a colossal amount of information, a means of global broadcasting, and a medium for cooperation and human communication encompassing the entire world. The Internet is not controlled by any state structures. According to the predictions of the public organization the Internet Society, in 2005 the number of Internet users in the world will exceed one billion, of whom about seven million will be from Russia. Besides the multitude of positive aspects of this sort of global linkage and communication among individuals and peoples, information technologies significantly expand the arsenal of means and capabilities of criminals. Any country with computers and Internet access could, intentionally or not, become a base for users with evil intentions, any one of whom could have the goal and motivation to inflict criminal harm on other people and organizations. These people have global cyberspace at their disposal to use for criminal purposes. Crimes of such a nature are called cybercrimes (in Russian legislation, crimes in the sphere of computer information), and the people who commit them are generally called cybercriminals. Although the term cybercrime is not legally formulated in Russian legislation, this concept has taken firm root in practice.
OCR for page 238
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops Cybercrime may include the following: unauthorized access to information creation, use, and dissemination of harmful computer programs, including over the Internet intentional disruption of the normal operation of computers and networks illegal trade in equipment for capturing computerized information falsification of documents with the use of computer technologies distribution of counterfeit software conduct of financial swindles publication of calls for violence and terror publication of Nazi and fascist propaganda The main characteristic of these crimes is that, as a rule, they have no physical signs. Cybercriminals currently use various types of network attacks. Some use computer viruses, including network worms, which modify and destroy information or block the operation of computer systems; logic bombs, which are triggered under certain conditions; or Trojan horses, which send various types of information from infected computers back to their masters over the Internet. The weapons of cybercriminals are being constantly honed, and their means of conducting information attacks are becoming increasingly refined. In the long term, we can expect to see the appearance of new nontraditional types of network attacks and computer crimes. On the whole, we can state with confidence that the material damage from crimes in the information technology sphere is measured in the billions of U.S. dollars and is increasing with each passing year. Furthermore, the expected growth in financial losses from criminal infringements is based not only and not so much on the increased number of computer attacks as on the growing scale of the use of network information technologies in business. In the face of harsh competition, companies are forced to shift a large portion of their business communications onto the Internet, which makes them vulnerable to criminals unless matters of information protection are handled appropriately. The world community has fully realized the potential consequences of the threat of cybercrime, and in this regard representatives of the European Union member states, the United States, Canada, and Japan signed the International Convention on Cybercrime in November 2001. In the convention, crimes committed in the information environment or against or with the aid of information resources are in fact defined as cybercrimes. With the far lower level of development of computer networks in Russia, the situation in the Russian Federation is obviously not yet as serious as in the United States, but its intensity is increasing from year to year. We are increasingly sensing how the modern information criminal is becoming a reality.
OCR for page 239
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops The Criminal Code of the Russian Federation includes articles establishing penalties for computer crimes and a chapter defining crimes in the computer information sphere. This chapter includes three articles setting forth penalties for illegitimate access to computer information (Article 272); the creation, use, and dissemination of harmful programs via computer (Article 273); and violation of the rules of operation of computers, computer systems, and networks (Article 274). The number of crimes committed under these articles is increasing each year. Meanwhile, the number of crimes discovered is also on the rise. Let us look at the facts. In 2004, 4,523 computer information crimes were discovered in the Russian Federation. Of these, 3,944 fell under Article 272 of the Criminal Code and 577 under Article 273. During this past year, the Russian Federation significantly stepped up its efforts to stop the distribution of unlicensed software, thus making a worthy contribution to the world trend toward combating computer piracy. For example, 1,483 administrative violations were uncovered in the copyright area, and 216,635 compact discs with unlicensed software with a total value of more than 9 million rubles were confiscated by court order. Like the rest of the world, the Russian Federation is currently facing the pressing problem of so-called spam, the mass distribution of electronic messages, largely advertising, that were not requested by their recipients. Receiving spam is like an invisible tax on all users of the Russian segment of the Internet. By various estimates, financial losses from spam vary from 120 to 200 million U.S. dollars per year. In 2004 a precedent for combating this type of crime was created for the first time in the Russian Federation, with the first conviction of a spammer under the law. This person had created a computer program, sendsms.pl, and sent 15,000 mobile phone subscribers text messages with uncensored content smearing the business reputation of a cellular communications company. Also arising last year was a trend for the use of the Internet as an auditorium to shape public opinion and exert pressure on private individuals and officials by spreading information damaging honor and impugning dignity or by disseminating citizens’ personal or family secrets. In one example the authorities halted the activities of a perpetrator who had posted an Internet site with intentionally libelous materials regarding the president of the Russian Federation and statements insulting his honor and dignity. Obviously, negative press technologies adopted from the media have begun to be used on the Internet. Furthermore, in trying to evade responsibility, the ill-intentioned are claiming that laws regulating media activities do not apply to the Internet, even though its audience is often greater than that of many print publications. The Russian Federation is working actively to standardize the legislative and regulatory base for these violations, while maintaining a lack of government censorship. An analysis of personal information about criminals arrested in the Russian Federation in 2004 shows that computer crime is mostly perpetrated by adults.
OCR for page 240
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops Adolescents under age 20 comprise only 17 percent of the total number of criminals, the bulk of whom—70 percent—are persons between the ages of 20 and 35. It should also be noted that 63 percent of these persons attended or graduated from university, which reflects the high intellectual level of this criminal activity. No crime, including cybercrime, can occur on its own. Crimes are committed by criminals, and in this case, by cybercriminals. People can have different motives for committing crimes. Determining the boundary between crime and terrorism in cyberspace is possible simply by determining the goals of cyberterrorism. In practice, these goals coincide with the goals inherent in terrorism in general and political terrorism in particular. One may state that every terrorist is a criminal, but not every criminal is a terrorist. According to the common definition of terrorism, it is a conscious and directed use of violence or the threat of violence to force society, the state, or the government to comply with the political, ideological, religious, or economic goals of the terrorist organization. A terrorist act is a crime aimed at having an emotional impact on public opinion, engendering fear and panic in society, evoking distrust of power structures, and ultimately destabilizing the political-economic situation in the country. This is a crime aimed against the security of society, the state, and each individual citizen. The cyberterrorist substantially differs from the hacker, computer hooligan, thief, or swindler. The main element of the cyberterrorist’s tactics is to ensure that the crime has maximally dangerous consequences and broad public resonance and creates an atmosphere that threatens repetition of the terrorist act without specifying a specific target of attack. The experience of the Russian Federation shows that the motives of cyber-crimes are changing. Whereas computer crimes in the past were committed mainly by adolescents motivated by hooliganistic or experimental considerations, motives of greed now predominate. Intentionally false reports of terrorist attacks represent an exception. In particular, specialists have established that this was the motive of the Russian student who disseminated information about a planned New York subway bombing, accompanying his message with the words “Allahu akbar.” TERMINOLOGY USED IN THE RUSSIAN FEDERATION FOR CLASSIFYING THREATS AND MEANS OF COUNTERING CYBERATTACKS There is no commonly accepted terminology in the sphere of information security for computer systems and networks, which makes it necessary to define certain fundamental concepts (as they are used in the Russian Federation). Threat—A potential event, action, or process that by its effects on network components could lead to the infliction of material, moral, or other damage on network resources.
OCR for page 241
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops Vulnerability—Any characteristic or property of an information system that if used by an intruder could lead to realization of a threat—in other words, weak points in systems. Attack (intrusion)—An event in which a perpetrator or intruder attempts to access a system or commits any sorts of abuses with it, or any action by an intruder leading to realization of a threat by means of attacking vulnerabilities. An intruder carries out an attack in three stages: (1) collection of information about the network to be attacked, (2) implementation of attack, and (3) completion of attack. Traditional means of countering intrusions come into play only in the second phase of attack implementation. Such a situation helps to increase the damage from the attack. It would be more logical to begin active response efforts at the first stage of the attack. The most obvious example would be an attack aimed at implementing a threat to deny services or to deny access to information (a denial-of-service attack). This sort of attack is extremely difficult to thwart at the implementation stage, so it would be reasonable to suppress it at the first step in its development. Intrusion detection—A range of methods intended to detect an intrusion (attack) on a network by means of observing various parameters, events, and subsystems for registration and network monitoring. Intrusion detection system—A range of software and hardware network resources intended to detect intrusions (attacks). In addition to the denial-of-service attack, which stalls a server by placing an increased load on its central processor, there are many harmful programs called viruses, which affect individual computers, computer systems, networks, and, recently, mobile communications resources, using a developed operating environment and elemental base. The number of viruses is constantly increasing, reaching 25,000 according to estimates in late 2004. Table 1 presents a brief classification of current viruses as categorized in the Russian Federation. With corporate and local networks and individual users accessing the Internet, one of the most complex problems is that of ensuring the security of information resources. A number of technologies are employed to address this problem, each of which is designed to protect against a particular class of potential security threats. These include intrusion detection systems, public key infrastructure, virtual private networks, antivirus software, cryptographic systems, identification and authentication systems, security scanners, and so forth. Firewalls hold an important place among these technologies, and their adequate application can substantially reduce risks associated with unauthorized access to data. However, comprehensively deterring cyberthreats is possible by developing optimal information security policy consisting of a combination of passive and active methods of applying protection technologies.
OCR for page 242
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops TABLE 1 Classification of Current Viruses Group Type Characteristics Environment Network viruses Spread through various networks, that is, during transmission of data between computers connected by a network. File viruses Infect executable files and are loaded after start-up of the program in which they are located. File viruses can also be embedded in other types of files, but if they are placed in nonexecutable files, they do not obtain control and lose the capacity to spread. Boot viruses Install themselves into the boot sector of physical or logical discs containing boot programs. Mobile communication system viruses The newest type of virus. They infect the operating environment of the latest generation of mobile telephones, which have broad intellectual capabilities. Means of infection Resident viruses Leave a resident code in operating memory that intercepts communications between the operating system and infection targets (files, boot sectors of discs, and so forth) and installs itself in them. Resident viruses live in memory and remain active until the computer is turned off or rebooted. Nonresident viruses Do not infect computer memory and are active for a limited time. They are activated at certain times, for example, when documents are processed with a text processor. Destructive potential Not dangerous Reduce memory volume; do not disrupt the computer operations; produce graphic, audio, or other effects. Dangerous Can cause various disruptions in computer operations, for example, locking up or incorrect printing of documents. Very dangerous Can cause losses of programs and data and deletion of information in system memory sectors and can even cause a breakdown of moving parts of the hard disc. THE TRAINING OF HIGHLY QUALIFIED INFORMATION SECURITY SPECIALISTS IN THE RUSSIAN FEDERATION Only a major leading university with the appropriate educational, methodological, and technical base is capable of training highly qualified specialists able to accomplish the task of ensuring comprehensive information security. The educational objectives for specialists of this type at Bauman Moscow State Technical University are as follows:
OCR for page 243
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops theoretical foundations for the engineering-technical protection of information methodological support for the engineering-technical protection of information creation and operating principles of information systems and networks (ISN) methodologies for designing, building, and operating secure ISNs criteria and methods for evaluating the security of ISNs means and methods of unauthorized access to ISN information architecture of protected computer networks software, hardware, and technical means of creating protected networks principles of building and managing protected networks rules for the organizational, technical, and legal protection of information use of software and hardware technologies for protecting information construction and operation of protected databases systematic approach to the problem of protecting information in database management systems mechanisms for protecting information in databases and database management systems and opportunities for overcoming them conceptions of the engineering-technical protection of information physical foundations for the engineering-technical protection of information organizational foundations for the engineering-technical protection of information As a result of their training in this discipline, specialists must understand the following: promising areas for the development of computer security theory methods for analyzing information security threats architecture of secure ISNs principles for constructing secure systems typical attacks on secure ISNs promising areas for the development of network security technologies current problems in information security science and the role and place of information protection in networks when addressing comprehensive information security problems They must know the following: methodological and technological foundations of comprehensive security for ISNs threats and methods of violating ISN security
OCR for page 244
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops formal models lying at the foundation of ISN protection systems standards for evaluating ISN security and their theoretical foundations methods and means of building and operating secure ISNs methods and means of verifying and analyzing the reliability of secure ISNs methodological and technological foundations for ensuring the information security of network-automated systems threats and methods of violating the information security of network-automated systems physical processes in technical means and systems that lead to leakage of secure information typical models of attacks aimed at overcoming the protection of network-automated systems, conditions under which they might be carried out, possible consequences, and means of prevention role of the human factor in ensuring network security possibilities, means, and rules for applying basic software and hardware means of protecting information in networks principles for the operation of basic secure network protocols foundations for the application of firewalls for network protection rules for setting network security policy standards for evaluating secure network systems and their theoretical foundations methods and means of designing, constructing, and evaluating secure network systems conception of the engineering-technical protection of information basic principles and methods of information protection basic guiding and regulatory documents on the engineering-technical protection of information procedures for organizing the engineering-technical protection of information They must know how to analyze ISNs from the standpoint of ensuring computer security develop security models and policies using well-known approaches, methods, means, and theoretical foundations apply standards for evaluating the security of ISNs in analyzing and designing information security systems for them implement information protection systems in ISNs in accordance with standards for evaluating ISN security analyze network automated systems from the standpoint of ensuring information security
OCR for page 245
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops develop network security models and policies using well-known approaches, methods, means, and theoretical foundations apply standards for evaluating secure network systems in analyzing and designing systems to protect information in automated systems apply secure protocols and firewalls necessary for implementing information security systems in networks take measures to counter network security threats using various software and hardware means of security in accordance with rules for their application create information security systems in automated systems in accordance with standards for assessing system security identify threats and technical channels for information leakage describe (model) security targets and information security threats apply the most effective methods and means of engineering-technical protection for information monitor the effectiveness of security measures They must have the following skills: work with ISNs for distributed computing and information processing work with ISN documentation use of criteria for evaluating ISN security construction of formal models of ISN information security systems construction and operation of computer networks design of secure networks comprehensive analysis and evaluation of network security work with means of interface support with various categories of database management system users work with database management systems on various platforms develop and manage databases work with means of ensuring database management system integrity work with means of ensuring database confidentiality work as database security administrator device-based evaluation of the energy parameters of side radiation from technical means and systems engineering calculation of the parameters of the controlled zone By completing their studies at the university, the specialists acquire theoretical information and practical skills in combating computer terrorism and can independently develop enterprise information security policies based on comprehensive integrated solutions, conduct scientific research, and develop new methods for countering cybercrime.
OCR for page 246
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops CONCLUSIONS AND RECOMMENDATIONS Cybercrime is not restricted to crimes committed on the Internet. It extends to all forms of crimes committed in the sphere where information, information resources, and information technology are the targets, means, or tools of crime. With the current growth of cybercrime, which presents a danger to people’s lives and welfare, threatens the security of all states, and undermines trust in government institutions, it is vitally important to ensure protection against this type of criminal activity. Therefore, we currently need to enhance the level of international coordination of scientific research on preventing and countering acts of cybercrime. First, we need to conduct scientific research on developing a single conceptual framework. We must develop and amend legislative, regulatory, and legal documents for this type of crime, including those governing international activities. Studies on creating modern technologies for detecting and deterring network attacks and neutralizing criminal impacts on information resources are of the highest significance. In order to accomplish this, we need to develop plans for joint research on countering cybercrime. Themes for such plans could include the following: organizing exchange programs for undergraduate and graduate students, instructors, and researchers in the leading higher educational institutions of the Russian Federation and the United States creating a single conceptual framework, terms, and definitions regarding the development of means and systems for countering cybercrime and cyberterrorism creating a set of recommendations for government legislative organs on studying and amending regulations and laws regarding this type of crime, including those governing international law enforcement activities creating modern theoretical methods and applied technologies for detecting and deterring network attacks and neutralizing criminal impacts on information resources