National Academies Press: OpenBook

Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops (2009)

Chapter: Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev

« Previous: Methodology for Assessing the Risks of Terrorism--Nikolay A. Makhutov
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 237
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 238
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 239
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 240
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 241
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 242
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 243
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 244
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 245
Suggested Citation:"Cybercrime and the Training of Specialists to Combat It in Russia--Nikolay V. Medvedev." National Research Council. 2009. Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops. Washington, DC: The National Academies Press. doi: 10.17226/12629.
×
Page 246

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Cybercrime and the Training of Specialists to Combat It in Russia Nikolay V. Medvedev Department of Information Security, Bauman Moscow State Technical University THE INTERNET AND CYBERCRIME IN RUSSIA The present stage of human development is characterized by the explosive growth of information technologies, a historically unparalleled situation that is irreversibly changing people’s way of life. All previous key inventions such as the telegraph, telephone, radio, television, and computer only paved the way for the unprecedented integration that is under way. In our times, global cyberspace—the worldwide Internet—simultaneously represents a repository for a colossal amount of information, a means of global broadcasting, and a medium for cooperation and human communication encompassing the entire world. The Internet is not controlled by any state structures. According to the predictions of the public organization the Internet Society, in 2005 the number of Internet users in the world will exceed one billion, of whom about seven million will be from Russia. Besides the multitude of positive aspects of this sort of global linkage and communication among individuals and peoples, information technologies sig- nificantly expand the arsenal of means and capabilities of criminals. Any coun- try with computers and Internet access could, intentionally or not, become a base for users with evil intentions, any one of whom could have the goal and motiva- tion to inflict criminal harm on other people and organizations. These people have global cyberspace at their disposal to use for criminal purposes. Crimes of such a nature are called cybercrimes (in Russian legislation, crimes in the sphere of computer information), and the people who commit them are generally called cybercriminals. Although the term cybercrime is not legally formulated in Rus- sian legislation, this concept has taken firm root in practice. 237

238 RUSSIAN VIEWS ON COUNTERING TERRORISM Cybercrime may include the following: • unauthorized access to information • creation, use, and dissemination of harmful computer programs, includ- ing over the Internet • intentional disruption of the normal operation of computers and networks • illegal trade in equipment for capturing computerized information • falsification of documents with the use of computer technologies • distribution of counterfeit software • conduct of financial swindles • publication of calls for violence and terror • publication of Nazi and fascist propaganda The main characteristic of these crimes is that, as a rule, they have no physical signs. Cybercriminals currently use various types of network attacks. Some use computer viruses, including network worms, which modify and destroy informa- tion or block the operation of computer systems; logic bombs, which are trig- gered under certain conditions; or Trojan horses, which send various types of information from infected computers back to their masters over the Internet. The weapons of cybercriminals are being constantly honed, and their means of conducting information attacks are becoming increasingly refined. In the long term, we can expect to see the appearance of new nontraditional types of net- work attacks and computer crimes. On the whole, we can state with confidence that the material damage from crimes in the information technology sphere is measured in the billions of U.S. dollars and is increasing with each passing year. Furthermore, the expected growth in financial losses from criminal infringements is based not only and not so much on the increased number of computer attacks as on the growing scale of the use of network information technologies in business. In the face of harsh competition, companies are forced to shift a large portion of their business communications onto the Internet, which makes them vulnerable to criminals unless matters of information protection are handled appropriately. The world community has fully realized the potential consequences of the threat of cybercrime, and in this regard representatives of the European Union member states, the United States, Canada, and Japan signed the International Convention on Cybercrime in November 2001. In the convention, crimes com- mitted in the information environment or against or with the aid of information resources are in fact defined as cybercrimes. With the far lower level of development of computer networks in Russia, the situation in the Russian Federation is obviously not yet as serious as in the United States, but its intensity is increasing from year to year. We are increas- ingly sensing how the modern information criminal is becoming a reality.

COUNTERING URBAN TERRORISM 239 The Criminal Code of the Russian Federation includes articles establishing penalties for computer crimes and a chapter defining crimes in the computer information sphere. This chapter includes three articles setting forth penalties for illegitimate access to computer information (Article 272); the creation, use, and dissemination of harmful programs via computer (Article 273); and violation of the rules of operation of computers, computer systems, and networks (Article 274). The number of crimes committed under these articles is increasing each year. Meanwhile, the number of crimes discovered is also on the rise. Let us look at the facts. In 2004, 4,523 computer information crimes were discovered in the Russian Federation. Of these, 3,944 fell under Article 272 of the Criminal Code and 577 under Article 273. During this past year, the Russian Federation significantly stepped up its efforts to stop the distribution of unlicensed software, thus making a worthy contribution to the world trend toward combating computer piracy. For example, 1,483 administrative violations were uncovered in the copyright area, and 216,635 compact discs with unlicensed software with a total value of more than 9 million rubles were confiscated by court order. Like the rest of the world, the Russian Federation is currently facing the pressing problem of so-called spam, the mass distribution of electronic mes- sages, largely advertising, that were not requested by their recipients. Receiving spam is like an invisible tax on all users of the Russian segment of the Internet. By various estimates, financial losses from spam vary from 120 to 200 million U.S. dollars per year. In 2004 a precedent for combating this type of crime was created for the first time in the Russian Federation, with the first conviction of a spammer under the law. This person had created a computer program, sendsms.pl, and sent 15,000 mobile phone subscribers text messages with un- censored content smearing the business reputation of a cellular communications company. Also arising last year was a trend for the use of the Internet as an auditorium to shape public opinion and exert pressure on private individuals and officials by spreading information damaging honor and impugning dignity or by disseminat- ing citizens’ personal or family secrets. In one example the authorities halted the activities of a perpetrator who had posted an Internet site with intentionally libelous materials regarding the president of the Russian Federation and state- ments insulting his honor and dignity. Obviously, negative press technologies adopted from the media have begun to be used on the Internet. Furthermore, in trying to evade responsibility, the ill-intentioned are claiming that laws regulat- ing media activities do not apply to the Internet, even though its audience is often greater than that of many print publications. The Russian Federation is working actively to standardize the legislative and regulatory base for these violations, while maintaining a lack of government censorship. An analysis of personal information about criminals arrested in the Russian Federation in 2004 shows that computer crime is mostly perpetrated by adults.

240 RUSSIAN VIEWS ON COUNTERING TERRORISM Adolescents under age 20 comprise only 17 percent of the total number of criminals, the bulk of whom—70 percent—are persons between the ages of 20 and 35. It should also be noted that 63 percent of these persons attended or graduated from university, which reflects the high intellectual level of this crimi- nal activity. No crime, including cybercrime, can occur on its own. Crimes are commit- ted by criminals, and in this case, by cybercriminals. People can have different motives for committing crimes. Determining the boundary between crime and terrorism in cyberspace is possible simply by determining the goals of cyber- terrorism. In practice, these goals coincide with the goals inherent in terrorism in general and political terrorism in particular. One may state that every terrorist is a criminal, but not every criminal is a terrorist. According to the common definition of terrorism, it is a conscious and di- rected use of violence or the threat of violence to force society, the state, or the government to comply with the political, ideological, religious, or economic goals of the terrorist organization. A terrorist act is a crime aimed at having an emotional impact on public opinion, engendering fear and panic in society, evok- ing distrust of power structures, and ultimately destabilizing the political- economic situation in the country. This is a crime aimed against the security of society, the state, and each individual citizen. The cyberterrorist substantially differs from the hacker, computer hooligan, thief, or swindler. The main element of the cyberterrorist’s tactics is to ensure that the crime has maximally dangerous consequences and broad public resonance and creates an atmosphere that threat- ens repetition of the terrorist act without specifying a specific target of attack. The experience of the Russian Federation shows that the motives of cyber- crimes are changing. Whereas computer crimes in the past were committed mainly by adolescents motivated by hooliganistic or experimental considerations, motives of greed now predominate. Intentionally false reports of terrorist attacks represent an exception. In particular, specialists have established that this was the motive of the Russian student who disseminated information about a planned New York subway bombing, accompanying his message with the words “Allahu akbar.” TERMINOLOGY USED IN THE RUSSIAN FEDERATION FOR CLASSIFYING THREATS AND MEANS OF COUNTERING CYBERATTACKS There is no commonly accepted terminology in the sphere of information security for computer systems and networks, which makes it necessary to define certain fundamental concepts (as they are used in the Russian Federation). Threat—A potential event, action, or process that by its effects on network components could lead to the infliction of material, moral, or other damage on network resources.

COUNTERING URBAN TERRORISM 241 Vulnerability—Any characteristic or property of an information system that if used by an intruder could lead to realization of a threat—in other words, weak points in systems. Attack (intrusion)—An event in which a perpetrator or intruder attempts to access a system or commits any sorts of abuses with it, or any action by an intruder leading to realization of a threat by means of attacking vulnerabilities. An intruder carries out an attack in three stages: (1) collection of information about the network to be attacked, (2) implementation of attack, and (3) comple- tion of attack. Traditional means of countering intrusions come into play only in the second phase of attack implementation. Such a situation helps to increase the damage from the attack. It would be more logical to begin active response efforts at the first stage of the attack. The most obvious example would be an attack aimed at implementing a threat to deny services or to deny access to information (a denial-of-service attack). This sort of attack is extremely difficult to thwart at the implementation stage, so it would be reasonable to suppress it at the first step in its development. Intrusion detection—A range of methods intended to detect an intrusion (attack) on a network by means of observing various parameters, events, and subsystems for registration and network monitoring. Intrusion detection system—A range of software and hardware network resources intended to detect intrusions (attacks). In addition to the denial-of-service attack, which stalls a server by placing an increased load on its central processor, there are many harmful programs called viruses, which affect individual computers, computer systems, networks, and, recently, mobile communications resources, using a developed operating environment and elemental base. The number of viruses is constantly increasing, reaching 25,000 according to estimates in late 2004. Table 1 presents a brief classification of current viruses as categorized in the Russian Federation. With corporate and local networks and individual users accessing the Internet, one of the most complex problems is that of ensuring the security of information resources. A number of technologies are employed to address this problem, each of which is designed to protect against a particular class of poten- tial security threats. These include intrusion detection systems, public key infra- structure, virtual private networks, antivirus software, cryptographic systems, identification and authentication systems, security scanners, and so forth. Firewalls hold an important place among these technologies, and their adequate application can substantially reduce risks associated with unauthorized access to data. However, comprehensively deterring cyberthreats is possible by develop- ing optimal information security policy consisting of a combination of passive and active methods of applying protection technologies.

242 RUSSIAN VIEWS ON COUNTERING TERRORISM TABLE 1 Classification of Current Viruses Group Type Characteristics Environment Network viruses Spread through various networks, that is, during transmission of data between computers connected by a network. File viruses Infect executable files and are loaded after start-up of the program in which they are located. File viruses can also be embedded in other types of files, but if they are placed in nonexecutable files, they do not obtain control and lose the capacity to spread. Boot viruses Install themselves into the boot sector of physical or logical discs containing boot programs. Mobile The newest type of virus. They infect the operating communication environment of the latest generation of mobile system viruses telephones, which have broad intellectual capabilities. Means of Resident viruses Leave a resident code in operating memory that infection intercepts communications between the operating system and infection targets (files, boot sectors of discs, and so forth) and installs itself in them. Resident viruses live in memory and remain active until the computer is turned off or rebooted. Nonresident Do not infect computer memory and are active for a viruses limited time. They are activated at certain times, for example, when documents are processed with a text processor. Destructive Not dangerous Reduce memory volume; do not disrupt the potential computer operations; produce graphic, audio, or other effects. Dangerous Can cause various disruptions in computer operations, for example, locking up or incorrect printing of documents. Very dangerous Can cause losses of programs and data and deletion of information in system memory sectors and can even cause a breakdown of moving parts of the hard disc. THE TRAINING OF HIGHLY QUALIFIED INFORMATION SECURITY SPECIALISTS IN THE RUSSIAN FEDERATION Only a major leading university with the appropriate educational, method- ological, and technical base is capable of training highly qualified specialists able to accomplish the task of ensuring comprehensive information security. The educational objectives for specialists of this type at Bauman Moscow State Tech- nical University are as follows:

COUNTERING URBAN TERRORISM 243 • theoretical foundations for the engineering-technical protection of information • methodological support for the engineering-technical protection of information • creation and operating principles of information systems and networks (ISN) • methodologies for designing, building, and operating secure ISNs • criteria and methods for evaluating the security of ISNs • means and methods of unauthorized access to ISN information • architecture of protected computer networks • software, hardware, and technical means of creating protected networks • principles of building and managing protected networks • rules for the organizational, technical, and legal protection of information • use of software and hardware technologies for protecting information • construction and operation of protected databases • systematic approach to the problem of protecting information in database management systems • mechanisms for protecting information in databases and database man- agement systems and opportunities for overcoming them • conceptions of the engineering-technical protection of information • physical foundations for the engineering-technical protection of information • organizational foundations for the engineering-technical protection of information As a result of their training in this discipline, specialists must understand the following: • promising areas for the development of computer security theory • methods for analyzing information security threats • architecture of secure ISNs • principles for constructing secure systems • typical attacks on secure ISNs • promising areas for the development of network security technologies • current problems in information security science and the role and place of information protection in networks when addressing comprehensive informa- tion security problems They must know the following: • methodological and technological foundations of comprehensive security for ISNs • threats and methods of violating ISN security

244 RUSSIAN VIEWS ON COUNTERING TERRORISM • formal models lying at the foundation of ISN protection systems • standards for evaluating ISN security and their theoretical foundations • methods and means of building and operating secure ISNs • methods and means of verifying and analyzing the reliability of secure ISNs • methodological and technological foundations for ensuring the informa- tion security of network-automated systems • threats and methods of violating the information security of network- automated systems • physical processes in technical means and systems that lead to leakage of secure information • typical models of attacks aimed at overcoming the protection of network- automated systems, conditions under which they might be carried out, possible consequences, and means of prevention • role of the human factor in ensuring network security • possibilities, means, and rules for applying basic software and hardware means of protecting information in networks • principles for the operation of basic secure network protocols • foundations for the application of firewalls for network protection • rules for setting network security policy • standards for evaluating secure network systems and their theoretical foundations • methods and means of designing, constructing, and evaluating secure network systems • conception of the engineering-technical protection of information • basic principles and methods of information protection • basic guiding and regulatory documents on the engineering-technical pro- tection of information • procedures for organizing the engineering-technical protection of information They must know how to • analyze ISNs from the standpoint of ensuring computer security • develop security models and policies using well-known approaches, methods, means, and theoretical foundations • apply standards for evaluating the security of ISNs in analyzing and de- signing information security systems for them • implement information protection systems in ISNs in accordance with standards for evaluating ISN security • analyze network automated systems from the standpoint of ensuring in- formation security

COUNTERING URBAN TERRORISM 245 • develop network security models and policies using well-known ap- proaches, methods, means, and theoretical foundations • apply standards for evaluating secure network systems in analyzing and designing systems to protect information in automated systems • apply secure protocols and firewalls necessary for implementing infor- mation security systems in networks • take measures to counter network security threats using various software and hardware means of security in accordance with rules for their application • create information security systems in automated systems in accordance with standards for assessing system security • identify threats and technical channels for information leakage • describe (model) security targets and information security threats • apply the most effective methods and means of engineering-technical protection for information • monitor the effectiveness of security measures They must have the following skills: • work with ISNs for distributed computing and information processing • work with ISN documentation • use of criteria for evaluating ISN security • construction of formal models of ISN information security systems • construction and operation of computer networks • design of secure networks • comprehensive analysis and evaluation of network security • work with means of interface support with various categories of database management system users • work with database management systems on various platforms • develop and manage databases • work with means of ensuring database management system integrity • work with means of ensuring database confidentiality • work as database security administrator • device-based evaluation of the energy parameters of side radiation from technical means and systems • engineering calculation of the parameters of the controlled zone By completing their studies at the university, the specialists acquire theoreti- cal information and practical skills in combating computer terrorism and can independently develop enterprise information security policies based on compre- hensive integrated solutions, conduct scientific research, and develop new meth- ods for countering cybercrime.

246 RUSSIAN VIEWS ON COUNTERING TERRORISM CONCLUSIONS AND RECOMMENDATIONS Cybercrime is not restricted to crimes committed on the Internet. It extends to all forms of crimes committed in the sphere where information, information resources, and information technology are the targets, means, or tools of crime. With the current growth of cybercrime, which presents a danger to people’s lives and welfare, threatens the security of all states, and undermines trust in govern- ment institutions, it is vitally important to ensure protection against this type of criminal activity. Therefore, we currently need to enhance the level of interna- tional coordination of scientific research on preventing and countering acts of cybercrime. First, we need to conduct scientific research on developing a single concep- tual framework. We must develop and amend legislative, regulatory, and legal documents for this type of crime, including those governing international activi- ties. Studies on creating modern technologies for detecting and deterring net- work attacks and neutralizing criminal impacts on information resources are of the highest significance. In order to accomplish this, we need to develop plans for joint research on countering cybercrime. Themes for such plans could in- clude the following: • organizing exchange programs for undergraduate and graduate students, instructors, and researchers in the leading higher educational institutions of the Russian Federation and the United States • creating a single conceptual framework, terms, and definitions regard- ing the development of means and systems for countering cybercrime and cyberterrorism • creating a set of recommendations for government legislative organs on studying and amending regulations and laws regarding this type of crime, in- cluding those governing international law enforcement activities • creating modern theoretical methods and applied technologies for detect- ing and deterring network attacks and neutralizing criminal impacts on informa- tion resources

Next: On Efforts to Counter International Terrorism in the Russian Federation and Possible Areas of U.S.-Russian Cooperation in this Area--Valentin A. Sobolev »
Russian Views on Countering Terrorism During Eight Years of Dialogue: Extracts from Proceedings of Four U.S.-Russian Workshops Get This Book
×
Buy Paperback | $98.00 Buy Ebook | $79.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Few countries have endured as many attacks of terrorism during the past two decades as has Russia. From bombings on the streets of a number of cities, to the disruption of pipelines in Dagestan, to the taking of hundreds of hostages at a cultural center in Moscow and at a school in Beslan, the Russian government has responded to many political and technical challenges to protect the population. The measures that have been undertaken to reduce vulnerabilities to terrorist attacks and to mitigate the consequences of attacks have been of widespread interest in many other countries as well.

In June 1999, the Presidents of the National Academy of Sciences and the Russian Academy of Sciences initiated an inter-academy program to jointly address common interests in the field of counter-terrorism. Four workshops were held from 2001 to 2007 and additional consultations were undertaken prior to and after the series of workshops. This report includes 35 of the Russian presentations during the workshop series. Collectively they provide a broad overview of activities that have been supported by Russian institutions.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!