THE NATION ’S NEWSPAPER

Collegiate
Case
Study www.usatodaycollege.com

Cybercrime arrests by FBI

‘a tiny drop in the bucket’ Cybercrime
By Brian Acohido Computer crime (also referred to as cyber crime, e-crime or hi-tech crime) can be
classified into the following categories:
.....................................................................................3

Security experts say Rock • Content related crime - child pornography and criminal copyright infringement.
• Traditional crimes committed by means of a computer - fraud and theft.
Phish widening net • Attacks on computers and computer systems – hacking, pharming and phishing.
By Jon Swartz
.....................................................................................4 Those engaging in illegal activities online often have unlimited resources, time,
and in most cases motivation, requiring businesses and government agencies to
invest significant time and resources to upgrade their security programs to battle
NATO to study defense the hacker. As soon as a new protocol is developed and announced, it seems that
against cyberattacks hackers have it figured out, and a more elaborate design must be developed. A
By Jim Michaels 2006 FBI estimate pegged the total cost of cyber crime to businesses above $67
billion. This case study will explore the different ways that cyber crime might
.....................................................................................5
impact students personally, as well as raise awareness of the broader implications
Infamous spammer arrested, for our economy and national security.
faces new charges
By Byron Acohido
.....................................................................................6
Chinese hackers seek U.S. access
Attacks highlight weaknesses in U.S. security
Critical inquiry
By Jon Swartz Forensic analysis indicates the hack-
Discussion and future implications
USA TODAY ers may have sought information on
.....................................................................................7 war games in development at the
SAN FRANCISCO — The cyberattack naval college, he said. The college
Additional resources/Voices of a U.S. military computer system was vulnerable because it did not
Further exploration and Voices extension has deepened concern about cyber- have the latest security protections,
spying and the security of the Gabos said.
....................................................................................8
Internet's infrastructure.
The November attack was part of an
Chinese hackers were most likely ongoing campaign by Chinese hack-
behind an intrusion in November ers to penetrate government com-
that disabled the Naval War College's puters. The attacks often come in the
network, forcing it to disconnect form of "spear phishing," scams
from the Internet for several weeks, where attackers craft e-mail mes-
says Lt. Cmdr. Doug Gabos, a sages that seem to originate from the
spokesman for the Navy Cyber recipient's organization in a ploy to
Defense Operations Command in gain unauthorized access to confi-
Norfolk, Va. dential data.

© Copyright 2008 USA TODAY, a division of Gannett Co., Inc. All rights reserved.
AS SEEN IN USA TODAY’S MONEY SECTI ON, MARCH 12, 2007, 3B
China is also using more traditional
hacking methods, such as computer
viruses and worms, but in sophisticat-
ed ways, says Alan Paller, director of
the security research organization
SANS Institute.
Hackers are directly breaking into mil-
itary and government computers, and
exploiting the side doors of private
networks connected to them, Paller
says.
The intrusions spotlight the soft
underbelly in U.S. cybersecurity. They
also underline the need for the federal
government to develop policies that
define responsibilities between the
public and private sectors to fend off
hackers and terrorists, say military
officials and cybersecurity experts
including Jody Westby, CEO of Global
Cyber Risk.
The attacks also underscore flaws in
Internet security and the difficulty in
tracking bad guys, says Westby, a
cybersecurity consultant in
Washington. Such "Swiss cheese"
holes, she says, not only compromise
military and government networks
but those of businesses and critical
infrastructure.
"The Internet was not designed for
security, and there are 243 countries
connected to the Internet," says
Westby, who estimates 100 countries
are planning infowar capabilities.
"What's more, many countries don't
have cybercrime laws."
Chinese hackers gained notoriety in
the USA after a series of coordinated
attacks on American computer sys-
tems at NASA and Sandia National
Laboratories, dating to 2003, were
traced to a team of researchers in
Reprinted with permission. All rights reserved.
Guangdong province. The program,
called Titan Rain by the Defense
Department, first became public in
August 2005. The Defense
Department has since retitled the
program under a classified name.
The hackers are still active, but
Gabos would not say if the intrusion
at the Naval War College was linked
to previous attacks.
China is aggressively improving its
information warfare capabilities,
according to a December 2006
Chinese military white paper. Its
goal is to be "capable of winning
informationized wars" by the mid-
21st century.
The motives of Chinese hackers run
the gamut from intelligence gather-
ing to technology theft and the infil-
tration of defense networks for
future action, cybersecurity experts
say.
The intent of Chinese operatives is
unclear, but most agree they are
gathering information, says Peter
Neumann, a scientist at SRI
by Robert Hanishiro, USA TODAY
International, a non-profit research
institute.
U.S. cyberwarfare strategy, mean-
while, is disjointed because organi-
zations responsible for cyberoffense,
such as the National Security
Agency, and defense, such as the
Naval Network Warfare Command,
are not linked, Gen. James
Cartwright, commander of the
Strategic Command, said in a speech
at the Air Warfare Symposium in
Florida in February.
The U.S. must take aggressive meas-
ures against foreign hackers and
websites that help others attack
government systems, Gen. Ronald
Keys, commander of Air Combat
Command, told reporters in Florida
on Feb. 9.
"I think it's going to take an Internet
9/11, and we've had some pretty
serious problems on the Internet"
for the country to seriously re-
examine its approach to cyberwar-
fare, he said, according to a tran-
script.
Page 2
AS SEEN IN USA TODAY’S MONEY SECTI ON, JUNE 14, 2007, 2B

Cybercrime arrests by FBI

‘a tiny drop in the bucket’
By Byron Acohido
USA TODAY
SEATTLE -- The tech security world cheered the FBI's then file a complaint online through the FBI's Internet
announcement Wednesday of a crackdown on cyber- Crime Complaint Center.
crooks who control networks of compromised comput-
ers, called botnets, to spread spam and carry out scams. "The majority of victims are not even aware that their
computer has been compromised or their personal infor-
But the arrests in recent weeks of accused bot con- mation exploited," says James Finch, assistant director
trollers James Brewer of Arlington, Texas; Jason Michael for the FBI's Cyber Division. "Citizens can protect them-
Downey of Covington, Ky.; and Robert Alan Soloway of selves from botnets and the associated schemes by prac-
Seattle will barely make a ripple, security analysts say. ticing strong computer security habits to reduce the risk
that your computer will be compromised."
"We applaud the government's involvement in stopping
cybercrime," says Tom Gillis, senior marketing vice presi-
dent at messaging security firm IronPort Systems. "But
these arrests are a tiny drop in the bucket."

Soloway made a name for himself selling spamming kits

and botnet access to fledgling spammers, according to a
civil case he lost to Microsoft in 2005. He was arrested in
Seattle last month and charged with continued spam-
ming.

Downey and Brewer controlled smaller botnets, federal

district court documents in Michigan and Illinois say. The
court documents did not detail what they used their
networks for.

Criminals turn computers into bots with malicious soft-

ware programs spread through viral e-mail attachments
and tainted Web pages. They become relay points to
spread spam and can also steal any sensitive data typed
by the user. Elite bot "herders" control botnets of often
10,000 to 100,000 computers that are difficult to detect
and shut down.

"Botnets are increasing, but we've just scratched the sur-

face of what botnets are going to do," says Doug
Camplejohn, CEO of security firm Mi5 Networks.

The FBI asks PC users with suspected compromised

computers to contact their Internet service provider, Sam Ward, USA TODAY

Reprinted with permission. All rights reserved. Page 3

AS SEEN IN USA TODAY’S MONE Y SECTI ON, OCTOBER 11, 2007, 3B
Security experts say Rock Phish
widening net
By Jon Swartz
USA TODAY
SAN FRANCISCO — A recent surge in
phishing — fraudulent e-mail and
websites designed to "fish" sensitive
personal information such as pass-
words and credit card numbers — is
the handiwork of a small, shadowy
cybergang, computer security
experts say.
Rock Phish, a group of technically
savvy hackers who oversee phish-
ing websites and provide tools on
the Internet that let others phish, is
"the major driving force behind a
worsening situation, and they are
difficult to track down," says
Zulfikar Ramzan, senior principal
researcher at Symantec's Security
Response Group.
Rock Phish got its name because of
its use of the word "rock" in the
Web addresses of phishing web-
sites. It is believed to be in Eastern
Europe, based on the widespread
availability of its phishing tools on
websites hosted in that region.
FBI spokesman Paul Bresson says it is
aware of the group. But U.S. authori-
ties have little legal recourse to bust
the foreign group and tamp down
the surge in phishing, says Paul
Henry, vice president of technology
evangelism at Secure Computing.
So far, the criminal enterprise has
victimized customers of U.S. and
European financial institutions, such
as Citibank and Barclays, as well as
popular phishing targets eBay and
PayPal, says Dan Hubbard, senior
director of security and technology
research at security firm Websense.
Reprinted with permission. All rights reserved.
The gang is also targeting the com-
mercial accounts of small and large
businesses, says Fred Felman, chief
marketing officer at Mark Monitor, a
security company that has devel-
oped anti-phishing services. He esti-
mates 77% of all active phishing sites
are linked to Rock Phish and its
methods.
In July 2007 — the most recent
month for which data are available —
the Anti-Phishing Working Group
said new phishing sites pole-vaulted
to 30,999, from 14,191 in July 2006.
More phishing sites have popped up
this year — more than 220,000 and
counting — than in the first seven
months of any other year.
Rock Phish attacks employ Web
addresses containing the names of
real businesses, such as Bank of
America, that are interspersed with
random numbers.
The addresses appear authentic and
are difficult to detect by anti-phish-
ing defenses, says Paul Wood, a sen-
ior analyst at e-mail security firm
MessageLabs.
A common Rock Phish tactic is to
register new phishing addresses in
rarely used country domains, such as
Moldova (.md) and Sao Tome and
Principe (.st), that are not on the
radar of law enforcement and anti-
phishing groups, Felman and others
say.
Before the bogus domain names are
detected and removed, so-called
Rock Phishers have already duped
people and stolen their personal
information.
Financial information stolen on Rock
Phish websites is collected and fun-
neled to a central computer server,
Wood says.
Computer-security firm McAfee
advises consumers to be dubious of
e-mails that come from financial
institutions and online payment
services asking them to take imme-
diate action on their accounts. It also
warns consumers to be cautious of
e-mail that uses poor grammar.
Page 4
AS SEEN IN USA TODAY’S NEWS SECTI ON JUNE 15, 2007, 20A
NATO to study defense
against cyberattacks
Computer assault staggered Estonia
by Sam Ward, USA TODAY
By Jim Michaels
USA TODAY
BRUSSELS — NATO defense ministers are considering
extending the alliance's protection into cyberspace in
the wake of a devastating digital attack that nearly crip-
pled member nation Estonia.
Defense ministers agreed "urgent work is needed to
enhance the ability to protect information systems of
critical importance," NATO spokesman James Appathurai
said Thursday.
NATO will begin examining how it may protect its 26
member states from electronic attacks like the one in
Estonia, Appathurai said during a meeting of the minis-
ters.
Reprinted with permission. All rights reserved.
Defense Secretary Robert Gates and a number of the
other officials have backed the move to study the issue.
No decision has been reached on anything beyond study.
The issue is tricky for NATO. The attacks on Estonia were
launched against public cyberspace that controls bank-
ing, e-mail and other functions and not the country's
military command and control system. The attacks,
which began in April and peaked last month, were
launched from computers in about 50 countries, NATO
spokesman Robert Pszczel said.
The alliance, a product of the Cold War, is based largely
on the notion that an attack on one member is consid-
ered an attack on all.
The cyberattacks in Estonia, a former part of the Soviet
Union, followed its decision to transfer a World War II-
era statue of a Soviet Union soldier from a park to a mili-
tary cemetery. The move triggered riots among Estonia's
ethnic Russian population.
The Estonia attacks were "sustained" and "coordinated,"
Appathurai said.
Estonia bills itself as one of the most advanced nations
when it comes to online services. Estonians can vote
online, and a large percentage of people there use the
Internet for banking and other services.
NATO dispatched a team of specialists to Estonia after
the attacks, but it has limited capacity to support broad-
er cyberspace defense efforts.
NATO's capabilities are directed toward protecting the
alliance's own network, said Sheena Carrigan, a NATO
spokeswoman. Expanding that mission would be up to
the alliance's political leadership, she said.
Page 5
AS SE EN IN USA TODAY’S MONE Y SECTI ON, JUNE 1, 2007, 4B
Infamous spammer arrested,
faces new charges
But others will fill any void, officials say
By Byron Acohido
USA TODAY
SEATTLE — The arrest of notorious
spammer Robert Alan Soloway, 27,
on criminal charges for continuing to
spread junk e-mail raised cheers in
the tech security community.
But Soloway's arrest Wednesday in
Seattle won't slow down the tidal
wave of spam. Unwanted commer-
cial e-mail has become big business,
backed by organized crime. Most of
it originates from networks of com-
promised home PCs, called zombies.
The spam deluge includes record
levels of unsolicited e-mail ads for
subprime loans, herbal remedies and
get-rich-quick schemes. It includes
phishing mail that lures recipients
into typing sensitive data on bogus
websites. There's also "pharm" spam
pitching fake pharmaceutical drugs.
And stock spam dupes recipients
into helping drive up prices of mori-
bund stocks.
"This is the modern face of the e-
mail threat," says Adam O'Donnell,
director of emerging technology at
message security firm Cloudmark.
"Spam makes money."
Soloway pleaded not guilty and is
being held in federal detention,
pending a hearing next week. In his
heyday from 2003 to 2005, Soloway
made millions selling crude spam-
ming kits to newbie spammers, and
provided access to zombie networks
to help his customers accelerate
spamming.
Reprinted with permission. All rights reserved.
Those activities came
to light in a 2005 civil
judgment Microsoft
won against Soloway.
He was ordered to
pay the software
giant $7.8 million.
Microsoft spokes-
woman Liz Candello
says he never paid.
Last week, a federal
grand jury returned
a 35-count indict- by Robert Hanishiro, USA TODAY
ment against Soloway charging him
with mail fraud, wire fraud, e-mail MessageLabs last week reported
fraud, aggravated identity theft and another advance: For the first time,
money laundering. He has been liv-
the London-based security firm
ing in a ritzy apartment and drives intercepted spam pitching stock pur-
an expensive Mercedes convertible,
chases with an enticement to click to
says prosecutor Kathryn Warma. a tainted Web page. Clicking on the
Prosecutors want him to forfeit
link turned over control of the PC to
$773,000 they say he made from his the intruder.
business, Newport Internet
Marketing.
"It shows how far they're come,"
Yet he appears to have been a bit says Matt Sergeant, senior anti-spam
player in a spamming world that has technologist at MessageLabs. Well-
exploded in the past two years, says funded, organized crime groups are
Patrick Peterson, vice president of "just absolutely out in the open try-
technology at messaging security ing to get you to install this stuff."
firm IronPort Systems. In a 24-hour
period this week, IronPort blocked Soloway, by comparison, was a
81 billion spam messages. Spam vol- small-timer. According to the indict-
ume has nearly doubled to an aver- ment, clients paid him $495 to have
him send e-mail to 20 million
age 70 billion per day vs. 36 billion in
May 2006. addresses for 15 days or sell them
80,000 e-mail addresses.
"Soloway is a notable actor," says
Peterson. "But he's not one of the
supercriminals who is responsible for
most of the mayhem that's going on
today."
Page 6
 Critical Inquiry
1. How great of a problem is cyber crime when compared to the traditional types of crime with which we are
more familiar? What changes in law enforcement might be needed to combat the increase in cyber crime?

2. Another way to define cyber crime is simply as criminal activity involving the information technology infra-
structure. The acts themselves manifest themselves in many different ways. Define and provide examples of
the following types of cyber crime along with suggestions for solutions in combating this type of crime:

a.) Illegal or unauthorized access

b.) Illegal interception by technical means of non-public information
c.) Data interference by unauthorized damage
d.) Deletion, deterioration, alteration or suppression of computer data
e.) Interference with the functioning of a computer system
f.) Misuse of devices
g.) Forgery (ID theft)
h.) Electronic fraud

3. Under what conditions is a company legally obligated to report a computer-related security incident to the
authorities? When should individual users report suspicious computer activity to law-enforcement? Which
agencies are set up to receive such complaints?

4. What constitutional concerns are raised by intellectual property cyber crimes?

Future Implications

1. In what ways might the growth of cyber crime shape how the Internet develops in the future?

2. The potentially global nature of cyber crime makes clear the need for global solutions. How might the U.S. reach
consensus with other countries that may have very different legal traditions and no basis for substantive coopera-
tion? What implications are there if such cooperation and consensus can’t be achieved?

3. What steps can we, as individuals, take to protect ourselves from the impact of cyber crime in the future?
Beyond identity theft, what other types of criminal behavior are most likely to affect the average citizen?

4. According to the National Cyber Security Alliance, online malfeasance and criminal activity can be divided into
Cyber Ethics, Cyber Security and/or Cyber Safety. Given the explosion of new technologies such as wireless and
GPS, discuss the potential for exploitation in these three areas.

Additional Resources

uNational Cyber Security Alliance uUS-CERT

www.staysafeonline.org www.us-cert.gov/" http://www.us-cert.gov

uComputer Crime & Intellectual Property Section uPrivacy Rights Clearinghouse

www.cybercrime.gov www.privacyrights.org

For more information, log on to www.usatodaycollege.com Page 7