Cyber Attacks

Introduction:

Since the BOOM of the Internet, in 1990's, the world has become more and more dependent on it. Today's businesses rely increasingly on corporate IT networks and their connection with the global Internet as the backbone of their sales, sourcing, operating, and financial systems. Food, water, and energy distribution rely on computers and networks at every stage as do transportation, health care, and financial services. Owens (2009) The Internet World Stats (2011) revels that the number of Internet users has grown from approximately 800 millions of users in 2005 to approximately 2,100 millions of users in 2011; representing more than 250 per cent of growth in the last 6 years.

With total Internet usage growing significantly, there are correspondingly growing risk of criminal activities that exploits this interconnectivity for illicit financial gain and other malicious purposes such as Internet fraud, identity theft, etc. No business, government, nongovernmental, or other organization of whatever size is invulnerable to cyber-attacks. According to Ty Sagalow, Chairman of the Internet Security Alliance Board of Directors, an estimated $1 trillion was lost in the United States in 2008 through cyber-attacks. Matthew (2009)

The impact and effects of Cyber Attacks can be devastating for an organization or a state (as we will see later) so the investment and the management of optimal security system are a priority and a challenge that governments and businesses should carefully face.

In this essay, the term Cyber Attacks will be defined as well as the most common types. Next, I will briefly comment about some recent and high profile instances of cyber-attacks. Finally, some measures to deal with this threat will be mentioned.

Main Topic:

Cyber-Attack is defined by Owens (2009, p.1) as 'deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and / or programs resident in or transiting these systems or networks.' Depending on the intentions and the objectives that the attackers pursue, Cyber-Attacks can be mainly classified in 4 different types:

* Espionage: Aims to obtain confidential information over the Internet. The targets of such information might range from personal information used to steal identities to access of state secrets.

* Denial-of-Service Attacks (DoS): Seek to render a computer resource such as a Web site unusable, either temporarily or permanently. McDonnell (2001). A common method of attack consist in sending an overwhelming amount of data requests to the target machine saturating it so that it is then unable to respond to legitimate data requests.

* Logic Bombs: A logic bomb is a type of cyber-attack that sits dormant until certain conditions are met, at which point the program executes its malicious function. Bidgoli (2006) By not manifesting its malicious function immediately, a logic bomb is able to spread more widely than it could if its negative impact was readily apparent, because this would rouse suspicions of the program that the logic bomb is embedded in. Hoffman (2004)

* Trojan Horse: Lukens (1998, p.15) defines Trojan Horses as 'the alteration of computer instructions or data in a program so that the computer will perform unauthorized functions but usually still allow the program to perform most or all of its intended purposes.' Trojan Horses can be designed to have many functions, such as destroying data, software, and hardware, or transferring a computer virus or worm.

These attacks used to be performed, exclusively, by skilled people due to the high level of complexity and difficulty required to exploit security vulnerabilities and to develop and manage the tools and software. Nowadays, modern technology has made these tools cheap and handy which means that little specialized equipment is necessary for hacking. Shackelford (2009, p. 201) argues that 'the basic attack tools consist of a laptop, modem, telephone, and software; the same instruments commonly used by hackers, and by many modern professionals for that matter.' There are many sites on the Web who provide hacking tools and software downloads. The Interpol has estimated that there are as many as 30,000 websites that provided automated hacking tools and software downloads. Schiller (2010)

Even though these basic tools for hacking can be easily acquired, Cyber Attacks are becoming increasingly complex, sophisticated and organised. Due to the vast collection or valuable information that can be harvested on the Internet, hackers groups have been formed to operate as business. Today powerful criminal organizations operate in flourishing online black markets to buy and sell information about software vulnerabilities and an endless variety of sophisticated malware weapons that can be used to exploit these vulnerabilities. As Goldsmith (2010, p.24) explains, 'They infect, gather, and rent huge clusters of compromised zombie computers known as "botnets" that can be used for denial-of-service attacks or "phishing" expeditions (feigned trustworthy messages of the general sort that tricked the Google administrators). They buy and sell criminal services ranging from phishing-for-hire to money laundering. And they trade in stolen goods such as credit card and Social Security numbers and identification and login credentials.' Undoubtedly, the margin of profit that cyber-crimes generate has made it a very lucrative activity and consequently a steadily growing industry.

But the factor that has made Cyber-Attacks a really strong and dangerous industry is the fact that it is very difficult, and very resource-intensive, and sometimes impossible, to trace with much certainty the computer origin of a professional cyber-attack or cyber exploitation. It is even harder to do so in real time or even in the short-term. Goldsmith (2010) argues that a thoughtful adversary can hide its tracks by routing attacks or exploitations through anonymizing computers around the globe. On the Internet, states and their agents, criminals and criminal organizations, hackers and terrorists are empowered to impose significant harm on computers anywhere in the world with a very low probability of detection. Jensen (2010) This fact has been explored and used for nongovernmental terrorist groups or governments to perform politically motivated cyber-attacks and remain anonymous. Recently, cyber-attacks on states have proliferated both in numbers and severity. Shackelford (2010)

The first large-scale incident of a cyber-assault on a state was performed on April 27, 2007, when Estonia was attacked. In a matter of hours,