A cyber threat can be loosely defined as a conscious attempt to obtain unauthorized access to a computer system to extract or manipulate data or to violate the confidentiality, integrity, authenticity or availability of data inside the system.
There are numerous ways to organize these activities and you can find thousands of different takes on the subject, this one is mine and I say cyber threats can be grouped into 4 main categories:
Cyberterrorism has become one of the most significant threats to the national and international security of modern states, and cyberattacks are occurring with increased frequency. Being a politically and emotionally charged subject, it was never possible to reach an international consensus regarding the development of an accepted comprehensive definition of the term "terrorism".
Therefore, there are literally hundreds of definitions of terrorism, many of them biased by the political view of its creators. I won't get into that debate but I will quote a political description of terrorism used by the United Nations General Assembly, back in 1994: "Criminal acts intended or calculated to provoke a state of terror in the general public, a group of persons or particular persons for political purposes are in any circumstance unjustifiable, whatever the considerations of a political, philosophical, ideological, racial, ethnic, religious or any other nature that may be invoked to justify them." With this in mind, how can we define cyberterrorism? It is obviously a very controversial term with many possible definitions depending on the scope of the actions performed.
Trying to avoid all the debate around the motivation, targets and methods involved I would define cyberterrorism as the use of the Internet and information technologies to organize and execute attacks against networks, computer systems and telecommunications infrastructures with ideological motivations.
In spite of the existence of a large amount of subjectivity in what exactly constitutes cyberterrorism, it’s only logical to assume that the concept must feature computer systems either as targets or as tools. Thus, cyberterrorism can be studied within the framework of a convergence of terrorism and cyberspace. In order to be considered as terrorism, an attack should aim at producing violence against persons or property, or at least cause enough harm to generate fear. Further, to qualify as “cyber” has to imply attacks and threats against computers, networks, or the information they store.
This should not be mixed with the use of the Internet by terrorist groups for organization, propaganda or recruitment because these activities are not a direct attack at anything. Therefore, the goal of cyberterrorists is to destroy, incapacitate, or exploit critical infrastructures causing terror in the general population and not just share information between them.
In our world, a terrorist does not need to have powerful explosives, only a computer and Internet access. Most importantly, the Internet provides cyberterrorists with a new target, bigger than any traditional target they could possibly hit in a direct physical attack. Theoretically, without the need to build a bomb or sacrifice themselves, cyberterrorists can disrupt the critical infrastructure of an entire nation, create havoc in the global economy, and instill fear and chaos among millions of people.
Western officials still believe their enemies are less developed in their IT capabilities and therefore they are likely to pose only a limited cyber threat. However, this serious mistake might have severe consequences in the future. The near future…
Although cybercrime and cyberterrorism activities can sometimes coexist, in their essence they are very different things because criminals mostly seek to attack systems in pursue of some form of monetary gain. Many individuals and organized crime groups are using a wide array of illegal tools and schemes to commit identity theft and online fraud. The purpose of this post is not to create an exhaustive list of illegal of these activities but nevertheless I will outline the major ones:
Basically, phishing is deceiving users to enter personal details at a fake website whose look and feel are almost identical to the legitimate one. The scheme is usually carried out via e-mail and is a good example of a social engineering technique used attempting to acquire private information such as usernames, passwords, and credit card details.
The term is a variant of fishing probably influenced by phreaking, and refers to "bait" used in hopes that the potential victim will "bite" when receiving communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators. By clicking on links to websites that are infected with malware or opening a malicious attachment, their financial information and passwords may then be stolen. There are many variants of phishing like Smishing or Vishing, just to mention a few.
This is the use of social engineering techniques via SMS (Short Message Service), the technology used for text messages on cell phones. Hence the name, derived from "SMs phISHING".
This is the criminal practice of using social engineering over the telephone system, and it has been facilitated by VoIP (Voice over IP) exploiting the general public's trust in landline telephone services. The term is a combination of "voice" and phishing.
Spam is the use of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Individuals or organizations (called spammers) distribute unsolicited e-mail messages with hidden or fake information mainly advertising in order to sell products but often also spreading several forms of malicious software (malware) and conducting various phishing schemes.
The term usually refers to e-mail spam, but it is also applied to similar practices in almost any other media like instant messaging, Usenet newsgroups, Web search engines, blogs, etc. The name comes from a Monty Python sketch in which Spam (spiced ham) is included in almost every dish.
This is malicious software installed on a system through users' deception to collect information without their knowledge. Spyware can get into the system bundled with desirable software or hidden using a Trojan horse making it difficult to detect.
This kind of software may also be intentionally installed by the administrator of corporate computers in order to monitor users' behavior but then it's considered to be monitoring software.
Big companies compete against each other in the global market and may seek to obtain sensitive information to improve their competitive advantage in various areas through their ability to conduct industrial espionage.
Many business competitors hire international corporate spies and organized crime organizations to gain advantage in pricing, manufacturing or product development.
Although very seldom associated with cybercrime, pedophilia-sharing networks grew exponentially with the widespread use of the Internet. What was once limited to very secretive and geographically confined groups enjoyed for some years of large and new means for gathering new maniacs and was a prosperous business for many savages. But in recent years, officials all around the world are actively monitoring the systems and the pedophile barbarians took a deep dive into the underworld.
Cyberwarfare can be seen as the set of actions taken by a nation or state against another nation's computer systems for the purpose of causing damage or disruption thus making cyberspace the new domain in warfare. Cyberspace is an open field for military planners and some western countries are officially moving beyond classic warfare, involving physical force. But there is big debate focused on how to apply the existing body of international law on warfare and protect civilians in the event of an open cyber war.
Accordingly, cyberwarfare programs are government-sponsored projects to develop capabilities with the future prospect of causing widespread damage to critical infrastructures. Recently, the world knew about the deployment of Stuxnet, the first cyberweapon really developed to be used against a foreign nation. This cyber weapon intended to cripple Iran’s nuclear program is good example of how hard it is to say when cyber actions reach the threshold of war because in cyberspace it can be almost impossible to identify the enemies. In cyberwarfare there are no satellite photos of tanks or troop movements and very little can be done to prove whether a nation has launched an attack.
Several nations are now aggressively working to develop information warfare doctrine, programs, and capabilities that include real cyberweapons. These new cyberweapons can have a significant impact by disrupting the supply chains, communications, and economic infrastructures that support the daily lives of citizens across the target nation. A very important aspect of this problem is that cyber attacks may have serious humanitarian consequences including damage to infrastructure like power grids, toxic waste facilities or derail passenger trains. Even more dangerous, derail trains loaded with lethal chemicals or contaminate the water supply in major cities.
Besides this, intelligence services use cyber tools as part of their information-gathering and espionage activities.
Hacktivism is a very controversial activity. The term (formed by joining the words hack and activism) was allegedly first coined in 1996 by a member of the Cult of the Dead Cow hacker group named Omega and refers to the use of computers and computer networks for political ends.
The term hacker usually refers to someone capable of finding weaknesses in a computer system. These skilled individuals may be motivated by a wide variety of reasons, such as monetary profit, political protest, or the challenge of defeating the system's security.
A hacktivist is a hacker who utilizes information technology to spread social, ideological, religious, or political messages. Therefore, hacktivists are politically active hackers that might pose a threat mostly by spreading propaganda rather than causing damage to critical infrastructures. Their attacks are aimed at supporting their political views or a plethora of other causes.
Acts of hacktivism are carried out in the belief that proper and clever use of computer programming will be able to produce similar results to those produced by regular activism. Pending on your personal political views, you can think of hacktivists either as freedom fighters or as terrorists.
The Invisible Web
How can such a wide array of threats be performed out in the open? It's not; there is an invisible and vastly unknown cyberworld where most of these activities are carried out.
The Invisible Web (also called Deepnet, the Deep Web, DarkNet, Undernet, or the hidden Web) refers to World Wide Web content that is not part of the so called Surface Web, which is indexed by standard search engines. The Deep Web contains many meaningless and harmless things, like web form submission data or web site navigation pages but has also a lot of information that can't be browsed in a Google search, and therefore can used for criminal activities.
Someone has said that searching on the Internet today can be compared to dragging a net across the surface of the ocean: a great deal may be caught in the net, but there is a wealth of information that is deep and therefore missed.
Most of the Web's information is buried far down on dynamically generated sites, and standard search engines do not find it. Traditional search engines cannot find or retrieve content in the deep Web because those pages do not exist until they are created dynamically as the result of a specific search. The deep Web is several orders of magnitude larger than the surface Web and this parallel world, containing a much wider range of information, is a precious resource for private companies, governments, and especially cybercrime.
To discover content on the Web, search engines use web crawlers that follow hyperlinks. This technique is ideal for discovering resources on the surface Web but is often ineffective at finding Invisible Web resources. For example, these crawlers do not attempt to find dynamic pages that are the result of database queries due to the infinite number of queries that are possible.
But is the Deep Web really a world of creepy criminal activity, or is it instead a valuable tool to protect privacy and anonymity? I guess no one really knows for sure. There a large community for whom the Deep Web is associated with the concept of full anonymity thus allowing the prospering of all kinds of criminal activities submerged in an inaccessible world.
The DarkNet is a mysterious and deliberately hidden part of the Internet where criminals, and others in need of anonymity and privacy mingle. Within the hidden world of this so called Invisible Web one might engage in myriad activities, legal and otherwise. On the DarkNet one might buy or sell drugs, obtain or sell fake IDs, sponsor terrorism, rent a botnet or trade in kiddie porn.
However, Deep Web anonymity may be overrated. According to some rumors, NSA is monitoring everything that goes on under the cloak of these supposedly anonymous systems.
As an example of the interactions between hackers, criminals and the hidden world behind our computer networks, I would like to remind you of Operation Darknet. In the end of 2011, #OPDarknet revealed over 1500 accounts from a trading website for pedophiles hosted in the Deep Web. It was a hacktivist campaign performed by the Anonymous collective against the hosting server at Freedom Hosting where allegedly these illegal contents were hosted and shared.