Threats to Computer Systems

The nature of computer crime has changed over the years as the technology has changed and the opportunities for crime have changed. Although thrill-seeking adolescent hackers are still common, the field is increasingly dominated by professionals who steal information for sale and disgruntled employees who damage systems or steal information for revenge or profit.

When Willie Sutton was asked why he robbed banks, he replied, "because that's where the money is." People attack computers because that's where the information is, and in our hyper-competitive, hi-tech business and global environment, information increasingly has great value. Some alienated individuals also gain a sense of power, control, and self-importance through successful penetration of computer systems to steal or destroy information or disrupt an organization's activities.

A common view of computer security is that the threat comes from a vast group of malicious hackers "out there." The focus of many computer security efforts is on keeping the outsiders out -- through physical and technical measures such as gates, guards, locks, firewalls, passwords, etc.

Yet, while the threat from outsiders is indeed as great as generally believed, the malicious insider with approved access to the system is an even greater threat! This discussion treats the insider threat and the outsider threat separately.

Insider Threat to Computer Security

bullet  Survey after survey has shown that most damage is done by insiders -- people with authorized access to a computer network. Many insiders have the access and knowledge to compromise or shut down entire systems and networks.

The Computer Security Institute and FBI cooperate to conduct an annual CSI/FBI Computer Crime and Security Survey of U.S. corporations, government agencies, financial institutions, and universities.1 Of the information security professionals who responded to this survey, 80% cited disgruntled and dishonest employees as the most likely source of attack on their computer system.

Fifty-five percent of respondents reported unauthorized access by insiders, as compared with 30% reporting system penetration by outsiders. Many companies reported multiple instances of unauthorized access or system penetration. For a study of the threat of insider betrayal by insider computer system professionals themselves, see The Insider Threat to Information Systems in the Treason 101 module.

When tabulating attacks from all sources, both insider and outsider, the following numbers represent the percentages of respondents who reported each type of attack during the previous year: 32% denial of service, 26% theft of proprietary information, 19% sabotage of data or networks, and 14% financial fraud.

As discussed in Reporting Improper, Unreliable, and Suspicious Behavior, you are expected to report potentially significant, factual information that comes to your attention and that raises potential concerns about computer security. Reportable behaviors include the following:

  • Unauthorized entry into any compartmented computer system.
  • Unauthorized searching/browsing through classified computer libraries.
  • Unauthorized modification, destruction, manipulation, or denial of access to information residing on a computer system.
  • Storing or processing classified information on any system not explicitly approved for classified processing.
  • Attempting to circumvent or defeat security or auditing systems, without prior authorization from the system administrator, other than as part of a legitimate system testing or security research.
  • Any other willful violation of rules for the secure operation of your computer network.

Outsider Threat to Computer Security

bullet At least seven foreign countries are training their intelligence officers in how to hack into U.S. computers.2 Government networks, proprietary commercial information, and scientific research are all vulnerable.

In addition to foreign intelligence services, your computer network is at risk from many other types of outsiders.

  • Freelance information brokers.
  • Foreign or domestic competitors.
  • Military services from adversary nations who are developing the capability to use the Internet as a military weapon.
  • Terrorist organizations for which organized hacking offers the potential for low cost, low risk, but high gain actions.
  • Crime syndicates and drug cartels.
  • Hobbyist hackers who penetrate your system for sport or or to do malicious damage.
  • Common thieves who specialize in stealing and reselling laptop computers.

The Internet has become a boon to intelligence collectors world wide.

Break-ins occur at an alarming rate because the Internet provides an especially comfortable and interesting place for hackers. The Internet was not designed with security in mind. It is a large, intricate network with many software flaws. It is easy to remain anonymous on the net. Because everything is interconnected, everything is vulnerable, and an expert intruder can cover his or her tracks by weaving a trail through a dozen systems in several different countries. Many hacker tools that required in-depth knowledge a few years ago have been automated and have become easier to use.

It is difficult to assess the overall dollar loss as a result of economic espionage and the theft of trade secrets. In order to gain a better understanding of the loss, the FBI developed a methodology to objectively assess and determine the scope of economic loss resulting from the theft of intellectual property. This Economic Loss Model was first applied to the facts of a case involving the theft of an unclassified software program that had been developed under contract to the Department of Defense and was being tested in space applications under contract to NASA. It was stolen by a foreign competitor. This case is described in Espionage Killed the Company under Spy Stories.

As a result of the theft, the foreign competitor captured the market and the company that developed the program went bankrupt. The model showed that this one case of theft resulted in over $600 million in lost sales, the direct loss of 2,600 full-time jobs, and a resulting loss of 9,542 jobs for the economy as a whole over a 14-year time frame. Analysis also determined that the U.S. trade balance was negatively impacted by $714 million and lost tax revenues totaled $129 million.3

Information warfare is now a very significant threat. The director of a task force of current and former government officials organized by the Center for Strategic and International Studies concluded that: "Information warfare weapons are changing the character of conflict more fundamentally than anything in history, including gunpowder and nuclear weapons." 4 In addition to our unclassified but sensitive military communications systems and data bases, our telecommunications, power, transportation, and financial systems are increasingly linked to the Internet, and they are vulnerable to attack from abroad. As Deputy Secretary of Defense John Hamre put it, "Very small numbers of people can now wage war on America."5 Organized hacking offers the potential for low cost, low risk, but high gain actions by small countries or groups against the most highly developed nations.

Related Topics: The Insider Threat to Information Systems in the Treason 101 module explores the psychology and motivation of the insider hacker and cites many examples. Hacking U.S. Government Computers from Overseas in the Spy Stories module describes three cases in which hackers working from overseas penetrated U.S. Government systems.

1. Richard Power, "1999 CSI/FBI Computer Crime and Security Survey," Computer Security Issues & Trends, Computer Security Institute, Winter 1999. Questionnaires were sent to 3,670 information security professionals; 521 responses were received for a 14% response rate.
2. Fortune, February 3, 1997, quoting presentation to computer security conference by FBI official Dennis Hughes.
3. National Counterintelligence Center, 1998 Annual Report to Congress on Foreign Economic Collection and Industrial Espionage.

4. Cybercrime, Cyberterrorism, Cyber-Warfare: Averting an Electronic Waterloo, as reported in "Lax U.S. Security Plans Threaten Critical Infrastructure, Report Warns," National Security Advisory, January 1999.
5. Dr. John Hamre, speech to the Council on Foreign Relations, June 5, 1998.




The Chroma Group, Ltd.