This post is going to address the relevance of cyber security in the realm of geopolitics and internationally organized crime. Topics discussed will include espionage and theft. The point of this paper is to inform the reader of the extent in which cyber attacks are used. It is not just “script kiddies” with hack tools – it is governments and organized criminal units, as well. The writing will begin with an overview, demonstrate an example of cyber crime, delve into the dynamics of it, move on to examine recent charges of espionage, and finish with a summary of the key points.
Geopolitics is the study and state of international political relations in geographically distant areas. Nothing is better positioned or more influential in this regard than the Internet. From the perspective of citizens, the ability to communicate instantly across the globe seemingly improves the quality of international relations. From the perspective of many governments, however, it has become a source of an incomprehensible amount of information, and very many headaches.
Technology has allowed people in one part of the globe to touch assets in another. Not only can this far-away person touch things, he can do so near anonymously. In the game of espionage, this recipe has “win” written all over it. This, however, assumes an offensive-only perspective. In terms of defense, cyber espionage is a problem with no apparent solution. It is not just spying that we need to defend against, though; it is theft, as well.
Per Steven R. Chabinsky, the Deputy Assistant Director of the Cyber Division in the FBI, cyber threats are the FBI’s number three priority – right after counterterrorism and counterintelligence. He justifies that high ranking by explaining how terrorists and foreign countries both use cyber means to exploit our weaknesses. To point out an example of theft, he describes a real case of ATM fraud scheme:
The criminal enterprise used hackers to break through an encrypted system and steal account numbers and PIN codes, they produced more than 400 fake ATM cards, they recruited hundreds of mules spread out in 280 cities around the world and—in less than 24 hours – they made over 14,000 ATM transactions totaling nearly $10 million.
It is getting easier to catch cyber criminals, but it is still far from simple. Criminal syndicates dealing in cyber crime are organized and specialized not unlike Fortune 500 companies. Most cyber crimes span several borders. Many times there will be a hacker in one country, a target in another, and mules in still others. Every person has a job, and it takes the whole to succeed. It is not uncommon to have programmers (build malware), network guys (assess systems and build infrastructure), vulnerability scouts (find bugs to exploit), fraudsters (social engineering), cashers (set up drop bank accounts), mules (move the money from the drop accounts), and botnet owners (to make forensics difficult through DOS attacks and the like). The only way to put all the pieces together is through the cooperation of foreign governments. Governments, on the other hand, have their own agendas, and cooperation is not always high on that list.
Recently, five Chinese military officials were indicted by the United States on charges of cyber spying. According to the L.A. Times, the accused are charged of breaking into and stealing information from several companies including U.S. Steel, Westinghouse Electric, Alcoa, Allegheny Technologies, the United Steelworkers Union, and SolarWorld. The motive is believed to be trade secrets and strategic plans. Information of this sort could serve to undercut and cripple the businesses affected.
A common saying in the business world is, “the first to market wins.” By stealing corporate information, a hacker could do away with research and development costs and produce a more complete product at a lower cost. The economic impact of that is next to impossible to measure, but we can be certain it is quite substantial.
The impact of cyber theft should have been made clear by the ATM fraud example given, but if more proof is required of the severity of the situation, look no further than this simple fact: in a physical robbery, a person can steal only what is proximate to him. In cyber crime, however, there is no bottom to the barrel. Theoretically, a hacker could infect and modify some banking software, remove some key logic that handles account balances and overdrafts, and transfer $100,000 from an account that only actually has $1,000. They can effectually steal money that doesn’t even exist.
Chabinsky, Steven R. (2010). The Cyber Threat: Who’s doing what to whom? The Federal Bureau of Investigation. Retrieved from http://www.fbi.gov/news/speeches/the-cyber-threat-whos-doing-what-to-whom
Phelps, Timothy M. (2014). U.S. Indicts Five Chinese Military Officials on Cyberspying Charges. L.A. Times. Retrieved from http://www.latimes.com/business/la-fi-china-cyberspying-justice-20140520-story.html#page=1