Cybercrimes: A Multidisciplinary Analysis • Sumit Ghosh (cid:129) Elliot Turrini Editors Cybercrimes: A Multidisciplinary Analysis 123 Editors Prof.SumitGhosh ElliotTurrini 917JoelDrive 10BabbitRoad Tyler,Texas75703 Mendham,NewJersey07945 USA USA [email protected] [email protected] ISBN978-3-642-13546-0 e-ISBN978-3-642-13547-7 DOI10.1007/978-3-642-13547-7 SpringerHeidelbergDordrechtLondonNewYork LibraryofCongressControlNumber:2010936441 (cid:2)c Springer-VerlagBerlinHeidelberg2010 Thisworkissubjecttocopyright. Allrightsarereserved,whetherthewholeorpartofthematerialis concerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,broadcasting, reproductiononmicrofilmorinanyotherway,andstorageindatabanks.Duplicationofthispublication orpartsthereofispermitted onlyundertheprovisions oftheGermanCopyrightLawofSeptember9, 1965,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Violationsare liabletoprosecutionundertheGermanCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,etc.inthispublicationdoesnotimply, evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevantprotectivelaws andregulationsandthereforefreeforgeneraluse. Coverdesign:WMXDesignGmbH,Heidelberg,Germany Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface What’sso importantaboutcybercrime?Isn’titjustanotherformof crime–like a violentorfinancialcrime?Theanswerisbothyesandno.Yes,inthiswaythatany crimeisaviolationofa criminallaw.Butnointhreeimportantways.First,asin- glecybercriminalwithjustonecomputer,rightknowledge,andInternetaccesscan causeimmensesocialharmthatwaspreviouslyconsideredimpossible.Second,the potentialharmfromcybercrimeincreaseseverysecondofeveryday,ascomputing technologiesbecomemoreubiquitousinourlives.Third,cybercriminalsareoften muchmoredifficulttoapprehendthantraditionalcriminals,renderingtheenforce- ment of cybercrime laws even less effective at crime prevention than the general enforcementofcriminalslaws. Today, computers are everywhere, starting from cash registers in the grocery stores to running our cars, medical instruments that automatically read our tem- perature and blood pressure, routine banking, navigating airlines, and directing electricitytoourhomesandbusinesses.Considerthefutureofbiotechnology,where tinycomputersin theformof smartdeviceswillbe implantedinsideourbodies– similarto,butmorepowerfulthanapacemaker.Thesedeviceswillinteractwithour bodiesinsomeprofoundlyimportantways,andsendandreceivewirelesscommu- nicationsfromourdoctors.Today,andevenmoresotomorrow,virtuallyallofthese computersareinterlinkedthroughcomputernetworks.Increasingly,computersand networkswillentrenchliterallyeveryaspectofourcivilizationwithoutexception. For the first time in our civilization, computersand networks, together, consti- tute an amplifier of the humanmind, where the amplification factor is at a billion andgrowingfastwithnoupperboundinsight.Withsuchformidablepotentialand power,computersandnetworksaredestinedtofundamentallyalterourworld–even beyondwhatwecanreasonablyimagine. Toanordinarycitizen,cybercrimesmaylogicallyappeartobedefinedascrimes thatinvolvecomputersinanyroleorcapacity.Infact,governments,civilandcrim- inaljustice systems, andlaw enforcementagencies,worldwide,chooseto use this broad,workingdefinitiontohelpguidethemintheircraftingofthelawsoftheland, legalthinking,andthedevelopmentoflawenforcementtactics.Thisunderstanding of cybercrimesisveryuseful;however,it isof limited depthandmayimpedeour abilitytoadequatelyaddressthelargeandgrowingcybercrimeproblem. v vi Preface Thepotentialforcybercrimestoevolveintoinnumerableradicallynewformsat incrediblespeed,ordersofmagnitudefasterthanthemutationrateofbiologicalbac- teriaandviruses,isveryreal.Uncheckedandunabated,theycaneasilyoverwhelm societiesandnations. What prompted us, contributing authors, to come together and organize this book? We fear the almost unlimited harm that cybercriminals can impose in the future.Whilefilmedlongafterthisbookbegan,themovie,“LiveFreeorDieHard,” isnotsciencefiction.Partsofitrepresentrealandgrowingthreats.But,moreimpor- tantly, the authors believe that a multi-discipline, holistic approach to cybercrime preventionisessential. Overall,thisbookisacollaborativeeffortofallofthecontributingauthors,char- acterizedbygreatmutualadmirationanddeeprespectforeachother.Specifically, this book represents a coalescence of three motivating factors. First, each of the authors had independently arrived at the same exact realization that cybercrimes pose a formidable challenge to the fast approachingcyberage and that the impor- tant underlyingissues must be addressed to ensure a bright future.Second, in the courseofhisprosecutorialworkattheUSDOJ,co-authorElliotTurrinihadbecome deeplyconvincedthatcybercrimeis an intellectuallyrich,multidimensionalprob- lem, which requires a unique multidisciplinary approach. Third, in the course of his interdisciplinary research spanning computer hardware description languages to networking, network security, computer architecture, programming languages, algorithms, banking, biology,genetics, medicine, business, financial services, and modeling and simulation, co-author Sumit Ghosh experienced a profound revela- tionthat,asanamplifierofthehumanmind,theunderlyingprincipleofcomputers representstheseedofvirtuallyeveryknowndisciplineofknowledge,lawincluded. The co-authors passionately hope that this book will serve to raise a general awarenessamongeveryoneofwhatliesaheadinourfuture.Fromapessimisticper- spective, unless we as a society are very careful, we risk being drowned literally, notmetaphorically,incybercrimes.Beingnottooproudtoborrowtwicefromcon- temporarycinema,considertheMatrixmoviesastheultimatecybercrimes–which, by the way, are far more science fiction than “Live Free or Die Hard.” From an optimisticperspective,withdiligentprevention/securityandeffectiveinvestigation andprosecutionofcybercrimes,wewillbeabletoenjoythewonderfulbenefitsof computerswithoutsufferingthehorrificpotentialharmsfromcybercrimes. A betterunderstandingofhowperpetratorsmayhatchsinisterplans, todayand in the future, will help us preempt most of the destructive cybercrimes and fos- tergreateradvancementandfulfillmentforallhumanity.Computersandnetworks encapsulate amazing and incredible power, not the thermo-nuclear weapon kind, but groundedin thoughtand imagination with which we can shape our future for centuries,millennia,andbeyond.AsexplainedinChap.1,ouroptimismshouldbe temperedbyarecentlycoinedeconomicprinciplecalled,“convenienceovershoot,” which shows that under America’s form of capitalism, the economicsof bringing newtechnologiestothemarketandthedifficultiesofpredictingsafetyandsecurity issuesoftenleadtothecommercialdistributionofunsafeorinsecureproducts.This Preface vii is an important principle, which should guide our thinking about cybercrime and security. Theunderlyingthemeof the bookrests onthree pillars. The first is thatcyber- crime is a severe societal threat. The endemic vulnerability of computing as seen throughthe constantbattle to controlthe CPU; futurechangesin computingtech- nology; continued expansion of computing throughout our lives; and our proven trackrecordofthe“convenienceovershoot”allcoalesceintoaseveresocietalrisk. Second,criminalprosecutionisimportantbut,byitself,itisnotnearlyasufficient response to the threat. Third, we need a multi-disciplinary, holistic approach to cybercrime prevention and mitigation with a three-prong focus: raise attack cost; increaseattackrisk,andreduceattackmotivation. What sets this book apart is its unique and simultaneous blend of pragmatic practice and fundamental scientific analysis. This tone permeates the entire book and reflects the origin and genesis of the collaborationbetween Sumit Ghosh and ElliotTurrini.In 2001,the USA DOJ was anxiousto find a way to trace an Inter- net Protocol (IP) packet back to its origin, so they could tag and track suspect IP data packetsinvolvedin moneylaunderingandterrorism andsubsequentlyappre- hend the perpetrators.A numberof very well known networkingcompanieswere eager to explore this urgent USA DOJ need and were willing to modify or alter theIProutertechnology.Fromfundamentalanalysisofnetworking,however,itfol- lowedthatIPpacketscouldneverbetracedbacktothelaunchpointwithanydegree of certainty. Today, it has become mainstream knowledge that the design of the store-and-forwardIPprotocolisfundamentallyincompatiblewithsecurity.Through themany,manydiscussions,theco-authorsbecamethoroughlymotivatednotonly to synergize their ideas but to extend the collaborationto include researchers and practitioners from related disciplines. Inspired by this project, co-author Sumit Ghoshhadco-organizedaUSANationalScienceFoundation-sponsoredworkshop titled,“SecureUltraLargeNetworks:CapturingUserRequirementswithAdvanced Modeling and Simulation Tools,” in 2003. The interdisciplinary approach of the workshopwasverywellreceivedandsomeofthefar-reachingpresentationmaterial havebeenincorporatedinthisbook. Thisbookisorganizedintoninemajorparts,eachaddressingaspecificareathat beardirectandundeniablerelationshiptocybercrimes.PartIservesasintroduction andpresentsaworkingdefinitionofcybercrimes;PartIIfocusesonthecomputing andnetworkingtechnologyasitrelatestocybercrimesandthetechnicalandpeople challengesencounteredbythecyberdefenders;PartIIIexplainshowtocomputethe economicimpactofacybercrimeanddevelopsecurityriskmanagementstrategies; Part IV addresses the vulnerabilities of our critical infrastructures and notes that the possibilities of Pearl Harbor-type and Katrina-type cyberattacksare very real, which may be accompanied by catastrophic consequences; Part V describes the psycho-socialaspect of cybercrimes;Part VI focuses on efforts and challenges to regulatecybercrimesdirectly,throughcriminalpenalties,aswellasindirectly;Part VII explains how cybercrimeseasily transcend national and other boundariesand lists specific disciplines that face formidablechallengesfrom cybercrimes,world- wide;PartVIIIelaboratesontechniquestomitigatecybercrimesandstressesona viii Preface multi-prongapproach;andPartIXconcludesthebookwithascientific,engineering, andtechnologicalanalysisofthefutureofcybercrimes.Eachoftheseninepartsare elaborated through a number of self-contained chapters, totaling twenty chapters contributed by a total of 14 authors. Co-author/co-editorSumit Ghosh has edited all ofthe chaptersin an effortto ensureuniformity,continuity,and a smoothflow throughouttheentirebook. Althoughthebookhasbeenprimarilyorganizedtoserveasareferenceforlegal scholars,computerscientists,militarypersonnelinvolvedincyberwarfare,national- levelpolicymakersentrustedtoprotectthecountry’scriticalinfrastructure,national and internationalintelligence communities,economicanalysts, psychologists,and social scientists whose interests in cybercrimesare both specific and holistic, it is written to appeal to a much wider audience. The book may be read by anyone in the legal communityor peripherallyrelated disciplines who plans to specialize in cybercrimes, cyberattacks, and cyberlaws and their enforcement;front-line police officers; computer forensicsspecialists; law students; law makers at the State and Federal (Central) levels; judges; practicing lawyers; technical personnel involved in patent litigation; patent lawyers; product liability lawyers, economic analysts; centralbankers,financeministers,monetarypolicymakers,Interpol,andinsurance companypersonnelinvolvedinriskandactuarialanalysisandinunderwritingpoli- cies for data security. The book will also serve network and computer security specialists as well as those who wish to redesign products to withstand product liability lawsuits,groundedona fundamentalunderstandingof thenatureofcom- puters, networking, and cybercrimes. Even ordinary citizens who may be called from time to time to serve in the jury in litigations involving cybercrimes, espe- ciallyintheUSA,mayfindthemselveswelleducatedbyreadingthisbooksothey canblendtheirwisdomalongwithtechnologytoprotectsocietyandourcollective future. The co-authors/co-editors feel deeply honored and grateful to all of the con- tributing chapter authors, namely, Alan Boulanger, Paul Schneck, Richard Stan- ley, Michael Erbschloe, Michael Caloyannides, Emily Freeman, Dan Geer, Marc Rogers, Stewart Baker, Melanie Schneck-Teplinsky, Marc Goodman, and Jessica Herrera-Flanigan.A very special gratitude is due to Carey Nachenberg,Fellow at SymantecCorporation;andLeonardBailey,seniorcounselortotheAssistantAttor- ney General for National Security at the US Department of Justice for selflessly giving their time and sharing their concerns, knowledge, and wisdom. Co-author SumitGhoshisindebted,beyonddescription,toElliotTurriniforintroducinghim totheworldofcyberlawandtoLeonardBaileyformentoring,guiding,andadvis- inghimthroughthecomplexissuesofcriticalinfrastructureprotectionandcriminal regulations.Wealsothankmanyothersfortheirtime.Weareespeciallygratefulto AnkeSeyfriedofSpringer-Verlag(Lawdivision)forherincredibleenthusiasmand patiencerelativetothisbookprojectandtheentireeditorialandproductionstaffat Springer-Verlag. March2010 SumitGhosh ElliotTurrini Contents PartI IntroducingCybercrimes 1 APragmatic,ExperientialDefinitionofComputerCrimes ............. 3 1.1 IntroducingComputerCrimes......................................... 3 1.1.1 TheMelissaVirus:TheTurningPoint....................... 3 1.1.2 CybercrimesinEarly2001................................... 8 1.1.3 DefiningTechnicalCybercrime.............................. 9 1.2 TheBattletoControltheComputingProcess ........................ 11 1.2.1 TheNatureoftheBattle...................................... 11 1.2.2 TheCyberbattlefield.......................................... 11 1.3 ToolsforFightingtheBattletoControltheComputingProcess .... 18 1.3.1 DefiningTools................................................ 18 1.3.2 TheAttacker’sTechnicalTools.............................. 18 1.3.3 TheAttacker’sSocialTools.................................. 20 1.3.4 TheDefender’sTools......................................... 21 1.4 TheConvenienceOvershootWarning................................. 22 References...................................................................... 23 PartII ComputingandNetworkingTechnologyandCybercrimes 2 UnauthorizedIntrusionsandDenialofService........................... 27 2.1 UnauthorizedIntrusions................................................ 27 2.1.1 ToolstoExploitUnauthorizedIntrusions ................... 28 2.1.2 DeploymentofToolkitsforUnauthorizedIntrusions....... 34 2.2 DenialofService....................................................... 40 2.2.1 DifferentManifestationsofDDoSAttacks.................. 41 2.2.2 ToolkitsforDDoS............................................ 43 References...................................................................... 44 3 MaliciousCode................................................................ 45 3.1 Introduction............................................................. 45 3.1.1 TrendsthatFacilitateMaliciousCode toThrive....................................................... 47 ix