Project Report on Cyber Security and Cyber Crime involving Estonia Case, homeland Security and Athens Affair

PROJECT REPORT

CYBER SECURITY

1

CONTENT

PAGE NO. 1. CYBER SECURITY............................................................ .......................... 1 1.1.1 WHAT IS CYBER SECURITY............................................................ ...... 2 1.1.2 WHY IS CYBER SECURITY IMPORTANT............................................ 2 1.2 HOMELAND SECURITY............................................................ .............. 1.2.1 INTRODUCTION................................................... ................................. 1.2.2 EVOLUTION OF HOMELAND SECURITY CONCEPT..................... 1.2.3 WHAT DHS DO IN HOMELAND SECURITY...................................... 1.2.4 DIVISION IN HOMELAND SECURITY INVESTIGATION............... 1.2.5 GOALS OF HOMELAND SECURITY................................................... 1.2.6 CONCLUSION...................................................... .................................... 2

2. CYBER CRIME................................................................ .............................. 2.0.1 INTRODUCTION................................................... .................................. 2.0.2 WHAT IS CYBER CRIME................................................................ ....... 2.0.3 CAUSE OF CYBER CRIME................................................................ ..... 2.0.4 TYPES OF CYBER CRIME................................................................ ...... 2.0.5 HOW TO ERADICATE CYBER CRIME................................................. 2.1.0 ESTONIA CASE.................................................................. ...................... 2.1.1 INTRODUCTION................................................... .................................... 2.1.2 ETHNIC TENSIONS IN ESTONIA.......................................................... 2.1.3 MULTINATIONAL RESPONSES TO CYBER TERROR........................ 2.1.4 CONCLUSION...................................................... ....................................... 3

2.2.0 ATHENS AFFAIR: THE WIRETAP CASE............................................... 2.2.1INTRODUCTION............................................ .............................................. 2.2.2 DISCOVERY OF ILLEGAL TAPS.............................................................. 2.2.3 FALLOUT............................................................. ......................................... 2.2.4 CONCLUSION...................................................... ......................................... 1.1.1 WHAT IS CYBER SECURITY?

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction. 1.1.2 WHY IS CYBER SECURITY IMPORTANT?

Governments, military, corporations, financial institutions, hospitals and other businesses collect, process and store a great deal of confidential information on computers and transmit that data across networks to other computers. 4

With the growing volume and sophistication of cyber attacks, ongoing attention is required to protect sensitive business and personal information, as well as safeguard national security. During a Senate hearing in March 2013, the nation's top intelligence officials warned that cyber attacks and digital spying are the top threat to national security, eclipsing terrorism.

5

cyber crime

2.0.1INTRODUCTION O Over the past twenty years, unscrupulous computer users have continued to use the computer to commit crimes; this has greatly fascinated people and evoked a mixed feeling of admiration and fear. This phenomenon has seen sophisticated 6

and unprecedented increase recently and has called for quick response in providing laws that would protect the cyber space and its users. The level of sophistication has gone high to the point of using the system to commit murder and other havoc. This work seeks to define the concept of cyber-crime, identify reasons for cyber-crime, how it can be eradicated, look at those involved and the reasons for their involvement, we would look at how best to detect a criminal mail and in conclusion, proffer recommendations that would help in checking the increasing rate of cybercrimes and criminals.

7

2.0.2 WHAT IS CYBER CRIME? Cyber-crime by definition is any harmful act committed from or against a computer or network. According to McConnell International, Cyber Crime are most terrestrial crimes in four ways: Firstly they are easy to learn. Secondly, they require few resources relative to the potential damages caused. Thirdly, they can be committed in a jurisdiction without being physically present in it and fourthly, they are often not clearly illegal. Another definition given by the Director of Computer Crime Research Centre (CCRC) during an interview on the 27th April 2004 is that "CyberCrime"(‘computer crime’) is any illegal behaviour directed by means of electronic operations that targets the security of computer systems and the data processed by them. In essence, cyber-crime is crime committed in a 8

virtual space and a virtual space is fashioned in a way that information about persons, objects, facts, events, phenomena or processes are represented in mathematical, symbol or any other way and transferred through local and global networks. From the above, we can deduce that cyber crime has to do with wrecking of havoc on computer data or networks through interception, interference or destruction of such data or systems. It involves committing crime against computer systems or the use of the computer in committing crimes.

2.0.3 CAUSES OF CYBER CRIME There are many reasons why cyber-criminals commit cybercrime, chief among them are these three listed below: 9

 Cyber crimes can be committed for the sake of recognition. This is basically committed by youngsters who want to be noticed and feel among the group of the big and tough guys in the society. They do not mean to hurt anyone in particular; they fall into the category of the Idealists; who just want to be in spotlight.  Another cause of cyber-crime is to make quick money. This group is greed motivated and is career criminals, who tamper with data on the net or system especially, ecommerce, e-banking data information with the sole aim of committing fraud and swindling money off unsuspecting customers.  Thirdly, cyber-crime can be committed to fight a cause one thinks he believes in; to cause threat and most often damages that affect the recipients adversely. This is the most dangerous of all the causes of cybercrime. Those involve believe that they are fighting a just cause and so do not mind who or what they destroy in their 10

quest to get their goals achieved. These are the cyber-terrorists.

2.0.4 TYPES OF CYBER CRIME  Theft of telecommunication services  Communication in furtherance of criminal c conspiracies  Telecommunication piracy  Dissemination of offensive material  Electronic money laundering and tax evasion  Electronic vandalism, terrorism and extortion  Sales and investment fraud  Illegal interception of telecommunications 

Electronic funds transfer fraud

11

2.0.5 CYBER CRIME HOW TO ERADICATE Research has shown that no law can be put in place to effectively eradicate the scourge of cyber-crime. Attempts have been made locally and internationally, but these laws still have shot-comings. What constitutes a crime in a country may not in another, so this has always made it easy for cyber criminals to go free after being caught.

12

It has been proven that they help big companies and government see security holes which career criminals or even cyber-terrorist could use to attack them in future. Most often, companies engage them as consultants to help them build solid security for their systems and data. The Idealists often help the society through their highly mediatised and individually harmless actions, they help important organizations to discover their high-tech security holes. The enforcement of law on them can only trigger trouble, because they would not stop but would want to defy the law. Moreover, if the goal of the cyber-crime legislation is to eradicate cyber-crime, it mint well eradicate instead a whole new culture. Investments in education is a much better way to prevent their actions. Another means of eradicating cyber-crime is to harmonize international cooperation and law, this goes for the greed motivated and cyberterrorists. They cannot be fought by education, because they are already established criminals, so they can not 13

behave. The only appropriate way to fight them is by enacting new laws, harmonize international legislations and encourage coordination and cooperation between national law enforcement agencies.

HOMELAND SECURITY

14

1.2.1INTRODUCTI ON Homeland security is an American umbrella term for "the national effort to ensure a homeland that is safe, secure, and resilient against terrorism and other hazards where American interests, aspirations, and ways of life can thrive to the national effort to prevent terrorist attacks within the United States, reduce the vulnerability of the U.S. to terrorism, and minimize the damage from attacks that do occur. Ten years after the 9/11 terrorist attacks, policymakers continue to grapple with the definition of homeland security. Prior to 9/11, the United States 15

addressed crises through the separate prisms of national defence, law enforcement, and emergency management. 9/11 prompted a strategic process that included a debate over and the development of homeland security policy. Today, this debate and development has resulted in numerous federal entities with homeland security responsibilities. For example, there are 30 federal entities that receive annual homeland security funding excluding the Department of Homeland Security (DHS). The Office of Management and Budget (OMB) estimates that 48% of annual homeland security funding is appropriated to these federal entities, with the Department of Defence(DOD) receiving approximately 26% of total federal homeland security funding. DHS receives approximately 52%.

1.2.2 Evolution of Homeland Security Concept 16

The concept of homeland security has evolved over the last decade. Homeland security as a concept was precipitated by the terrorist attacks of 9/11. However, prior to 9/11 such entities as the Gilmore Commission and the United States Commission on National Security discussed the need to evolve the way national security policy was conceptualized due to the end of the Cold War and the rise of radicalized terrorism. After 9/11, policymakers concluded that a new approach was needed to address the large-scale terrorist attacks. A presidential council and department were established, and a series of presidential directives were issued in the name of "homeland security". These developments established that homeland security was a distinct, but undefined concept. Later, the federal, state, and local government responses to disasters such as Hurricane Katrina expanded the concept of homeland security to include significant disasters, major public health emergencies, and other events that 17

threaten the United States, its economy, the rule of law, and government operations. This later expansion of the concept of homeland security solidified it as something distinct from other federal government security operations such as homeland defence.

1.2.3 WHAT dhs DO in homeland security DHS Science and Technology Directorate (S&T) strengthens America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise (HSE). Homeland Security Advanced Research Projects Agency (HSARPA) focuses on identifying, developing, and transitioning technologies and capabilities to counter chemical, biological, explosive, and 18

cyber terrorism threats, as well as protect our nation’s borders and infrastructure. HSARPA divisions work directly with DHS components to better understand and address their highpriority requirements and define operational context by conducting analyses of current missions, systems, and processes. This process ultimately identifies operational gaps where S&T can have the greatest impact on operating efficiency and increasing capability. In addition, Apex Technology Engines (Engines) power open innovation by harnessing subject matter experts and capabilities across DHS. Efforts include basic technical evaluations, knowledge products, developmental improvements, full lifecycle research, and piloting of new and existing technologies.

19

1.2.4 DIVISION IN HOMELAND To accomplish its mission, HSI is organized into the following divisions:  Borders and Maritime Security Division: Prevents contraband, criminals, and terrorists from entering the United States, while permitting the lawful flow of commerce and visitors.  Chemical and Biological Defence Division: Detects, protects against, responds to, and recovers from biological or chemical threats and events.  Cyber Security Division: Creates a safe, secure, and resilient cyber environment.  Explosives Division: Detects, prevents, and mitigates explosives attacks against people and infrastructure. 20

 Resilient Systems Division: Enhances resilience to prevent and protect against threats, mitigates hazards, responds to disasters, and expedites recovery.

1.2.5 GOALS OF HOMELAND SECURITY  Prevent and disrupt terrorist attacks  Protect the American people, our critical infrastructure, and key resources;  Respond to and recover from incidents that do occur  Continue to strengthen the foundation to ensure our long-term success.

1.2.6 CONCLUSION 21

ESTONIA CASE

22

2.1.1 Introduction During the information age, the Internet has facilitated dramatic increases in worldwide interconnectivity and communication. This form of globalization has yielded benefits, such as improved standards of living in the developing world, but it has also given rise to new weapons of resistance for groups seeking to oppose certain political measures and ideologies. One demonstration of the latter point came about through the cyber attacks on Estonia in April and May 2007 by digital activists from the Russian diasporas. This article examines these 23

fundamentally political attacks in cyberspace within the overall context of globalization. It argues that the situation that unfolded in Estonia in the spring of 2007 illustrates the increasing ability of transnational networks to use digital tools to challenge the policies and sovereignty of nation-states worldwide. However, the multinational responses to the Estonian cyber terrorist attacks demonstrate the growing interest of states in defending national sovereignty in the realm of cyberspace.

2.1.2 Ethnic Tensions in Estonia Estonia and Russia have a long history of strife in their bilateral relationship, and the problems between these ethnic populations date back to hundreds of years before the existence of modern nation-states. Following the Soviet annexation of the Baltic States in 1940, and throughout the Cold War, the Kremlin relocated hundreds of 24

thousands of ethnic Russians to Estonia. The purpose behind these mass migrations was two-fold: to increase cohesion in the Eastern Bloc and to "Russify" Estonian culture. Following the end of the Cold War and the dissolution of the U.S.S.R., the government in Tallinn implemented policies designed to minimize Russian influences on Estonian culture. And although Estonia joined NATO in 2004 and received the Atlantic Alliance's, distrust of Moscow's intentions remains strong. After several years of lobbying, Estonia recently received NATO contingency plans to protect the country in the event of a hypothetical Russian invasion. There are also reports that the government has even created house-to-house defence plans against Russian aggression. The cyber attacks on Estonia occurred within the overall climate of tension between ethnic Estonians and the country's Russian minority population. On April 30, 2007, the government moved the Bronze Soldier a memorial commemorating the Soviet liberation of 25

Estonia from the Nazis from Tõnismägi Park in central Tallinn to the Tallinn Military Cemetery. This decision sparked rioting among the Russian speaking community, which comprised around 26 percent of Estonia's population in 2007. To ethnic Estonians, the Bronze Soldier symbolized Soviet oppression. But to Russian minorities, its relocation represented further marginalization of their ethnic identity. As Mary Kaldor and David Szakonyi argue a perceived attack on the identity of a subordinate group is likely to provoke a nationalist backlash, as occurred in Estonia. In addition to rioting and violence from April 27 to May 18, distributed denial-of-service (DDoS) cyber attacks targeting the country's infrastructure shut down the websites of all government ministries, two major banks, and several political parties. At one point, hackers even disabled the parliamentary email server.8 Estonian officials like Foreign Minister Urmas Paet quickly accused Russia of perpetrating the attacks, but European Commission and NATO technical experts were unable 26

to find credible evidence of Kremlin participation in the DDoS strikes.

2.1.3 Multinational Responses to Cyber Terror

The 2007 cyber terrorism on Estonia was more than just a temporary nuisance; rather, it was a mild version of a new form of digital violence that could halt public services, commerce, and government operations. Estonian Defence Minister Jaak Aaviksoo observed that successful cyber attacks "can effectively be compared to when your ports are shut to the sea." A blockade is a fitting analogy, as future cyber-terrorist attacks may disrupt a country's water and electricity supplies, telecommunications (severing its connections to the world), and national defences. The seriousness of the attacks on Estonia generated a rapid international response. Estonia had few formal cyber-defence preparations outside of its framework for countering traditional acts of terrorism, and the 27

government Computer Emergency Response Team (CERT) required Finnish, German, Israeli, and Slovenian assistance to restore normal network operations. NATO CERTs provided additional assistance, while the EU's European Network and Information Security Agency (ENISA) offered expert technical assessments of the developing situation. Further, a high level of intelligence sharing took place among western countries during the crisis. While Russian-speaking hackers employed the Internet as a weapon and tool of mobilization, Estonia and its allies used digital networks to successfully counter the attacks. During and after the DDoS strikes, NATO and EU member states began to debate new directions for cyber security and the appropriate punishments for states found to have engaged in digital warfare. Sanctions were one punishment option that received fairly widespread support. Additionally, one German official even recommended that NATO consider extending its Article 5 28

security guarantees to the realm of cyberspace. At its Bucharest Summit in April 2008, NATO adopted a unified Policy on Cyber Defence and created the Brussels-based Cyber Defence Management Authority (CDMA) to centralise cyber defence operational capabilities across the Alliance. And in August 2008, Tallinn became home to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCE), the Atlantic Alliance's cyber-security headquarters. On the EU front, in November 2010, the organization released its Internal Security Strategy, which calls for integrated responses to cyber-security threats and significant expansion of ENISA's duties beyond its previously limited analytical role.

2.1.4 Conclusion The severity of the Estonian cyber attacks served as a wake-up call to the world, as it became clear that potentially autonomous transnational networks like unhappy pro-Kremlin 29

"hacktivists" could avenge their grievances by digitally targeting and nearly crippling the critical infrastructure of technically sophisticated nation-states. In the future, an enhanced focus on cyber security and new multinational strategies and institutions will be instrumental in countering electronic threats to the sovereignty and survival of states. However, the world of information security is not unlike the traditional global security environment; for each visible action, there is oftentimes a commensurate reaction. The attacks on Estonia will likely encourage future groups of transnational imitators, and the events of spring 2007 have provided states with important information for the further development and improvement of their own cyber-warfare capabilities. The benefits of the information age are numerous, but nascent threats like transnational cyber terrorism and information warfare exist alongside the positive aspects of 30

globalization. In this period of IT-driven globalization, the attacks on Estonia demonstrate that even NATO Article 5 and U.S. nuclear umbrella guarantees cannot ensure the protection of the nation. Just as the world economy has adapted to the digital era, the Estonian cyber terrorism case indicates that the foreign and security policies of nationstates must also do so, as difficult-toattribute asymmetric threats stemming from the Internet are likely to harm nation-states in the future.

31

ATHEN AFFAIR(THE WIRE TAPING CASE) (2004-2015)

2.2.1 INTRODUCTION 32

The Greek wiretapping case of 2004-2005, also referred to as Greek Watergate involved the illegal tapping of more than 100 mobile phones on the Vodafone Greece network belonging mostly to members of the Greek government and top-ranking civil servants. The taps began sometime near the beginning of August 2004 and were removed in March 2005 without discovering the identity of the perpetrators. The phones tapped included those of the Prime Minister Kostas Karamanlis and members of his family, the Mayor of Athens, Dora Bakoyannis, and the top officers at the Ministry of Defence, the Ministry of Foreign Affairs, the Ministry for Public Order, members of the ruling party, ranking members of the opposition Panhellenic Socialist Movement party (PASOK), the Hellenic 33

Navy General Staff, the previous Minister of Defence and one, a locally hired Greek American employee of the American Embassy. Phones of Athens-based Arab businessmen were also tapped. Foreign and Greek media have raised United States intelligence agencies as the main suspects. AFP reported that one Greek official stated on background that the likely initial penetration occurred during the run-up to the 2004 Athens Olympics, stating: "it is evident that the wiretaps were organized by foreign intelligence agencies, for security reasons related to the 2004 Olympic Games. The leader of the PASOK socialist opposition George Papandreou said that the Greek government itself had pointed towards the US as responsible for the wiretaps by giving up the zone of listening range, in which the US embassy was included.

34

2.2.2 DISCOVERY OF ILLEGAL TAPS On January 24, 2005, an intruder update of exchange software resulted in customer text messages not being sent. Vodafone Greece sent firmware dumps of the affected exchanges to Ericsson for analysis. On March 4, 2005, Ericsson located the rogue code, 6500 lines of code written in the PLEX programming language used by Ericsson AXE switches. Writing such sophisticated code in a very esoteric language required a high level of expertise. Much of Ericsson's software development for AXE had been done by an Athens-based company named Intracom Telecom, so the skills needed to write the rogue software were likely available within Greece. On March 7, 2005, Ericsson notified Vodafone of the existence of rogue wiretaps and software in their systems. The next day the general manager of the Greek Vodafone branch, 35

George Koronias, asked for the software to be removed and deactivated. Because the rogue software was removed before law enforcement had an opportunity to investigate, the perpetrators were likely alerted that their software had been found and had ample opportunity to turn off the "shadow" phones to avoid detection. On March 9, the Network Planning Manager for Vodafone Greece, Kostas Tsalikidis, was found dead in an apparent suicide. According to several experts questioned by the Greek press, Tsalikidis was a key witness in the investigation of responsibility of the wiretaps. After fourmonth investigation of his death, Supreme Court prosecutor Dimitris Linos said that the death of Kostas Tsalikidis was directly linked to the scandal. "If there had not been the phone tapping, there would not have been a suicide. A preliminary judicial investigation was carried out, which, due to the complexity of the case, lasted until February 1, 2006. The preliminary investigation did not point out any 36

persons connected with the case. The investigation was hindered by the fact that Vodafone disabled the interception system, and therefore locating the intercepting phones was no longer possible (the phones were apparently switched off), and that Vodafone had incorrectly purged all access logs. Police rounded up and questioned as suspects persons who called the monitoring phones, but all callers claimed they called these phones because their number was previously used by another person.

2.2.3 FALLOUT The investigation into the matter was further hampered when Greek law enforcement officials began to make accusations at both Vodafone and Ericsson, which forced experts on the defensive. .A recent appeal of the main opposition party, PASOK, to form an investigating parliamentary committee was rejected by the governing party. 37

In December 2006 Vodafone Greece was fined €76 million by the Communications Privacy Protection Authority, a Greek privacy watchdog group, for the illegal wiretapping of 106 cell phones. The fine was calculated as €500,000 for each phone that was eavesdropped on, as well as a €15 million fine for impeding their investigation. On October 19, 2007, Vodafone Greece was again fined €19 million by EETT, the national telecommunications regulator, for alleged breach of privacy rules. On September 2011, new evidence emerged indicated the US Embassy in Athens was behind the telephone interceptions. The key evidence of complicity was that out of the 14 anonymous prepaid mobile phones used for the interception, three had been purchased by the same person at the same time as a fourth one. The fourth phone called mobile phones and landlines registered with the US Embassy in Athens. With a sim card 38

registered to the US Embassy, it also called two telephone numbers in Ellicott City and Catonsville, Maryland, both NSA bedroom communities. A criminal investigation was launched, and in February 2015, Greek investigators were finally able to finger a suspect, William George Basil, a NSA operative from a Greek immigrant background. Greek authorities have issued a warrant for Basil's arrest, who has since gone into hiding.

2.2.4 CONCLUSION So what can this affair teach us about how to protect phone networks? Once the infiltration was discovered, Vodafone had to balance the need for the continued operation of the network with the discovery and prosecution of the guilty parties. Unfortunately, the responses of Vodafone and that of Greek law enforcement were both inadequate. Through Vodafone's actions, critical data were lost or destroyed, while the perpetrators not only received a warning 39

that their scheme had been discovered but also had sufficient time to disappear. In the telecommunications industry, prevailing best practices require that the operator's policies include procedures for responding to an infiltration, such as a virus attack: retain all data, isolate the part of the system that's been broken into as much as possible, coordinate activities with law enforcement. Of course, in countries where such high-tech crimes are rare, it is unreasonable to expect to find a crack team of investigators. Could a rapid deployment force be set up to handle such high-profile and highly technical incidents? We'd like to see the international police organization Interpol create a cyber forensics response team that countries could call on to handle such incidents.

40

41