CYBERTERRORISM, CYBERWAR, AND CYBERVIGILANTISM
"Men are only as good as their technical development allows them to be" (George Orwell)
Terrorists often spend a lot of time in cyberspace, and it's quite possible that cyberterrorism will become the future's most prevalent form of terrorism. Debates over this will be settled when experts finally figure out if the CYBER part of the term is more important than the TERRORISM part of the term, or vice-versa. Any cyber attack can involve multiple actors, multiple targets, and multiple intents, and it's even conceivable that one day, the "true cyberterrorist" will be some kind of artificial intelligence or virtual "bot" which operates in cyberspace like a super-virus. In the meantime, we'll have to settle for diverse threats from myriad terrorist, dissent, and extremist groups who utilize the Internet for everything from recruitment to fundraising to planning to target selection. All these activities are (or should be) considered cyberterrorism. Vatis (2001) lists the four most common sources of threats as:
nation-states (who probably will not launch major cyber attacks against one another, even though they have the greatest capability)
terrorists (groups seeking to expand their capability in this area)
terrorist sympathizers (the most likely group to launch a cyber attack)
thrill seekers (a minor threat because they are driven by a desire to show off their skills rather than a desire to destroy)
Cyberterrorists are joined on the playing field by cybervandals, cybervigilantes,
organized criminals, and a host
of other cyber-entities. A classic example of organized criminals is the
Business Network). With regard to terrorist "bots," Jeff Bardin at
CSOonline reported on the first one in
early 2008 that was a toolkit version
of Mujahedeen Secrets 2 (programmed in English, interfaced in Arabic)
which allowed terrorists and terrorist sympathizers to communicate secretly,
surf anonymously, and spy on other computers. Trendle (2006) pointed out
that the war in
Iraq provoked over 20,000 website defacements in any given year alone (a group
known by the name Iron Guard was especially prolific). After 9/11, self-styled cybervigilantes came to
America's rescue, and most of these vigilante, pro-American, counterattack
groups are controversial, to say the least. They, too, have exotic names, like the Patriot Freedom Cyber Force Militia. Clearly,
cyberspace attracts extremism.
Let's examine the four ways cyberspace enables extremism:
(1) it levels the playing field
(2) it is ideal for hype and fear
(3) it encourages megalomania
(4) it offers ready-made escapism
It helps that cyberspace
already has a "seedy" reputation and "frontier" status.
It's a place where the bad guys
have always been one step ahead of the good guys. Cyberextremism is a reliable indicator of
social problems and geopolitical tensions, shedding light on the root causes of
terrorism and insurgency. Every extremist thinks that cybersecurity is a joke,
and every cyberterrorist sees it (as well as the frontier status of the
Internet) as a weakness. Cyberdefense is only
as strong as the weakest link. Cyberterrorists prey upon these
weaknesses with at least three goals in mind:
(1) information theft -- stealing data from a targeted personal device, system or network is not only the most common threat, but one which makes cyberterrorism attractive and profitable
(2) information disruption -- defacement for the purpose of sabotage or vandalism, rendering critical operating systems incapable of performing their essential functions
(3) information denial -- destruction via floods of automated hits, capable of bringing down whole countries if the economic, news media, Internet, and telecommunications structures are disabled
According to John Robb, the typical cyberterrorist attack would involve bringing down a country's information infrastructure. They would use a distributed denial of service attack. Doing so would be the equivalent of launching millions of infobombs at a target, all while maintaining total deniability. The initial stages of the attack would only last a few hours, but there would be lingering effects lasting days or weeks. It would look something like this:
where Flag 1 is the attacker (China, hypothetically in this case), Flag 2 is the Bot Herder (explained below), Flag 3 is the Zombie (somewhere in Mexico, hypothetically), and Flag 4 is the target (the U.S. in this case). The following table explains the scenario:
|1. (Attacker) In this scenario, tension over proposed US legislation to raise tariffs on Chinese imports triggers a crisis. Beijing orders a limited attack on the computer systems of US congressmembers and corporations that support the bill. Chinese security officials hire criminal bot herders to launch the denial of service attacks. Payments are routed via anonymous services like PayPal (often using branches based in Latin America). Target IP addresses and email accounts (harvested in earlier operations) are distributed through private chat rooms used by criminal hackers. Once the attack is under way, a Chinese media and diplomatic campaign will portray the attackers as cybervigilantes operating on their own.|
|2. (Bot Herder) Freelance computer hackers function as the project managers for the DDoS attack. Typically, a hacker or a syndicate of hackers control one or more giant botnets, worldwide networks that can include 100,000 computers. Each machine has been surreptitiously infected by the bot herder with a bot, a remotely controlled piece of malicious software. Herders usually make their living by renting these networks out for commercial spam, phishing fraud, and denial-of-service extortion. On the bot herder's signal, his network of bots can launch millions of packets of information toward a single target, overwhelming its defenses and either crashing it or driving its owners to shut it down as a defensive precaution.|
|3. (Zombie) Once an ordinary computer is infected by a bot, it becomes one of the unwitting drones that make up a global botnet. When these machines, known as zombies, receive a signal from the bot herder, the bot takes control of its host and sends out multiple packets of information — usually spam — to designated targets. Thanks to the distributed nature of these networks, attacks appear to be coming from random personal computers located all over the world. In this scenario, many will even be from within the US. And if you're wondering if your PC is infected, detection isn't easy. Fortunately, new versions of home security software, like Norton AntiBot, are targeting this new strain of malware. But bots keep mutating, so the game is far from over.|
|4. (Target) A full-scale DDoS attack meant as an act of war might target military and government servers, civilian email, banks, and phone companies. But in this more likely scenario, the targets are Web sites and email systems of congress members and corporations that support higher trade barriers. These groups blame the Chinese government, but can't prove it. Nevertheless, targets will be effectively shut down while they undergo security upgrades and damage assessment, inhibiting their ability to work on behalf of the legislation.|
According to Gregory Rattray (2009), there are three likely scenarios of what's going to happen because of all the Internet mischief in cyberspace. These three possibilities are:
Scenario #1 -- Malicious
activity in cyberspace becomes so pervasive that a crisis of confidence
develops, and governments and corporations scramble to exert greater control,
but eventually give up, resorting to behind-the-scenes work in "walled gardens,"
allowing the rest of the world to degrade and decay economically and socially
with an egregiously offensive (and criminal) Internet.
Scenario #2 -- A set of nation-states go to cyberwar against one another, followed by dissenters and protesters who turn to disruptive attacks, and as the world becomes accustomed to nonkinetic modes of mass disruption, terrorists or insurgents jump on the bandwagon, launching a new form of long-term, cyber-guerrilla warfare.
Scenario #3 -- Technological breakthroughs occur which allow the transmission of digital information via electromagnetic pulses or some other form of directed energy, and terrorists exploit this new technology to launch pinpoint, assassination-like strikes against specific targets.
In addition, according to Janczewski & Colarik (2007), the trend is for physical terror attacks to be followed by cyber terror attacks. Even an international incident (like an airplane crash) can trigger a cyber war between two nations, as both sides go on the defensive with their computer systems. Cyberterrorists can easily trigger cyberwarfare between two nations who are equally disliked by the terrorists.
Obviously, the easiest way to counter cyberterrorism is to monitor all Internet traffic, but terrorists have learned to use innovative techniques to protect and secure their communications. For example, they have been know to send fake streams of email to throw authorities off the track. Additionally, anyone can utilize the electronic version of a "dead drop" which involves opening up an email account somewhere, creating a message, saving the message as a draft, but then instead of sending it, just let the intended receiver have the account name and password to read the draft. This technique was utilized by the Madrid bombers. The two most important things for countering cyber-terrorism are: (1) attribution -- who is behind it; and (2) characterization -- how did they do it. As Condron (2008) points out, these two intelligence requirements have long been the elusive goals of counter-cyberterrorism. Every legal system requires determination of an attacker's identity and most criminal charges require evidence of intent -- not easy things to do in the digital age. One way to show both intent and action is to map out the organizational characteristics of the cyberterrorist network since they rarely work alone. For this, it's useful to look at traditional hacker networks. It can be safely said that hackers, like terrorists, tend to work in asymmetric, non-hierarchical formation, which means that they do not have organizations like linear gangs and so forth, but instead rough and temporary alliances. The concept of netwar (Arquilla & Ronfeldt 2001) may or may not be useful at explaining these new kinds of formations, but it is at least an attempt to characterize these non-traditional forms of organization. Criminal networks tend to have the following types of members, which can be compared to the types of members found in terrorist networks, as follows:
Membership Roles of Hacking/Terrorist Networks
|Organizers -- core members who steer group||Leadership -- charismatics who lead group|
|Insulators -- members who protect the core||Bodyguards -- members who protect leaders|
|Communicators -- pass on directives||Seconds in command -- pass on orders|
|Guardians -- security enforcers||Intelligence -- and counterintelligence agents|
|Extenders -- recruiters of new members||Financiers -- fund raisers & money launderers|
|Monitors -- advisors about group weaknesses||Logistics -- keepers of safe houses|
|Members -- those who do the hacking||Operations -- those who commit the terror|
|Crossovers -- people with regular jobs||Sleepers -- members living under deep cover|
Netwar, it might be said, is the most likely way cyberterrorists would operate. They have an interest in getting their message and/or demands across, so therefore they would use the Internet to disseminate information, misinformation, or conduct selective sabotage or extortion. A number of terrorist groups already have websites, and more can be expected. Hackers of the average and script-kiddie varieties seem to have specialized in the direction of hactivism, which involves defacing existing websites to put some self-glorifying logo or message on it. Far more dangerous activities are possible. It is unlikely that terrorists will ever give up their traditional weapons, but the day may soon come when they add computers to their arsenal. The most likely scenario is a traditional attack simultaneously accompanied by a computer attack. This is, in fact, implied as the most likely scenario envisioned by Arguilla & Ronfeldt (2001), who define netwar as follows:
|NETWAR refers to information-related conflict at a grand level between nations or societies. It means trying to disrupt or damage what a target population knows or thinks it knows about itself and the world around it. A netwar may focus on public or elite opinion, or both. It may involve diplomacy, propaganda and psychological campaigns, political and cultural subversion, deception of or interference with local media, infiltration of computer networks and databases, and efforts to promote dissident or opposition movements across computer networks (Arquilla & Ronfeldt's RAND archives).|
Cybercrime and cyberterrorism are not coterminous. Cyberspace attacks must have a 'terrorist' component in order to be labeled cyberterrorism. The likelihood of a cyberterror attack increases every day, as every day the Internet and countless other computer systems are under increasing attack and/or used by terrorists in various ways. "Use" by itself does not normally comprise cyberterrorism, just "use" which borders on "offensive use" or "misuse" at least according to Kent Anderson's article on Politically Motivated Computer Crime, pdf, however, thought on the offensiveness of "supporter websites" is still evolving (Weimann 2006), and the Jamestown Foundation probably has a good set of experts who analyze the websites of terrorist organizations and supporters. In 1999, Time magazine reported that 12 of the 30 terrorist groups deemed Foreign Terrorist Organisations (FTOs) by the United States Department of State had their own Web sites, and by 2005, a majority of the groups on the same list have an online presence, some of which are hosted by American site hosting companies. A determined attacker (or attackers) will soon learn what works and what doesn’t, where the vulnerabilities are, how responses are patterned, and what methods are used for detection, apprehension, and prosecution. Cyberterrorism is not a matter of if, but when. A sampling of definitions are given below:
|CYBERTERRORISM is the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives. (Source: Kevin Coleman's 2003 article)|
|Cyberterrorism refers to premeditated, politically motivated attacks by sub-national groups or clandestine agents against information, computer systems, computer programs, and data that result in violence against non-combatant targets" (Pollit n.d.)|
|Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not. (Denning 2000 & 2001)|
Just as a legal system needs to take a solid stand against cybercrime, there is a need to be proactive about cyberterrorism. No longer can just "keeping up" with technology be afforded. A premise behind the term cyberterrorism is that cyberspace will be used to unlawfully attack or perpetuate threats upon a government, society, or an individual through computer networks. These kind of attacks are meant to penetrate deep into a society's institutional information system which controls vital information or resources, and which assists with or controls daily operations. These daily operations are not limited to, but include business finances that may ultimately influence all levels of economics, organizational security systems, institutional safety measures, or entire system control devices. To "knowingly" constitute cyberterrorism the attack must in some shape or form cause major property damage, violence, death, or bodily injury against the person, society, institution, or government the attacker wishes to affect. If none of the above occurs, there is no legal case against the cyberterrorist, but at a bare minimum the predicate or preliminary activities of a cyberterrorist should easily catch the attention of authorities and/or the general public. A distinct planning problem therefore becomes how to handle the alarm or substantial fear, which in turn may influence public decisions or the actions of governmental policy makers in the direction of the terrorist’s agenda (Furnell, 2002). Cyberterrorism ultimately effects national and economic security (Verton, 2003).
THE LAW OF CYBERWARFARE
Ever since the mostly still-classified PCCIP (President's Commission on Critical Infrastructure Protection) Report of 1997 (also called the Marsh Report), serious concerns have existed regarding the legal framework for safeguarding critical infrastructures from computer attack. Port scans may not constitute cyberterrorism unless there is a real chance of causing violence, fear, or economic damage. Causing violence is the essential part of the FBI definition of cyberterrorism as "any premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents." Instilling fear (or creating terror) is the essential part of the NIPC definition as "any destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda." Likewise, Denning's (1998) definition is that "to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear." Economic damage is another essential part of most definitions, such as the CSIS definition (pdf) which holds that it is "the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population." A pressing legal problem involves how to distinguish between cyberterrorism and what might be called cyberhooliganism. Sharp (1999) and Aldrich (2005) provide some insights into this as well as the legal foundations for cyberwarfare, which shall concern us as the question of when certain cyber-incidents trigger national security powers, with Sharp (1999) holding to a self-defense position (under international law) and Aldrich (2005) pointing out other possibilities.
Cyberwarfare sometimes goes by the name of information warfare, and to be even more correct, as "information operations," a DOD term which encompasses both offensive actions taking in time of war and defensive actions taken during peacetime. Technically, information operations would include psychological operations (PSYOPS) designed to convey selected indicators to foreign audiences so as to influence their emotions, motives, reasoning, and behavior. Some writers and the media tend to use the terms cyberwar, infowar, and PSYOPS interchangeably (e.g. Campen et. al. 1996). Infowar tends to be the more engineering-oriented term (e.g. Waltz 1998) that embraces PSYOPS most completely. We shall not, however, be using the infowar term, preferring cyberwar instead, because as Adams (1998) points out, infowar is mostly about exploitation of information when we are concerned primarily with cyberterrorism where resources are attacked, damaged, and/or destroyed. This may not be the best terminology, but it is consistent with at least some conceptions of infowar (e.g. Schwartau 1996). Key early works on information warfare include: Toffler & Toffler (1993); Arquilla & Ronfeldt (1993); and Schwartau (1994).
During June 1997, a no-notice drill was conducted by NSA (dubbed ELIGIBLE RECEIVER) to see if there was too much sensitive information openly available on the Internet and if some of it could be enhanced by social engineering, as it easily was. During February 1998, a series of computer attacks were launched against DOD computers from unknown parties in Israel, the United Arab Emirates (UAE), France, Taiwan, and Germany. Called SOLAR SUNRISE, a second and more classified attack (dubbed MOONLIGHT MAZE) was discovered the following month, the trail this time leading back to Russia. Since those days, cyberattacks against sensitive or critical government computers have numbered in the hundreds of thousands per year, coming from about 25 nations mainly. Only 1,800 of these attacks have been identified as cyberterrorist attacks, and while the Gartner Research "digital Pearl Harbor" scenario conducted in 2002 is unlikely (five cyberterrorists in a boat over the Mediterranean bringing down the entire US telecom and energy infrastructure), several nation-states and several international terrorist groups are suspected to have cyber-brigades that do nothing but probe and scan for weaknesses and vulnerabilities in the US infrastructure every day. The question becomes: does this constitute warfare?
Difficulties exist in attributing a cyberattack to a foreign power or agent. Ever since PDD-63 of 1998, US policy has been to treat any cyberattack as a law enforcement problem first, then see if circumstances enable elevation to a national security response. However, the US has never really been satisfied with the traditional law enforcement solution (see, e.g., the US position on the Council of Europe's proposed Cybercrime Convention). Phillip Johnson's (2002) unpublished article, entitled "A National Security Response to Computer Intrusions" is more instructive about the likely direction the US is headed in (archived here by the Air Force as a doc file but NOT reflective of the views of any officer or employee of the Department of Defense). A national security response to a cyberattack would consist of one or both of the following elements:
"track-back" -- where officials quickly trace an attacker through the Internet nodes transited by obtaining the transactional data from each node. Such action may require the cooperation of Internet Service Providers or a legal means of compelling subscriber information from such providers. Alternatively, forensic toolkits may be used, along with pen register and trap and trace devices. If the computer intrusion is disrupting a real-time military deployment or combat operation, or presents an imminent and serious threat to public health and safety, or is producing extensive property damage or paralyzing financial institutions, there is a need for urgent action in the form of utilizing constitutional exemptions to search & seizure law, such as the "exigent circumstances" exemption or the "hot pursuit" exemption.
"shoot-back" -- once the computer equipment is located (meeting the disruption and/or threat requirements above), it may be possible to damage and destroy it by electronic means or traditional military means. Electronic means (such as discharging an electromagnetic pulse toward the equipment) would probably have to meet just war standards regarding proportionality and discrimination, ensuring no unintentional or collateral damage to nearby noncombatants. Traditional military means would involve a raid by special forces or a cruise missile through the window.
In sum, a cyberattack become cyberwar when an imminent and substantial threat exists to an important national security interest, and/or circumstances demand the expedited location of the attacker, and/or a forcible response is necessary. Cyberwarfare follows the rules of just warfare and customary international law, discriminating between combatants and non-combatants and not being excessive in relation to any incidental (collateral) damage caused. In many respects, the legal problems facing cyberwarfare do not appear to be largely international in nature. Domestic laws may present the problem. The US has some rather stringent laws regarding abuse of computer systems, such as the Personal Privacy Act (PPA), the Electronics Communications Privacy Act (ECPA), the Economic Espionage Act, and the Computer Fraud and Abuse Act (CFA). Likewise, numerous states have jumped on the cybercrime bandwagon to pass all sorts of state statutes, which theoretically at least, might prohibit national security officials from engaging in cyberwarfare. The following exemption exists, however:
Exemptions to the Computer Fraud and Abuse Act (last amended 1999)
|Criminal penalties are proscribed against knowingly or recklessly damaging or gaining unauthorized access to protected computers, where "protected computers" are defined as those used in interstate commerce or foreign commerce or communication. The exemptions to this proscription include "any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the US, a state, or a political subdivision of a state, or of an intelligence agency of the US." (18 USC Section 1030 2002)|
Note that the above exemption does NOT cover the military. Several attempts have been made by the DOD to get legislative relief on this matter, but in another sense, it doesn't matter, since the military is assumed exempt sub silentio (Aldrich 2005). Many statutes do not contain specific exemptions for the military, but such statutes often are never enforced in practice against the military when acting in their national defense role. After 9/11, the DOD dropped its lobbying to get legislative relief on 18 USC 1030 because it feared doing so would place in jeopardy a number of other statutes where a national defense exemption is assumed.
American vigilantism tends to arise in the absence of a formal criminal justice system. Brown (1975) defined vigilantism as "morally sanctimonious" behavior aimed at rectifying or remedying a "structural flaw" in society, with the flaw usually being some place where the law was ineffective or not enforced. The word vigilante is of Spanish origin and means "watchman" or "guard" but its Latin root is vigil, which means "awake" or "observant." When it is said that someone is taking the law into their own hands, this usually means that they are engaging in vigilante activity, or vigilantism. The "crime" of vigilantism is not expressly prohibited by law. What constitutes the "crime" in vigilante activity is the underlying crime that is committed in conjunction with vigilante activities. In charging the vigilante, the federal government and most states attempt to make a distinction between whether the underlying crime is a felony or misdemeanor. The most common sentence if the underlying crime is a misdemeanor is probation. Reduced charges, such as third-degree murder or manslaughter, are common when the underlying crime is a felony, the most common sentence being ten years in prison.
Classic vigilantism, of course, involves lynching and the like, but neo-vigilantism emerged in the 1920s and pseudo-vigilantism in the 1970s. Neo-vigilantism includes the anti-abortionist movement, subway and neighborhood crime patrols, border security groups, and what might be best described as a variant of bounty hunting for criminal fugitives. Recent vigilante activity against illegal immigrants are a type of neo-vigilantism. Pseudo-vigilantism technically refers to controversial cases of self-defense, like the Bernhard Goetz incident, in which a citizen kills somebody in self-defense in anticipation of an attack. In the 1990s, cyber-vigilantism emerged where so-called "ethical" or "white hat" hackers go after sexual predators, terrorists, spammers, auction frauds, and copyright infringers on the Internet. For example, some activist groups are involved in anti-terrorism, and other activist groups pose as "honeypot" targets for child molesters.
There are two main types of vigilantes: the lone wolf; and the instigator. The lone wolf is commonly portrayed in the media, but the more common and classical type is the instigator. A lone wolf is likely to be disorganized, and easily caught or killed. Sometimes, a lone wolf is seeking martyrdom. However, the vast majority of lone wolves abandon their plans and channel their energies into some other type of self-protection, such as arming themselves and/or taking up some activist cause. On the other hand, an instigator is the kind of person who is not only well-organized themselves in their preparations, but they involve others (a significant other, a small group, or sometimes a mob) in their plans. Sometimes, organized training exercises are held, and despite the vigilante leadership's best efforts, membership always seems hard to maintain. A vigilante group frequently lacks support, and all that usually remain are "hard-core" members who typically refer to themselves as the "inner elite" or something like that.
Some members are interested in joining the vigilante group only because they are interested in military or law enforcement work, and/or plan to become soldiers or law enforcement officers. When they do become soldiers or officers, this is ideal for the vigilante group because such members are receiving training from the government. Most such members, however, withdraw or abandon their vigilante connection soon after the influence of government service presents them with ethical and professional conflicts. Another typical pattern of vigilante group activity is the quest for recognition of legitimate status. Vigilantes will often try to incorporate themselves as a private security firm or a non-profit organization. They will try to be recognized by the local sheriff so they can march in local parades or have a booth at the county or state fair. They will try to be recognized by the Chamber of Commerce. They will try to be recognized a part of the state militia, or the militia movement nationwide. Others will avoid any association with the militia movement because they consider them domestic terrorists. The vigilante quest for legitimacy can lead to some unusual allies and bedfellows, but the more rational vigilante groups will avoid extremists and fanatics, and the even more rational groups, such as the well-known Guardian Angels, will have extensive rules of engagement where non-lethal force is used (even though their charter permits deadly force). Legitimacy can sometimes be achieved by appearing to be better than the government.
Established vigilante groups will usually be one of two kinds: crime control vigilantes; or social control vigilantes. The crime control vigilante group seeks to punish those whom they believe are factually guilty of criminal wrongs (e.g. thieves, outlaws, fugitives from justice), and in this sense are simply playing the role of bounty hunter except that the bounty hunter is concerned for legal guilt, not factual guilt. The social control vigilante group seeks to repair some transgression in the social order that threatens to affect the communal quality of life, values, or sense of honor (e.g. illegal immigrants taking jobs away from average workers, ethnic males who threaten to seduce wives and daughters away, anything that makes one's children run away). The social control group is probably the most dangerous type because they might contemplate assassination of a political leader in the name of social order. The crime control group is usually caught up in a retaliation cycle at the local level whenever they perceive an act of injustice to occur.
Zimring (2004) says that the vigilante mindset is the opposite of the due process mindset. Vigilante thinking is precisely the opposite of any notion of fairness, fair play, or a chance for acquittal. Vigilantes do not care to wait for the police to finish their investigation, and they care less about any court's determination of proof. What they do care about is justice -- quick, final, cost-effective justice. To a vigilante, punishment should be inflicted upon those deserving of it at the first opportunity -- no waiting, and the more severe the punishment, the better. These are all romantic notions that feed an appetite for punishment more than an appetite for vengeance.
TARGETS OF CYBERVIGILANTISM
Over and above, the most frequent target of cybervigilantism is the cyberpredator. Sex offenders, by and large, are perhaps the most heterogeneous group of offenders in all of criminology. There are a number of controversies and/or myths about them, and cyber-sexual offenders are no exception. On the Internet, one can easily find pedophile groups like Free Spirits, NAMBLA, the Rene Guyon Society, and the Childhood Sensuality Circle who make unverifiable claims about history and the inevitability of pederasty (the love of youthful sexual vitality in young boys).
Online predators of children exist, and risks associated with such use of the Internet pose an immediate danger to families and children. The National Center for Missing & Exploited Children has conducted studies which indicate that one in five children (10 to 17 years old) receive unwanted sexual solicitations online every year, and one in four children encounter unwanted pornography. The distribution of child pornography and the use of Internet chat rooms by pedophiles to gain access to children are two of the best-known and most feared forms of cyber-predation. Henderson (2005) documents the numerous large-scale operations conducted by the FBI, Interpol, and other law enforcement agencies which have netted hundreds of alleged offenders since the mid-1990s.
Cyberpredation is sometimes referred to as technophilia, a term coined by New Hampshire police detective Jim McLaughlin to refer to use of the computer to engage in meetings for sexual deviance involving children (McLaughlin 1998). Cyberstalking is another term used to describe predators who troll the Internet looking for youngsters to meet up and have sex with. NBC's Dateline To Catch a Predator is a TV show which outlines many of these behaviors. In McLaughlin's (1998) research, he discovered a distribution of entry-level offenders (called collectors), those who push toward a meeting (travelers), those who make child pornography and just happen to molest children (manufacturers), and those who just like to talk about sex with children (chatters). Important psychological insights can be gained from the study of cyberpredators using existing typologies.
Cyberpredators who Commit Internet Crimes Against Children
| There are two types of sexual cyberpredators. First,
there is the SITUATIONAL sexual cyberpredator. This person does not have a
true preference when it comes to a child as a sex partner. The victim to
this person is incidental, rather than targeted. These offenders are less
likely to have multiple child victims in their past. Some seek child
victims as a pattern of their other violent behavior and others hunt for
child victims for their own sexual experimentation. A few of these
individuals do progress to become serial predators and are at times
difficult to apprehend. They minimize their exposure to the risk of
getting caught, are experienced in committing crimes, and have better
control of their emotions than some other criminals.
Secondly, there is PREFERENTIAL sexual cyberpredator. These people have a true preference for sexual contact with children, and usually have multiple victims in their lifetime. They go to great lengths to gain access to children (employment, volunteerism, marriage.) There are two types of preferential offenders: Sophisticated and Introverted. The sophisticated offender possesses the social skills necessary to relate to children and the introvert lacks confidence, patience, and ability to seduce or trick children. The preferential predator is highly motivated to commit child sex crimes and has a high recidivism rate. This type of person is a manipulator, who will use conversation, gifts, trick, and lures to secure victims. He/she uses sexual fantasies to focus on children and may engage in collecting, producing or trading child pornography. While the computer has a certain appeal to all internet predators of children, for the introvert, it supplies him/her with anonymity, security, and total privacy. He/she is in an unsupervised environment, has easy access to stored material, and the offense provides nearly instant gratification. Cyber crime investigators must understand that the computer is a tool that facilitates the predator’s interest in children. Investigators must understand that the offender is the target of the investigation and not the computer. The computer opens the door for these hunters to identify and locate potential victims anywhere in the world. It also gives them the opportunity to disguise their identities when communicating with children.
There are components within the FBI which consider Internet crimes against children as its second most important priority behind terrorism. There are, indeed, quite a few cases handled by the criminal justice system every month, involving teachers and other authority figures in communities. One of the more interesting crime control methods used is a "shame-based" tactic or humiliation strategy, as in the way cities like St. Paul and Chicago post pictures on the Internet of "Johns" who have been caught soliciting prostitutes. Sex registries are, of course, another variety of this tactic, as are the "perp walks" given to some white collar crime offenders, or the stigmatizing of drunk drivers via special license plates or clothing in some states. The idea of using publicity, shame, or humiliation as a crime control tactic raises some interesting legal and philosophical issues. Nussbaum (2006), for example, discusses the tactic as deriving from a communal sense of disgust (rather than anger), which can be argued to be an emotion which is not easily satiated or satisfied. From that viewpoint then, as well as from legal viewpoints which regard such things as violations of due process, there may be no long-term benefit from uses of such tactics. However, it is fairly orthodox in criminology that such "lightweight" offenders (for lack of a better term) are easily deterred by shame tactics; that is, if they have not severed their ties to society and become "hardened" offenders. On the other hand, much of what is known about sex offending involves its characteristic as a serial, repetitive crime, so therefore the question becomes how much shame is necessary to overcome this predilection.
HOW MUCH PORNOGRAPHY EXISTS IN CYBERSPACE?
According to Ogas & Gaddam (2011), who have studied the online behavior of 100 million people and analyzed billions of web searches, only 42,337 of the one million most-trafficked websites contain sex-related content, which translates into somewhere around 4% of the Internet. This is less than one might expect, and surely less than the 15% or so that the N2H2 (Secure Computing) corporation estimated ten years earlier. Perhaps the number of sites is decreasing, or perhaps a better count will be possible once they all move to the new XXX domain. However, some interesting tidbits can be found in Ogas & Gaddam's (2011) work. For example, one can easily surf Internet pornography sites at most public libraries. Also, Internet pornography viewing is heaviest in the Southern, more Republican, more Bible-belt states. And, in those states, there are more paid subscribers for Internet porn (perhaps they haven't heard about all the free sites). People that pay money for their porn are perhaps different from those who find it for free. It signifies that the person is not reluctant to share the fact they have a prurient interest. Indeed, the "worst" kinds of offenders are likely to believe they have a "following" or social component to their interest.
The "group" aspect of cyberpredation is well known. It exists because this kind of crime involves a need for at least some attempt at establishing a social support network, but what research exists in criminology on this is limited to the study of sex rings which are more active (and quite different) than social support networks. While a full examination of Internet support networks is beyond the scope here, it is useful to simplify our focus on sex rings as a basic type of group formation. Sex rings are arrangements in which at least one adult is involved sexually with several underage victims (Lanning & Burgess 1989), and sex rings exist for one or more of the following purposes:
production of pornography
molestation by adults in the group
sale or transportation of minors for sexual purposes
use of juveniles to recruit others into the ring
use of blackmail, deception, or threats to force children into sexual activity
A sex ring may involve bizarre or ritualistic activity, but most are about money. One of the largest was found in 1977 in Revere, Massachusetts involving 24 men (including psychologists and educators) and 63 boys where the boys were drugged and rented out to other men for 50 dollars a visit. Sex rings have also been discovered in day-care centers around the country. Taylor & Quayle (2003) report that the long-term impact of being a sex-ring participant is to act out sexually against others when the child grows up. Children who are participants in sex rings tend to have the same backgrounds as child prostitutes; i.e., from a dysfunctional family system, raised by only one parent, criminal tendencies in one or more parents, and a likelihood of sexual abuse (incest) in the family (Flowers 2001). Boys ("chickens") and girls ("hustlers") tend to have different reasons for going into prostitution, with "easy money" being a more significant factor for boys and self-esteem being a primary issue for girls. So-called "circuits" or bordellos exist across the nation's cities in which child prostitutes work, and travel between. Most child prostitutes are part-time, and Flowers (2001) identifies four types:
situational (prostitute only under certain circumstances)
habitual (full-time participants in street life)
vocational (consider prostitution a skilled profession)
avocational (self-made professionals, but not on a full-time basis)
To sum it up, cyberspace has become a home for vice and evildoing. Police can certainly crack down on red-light districts, and counterterrorists and vigilantes can certainly do what they do with cyberterrorism, but behind every electronic bit, there are real persons involved, as well as real safety and ethical issues. What's needed in this mostly self-regulated environment is, basically, self-regulation and some ethical framework. Everyone should look at their own part of cyberspace and ask "What can I do?" or "What should I do?" Civil societies use the Internet in civil ways. Good uses must come to outweigh the bad uses.
Center for Strategic & International Studies (CSIS)
Cyberterrorism: How Real is the Threat?
Franklin Zimring (2004) on the Vigilante Mindset (doc)
Hackers Hall of Fame
How to Own the Internet in Your Spare Time
InfoSec and InfoWar Portal
Institute for Advanced Study of Information Warfare
Navy Postgraduate School White Paper on Cyberterror (pdf)
Politically Motivated Computer Crime and Hacktivism Blog
Putting Cyberterrorism in Context
Reality Bites: Cyberterrorism and Terrorist Use of the Internet
SocioSite: Power, Conflict, War, CyberWar, Cyberterrorism
The Crime of Cyber-Vigilantism
The HoneyNet Project (Digilantism)
The Zapatista Social Netwar in Mexico
Time Article on Chinese Hackers called Titan Rain
Tips on Defending against Port Scans
What is CyberTerrorism?
Adams, J. (1998). The next world war: Computers are the weapons & the front line is everywhere. NY: Simon & Schuster.
Aldrich, R. (2005). Information warfare and the protection of critical infrastructure. In J. Moore and R. Turner (Eds.) National security law (pp. 1225-1248). Durham, NC: Carolina Academic Press.
Arquilla, J. & Ronfeldt, D. (1993). "Cyberwar is coming." Comparative Strategy 3:141-65.
Arquilla, J. & Ronfeldt, D. (2001). Networks and netwars. Santa Monica: RAND.
Author Unknown. (n.d.) What are Al Qaeda’s Cyberterrorism Capabilities? from http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/vulnerable/alqaeda.html.
Ballard, J., Hornik, J, & McKenzie, D. (2002). Technological facilitation of terrorism: Definitional, legal, and policy issues. American Behavioral Scientist 45(6):989-1016.
Brown, R. (1975). Strain of violence. NY: Oxford Univ. Press.
Campen, A., Dearth, D. & Goodden, T. (Eds.) (1996). Cyberwar: Security, strategy, and conflict in the information age. Fairfax, VA: AFCEA Intl. Press.
Collin, B. (1996). "The Future of Cyberterrorism," paper presented at the 11th Annual International Symposium on Criminal Justice Issues, University of Illinois at Chicago, at http://afgen.com/terrorism1.html.
Condron, S. (2008). "Getting it right: Protecting American critical infrastructure in cyberspace." Pp. 373-390 in A. Guiora (ed.) Top ten global justice law review articles 2007. NY: Oxford Univ. Press.
Denning, Dorothy. (2000). "Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Policy." Georgetown Univ. Workshop paper.
Denning, D. (2000). "Cyber Terrorism: Testimony before the Special Oversight Panel on Terrorism," U.S. House of Representatives, Committee on Armed Services (23 May), at http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html.
Denning, D. (2000). "Cyberterrorism," Global Dialogue (Autumn), at http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc.
Denning, D. (2001). "Is Cyber Terror Next?" New York: U.S. Social Science Research Council, at http://www.ssrc.org/sept11/essays/denning.htm.
Embar-Seddon, A. (2002). Cyberterrorism: Are we under seige? American Behavioral Scientist 45(6):1033-43.
Flowers, R. (2001). Runaway kids and teenage prostitution. Westport, CT: Praeger.
Furnell, S. (2002). Cybercrime: Vandalizing the information society. Boston, MA: Addison-Wesley.
Gunkel, D. (2001). Hacking cyberspace. Boulder, CO: Perseus Books.
Henderson, H. (2005). Internet predators. NY: Facts on File.
Janczweski, L. & Colarik, A. (2007). Cyber warfare and cyber terror. Hershey, PA: Info. Science Research.
Lanning, K. & Burgess, A. (1989). "Child pornography and sex rings." Pp. 235-255 in D. Zilman & L. Bryant (eds.) Pornography: Research Advances and Policy Considerations. Hillsdale, NJ: Lawrence Erlbaum.
Lanning, K. (1992). Child molesters: A behavioral analysis, 3e. Arlington, VA: National Center of Missing and Exploited Children.
McLaughlin, J. (1998). "Technophilia: A modern day paraphilia." Knight Stick: Publication of the New Hamphire Police Association 51: 47-51.
Nussbaum, M. (2006). Hiding from humanity: Disgust, shame, and the law. Princeton: Princeton Univ. Press.
Ogas, O. & Gaddam, S. (2011). A billion wicked thoughts. NY: Penguin.
Pollitt, M. (n.d.) "Cyberterrorism: Fact or fancy?" Last accessed July 7, 2007 at http://www.cs.georgetown.edu/~denning/infosec/pollitt.html.
Rattray, G. (2001). Strategic warfare in cyberspace. Cambridge, MA: MIT Press.
Rattray, G. (2009). "Cyberspace." Pp. 115-130 in N. Arnas (ed.) Fighting chance: Global trends and shocks in the national security environment. Washington DC: NDU Press.
Rosenbaum, H. & Sedberg, P. (Eds.) (1976). Vigilante politics. Philadelphia: Univ. of PA Press.
Schmalleger, F., & Pittaro, M. (2009). Crimes of the Internet. Upper Saddle River, NJ: Pearson Education.
Schwartau, W. (1994). Information warfare. Berkeley: Thunder Mouth Press.
Sharp, W. (1999). Cyberspace and the use of force. Chicago: Aegis Research.
Sofaer, A. & Goodman, S. (Eds.) (2001). The transnational dimension of cybercrime and terrorism. Washington DC: Hoover Institution.
Stiennon, R. (2010). Surviving Cyberwar. Blue Ridge Summit, PA: Government Institutes.
Stiennon, R. (2013). Cyber Defense: Countering targeted attacks. Lanham, MD: Rowman & Littlefield.
Toffler, A. & H. (1993). War and anti-war. Boston: Little Brown.
Trendle, G. (2006) "Cyber threat." In R. Miller (Ed.), Cyber crime: Current Perspectives (pp. 1-4). Belmont, CA: Wadsworth.
Vatis, M. (2001). Cyber attacks during the war on terrorism: A predictive analysis. Dartmouth College: Inst. for Sec. and Tech. Studies.
Verton, D. (2003). Black ice: The invisible threat of cyberterrorism. Emeryville, CA: McGraw-Hill/Osborne.
Waltz, E. (1998). Information warfare principles and operations. Norwood, MA: Artech House Publishers. [sample excerpt]
Weimann, G. (2004). "How modern terrorism uses the Internet." Last accessed July 07, 2007 at http://www.usip.org/pubs/specialreports/sr116.html.
Weimann, G. (2006). Terror on the internet: The new arena, the new challenges. Dulles, VA: Potomac Books.
Whine, M. (1999). Cyberspace: A new medium for communication, command, and control by extremists" Studies in Conflict and Terrorism 22:231-245.
Zimring, F. (2003). The contradictions of american capital punishment. NY: Oxford Univ. Press.
Zimring, F. (2004). [see Internet Resources above]
Last updated Mar. 19, 2013
Not an official webpage of APSU, copyright restrictions apply, see Megalinks in Criminal Justice
O'Connor, T. (2013). "Cyberterrorism and Cybervigilantism," MegaLinks in Criminal Justice. Retrieved from http://www.drtomoconnor.com/3100/3100lect04a.htm.