Cyber-attacks detection and prevention

Cybercrime is typically manifested through cyberattacks, but purely non-technical aspects must be used to successfully carry out a number of attacks.

Certain illegal conduct in cyberspace or cybercrime-related conduct can be classified under the relevant provisions of the current Criminal Code, but there are certain types of conduct that may be significantly more complicated, or even impossible, to criminalise (in many cases it is rather immoral).

Very often cybercrime is considered a new type of crime. However, a significant part of cybercrime uses or transfers notorious types of illegal conduct (such as fraud, copyright infringement, theft, bullying, etc.) to the digital environment, where they can be committed “better, faster and more effectively” than in the real world. Among the purely cyberattacks, the following, for example, could be included hacking, DoS and DDoS attacks, botnets, etc.

It is characteristic of the virtual world that most users have an incomprehensible, almost limitless trust in it. At the same time, it must be stated that the virtual world is becoming more and more important for us. Personally, I feel that when using the services provided on the Internet, many people stop thinking about possible risks or threats. They are primarily captivated by the seemingly endless possibilities of “new technologies”; how else is it possible to explain the absence of basic defence principles and mechanisms in the virtual world, when in the real world we would behave completely differently. Sometimes, the behaviour of users in cyberspace remind me of the “Strange Case of Dr. Jekyll and Mr. Hyde” by Robert Louise Stevenson (1886). Seemingly decent people in the real world act without any legal or moral restraints in the “pseudo-anonymous” environment of cyberspace. So, for example, it is possible to come across a case of a judge downloading “child pornography”[1], users who have never stolen anything in the real world but have no problem stealing in the virtual world[2], or violating other rights protected by the law of a country.

A number of leading experts have commented on the predictions of the development of cybercrime in the past, of which I would like to quote Schneier in particular, who predicted in 2002 that the next major security trend on the Internet would be crime. “Not cases of viruses, Trojans and DDoS attacks for fun or the opportunity to show off your skills.  It will be a real crime. On the Internet. Criminals tend to lag behind technology development by five or ten years, but eventually realise their potential. Just as Willie Sutton began robbing banks “because there was money,” so modern criminals will begin to attack via computer networks. More and more values ​​(funds) are online than in real money.”[3]

In 2007, the FBI introduced statistics that compared a common “bank robbery” with conduct that is a phishing attack.[4]

In 2012, in relation to information and communication technologies, Goodman stated that “an individual's ability to influence masses, due to these technologies, is growing exponentially. It is growing exponentially for both good and bad purposes". He clearly presents this growth in the development of the crime of robbery, for which a knife or pistol was originally enough in the past, and robbery essentially meant an act between individuals or small groups. "A major 'innovation' took place at the time of a robbery of an entire train carrying 200 people.” The Internet allows for an even greater scale of an attack by one person. The robbery of a large number of users is clearly demonstrated by the case of the Sony Playstation with approximately 100 million injured people."When in the history of mankind could an individual rob 100 million people? But it's not just about thefts…"[5]

In the same year, Robert S. Mueller, FBI Director, gave a speech in the RSA Cyber ​​Security Conference (San Francisco, CA), where he stated, inter alia: “I believe there are only two types of companies: those that have been hacked and those that will be hacked. And even they are converging into one category: companies that have been hacked and will be hacked again.”[6]

Currently, there is an increasing and massive interconnection of various computer systems into cyberspace, which practically generates a direct relationship consisting of the following statement: "the more devices connected, the greater their vulnerability and the greater the number of attacks." One of the graphical representations of the ongoing attacks can be found at: http://map.norsecorp.com/#/; https://cybermap.kaspersky.com/; https://map.lookingglasscyber.com/ etc.

We believe that there is no doubt that cybercrime is on the rise, and it is a global problem. Various statistics show partially different damages caused by cybercrime, but this does not change the fact that they all include primary damages (e.g. malfunction of a computer system, its parts, services offered, infrastructure failure, etc.) and secondary damage (e.g. system recovery, data recovery, reconnection of end users, etc.). Europol reports in its 2014 report[7] that cybercrime costs the global economy around USD 300 billion a year. The community of attackers has changed considerably since the mass expansion of the Internet. Primarily, it means that there are no longer individuals who have committed offences for fun or circumventing barriers. At present, these are usually professionals who do their job in order to profit and are often involved in organised groups.

This shift is understandable and inextricably linked to three aspects:

1)    Dependence of the society on the Internet (or offered services, technologies, etc.),

2)    Cybercrime has become a lucrative global business [the first cyber attacks have already shown the potential for profit, either directly (by drawing funds) or indirectly (e.g. by paying for damage to another person's service)].

3)    Minimum literacy of users who use information and communication technologies (the user is a typical example of the weakest link in the chain).

With the development of all kinds of services based on the principle of as-a-service[8], a number of platforms (typically underground, darknet forums) have emerged in the cybercrime environment, where services are offered that can be described as crime-as-a-service (cybercrime- as-a-service). Thus, a “malware or underground economy” emerges that provides almost any user with the means to commit cybercrime. The following services are offered as standard within the service collectively referred to as crime-as-a-service:

-       Research-as-a-service,[9]

-       Crimeware-as-a-service,[10]

-       Infrastructure-as-a-service,[11]

-       Hacking-as-a-service,[12]

-       Data-as-a-service,[13]

-       Spam-as-a-service,[14]

-       Ransomware-as-a-service etc.

The list of individual services is not exhaustive, and it can be stated that crime-as-a-service includes the possibility to order any conceivable service or commodity that can be used or obtained in cyberspace. The rise of these negative activities is directly linked to the phenomenon of the Internet of Things (IoT), which connects devices (computer systems) with the Internet, and thus poses another significant threat, which lies primarily in disregarding one of the basic principles of security.

Many manufacturers or distributors of computer systems that can be classified as IoT do not address the issue of security (their goal being to bring to market and sell as many devices that can be described as a computer system as possible), which attackers use.

The costs associated with security developments are usually the most costly part of development, but this is an area that needs to be addressed in view of the threats already known. These include, for example: an unsecured communication channel of a pacemaker[15]; a remote- controlled car or aircraft[16]; smart household or its components (refrigerator, boiler, security system, television, etc.), which can be controlled remotely[17], etc.

“How will the world turn out when we are already using 6.4 billion IoT devices this year? Over the next four years, it should be 20.8 billion devices. In addition, many of these devices will have a significantly longer lifespan than the normal life cycle of mobile phones, tablets or laptops. How will a car manufacturer be able to protect the security of the 2020 model ten years later? Or a refrigerator that can stand at your home for fifteen years or more? How long did it take Microsoft to learn how to update its own operating system?”[18]

Schneier states that when it comes to data, attackers can do essentially three basic things with them: steal them (violating the principle of Confidentiality), alter them (violating the principle of Integrity) or prevent owners from accessing them (violating the principle of Availability). Schneier states that with the advent of IoT, the last two types of attacks will become extremely effective.[19]

In the following section, I will introduce some of the attacks that occur in the cyberspace environment. It is not possible to define all attacks, either because of the scope of this publication or because of the impossibility of describing all possible alternative acts subsumable under the term cybercrime. If possible, the specific criminal law qualification of such conduct will be stated for a specific manifestation of cybercrime.