Cybercrime involves, both in Romania and worldwide, a multitude of crimes, such as “against the confidentiality and integrity of data and computer systems, child pornography through computer systems, […] and the act of introducing , modify or delete, without right, computer data or to restrict, without right, access to data or prevent in any way the operation of a computer system, in order to obtain a material benefit “
Several specialized studies, conducted by specialists in criminal and computer security and sociologists, have illustrated the fact that all criminal behavior in the field of information systems, are based on three main factors: motivation to commit the act, regardless of whether – intrinsic or extrinsic, the opportune moment to carry out the action and, last but not least, the inability of the victim to defend himself properly, due to ignorance or lack of experience.
Along with these factors, the behavior specific to cybercrime can also be dictated by the level of emotional involvement related to the organization or person concerned. Thus, two categories of attacks can be identified: those initiated from within the targeted institution and those from outside it.
Motivations, regardless of the attacker’s position towards the target computer, can be multiple, such as: curiosity, testing of limits and vulnerabilities, out of revenge or greed. Also, the desire for power and control over the victim can be a personal satisfaction, in terms of humiliating the company or the person concerned and the possibility of inducing a state of chaos generated by the inability to defend themselves.
The notion that most attacks are initiated by people inside the company has been refuted by several reports, published in 2004, by various companies specializing in computer security. Initially, this trend was relatively true, but after the emergence and, especially, after the spread of Internet connection possibilities, more and more attacks turned out to be initiated by people outside the company.
However, attacks carried out through an employee are the easiest to orchestrate and offer greater guarantees of success, because his access does not raise many suspicions, even if he tries to know information that does not concern him. This type of behavior exploits precisely those vulnerabilities ignored by the staff responsible for the security of the computer system, or, conversely, may commit criminal acts, in the computer field, due to negligence or ignorance of the rules of the institution concerned.
The most dangerous attacks are those coming from the personnel responsible for the implementation and maintenance of the computer system and the server network, because they cannot be detected when initiating any kind of crime, such as bank fraud, information theft or sabotage. Also, the managers do not act according to the procedures, but prefer to act at the company level, to cover up the losses registered and to dismiss the persons concerned.
In the case of attacks from outside the company, there are two possible categories of people involved: those from former employees, temporary employees, consultants or subcontractors and those initiated by people not directly involved with the target institution. The latter can, in turn, be separated into two categories: those who attack the system to identify possible vulnerabilities and those who seek to obtain material benefits or humiliate the victim.
Like hackers from within the institution, those in a direct relationship of subordination or equality with the target company also attack known vulnerabilities in the computer system. A special category of staff at high risk of recidivism is that of hackers hired to check the security level of the server network, because once such a deed, the probability of resuming this habit is very high, regardless of the motivation. its initial. Former employees can also be a real danger to the company in question, if, after leaving the job, its right to access the computer system and the building is not revoked. Also, if the person leaving is part of the category of staff responsible for administering the system, then it is necessary to change, on a large scale, the set passwords, because there is a possibility that he has already stolen the database with all this sensitive data.
The behavioral patterns specific to these two categories of attackers, persons under an employment contract or under direct contact of subordination or equality with the target company, are quite similar. The people in question are usually introverted, do not have a high level of social interaction, because they prefer the company of “virtual friends” with whom they share the same passions and interests.
Regardless of their professional training, personal and social frustrations can act as a trigger, thus regaining comfort and self-confidence when an attack succeeds. In the view of the attacker, his actions are justified due to ignorance of the limits, in the field of computer security, nor does he perceive the acts committed as illegal, because the stolen data cannot be quantified in the real, physical world.
These people can also develop behaviors that lack compassion and loyalty, especially when the institution in question is going through a difficult period, economically or ideologically. With the emergence of an organizational crisis, the “latent” attacker will take advantage of the chaos created at the institutional level and will act, under the cover of lack of supervision. On the other hand, people in charge of managing IT systems may feel entitled to preferential treatment, being aware of the importance, in such moments, of stopping any type of attack that could maximize the damage caused and such a crisis. organizational. If they feel that they have not been valued at their fair value, they can turn into attackers, motivated by the feeling of injustice felt and the desire for revenge.
The most publicized cases of cybercrime are those committed by hackers outside the target company, either because the attacker made public his approach or because the company is trying to find out details about the perpetrators by using independent experts. Most groups organized to commit crimes in the field of information technology have some behaviors specific to this “profession”. First of all, it presents antisocial elements and behaviors, which have their origin since their adolescence, which aim to affirm the individual and compensate for the feeling of social non-acceptance, by “promoting” his abilities.
The primary need to belong to the group together with the desire to assert oneself within it, intrinsically motivates the attacker and fuels his narcissistic behavior, frequently encountered in this category of hackers. Along with these narcissistic elements, the vast majority of criminals in the field of computer science also develop paranoid behaviors, always having the impression that the authorities are after them or that the World Government is trying, through state bodies, to find out as much information about a person as possible. to be able to manipulate for one’s own benefit.
Also, a behavior specific to hackers, outside the target company, is that illustrated by an acute addiction to the computer or to always be an active presence on various social networking sites. Both categories spend many hours in front of the computer (over 10-12 hours a day), and depending on the type of need, the first category considers the unauthorized intrusion into a computer system as an incentive for his higher intellect, and the the second has a high risk of being susceptible to manipulation or, on the contrary, will be a skilled manipulator when it comes to achieving personal purpose.
The lack of direct access to the network of servers or to the computer system forces the attacker outside, in relation to the targeted institution, to always find new methods of discovering vulnerabilities and to be inventive when he has to hide his traces. However, there are many examples, where a hacker did not attack system vulnerabilities, but exactly the errors caused by the existence of a human user, as could be seen in the case of attacks initiated by Guccifer. They also targeted the specific naivety of users, based on the fact that they are protected by antivirus, but also the lack of minimum knowledge in the field of information security.
Most of the groups, whose main object of action is cybercrime, did not act in order to steal, directly, some material benefits, but resorted to impersonation and other techniques to cause material damage or image capital, along with of legitimate methods of obtaining sums of money, following the use of a false identity.