From your personal laptop to Target’s databases, it seems that since the digital age dawned cyber terrorists have been lurking just around the corner. But who are these people? What are their methods? Why do they do it? Nicole Beebe, the Melvin Lachman Distinguished Professor in Entrepreneurship and associate professor of information systems and cyber security in the UTSA College of Business, says it comes down to the hard truth that information is power.
“Everything is digital,” Beebe said. “If you can get into people’s computer systems, you have the keys to the kingdom.”
But just who are these people? According to Beebe, there are hacktivists, essentially people committing civil disobedience to make a statement. Then there are cyber terrorists, which are more closely defined as people committing cyber crime as part of a political statement. Some hackers are also participating in cyber warfare, which is cyber crime committed by one nation against another.
“The biggest element is just good old fashioned criminals after money and power,” Beebe said. “Criminals aren’t all dumb. Some of them are very smart. Some criminals are quite smart, and when coupled with greed and technical skill they can be quite a force to be reckoned with.”
Some hackers are extremely skilled, and can be traditionally educated or self-taught. They can be working on their own account or they can be hired by a larger entity.
“I like to think the folks who are educated have some kind of ethics component and don’t use their powers for evil,” Beebe said.
Some cyber criminals aren’t particularly skilled in hacking at all and are using exploitation tools acquired online that allow people to hack systems by just pointing and clicking. Other tools require significant cyber training. But either way, Beebe said, these tools are also useful to people who aren’t committing cybercrime, and are just managing their computer systems.
“It’s just like when you lock yourself out of your car,” Beebe said. “You want the guy or gal who can come by and mechanically open the lock. That’s a tool that can be used by good people or bad people to break into your car. Should we regulate those tools out of existence? No. You punish the behavior.”
The problem with prosecuting cyber crime in many cases is that in some countries hacking isn’t illegal. Cyber investigators often times will follow a digital trail and run into a country with no laws against hacking, making it difficult to pursue the criminal’s trail. The solution, according to Beebe, is greater cooperation between countries and the strengthening of international laws against cyber crime.
“Cyber crimes, even when the trail starts and stops in the same country, often result in digital crime scenes that span the globe. It has to be an international effort, which is a huge challenge,” said the UTSA professor. “We need to keep laws relevant and current, but often times by the time they get through the legislative system the technology has changed. So you have to have laws that are very broad. It’s very hard, but it can be done.”
Companies, in the meantime, have the challenge of protecting themselves against cyber crime by keeping their operating systems up to date, running virus scans and keeping employees aware of digital security risks.
An out-of-date operating system, like Window XP, is a huge risk as Microsoft no longer issues security patches for it.
“It’s like leaving your front door open,” Beebe said.
Employees can unwittingly help hackers find a point of entry into their company’s system by clicking on phishing links and unleashing malware, usually as a result of lack of knowledge of what Beebe calls “good cyber hygiene.”
“You’re only as strong as your weakest link,” she said. “It just takes one user to click the wrong link.”