Cybercrime Morphs Into Cyberwar

Posted: May 01, 2013 12:01 AM
Cybercrime Morphs Into Cyberwar

On April 25, Spanish police, at the request of Holland's national prosecutor's office, arrested Dutch citizen Sven Olaf Kamphuis.

Kamphuis will likely face charges in Holland related to what Dutch officials describe as the most extensive criminal cyberattacks in the history of the Internet.

The attacks, which occurred in mid-March, overwhelmed the website of Spamhaus, a European nonprofit organization that tracks computer viruses (malware) and spam (unwanted email). Spamhaus had blacklisted Kamphuis' Internet company, CyberBunker. Spamhaus alleged that CyberBunker provided hosting services for spammers.

The attacks (distributed denial of service, DDOS attacks) not only denied Internet users access to the Spamhaus website, but slowed Internet connectivity worldwide. Europe experienced the worst disruptions, but subsequent reports indicated the attacks had global effects. Streaming video providers (Internet TV or movie sources) were particularly vulnerable.

Kamphuis utterly rejects the allegation that he is a criminal. In March, he told Britain's Daily Telegraph that he was a victim of a conspiracy. In a New York Times report, he said he was an Internet activist and portrayed Spamhaus as a hoity-toity censor being punished for abusing its influential role as a monitor of spam and spammers.

But an array of organizations, to include several European police agencies, a Dutch Internet service provider and a Silicon Valley Internet security firm assert they have evidence that step by step ties the attacks to CyberBunker and a loose-knit organization of Internet "hacktivists" named Stophaus. Kamphuis has served as a Stophaus spokesman.

The prosecutors and police contend that the Spamhaus incident hacktivism amounts to large-scale vandalism and theft. The service disruptions spawned by the Spamhaus attacks may have merely inconvenienced millions of people around the globe. But given the Internet's increasingly vital role in commerce, it also cost a slew of people money as well as time.

In the Netherlands, DDOS attacks are a crime. At one time, CyberBunker had a facility in Holland. It may still, though Spanish authorities reported that when they arrested Kamphuis they seized a vehicle-mounted cyber operations center crammed with sophisticated digital equipment. Nonetheless, the Dutch government is asserting jurisdiction. Kamphius' attorneys will dispute Dutch sovereignty. Hacktivist radicals dispute any claim of sovereignty over the Internet.

Kamphuis' impending confrontation with Holland's legal system may or may not set European Union precedents for defining (more accurately) cybercrime, investigating and arresting alleged cybercriminals, prosecuting them and then punishing the convicted.

But it could. The incident illustrates, for the umpteenth time, that even if the legal definitions of cybercrime have become more precise, the legal mechanisms for addressing cybercrime (ranging from vandalism to bank robbery) and various non-criminal disputes in cyberspace lag behind the technology and capabilities.

Difficulties in detecting cybercriminal activity frustrate vulnerable companies and individuals, as well as police and prosecutors. Pickpockets flee into alleys. The Internet is a labyrinth. Once detected, tracing the crime back to the criminal requires more than time and computer expertise, it often takes high-level political cooperation.

Cooperation between Holland and Spain is routine. Both are European Union members and NATO allies. However, South Korean businesses recently experienced a wave of criminal cyberattacks (to include theft of proprietary data) investigators tied to North Korean hackers.

Cooperation between North and South Korea to solve cybercrime is unlikely. Every other week, North Korea threatens South Korea with nuclear immolation.

Responsible citizens and governments worry that terrorists may acquire nuclear weapons. The Spamhaus incident demonstrated that a collection of highly skilled hackers can launch a cyberattack on a scale once believed to be the province of high-tech nation-states employing battalions of computer scientists. The hackers swamped Spamhaus servers with 300 billion data bits per second (300 gigabytes). Fifty gigabytes per second was the previous record.

North Korean hackers were attacking one of South Korea's strengths, its economy. Thus cyberwarfare adopts the tactics of cybercrime. Apparently cybercriminals are prepared to return the favor.