2. 1 Figure 1-3: Attack Trends Growing Incident Frequency  Incidents reported to the Computer Emergency Response Team/Coordination Center  1997: 2,134  1998: 3,474 (75% growth from the year before)  1999: 9,859 (164% growth from the year before)  2000: 21,756 (121% growth from the year before)  2001: 52,658 (142% growth from the year before)  2002: 82,094 (60% growth from the year before)  2003(1Q-3Q): 114,855  Tomorrow?

3. 2 Figure 1-3: Attack Trends Growing Randomness in Victim Selection  In the past, large firms were targeted  Now, targeting is increasingly random  No more security through obscurity for small firms and individuals

4. 3 Figure 1-3: Attack Trends Growing Malevolence  Most early attacks were not malicious  Malicious attacks are becoming the norm

5. 4 Figure 1-3: Attack Trends Growing Attack Automation  Attacks are automated, rather than humanly- directed  Essentially, viruses and worms are attack robots that travel among computers  Attack many computers in minutes or hours

6. 5 Figure 1-4: Framework for Attackers Elite Hackers  Hacking: intentional access without authorization or in excess of authorization  Cracking versus hacking  Technical expertise and dogged persistence  Use attack scripts to automate actions, but this is not the essence of what they do

7. 6 Figure 1-4: Framework for Attackers Elite Hackers  White hat hackers Break into system but notify firm or vendor of vulnerability This is still illegal  Black hat hackers Do not hack to find and report vulnerabilities  Gray hat hackers go back and forth between the two ways of hacking

8. 7 Figure 1-4: Framework for Attackers Elite Hackers  Hack but with code of ethics Codes of conduct are often amoral “Do no harm,” but delete log files, destroy security settings, etc. Distrust of evil businesses and government Still illegal  Deviant psychology and hacker groups to reinforce deviance

9. 8 Figure 1-4: Framework for Attackers Virus Writers and Releasers  Virus writers versus virus releasers  Only releasing viruses is punishable

10. 9 Figure 1-4: Framework for Attackers Script Kiddies  Use prewritten attack scripts (kiddie scripts)  Viewed as lamers and script kiddies  Large numbers make dangerous  Noise of kiddie script attacks masks more sophisticated attacks

11. 10 Figure 1-4: Framework for Attackers Criminals  Many attackers are ordinary garden-variety criminals  Credit card and identity theft  Stealing trade secrets (intellectual property)  Extortion

12. 11 Figure 1-4: Framework for Attackers Corporate Employees  Have access and knowledge  Financial theft  Theft of trade secrets (intellectual property)  Sabotage  Consultants and contractors  IT and security staff are biggest danger

13. 12 Figure 1-4: Framework for Attackers Cyberterrorism and Cyberwar  New level of danger  Infrastructure destruction Attacks on IT infrastructure Use IT to establish physical infrastructure (energy, banks, etc.)

14. 13 Figure 1-4: Framework for Attackers Cyberterrorism and Cyberwar  Simultaneous multi-pronged attacks  Cyberterrorists by terrorist groups versus cyberwar by national governments  Amateur information warfare

15. 14 Figure 1-5: Framework for Attacks Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration Penetration Attacks Social Engineering -- Opening Attachments Password Theft Information Theft Scanning (Probing) Break-in Denial of Service Malware -- Viruses Worms