The following report takes into consideration two recent cybercrimes for the purpose of analyzing what cybercrime is and who is responsible for it. The opinions of Joseph Migga Kizza and Lawrence Lessig will be evaluated as they relate to the two cybercrimes. As part of the analysis, the underlying assumptions and the practical implications of the two authors will be considered.
Two Recent Cybercrimes
With the popularity of the social media site Twitter, single letter handles are rare. Naoki Hiroshima was the owner of one of those rare handles, @N. He had been offered as much as fifty thousand dollars for the account, which he always declined. On January 20th of 2014, a hacker was able to social engineer part of Naoki’s credit card information from a PayPal representative. The hacker used that information to social engineer a GoDaddy representative into giving him control of Naoki’s domain. The domain was then used as a bargaining piece to force Naoki to trade the Twitter account for the domain (Naoki Hiroshima, 2014). The Twitter account had been the hacker’s target from the beginning.
In a separate case of cybercrime, on July 29th 2011, the hacktivist group Anonymous breached the network of the defense contractor ManTech and stole information from their servers. ManTech provides network security services for the FBI for 99.5 million dollars over a five year contract. The breach was announced by Anonymous via Twitter, and was stated to be in retaliation for the arrest of some of its members, nine days earlier for their participation in a denial of service attack against PayPal (Fahmida Rashid. 2011).
Cybercrime Theories and Analysis
Joseph Migga Kizza takes the position that there are two components to cybercrime; technical and human. The human component of a cybercrime is based on a deficiency in moral or ethical behavior on the part of the perpetrator (Joseph Migga Kizza, 2011, p.8). The technical aspect is the technology that is used to commit or prevent the crime. Under Kizza’s theory of cybercrime, Anonymous and the GoDaddy/PayPal hacker are both to blame for their crimes because they have a lack of moral/ethical foundation which would prevent them from committing their respective crimes. Lawrence Lessig (2006) takes a more technology-based approach to cybercrime, which he terms “Code” (p.5-6). Code is the hardware and software that composes cyberspace, therefore cyberspace administrators and developers are responsible for what is permitted and restricted over the Internet. With the Code theory, administrators and developers share some responsibility for the crimes in both mentioned cases because their lack of diligence led to the vulnerability which facilitated each crime.
For both of the mentioned crimes, the Code theory of cybercrime best fits the situation. In the case of Anonymous breaching ManTech’s servers, political targets will always have hacking attempts made against them – this will only increase as the Internet continues to grow.
As such, administrators and security personnel must stay one step ahead of those that seeks to cause the organization harm. To rely on moral/ethical behavior for network security would have disastrous consequences. Likewise in the case of the GoDaddy/PayPal hacker, moral/ethical behavior can be attributed to the success of the crime. It is the innate desire of most human beings to be helpful which makes social engineering attacks as dangerous as they are. On the other hand, having strict policies in place that state specific conditions for the release of information, would likely have prevented PayPal and GoDaddy representatives from releasing sensitive customer information. Security policies are in alignment with the Code theory of cybercrime.
One problem with basing cybercrime and cybersecurity on a foundation of morals and ethics is that morals and ethics are widely subjective. The theory is based on the idea of an objective morality. General consensus on moral issues might be achievable on a local scale, but the Internet is global. Ideas about morals and ethics vary from place to place, and in many cases moral/ethical beliefs in one region are in direct contradiction to another region. For that reason, it makes more sense to hardwire controls into one’s own location. This might be organizational or governmental in scope, but it allows for fine-tuning of particular situations. An example of fine-tuned control is what has been termed the Great Firewall of China, which bans websites and content that are illegal in China. According to Paul Wiseman of USA Today, “If an Internet user in China searches for the word ‘persecution,’ he or she is likely to come up with a link to a blank screen that says ‘page cannot be displayed’” (n.d.). The Code theory of cyber crime allows for a multifaceted approach to cyber security, where each involved entity maintains its own relevant level of cybersecurity. In practice it prevents a one-size-fits-all approach to cybersecurity, which may not be the best route for all involved parties.
There are a number of approaches to the identification and prevention of cybercrime. Two have been observed here. The two example cases fit the Code theory, but in other situations, another theory of cybercrime might be more appropriate. Yet to construct a system of cybersecurity with a foundation of ethical/moral norms might not be very practical given the global scope of the Internet and those that use it.
Hiroshima, N. (2014). My $50,000 Twitter Username Was Stolen Thanks to PayPal and GoDaddy. Retrieved January 30, 2014 from https://medium.com/p/24eb09e026dd
Kizza, J. (2011). Computer network security and cyber ethics. (3rd ed.). Jefferson: McFarland & Company Inc.
Lessig, L. (2006). Code: Version 2.0. (2nd ed.). Ney York: Basic Books.
Rashid, F. (2011). Anonymous Claims Network Breach of FBI Security Contractor ManTech. Retrieved February 1, 2014 from http://www.eweek.com/c/a/Security/Anonymous-Claims-Network-Breach-of-FBI-Security-Contractor-ManTech-693504/
Wiseman, P. (n.d.). Cracking the ‘Great Firewall’ of China’s Web censorship. Retrieved February 9, 2014 from http://abcnews.go.com/Technology/story?id=4707107&page=1&singlePage=true