In diesem Papier bespricht Laurence Ifrah von der Stiftung Robert Schuman das zunehmende Problem des digitalen Verbrechens in Hinblick auf die jüngsten Anschläge, die auf das Netzwerk der estnischen Regierung verübt wurden. Auch wenn absolute Sicherheit nicht existiere, sei es entscheidend, den Schutz, besonders in Unternehmen, zu erhöhen, so der Autor.
The author examines the context of the digital attack on Tallin on 27 April 2007. This attack occurred following the dismantling of a Soviet-era statue by Estonian authorities. The government’s internet network – as well as the networks of the main banks and insurance companies – were immediately attacked, making websites and networks unavailable.
Information systems experts from NATO, the EU, the United States and Israel have been working with Tallinn experts to solve the problem and counter the attacks. However, the culprits will probably never be identified as the ‚botnet‘ system – a collection of software robots which run autonomously – allows hackers to stay totally anonymous, the author claims.
Secondly, the paper gives an overview of the numerous existing digital attacks such as ‚DOSs‘ (denial-of-service attacks) – which involve saturating the victim’s server with numerous external communications requests sent simultaneously and therefore making the victim’s computer unavailable – ‚rootkits‘, ’spams‘ and ’storms‘. Such systems are so powerful that they may destabilise a country’s economy or interrupt the most sensitive systems such as nuclear central, stock exchanges, financial institutions and insurance companies.
The author observes how the numerous digital tools can be used for criminal means. ‚Phishing‘, for example, consists of creating the exact copy of a bank or financial institution’s website to steal the user’s bank details. Another threat is industrial espionage, comprising stealing strategic information from companies. This information is usually sold on ‚e-bay‘ and does not stay online for more than 2 hours. However, the proliferation of these attacks is due to the vulnerability of most systems and software, which must be regularly updated to avoid breaches, the paper highlights.
In addition, the author makes a number of recommendations that companies should take into account:
- Users should be warned about ‚compulsive clicking‘ and commit to taking part in data protection;
- laptops, PDA, Smartphones, and peripherals such as USB keys and external disks should be systematically checked;
- a charter on utilisation of information systems should be integrated to the company’s internal rules and signed by each employee, and;
- access to Peer-to-Peer websites, instant messengers and webmails should be banned.
Nowadays, digital crime can be compared to arms, drugs and human trafficking, and it is therefore necessary to address this issue and repress its development, the author concludes.