Cybersecurity and Law (UCA)

Insider Actors

A disgruntled former employee may be motivated to engage in cyberattacks in order to get revenge against a former employer or company.(Non State Actors)

Criminal Groups

Criminal groups are motivated to engage in cyber-attacks in order to enrich themselves (greed). Cybercriminals often steal financial and other personal information and sell the information on the dark web. Cybercriminal operated on anonymous (Tor) and peer-to-peer networks (OpenBazaar) (Non State Actors)

Motivation

the cyber-attacks may be motivated by a variety of concerns, including political, economic, ideological, and social.(Cyber Disruption)

Legality

the cyber-attacks may be unlawful under national criminal laws and may violate certain international principles and norms such as sovereignty, non-intervention (noninterference), and self-determination.(Cyber Interference)

Targets

- the targets of the cyber-attacks are critical national infrastructures, corporations, and government agencies or services. Cyber security experts are particularly concerned about the vulnerabilities in supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS) used by critical national infrastructures (e.g. electric utilities).(Cyber Sabotage)

Legality

the cyber-attacks may be illegal under national criminal laws.(Cyber Activism)

Sources

the sources of the cyber-attacks are state actors, state-supported actors, and non-state actors.(Cyber Propaganda)

Cyber Disruption

▪ Message Manipulation - Disruption of an organization's social media presence through the hijacking of a user's account passwords. ▪ External Service Disruption - Disruption of external operations through a distributed denialof-service (DDoS) attack. ▪ Internal Communication Disruption - Disruption of internal operations through a denial of service. ▪ Data Attack - Disruption of internal operations through internal multi-point deletion or encryption of user data; ▪ Equipment Attack - Disruption of internal operations by physically destroying or disabling equipment control capabilities; and/or assess to electric power or other critical infrastructure.

Cyber Interference

is defined as a cyber attack intended to interfere with the political processes and systems within a target state, including campaign webpages, voter registration data bases, voting systems, and elections.

Cyber Propaganda (Cyber Disinformation)

refers to cyber attacks intended to manipulate or influence public opinion in a target state, including spreading false or misleading information on social media, placing deceptive advertisements on social media, and spreading "fake news" on social media.

Cyber Activism (Hacktivism)

refers to the manipulation of digital information to promote a political ideology and the process of using Internet-based socializing and communication techniques to create, operate, and manage activism of any type. A "hacktivist" is a type of cyber activist who, among other things, hacks into a webpage or computer system in order to communicate a politically or socially motivated message, or in order to draw attention to a political or social cause.

Attribution

the cyber-attacks are generally attributable to a particular cyber activist group, but it is difficult to attribute the cyber-attacks to specific individuals(Cyber Activism)

Severity/Intensity

the cyber-attacks are generally limited in their severity and intensity.(Cyber Activism)

Coordination

the cyber-attacks are generally not coordinated with any other cyberattacks by the source actor.(Cyber Activism)

Severity/Intensity

the cyber-attacks are intended to temporarily disrupt or interfere with the use of public or private computer networks and services in a targeted state. There is the potential for financial losses or indirect harm to individuals from such cyber-attacks.(Cyber Disruption)

Motivation

the cyber-attacks are primarily motivated by ideological and political considerations.(Cyber Interference)

Motivation

the cyber-attacks are primarily motivated by ideological and political considerations.(Cyber Propaganda)

Motivation

the cyber-attacks are primarily motivated by social and political considerations(Cyber Activism)

Duration

the cyber-attacks generally last less than 24 hours.(Cyber Activism)

Techniques

the cyber-attacks mainly involve spearphishing and hacking into the computer systems of government agencies (state and local election offices), as well as the computer systems of political parties and campaigns.(Cyber Interference)

Duration

the cyber-attacks may be conducted over several weeks or months before being detected.(Cyber Interference)

Duration

the cyber-attacks may be conducted over several weeks or months before being detected.(Cyber Propaganda)

Coordination

the cyber-attacks may be coordinated with other cyber-attacks (cyber interference or cyber disruption) and military operations by the source of the cyber-attacks.(Cyber Propaganda)

Coordination

the cyber-attacks may be coordinated with other cyber-attacks launched by the same source actor against the same target.(Cyber Disruption)

Coordination

the cyber-attacks may be coordinated with other types of cyber-attacks launched by the same source, including cyber propaganda (cyber disinformation) and cyber disruption.(Cyber Interference)

Attribution

the cyber-attacks may be difficult to attribute to a specific state actor, statesupported actor, or non-state actor.(Cyber Disruption)

Attribution

the cyber-attacks may be difficult to attribute to a specific state, statesupported, or non-state actor.(Cyber Propaganda)

Attribution

the cyber-attacks may be difficult to attribute to a state or state-supported actor.(Cyber Interference)

Legality

the cyber-attacks may be illegal under national criminal laws. While there is no specific provision of international law prohibiting cyber propaganda, international custom generally prohibits the spread of "propaganda hostile to the governments of friendly foreign countries"(Cyber Propaganda)

Duration

the cyber-attacks may be isolated attacks or may occur over a period of several months.(Cyber Disruption)

Legality

the cyber-attacks may be unlawful under national criminal laws. The principle of due diligence under international law requires state actors (governments) to ensure that their own territory and other entities (non-state actors) over which they have control are not used in a way that significantly harms other state actors(Cyber Disruption)

Severity/Intensity -

the cyber-attacks may impact voter registration systems, voting systems, and election outcomes.(Cyber Interference)

Severity/Intensity

the cyber-attacks may influence public opinion, election outcomes, and government policies.(Cyber Propaganda)

Techniques

the cyber-attacks may involve creating and disseminating disinformation.(Cyber Propaganda)

Techniques

the cyber-attacks may involve hacking, malware, and distributed denial of service (DDoS) attacks.(Cyber Disruption)

Techniques

the cyber-attacks may involve website defacement and distributed denial-of-service (DDoS) attacks.(Cyber Activism)

Targets

the main targets of the cyber-attacks are corporations, colleges & universities, organizations, and individuals.(Cyber Crime)

Targets

the main targets of the cyber-attacks are corporations, non-governmental organizations (religious organizations), and government agencies.(Cyber Activism)

Targets

the main targets of the cyber-attacks are individuals (public opinion)(Cyber Propaganda)

Targets

the main targets of the cyber-attacks are the computer networks and information systems of critical national infrastructures, government agencies, and corporations.(Cyber Disruption)

Sources

the sources of the cyber-attacks are mainly state actors and state-supported actors.(Cyber Interference)

Sources

the sources of the cyber-attacks are non-state actors.(Cyber Activism)

Sources

the sources of the cyber-attacks may be state actors, state-supported actors, or non-state actors.(Cyber Disruption)

Targets

the targets of the cyber-attacks are mainly government agencies (state and local election offices), as well as political parties and campaigns.(Cyber Interference)

Attribution

- the cyber-attacks are difficult to attribute to a specific state actor or state-supported actor.(Cyber Espionage)

Legality -

- the cyber-attacks are generally unlawful under existing national criminal laws.(Cyber Terrorism)

Motivation

- the cyber-attacks are ideologically or politically motivated.(Cyber Terrorism)

Severity/Intensity

- the cyber-attacks are intended to acquire personal information, sensitive or classified data, trade secrets, or intellectual property.(Cyber Espionage)

Coordination

- the cyber-attacks are not part of a larger cyberwar, but may be coordinated with efforts by government intelligence agencies or other actors to collect sensitive or classified information (cyber espionage).(Cyber Sabotage)

Techniques

- the cyber-attacks involve hacking, phishing & spear phishing emails, and malware (Trojan horses and spyware).(Cyber Espionage)

Techniques

- the cyber-attacks may involve a variety of sophisticated cyber weapons, including viruses, malware, and distributed denial of service (DDoS) attacks.(Cyber Warfare)

Techniques

- the cyber-attacks may involve hacking, phishing & spear phishing emails, identity theft, spyware, and ransomware. Examples of ransomware include SamSam, Petya, WannaCry, Ryuk, and CryptoLocker.(Cyber Crime)

Motivation

- the motivations of the cyber-attacks depend on the specific sources; state and state-supported actors are generally politically-motivated.(Cyber Sabotage)

Cyber Activists (Hacktivists)

Hacktivists are motivated by causes - political, economic, social, or ideological - and may engage in cyber attacks to promote their causes, including stealing and disseminating sensitive or classified information and conducting a DDoS attack against a target company or website.(Non State Actors)

Foreign Military and Intelligence Agencies (state actors)

The Chinese government, including the People's Liberation Army (PLA) and the Chinese Ministry of State Security, sponsors several Chinese hacking groups such as Comment Crew (Advanced Persistent Threat-APT 1), Elderwood Group, Stone Panda (APT10), Naikon (APT30), Shell_Crew (Deep Panda), and TempTick. ➢ The Russian government, including the Foreign Intelligence Service (SVR), Main Intelligence Directorate (GRU), and Federal Security Service (FSB), has sponsored several Russian hacking groups such as Cozy Bear (APT29), Energetic Bear, Fancy Bear (APT28), and Turla (Venomous Bear). ➢ The North Korean government sponsors several North Korean hacking groups such as the Lazarus Group and Reaper (APT37). ➢ The Iranian government, including the Iranian Revolutionary Guard and the Nasr Institute, sponsors several Iranian hacking groups such as Iranian Cyber Army (ICA), Elfin (APT33), Chafer (APT39), Rocket Kittens, and Tarh Andishan. The Syrian government sponsors the Syrian Electronic Army (SEA) which has targeted opposition groups, foreign leaders, technology companies, and news organizations.

Cyber-attacks

are "socially- or politically-motivated attacks carried out primarily through the Internet. Attacks target the general public or national and corporate organizations and are carried out through the spread of malicious programs (viruses), unauthorized web access, fake websites, and other means of stealing personal or institutional information from targets of attacks, causing far-reaching damage" (nec.com)

Cyber threats

are individuals or groups that "attempt unauthorized access to a control system device and/or network using a data communications pathway. This access can be directed from within an organization by trusted users or from remote locations by unknown persons using the Internet. Threats to control systems can come from numerous sources, including hostile governments, terrorist groups, disgruntled employees, and malicious intruders" (U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency-CISA)

Terrorist Groups

global terrorist groups may be motivated to engage in cyber-attacks in order to further their ideological or political goals, including recruiting members and spreading propaganda, or to influence public opinion in the target state.(Non State Actors)

Intelligence Agencies

government intelligence agencies of countries with cyber capabilities are motivated to engage in cyber-attacks (cyber espionage and cyber sabotage) in order to gather sensitive or classified information from another country or to cause damage to facilities, equipment, or computer systems in another country.(State Actors)

Military Forces

government military forces with cyber capabilities may be motivated to engage in cyber-attacks as part of a conventional military operation against the military forces of another country or in order to degrade or disrupt the ability of the opposing military forces to communicate with each other or effectively conduct their operations.(State Actors)

A cyber threat or cybersecurity threat

is a "malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include computer viruses, data breaches, denial of service (DoS) attacks and other attack vectors. Cyber threats also refer to the possibility of a successful cyber-attack that aims to gain unauthorized access, damage, disrupt, or steal an information technology asset, computer network, intellectual property or any other form of sensitive data. Cyber threats can come from within an organization by trusted users or from remote locations by unknown parties" (www.upguard.com)

Advanced Persistent Threat (APT)

is a cyber-attack in which an unauthorized user gains access to a system or network and remains there for an extended period without being detected. APTs are particularly dangerous for enterprises, as hackers have ongoing access to sensitive company data. APTs generally do not cause damage to company networks or local machines. Instead, the goal of APTs is most often data theft. APTs typically have several phases, including hacking the network, avoiding detection, constructing a plan of attack and mapping company data to determine where the desired data is most accessible, gathering sensitive company data, and exfiltrating that data.

Email Bombing

is a cyber-attack on an individual's email account inbox that involves sending massive amounts of email messages. Email bombing can also refer to flooding an email server with too many emails to overwhelm the email server and bring it down. An email bombing is often a distraction used to bury or hide an important email in someone's email account inbox. In 2016, over 100 email addresses in the U.S. government were targeted with an email bombing attack.

A cyber-attack

is a deliberate and direct aggressive action intended to harm critical infrastructure or to compromise the confidentiality, integrity, or availability of data, resources, or processes through the use of electronic means (Guiora, 2017)

Ransomware

is a type of malicious software (malware), such as CryptoLocker and Reveton, that gets installed on a computer without the knowledge of the user and blocks access to the infected computer (sometimes through the encryption of files on the computer) until a ransom (often paid in the digital currency, bitcoins) is paid to the cyber criminal.

SQL Injection Attack

is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access.

A cyber threat

is an "activity intended to compromise the security of an information system by altering the availability, integrity, or confidentiality of a system or the information it contains. The cyber threat environment is the online space where cyber threat actors conduct malicious cyber threat activity. Cyber threat actors are states, groups, or individuals who, with malicious intent, aim to take advantage of vulnerabilities, low cyber security awareness, and technological developments to gain unauthorized access to information systems in order to access or otherwise affect victims' data, devices, systems, and networks. The globalized nature of the Internet allows these threat actors to be physically located anywhere in the world and still affect the security of information systems in Canada" (Canadian Centre for Cyber Security)

A cyber-attack

is an "attack launched from one or more computers against another computer, multiple computers or networks. Cyber-attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer's data and perhaps gain admin privileges on it" (csoonline.com)

A cyber-attack

is an "attack, via cyberspace, targeting an enterprise's use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information" (Computer Security Resource Center, csrc.nist.gov)

Cyber Security

is the effort to protect information, communications, and technology from harm caused either accidentally or intentionally and to ensure the confidentiality, integrity, and availability of data, resources, and processes through the use of administrative, physical, and technical controls (Guiora, 2017)

Cyber Security

is the protection of internet-connected systems, including hardware, software and data, from cyber-attacks. In a computing context, security comprises cybersecurity and physical security -- both are used by enterprises to protect against unauthorized access to data centers and other computerized systems. Information security, which is designed to maintain the confidentiality, integrity and availability of data, is a subset of cybersecurity (searchsecurity.techtarget.com)

Strategic Rivalries -

major international powers may be motivated to engage in cyberattacks against other major international powers (cyber espionage and cyber interference) in order to gain an economic, military, and/or political advantage. Cyberattacks are a less risky alternative to traditional instruments of power.(State Actors)

Domestic Hacking Groups

nationalist (or patriotic) hacking groups may be motivated to engage in cyber-attacks against other countries on behalf of their government for political or ideological reasons. Members of some hacking groups may be motivated by the desire to avoid government prosecution of their illegal hacking activities and/or to collect financial resources from the government.(State Sponsored Actors)

Man-in-the-Middle (MITM) Attack

occurs when an attacker intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MITM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications or corrupt data.

Cyber Crime

refers to a cyber-attack in which a computer is the object of the crime or is used as a tool to commit an offense such as child pornography, hate crimes, and identity theft. Cyber criminals may use computer technology to access personal information or business trade secrets (cyber theft) or may use the internet for exploitative or malicious purposes (cyberbullying or cyber harassment). Criminals can also use computers for communication and document or data storage.

Denial-of-Service (DoS) Attack

refers to a cyber-attack in which there is a concerted assault on a targeted computer system or a website that disrupts service and makes the computer system or website unusable. A Distributed Denial-of-Service (DDoS) attack involves many computers firing off thousands or even millions of requests for information from a website, which can crash from the sudden overwhelming traffic. DDoS attacks are often carried out using Botnets ("zombies"), which are computers located in multiple geographic locations that are infected with malware to carry out a DDoS attack against a targeted system.

Website Defacement

refers to a cyber-attack on a website that changes the visual appearance of the website. These are typically the work of system crackers, who break into a web server and replace the hosted webpage with one of their own. The most common method of defacement is using SQL Injections to log onto administrator accounts. Defacements usually consist of an entire page. This page usually includes the defacer's pseudonym or "Hacking Codename." Sometimes, the website defacer makes fun of the system administrator for failing to maintain server security. Most times, the defacement is harmless, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware or deleting essential files from the server.

Cyber Sabotage

refers to a cyber-attack that is intended to damage or shut down key infrastructures, facilities, equipment, or computer networks in a target state.

Cyber Espionage (Cyber Spying)

refers to a cyber-attack that is intended to illegally obtain private, confidential, sensitive, or classified information from a target state. There are two types of cyber espionage: industrial or commercial cyber spying (stealing trade secrets, technology, and intellectual property) and national security cyber spying (stealing national security and military secrets).(Cyber Espionage)

Phishing

refers to a high-tech scam that uses e-mail to deceive individuals into disclosing personal information to cyber criminals through requests to update or validate information or to click on a specific link. Spear phishing is a type of targeted phishing that is directed towards a specific individual or group of individuals. Spear phishing may involve email spoofing or website cloning.

Contaminated Hardware (Hardware Trojan)

refers to a malicious alteration or inclusion to an integrated circuit (IC) that will either alter its intended function or cause it to perform an additional malicious function. These malicious inclusions or alterations are generally programmed to activate only under a specific set of circumstances created by an attacker and are extremely hard to detect when in their dormant state.

Malicious Code (Logic Bomb)

refers to a program timed to cause harm at a certain point in time but is inactive up until that point. A set trigger, such as a preprogrammed date and time, activates a logic bomb. Once activated, a logic bomb implements a malicious code that causes harm to a computer. A logic bomb's application programming points may also include other variables such that the bomb is launched after a specific number of database entries. A logic bomb may be implemented by someone trying to sabotage a database when they are certain they won't be present to experience the effects. Logic bombs can cause many types of damage, including data corruption, file deletion, and hard drive clearing.

Malicious Software (Malware)

refers to any software downloaded onto a computer that results in the disruption of computer operations, destruction of data, gathering of sensitive information, gaining access to computer systems, or displaying unwanted advertising. The most common types of malware include Trojans, viruses (macro and stealth), worms, Adware, Spyware, and Ransomware.

Cyber Warfare

refers to cyber attacks intended to cause widespread physical destruction of critical infrastructures, information systems, or computer networks in a target state. Cyber warfare may be coordinated with conventional military operations

Cyber Disruption

refers to cyber-attacks designed to disrupt the use of public and private computer networks, services, and data by the target.

Cyber Crime

refers to cyber-attacks in which a computer is the object of the crime or is used as a tool to commit an offense such as child pornography, hate crimes, and identity theft. Cyber criminals may use computer technology to access personal information or business trade secrets (cyber theft) or may use the internet for malicious purposes (cyberbullying or cyber harassment). Criminals can also use computers for communication and document or data storage.

Cyber Disruption

refers to cyber-attacks that are designed to disrupt the use of public and private computer networks, services, and data by a target.

Cyber Warfare (Cyberwar)

refers to cyber-attacks that are intended to cause widespread physical destruction of critical infrastructures, information systems, or computer networks in a target. Cyber warfare may be coordinated with conventional military operations.

Cyber Sabotage

refers to cyber-attacks that are intended to damage or shut down key infrastructures, facilities, equipment, or computer networks in a target

Cyber Espionage (Cyber Spying)

refers to cyber-attacks that are intended to illegally obtain private, confidential, sensitive, or classified information from a target. There are two types of cyber espionage: industrial or commercial cyber spying (stealing trade secrets, technology, and intellectual property) and national security cyber spying (stealing national security and military secrets)

Cyber (Political) Interference

refers to cyber-attacks that are intended to interfere with the political processes within a target, including campaign webpages, voter registration data bases, voting systems, and elections.

Cyber Activism (Hacktivism)

refers to cyber-attacks that are intended to manipulate digital information to promote a political ideology and the process of using Internet-based socializing and communication techniques to create, operate, and manage activism of any type. A "hacktivist" is a type of cyber activist who, among other things, hacks into a webpage or computer system in order to communicate a politically or socially motivated message, or in order to draw attention to a political or social cause.

Cyber Propaganda (Cyber Disinformation)

refers to cyber-attacks that are intended to manipulate or influence public opinion in a target, including spreading false or misleading information on social media, placing deceptive advertisements on social media, and spreading "fake news" on social media.

Cyber Terrorism

refers to pre-meditated cyber-attacks that are politically- or ideologically-motivated and intended to directly or indirectly cause harm to civilians or destruction in a target state. Cyber terrorism may also involve intimidation or coercion of individuals or the government of a targeted state for political or ideological purposes.

Cyber Terrorism

refers to pre-meditated cyber-attacks that are politically- or ideologically-motivated and intended to directly or indirectly cause harm to civilians or destruction in a target. Cyber terrorism may also involve intimidation or coercion of individuals or the government of a targeted state for political or ideological purposes.

Cyber Security

refers to the process of protecting information and information systems by preventing, detecting, and responding to unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability (U.S. Commission on Enhancing National Cybersecurity)

Spamming

refers to the use of electronic messaging systems, including email and text messaging, to send unwanted or unsolicited messages to large numbers of individuals at the same time. Email spamming is the most common type of spamming.

Hacking

refers to unauthorized intrusion into a computer or a network. The person engaged in hacking activities is known as a hacker. A hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system. Hacking also refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.

Identity Theft

refers to various crimes in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. Identity theft can result in fraudulent applications for loans and credit cards, fraudulent withdrawals from bank accounts, fraudulent filings of federal and/or state income tax returns, and fraudulent use of telephone calling cards or online accounts.

Severity/Intensity

some of the cyber-attacks may cause some damage or disruption to a critical national infrastructure, a corporation's computers systems, or a government agency's website or online services.(Cyber Sabotage)

Attribution

the cyber-attacks are attributable to the non-state actor that claims responsibility for the attacks.(Cyber Terrorism)

Duration

the cyber-attacks are conducted over a period of several days or longer.(Cyber Warfare)

Coordination

the cyber-attacks are coordinated by cyber terrorists using the Internet ("dark web") for communicating, fundraising, planning, and recruiting.(Cyber Terrorism)

Coordination

the cyber-attacks are coordinated by military or intelligence agents of the source state; the cyber-attacks may be conducted prior to or at the same time as conventional uses of military force by a state actor against another state actor.(Cyber Warfare)

Coordination

the cyber-attacks are generally coordinated by government intelligence agencies in the source state.(Cyber Espionage)

Motivation

the cyber-attacks are generally motivated by political and economic factors.(Cyber Espionage)

Legality

the cyber-attacks are generally not violations of existing international laws or norms, but the attacks generally are violations of national criminal laws. However, cyber espionage carried out by an intelligence agent of a source state on the territory of the target state is a violation of the principle of state sovereignty. Cyber espionage may also be unlawful under international law if it violates an existing international agreement such as the Vienna Convention on Diplomatic Relations (1961/1964).(Cyber Espionage)

Legality

the cyber-attacks are generally unlawful under existing national criminal laws.(Cyber Sabotage)

Severity/Intensity

the cyber-attacks are intended to cause significant damage or destruction to government (military and intelligence) targets and/or critical national infrastructures and may have the potential to cause the loss of life or injuries to individuals.(Cyber Warfare)

Duration

the cyber-attacks are limited in duration, although planning may take place over several months.(Cyber Sabotage)

Duration

the cyber-attacks are limited in duration, although planning may take place over several months.(Cyber Terrorism)

Legality

the cyber-attacks are not regulated or restricted by a body of international cyber laws; however, some norms or principles of the existing international laws of war (e.g. principle of self-defense) may be applicable.(Cyber Warfare)

Motivation

the cyber-attacks are politically-motivated(Cyber Warfare)

Motivation

the cyber-attacks are primarily motivated by money.(Cyber Crime)

Severity/Intensity

the cyber-attacks are sufficiently violent and destructive to cause widespread fear in the civilian population of the target state.(Cyber Terrorism)

Legality

the cyber-attacks are typically unlawful under existing national criminal laws.(Cyber Crime)

Severity/Intensity

the cyber-attacks cause significant economic losses for the targets.(Cyber Crime)

Techniques

the cyber-attacks involve a wide range of cyber techniques, including distributed denial-of-service (DDoS) attacks and malware (Triton, Havex, BlackEnergy, and Stuxnet).(Cyber Sabotage)

Techniques

the cyber-attacks involve a wide range of cyber techniques, including hacking, viruses, and malware.(Cyber Terrorism)

Duration

the cyber-attacks may be conducted over long periods of time.(Cyber Espionage)

Duration

the cyber-attacks may be conducted over several weeks or months before being detected.(Cyber Crime)

Attribution

the cyber-attacks may be difficult to attribute to a specific non-state actor or state-supported actor.(Cyber Crime)

Attribution

the cyber-attacks may be difficult to attribute to a specific state actor or state-supported actor, especially when the attacks are carried out by an Advanced Persistent Threat (APT). As a result of the attribution problem, deterrence is more difficult in cyber warfare compared to conventional warfare. (Cyber Warfare)

Attribution

the cyber-attacks may be difficult to attribute to a specific state actor, statesupported actor, or non-state actor.(Cyber Sabotage)

Coordination

the cyber-attacks may be part of a coordinated effort on the part of the source actor. For example, the Texas Department of Information Resources reported that 23 towns in the state had been struck by a "coordinated" ransomware attack in August 2019.(Cyber Crime)

Targets

the direct and indirect targets of the cyber-attacks are the general public (civilians or non-combatants) and government officials. (Cyber Terrorism)

Targets

the main targets of the cyber-attacks are the computer networks and information systems of government agencies and corporations.(Cyber Esionage)

Targets

the main targets of the cyber-attacks are the computer networks and information systems of state actors, including government agencies (military and intelligence) and critical national infrastructures (transportation, energy, telecommunications, financial, agriculture, etc.)(Cyber Warfare)

Sources

the sources of the cyber-attacks are non-state actors (cyber criminal groups) and, in some cases, state-supported actors. For example, some statesupported cyber criminal groups in North Korea have been linked to cyber-attacks against banks in Chile (2019), India (2018), and Bangladesh (2016).(Cyber Crime)

Sources

the sources of the cyber-attacks are non-state actors, including transnational actors and sub-state actors.(Cyber Terrorism)

Sources

the sources of the cyber-attacks are state actors (government intelligence agencies) and state-supported actors, including several Advanced Persistent Threats (APTs) such as China's APT10 "Stone Panda" and Russia's APT28 "Fancy Bear".(Cyber Espionage)

Sources

the sources of the cyber-attacks are state actors or state-supported actors. (Cyber Warfare)

Sources

the sources of the cyber-attacks are state actors, state-supported actors, and non-state actors (including insider actors).(Cyber Sabotage)

Amateur Hackers (opportunists)

➢ An example of a major cyber-attack attributed to amateur hackers (also known as "script kiddies") were three distributed denial-of-service (DDoS) attacks launched against the computer networks of domain name system (DNS) provider, Dyn Inc., on October 21, 2016. Dyn Inc. is a New Hampshire-based company that monitors and routes Internet traffic. The DDoS attacks, which used the Mirai botnet, temporarily impacted the websites of hundreds of corporations in Europe and North America, including PayPal, Twitter, Reddit, GitHub, Tumblr, Amazon, Pinterest, Netflix, Etsy, Spotify, Verizon, Netflix, Comcast, CNN, Fox News, New York Times, Wall Street Journal, PlayStation, and RuneScape. The Mirai botnet consists mostly of "Internet of Things" (IoTs) devices such as digital cameras, printers, and DVR players.

Cyber Mercenaries

➢ An example of a potential cyber mercenary group is Ice Fog, which allegedly has members in China, Japan, and South Korea. The group appears to have emerged in 2011 and has mainly attacked targets in South Korea and Japan, including military, mass media, and telecommunications.

Company, Organization, or Agency Insiders (internal actors)

➢ An example of an "insider" cyber-attack was the 2019 Capital One data breach by a former employee of Amazon Web Services, a cloud hosting company used by Capital One. The "insider" hacker gained access to data on more than 100 million customer accounts and credit card applications. Paige A. Thompson, a former software engineer for Amazon Web Services, was indicted by a federal grand jury for two counts related to the Capital One data breach, which cost the company up to $150 million.

Cyber Activists (hacktivists)

➢ Anonymous is a transnational hacktivist group known for their politically-motivated attacks, including attacks against ISIS, Church of Scientology, New York Stock Exchange, U.S. Department of Defense, MasterCard, Visa, and PayPal. ➢ Hackers associated with Anonymous created the Ghost Squad Hackers in 2014. ➢ Honker Union is a Chinese "patriotic" hacking group known for defacing webpages in the U.S., Vietnam, Philippines, and other countries. ➢ Lizard Squad, which is a transnational hacking group with members in the U.S. and UK, is known for DDoS attacks against Facebook, Microsoft Xbox Live, and Sony's PlayStation Network. ➢ Lulz Security (LulzSec) is a hacktivist group that separated from Anonymous in 2011.

Corporations (corporate competitors)

➢ Corporations may engage in "industrial espionage" (including cyber espionage) to acquire information about a competitor. According to legalmatch.com, industrial espionage refers to "when a person or party gains access to a company's information in way that is illegal, unethical, or constitutes unlawful business practices." Industrial espionage includes the "unlawful observation of company activity, unlawful listening (such as a wiretap), and unlawful access to a company's information, which all constitutes spying on the company." ➢ Industrial espionage is often called economic espionage or corporate espionage, in order to distinguish it from more traditional forms of national security espionage. Crimes such as identity theft, piracy, and computer fraud often involve some form of industrial espionage, wherein one country spies on another country. The federal and state governments govern corporate espionage through various laws such as the Economic Espionage Act of 1996.

Foreign Government-Linked Groups (state-supported hacking groups)

➢ The Chinese government is believed to support several Chinese hacking groups such as Emissary Panda (APT27), KeyBoy, and Tonto Team. ➢ The Iranian government is believed to support several Iranian hacking groups such as Cutting Sword of Justice and Newscaster (APT35). ➢ The Vietnamese government is believed to support a Vietnamese-based hacking group, OceanLotus (APT32). ➢ The Russian government is believed to support several Russian hacking groups such as Palmetto Fusion and Sandworm (Voodoo Bear).

Cyber Criminals (organized criminal groups)

➢ The Russian Business Network (RBN) is a Russian cyber criminal organization located in St. Petersburg, Russian known for hosting illegal internet businesses (including child pornography and malware), phishing, DDoS attacks, and identity theft. There are some allegations that the Russian government has "hired" RBN to conduct cyber-attacks.