The Future of High-Technology Crime: A Parallel Delphi Study

This study conducted by Larry E. Coutorie in 1995 is a follow-up to a 1980s study using the Delphi Technique to forecast the future of high-technology crimes. One of the purposes of this study is to give law enforcement a forecast of where high-tech crimes are headed, since most other techniques only allow reactionary responses.

The Experiment:
The study was conducted using two panels. One was comprised of “traditional” experts, or people already in the high-tech law enforcement field, and “nontraditional” experts, member of hacker and cracker groups recommended by other experts. Two groups on experts were sent three rounds of questionnaires with the following questions, refined each time by the groups’ responses to the previous questionnaire.

1. In your opinion, what area(s) of high technology will be the focus of criminal activity in the next ten years?
2. What form(s) do you believe this activity will take?
3. What steps should be taken now to prepare the police to combat this criminal activity?
4. Do you believe the responsibility for criminal investigation of high-technology crimes will be primarily that of government or private businesses? Why?
5. Do you believe the responsibility for crime prevention activities regarding high-technology crimes will be primarily that of government or private businesses? Why?

Findings:
Each groups’ perspective diverged significantly from the first round of questioning onward. However, at the end of the three questionnaires, a consensus on several issues was identified.

• Likely high-tech future crime areas include computer system attacks via telecommunications, a growing increase in computer-assisted fraud, and computer assisted data manipulation or theft.
• Crime will take the form of software piracy, increased incidents of computer assisted counterfeiting, increased incidents of financial fraud, and increased attacks on computer systems via advanced technologies.
• Preventative steps recommended include recruitment of individual with computer knowledge, increased public/private partnership, more training for law enforcement officers earlier in their career, and legislation that better defines jurisdiction.
• At the time of this study experts forecasted private business would conduct the initial investigation and have an active participatory role in government investigations.
• They also forecasted that private businesses would be responsible for protecting their own assets, with government assistance in identifying potential threats.

Modeling Behavior of the Cyber Terrorist

According to the article “Modeling Behavior of the Cyber Terrorist” by Gregg Schundel and Bradley Wood, it is not clear whether the Cyber-Terrorist is real or simply a theoretical class of adversary. However, this work is based on the assumption that the Cyber-Terrorist is a very real potential threat to modern information systems.

The Experiment
In order to red team an unknown, potential adversary, a set of parameters are set for the red team to follow based on the Defense Advanced Research Project’s Agency’s (DARPA) understanding of terrorist behavior:

• The cyber-terrorist is believed to have a level of sophistication somewhere between that of a sophisticated hacker and a foreign intelligence organization.
• This adversary is assumed to be able to raise funds on the order of hundreds of thousands to a few million dollars, and he is willing to spend these funds to accomplish his mission.
• This adversary is assumed to be able to acquire all design information on a system of interest.
• This adversary is assumed to be very risk averse. Premature detection is a serious negative consequence for the cyber-terrorist.
• This adversary has specific targets or goals in mind when they attack a given system.
• The adversary will also expend only the minimum amount of resources needed to accomplish their mission.
• The cyber-terrorist is assumed to be professional, creative, and very clever. They will seek unorthodox and original methods to accomplish their goals.

Findings
The Information Design Assurance Red Team (IDART) spent most of its time gathering intelligence on the target system. Their results were only considered successful if the team met their objectives and preserved stealth. In this study the red team followed the same basic process repeatedly, and gave up before mounting an attack with a risk threshold that was too high.

Conclusion
DARPA’s experience suggests some improvements to the process that they are using to model the cyber-terrorist adversary including the use of additional red teams, improving the scientific method used to record and test red team behavior, incorporating verified terrorist behavior, war-gaming cyber terrorist scenarios, and improving the library of possible approaches to difficult threats.

Intelligence Requirements and Threat Assessment

Intelligence Requirements and Threat Assessment
Ch. 10 in
Law Enforcement Intelligence: A Guide For State, Local, and Tribal Law Enforcement Agencies
by, David L. Carter, Ph.D.
School of Criminal Justice
Michigan State University

Summary:
Chapter 10 of the Law Enforcement Intelligence: A Guide For State, Local, and Tribal Law Enforcement Agencies defines an intelligence gap as an unanswered question during the analytical process where “critical information is missing that prevents a complete and accurate assessment of an issue.”

In the past, a “dragnet” approach was the traditional method for filling information gaps. This approach set out to collect mass amounts of data in the hopes that the desired data was collected. The requirements-based approach to filling gaps seeks to make collection more objective, more efficacious, and less problematic. Dr. Carter asserts that this approach is scientific in nature and that “the intelligence function can use a qualitative protocol to collect the information that is needed to fulfill requirements. This protocol is an overlay for the complete information collection processes of the intelligence cycle.” The diagram below compares the Tradition-based and the Requirements-based approaches to filling intelligence gaps:


Carter states that organization (or even intelligence need) may have to develop its own unique process to filling information gaps, however the following acts as a good guide to follow:

1. Understand your intelligence goal
2. Build an analytic strategy. (What types of information are needed? How can the information be collected?)
3. Define the social network. (Who is in the network? How does their business cycle function? Who has access to the information needed? What is the social behavior?)
4. Define logical networks. (How does the organization operate? Funding sources. Communications sources. Logistics and supply.)
5. Define physical networks.
6. Task the collection process. (Determine the best methods of getting the information)
7. Get the information.
8. Analyze the information.