Why Hackers Use Viruses to Elevate Their Status in The

Global Economy, Evolution of The Use of the Viruses, And

How to Stop Them.

Arjun Jale
Independent Research
3, March 2016
Dr. John Pinkston Ph.D.
University of Maryland
Mary Jane Sasser
River HiIl High School

Jale 1

How much personal data does an average person store on their computer? Most
people store credit card, passport and tax information but also store their social media
profiles. If a person were to steal this information they would have the ability to deplete
a bank account, inflict bad credit and even ruin the victims online presence. A 2012
study by Facebook found that over 600,000 Facebook accounts are hacked every day
(Consumer Reports). Due to the increasing power and fluctuating motives of hackers, it
is important to teach cyber defense lessons at the high school and collegiate level in
order for citizens to properly defend against cyber-attacks.
There have been multitudinous uses for cyber-attacks in warfare in the past
decade. The United States has often used active attacks to cripple its enemies by force,
when their enemy is not complying. For example, during the nuclear weapon conflict
with Iran in 2008, the United States military had a cyber-attack planned in the event of
Irans defiance. Known as Nitro-Zero, this virus was designed to disable Irans air
defenses, communications systems and crucial parts of its power grid (Sangler 2). This
virus was built as a way of avoiding a costly war and while it may have been cheaper for
the United States, it would have been more expensive for Iran. This proves that cyberattacks are becoming more dangerous than ever before, especially since they are now
being used as cost friendly alternatives to war.
Many people believe that viruses only wreak havoc in the virtual world, but that
could not be further from the truth. The Dark Web has led to an increase in cybercrime
as well as physical crime around the world. With the ability to hire hitmen, supply drugs,
commit arson and even conduct illegal science experiments, the Dark Web may be one

Jale 2

of the most powerful tools ever created. The Dark Web contains over 7,500 terabytes of
information about illegal drug raids, murders and even terrorist plots (Sangler). In fact,
terrorist organizations are being handed this opportunity to use the much more powerful
and deadly Dark Web by governments around the world. Mark Burgess, the director of
the World Security Institute says that too much focus on closing down websites could
also be counter-productive, since it likely forces terrorist websites to go underground to
the so-called [dark] or hidden web. Jihadists in particular are using the Dark Web to
plan their plots of terror (Belk 1). Tools such as the Dark Web have not only affected
peoples online lives but has also led to the death of many innocent civilians.
Hackers may have started out as curious people, in the pre-internet age, toying
with computers and marveling at interoperability. But this changed significantly when the
internet became popular, and hackers could communicate with everyones computer
instead of the one sitting next to them. Still, very few people were worried After the turn
of the century, all hackers were just looking for money and a way to sell illegal products.
An entire black market began to grow and the United States placed a new $5,000,000
bounty on top level hackers (Pageliery). Unfortunately, no one could foresee the day
when hacking no longer became about money.
Hackers are now no longer seeking to just rob, but also to embarrass and
blackmail companies and organizations (Hackett). In fact, many hackers are now openly
displaying their information to challenge the government to try and find them. It is this
god complex (Brown) that is causing so much civil unrest. In the early 21 century,
st

hackers were unable to breach large corporations like Sony or the United States

Jale 3

government but today, these organizations are hacked constantly. The Sony hack of
2012 from the LulzSec group regarding the movie The Interview is an example of how
hackers are looking to cripple the companies for no reason at all. The strength of the
attack was augmented by the combination of a kinetic attack, in this case, threats of
bombing theaters which will cause large-scale damage (Lin). This would have held the
company responsible for the damage and would be so severely crippled that it would
not be able to rise again. This shows how bold hackers are becoming, especially since
they are willing to share who they work for, and even threaten to kill people in cold
blood. There are even hackers, such as Pablos Holman are so bold that they have
created robots that drive up to people at cafes, restaurants and movie theaters to steal
their passwords. Some of these robots even tell their victim the password they stole.
Hacking has become so common that hackers are not keeping their presence
unnoticed, mainly to embarrass their victims.
The Apple data leak shows the boldness of hackers to attack the second biggest
company in the world, to hinder phone sales. During the most important event of the
year, the revealing of the iPhone, hackers attempted to hinder iPhone sales by
releasing customer data. The hackers had no economic gain, but instead committed this
crime to show their power (Hackett 2).
Hacking is being resorted to as the easiest way to make a voice heard, and even
groups, such as Anonymous, are taking it upon themselves to solve societal issues.
Just like the Apple leak was done due to a personal vendetta against the company,
many hackers are now attacking to solve the problems they see with companies. For

Jale 4

example, Anonymous has a history of hacking the police in the past couple years due to
the increasing public eye on police brutality (Chasmar 1). They have even gone out as
far as threatening every police station that in due time Anonymous [will] shut down
[their] sites (Anonymous) due to their increasing public appearance of being untrained
and brutal. The problem with these hacks is, more often than not, the victim companys
policies do not change. In fact, it often shows the company, in this case the police, that
their course of action is correct and makes these kind of hacks fuitile.
Many organizations with secure information are not taking the critical steps to
protect their systems because they are not aware of the risks associated with having a
weak system. Companies believe their systems are already well protected (Geer 3)
because they bought last years protection. Unfortunately, many do not realize that
security systems are often rendered outdated in just a few months and new protection is
constantly needed. Banks, for example, are currently an easy target for hacking groups
due to the diminishing protection of corporate computers. Because only 17 percent of
banking and finance computer have increased their security budgets (Homeland
Security) they are periodically getting attacked. Due to the increasing power of tools
accessible to hackers, banks need to buy newer defense systems and hire more
programmers. By believing that an older security system is capable of preventing new
hacks, they are putting customers data and money at risk.
Another factor is that most corporations do not understand the risks that are
associated with an exposed system. Many do not want to spend the money to insure
their systems stay risk free, even though most cyber-attacks cost more to repair than to

Jale 5

initially protect. This does not even count the poor press a company may receive from a
compromising attack. Cyber incidents have a substantial impact (CERT Division of the
Software Engineering Institute at Carnegie Mellon University and the US Secret
Service) which has ended many companies and peoples lives. By protecting their
systems, banks may be spending a greater initial cost, but it is much safer than the
ramifications of a cyber-attack. It is important for organizations to understand that
spending money on a cyber defense system is a worthwhile investment.
One final factor that affects businesses is that hackers have more powerful
weapons than the defenders. Due to the increased trade routes in the Dark Web and
the Silk Road, there are now very powerful cyber weapons in the wild (InfoSec
Institute) that makes it much harder to defend against hackers. Hackers are always
trying to stay a step ahead of cyber security fixes to halt their attacks, but companies
are lagging behind trying to protect themselves (Kessler 2). The PEW research center
has conducted an analysis on the current state of the global tech world and estimates
that by 2025, [a] major cyber-attack has caused widespread harm to a nations security
and capacity to defend itself and its people. (PEW Research Center 2). There has to be
a global initiative to prevent these hacks if we are to defend our infrastructure.
Organizations can access the Computer Network Defense Analysis to properly
find what countermeasures they need. This makes incorporating a moving target
defense system is easier than ever. Protecting the system has never been easier, but
still there are more threats than ever before (Kessler 2). These increased threats are

Jale 6

reason that people need to learn to defend themselves and the Computer Network
Defense Analysis is an excellent way to begin a cyber defense system.
A member of the hacking organization Lopht, a man by the name of Space
Rogue believes "researchers are no longer motivated to get stuff fixed. Now, they say,
'I'm going to go looking for bugs to get a paycheck - and sell this bug to a government' "
(Pageliery). This notion of finding bugs and selling their location to organizations was
effective when code was simple. Unfortunately, as code gets longer and longer,
sometimes reaching billions of lines of code even for simple video games, it is becoming
easier to miss critical code errors. The biggest underpinning is that some systems are
so weak, the police are unable to even trace the attack to the attacker. Mark
Lanterman, C.T.O. of Computer Forensic Services says that less than one percent of all
attackers are found (Brown). This shows how even if we prevent attacks from
happening we still need to be able to find the perpetrators and bring them to justice.
The best way to prevent hackers from having a strong cyber presence is by
having a stronger cyber defense presence. Teachers in high school and college should
be teaching students how to defend themselves against these attacks. Alan Paller, cochairman of the Secretary of Homeland Security's Task Force on Cyber Skills believes
that businesses are unable to deal with the effects of hackers because poor
cybersecurity training at colleges which teach cybersecurity specialists tech policy but
not enough technical experience (Homeland Security). This is as effective as a judge
who knows all the rules of court but cannot enforce them. Even though students are
being taught how to identify and isolate problems, they cannot fix them. It has also been

Jale 7

found that our current cyber security defense workers are not coming out of academia
they are a lot of self-taught people, says Paller, founder of the SANS Institute cyber
security training school (Geer). If our current defense against lethal attacks is a group of
uneducated people, the world would be much safer if our cyber defense workers were
educated. The current defense workers can understand current cyber attacks (Geer)
but they cannot protect a system against a newer evolved version.
Some may say that cyber security is not needed for everyone because only a few
people want it. But this premise is flawed as Physical Education is taught to all students
whether or not they need to be fit. Computer defense skills on the other hand are
necessary skills that will be required for every job (Belk 5) in the near future. Students
will not be taught advanced coding but rather will learn the basics of the cyber defense
system. In a recent Interview with Dr. John Pinkston, he disclaims that
Cyber classes [are] much the same as driver training classes, covering how to
use the system, how to do it safely, the malicious bad guys that are out there and
how they operate, common sense and best practices for avoiding trouble, bad
things that can happen if [people] don't follow good practices, etc. But like driver
education, there is no need for the new driver to know how the car's engine
works, and there is no need to go into depth on how cyber defenses like firewalls
are configured, for example. Given how much everyone is involved with
information systems these days, [he] think[s] it would be important to have this
material somewhere in the core curriculum rather than elective. (Interview with
John Pinkston).

Jale 8

As evidently seen, there are no reasons why a cyber security defense class
could be detrimental to the education of students in high school and college. A medical
student can use these skills to protect his patients data. A lawyer can use skills in
identifying phishing in order to prevent his clients data from leaking. Even an art major
or author can use these skills to prevent his/her designs from being stolen. Learning
cyber defense in high school is an essential part of staying safe on the internet.
There are only a few ways in which hacking can truly be eliminated. One could
air gap the system to create a permanent seal from the adversary, but that leaves the
computer practically unable to have any connectivity. One could create a database of
blacklists with dangerous website and software, but that would take thousands of years.
All these methods are beneficial but in order to secure your system easily all you have
to do is avoid suspicious activity, only use private Wi-Fi and strong passwords. As
hacking evolves, cyber defense needs to also evolve. People are not realizing the
dangers of hacks in the modern era and the only way to educate the next generation is
through cyber defense classes for students.

WorksCited
Belk,Robert,JosephNye,andMonicaToft.OntheUseofOffensiveCyberCapabilities.
PolicyAnalysisonOffensiveUSCyberPolicy:n.pag.Print.
Brown,Heather.HowOftenDoHackersGetCaught?
CBS
.CBS,18Dec.2015.Web.18Feb.
2016.
Chasmar,Jessica."AnonymousHacksClevelandsOfficialWebsiteoverPoliceKillingofBoy
withAirsoftGun."
WashingtonTimes.
TheWashingtonTimes,24Nov.2014.Web.19
Feb.2016.
CERTDivisionoftheSoftwareEngineeringInstituteatCarnegieMellonUniversityandtheUS
SecretService."SecretServiceandCERTReleaseReportAnalyzingActsofInsider
SabotageviaComputerSystemsinCriticalInfrastructureSectors."CarnegieMellon.
CarnegieMellon,May2005.Web.Dec.2015.
ConsumerReports.600,000Facebookloginscompromisedperday.
ConsumerReports
.
ConsumerReports,28Oct.2011.Web.18Feb.2016.
Geer,DanielE.,Sc.D.CybersecurityandNationalPolicy.HarvardLawSchoolNational
SecurityJournal:n.pag.Print.
Grimes,RobertA.10yearson:5bigchangestocomputersecurity.
Infoworld
.IDGNetwork,
18Aug.2015.Web.18Feb.2016.
Hackett,Robert."WhattoKnowAbouttheAshleyMadisonHack."FortuneWhattoKnow
abouttheAshleyMadisonHackComments.Fortune,26Aug.2015.Web.04Jan.2016.

HomelandSecurity."CyberStormFinalReport."DepartmentofHomelandSecurity.
DepartmentofHomelandSecurityOfficeofCybersecurityandCommunications
NationalCyberSecurityDivision,July2009.Web.Nov.2015.
Kessler,GaryC.,andPricewaterhouseCoopers.JournalofHomelandSecurityEducation.N.p.:
ERAU,2012Print.Vol.2
Lin,Huang."ArmsControlforaCyberage."NewYorkTimes.NewYorkTimesCompany,26
Feb.2015.Web.26Oct.2015.
NICCS."NationalInitiativeforCybersecurityCareersandStudies"NationalInitiativefor
CybersecurityCareersandStudies(NICCS).HomelandSecurity,7Dec.2015.Web.7
Dec.2015.
Pagliery,Jose.TheEvolutionofHacking.
CNN
.CableNewsNetwork,n.d.Web.18Feb.
2016.<
http://www.cnn.com/2015/03/11/tech/computerhackinghistory/
>.
PEWResearchCenter."CyberAttacksLikelytoIncrease."PEWResearchCenter.PEW,29Oct.
2014.Web.12Oct.2015.
Powell,Benjamin.IsCyberSecurityaPublicGood?EvidencefromtheFinancialServices
Industry.Vol.1.N.p.:GeorgeMasonUniversitySchoolofLaw,2005.Print.
Sanger,David.U.S.HadCyberattackPlanIfIranNuclearDisputeLedtoConflict.
NewYork
Times
.NewYorkTimes,16Feb.2016.Web.18Feb.2016.
Thomas,Karl.TheSadStatsonStateofCybersecurity.
WeliveSecurity
.eset,9Sept.2015.
Web.18Feb.2016.