On Point: Cybercrime Morphs Into Cyberwar

by Austin Bay
April 30, 2013

On April 25, Spanish police, at the request of Holland's national prosecutor's office, arrested Dutch citizen Sven Olaf Kamphuis.

Kamphuis will likely face charges in Holland related to what Dutch officials describe as the most extensive criminal cyberattacks in the history of the Internet.

The attacks, which occurred in mid-March, overwhelmed the website of Spamhaus, a European nonprofit organization that tracks computer viruses (malware) and spam (unwanted email). Spamhaus had blacklisted Kamphuis' Internet company, CyberBunker. Spamhaus alleged that CyberBunker provided hosting services for spammers.

The attacks (distributed denial of service, DDOS attacks) not only denied Internet users access to the Spamhaus website, but slowed Internet connectivity worldwide. Europe experienced the worst disruptions, but subsequent reports indicated the attacks had global effects. Streaming video providers (Internet TV or movie sources) were particularly vulnerable.

Kamphuis utterly rejects the allegation that he is a criminal. In March, he told Britain's Daily Telegraph that he was a victim of a conspiracy. In a New York Times report, he said he was an Internet activist and portrayed Spamhaus as a hoity-toity censor being punished for abusing its influential role as a monitor of spam and spammers.

But an array of organizations, to include several European police agencies, a Dutch Internet service provider and a Silicon Valley Internet security firm assert they have evidence that step by step ties the attacks to CyberBunker and a loose-knit organization of Internet "hacktivists" named Stophaus. Kamphuis has served as a Stophaus spokesman.

The prosecutors and police contend that the Spamhaus incident hacktivism amounts to large-scale vandalism and theft. The service disruptions spawned by the Spamhaus attacks may have merely inconvenienced millions of people around the globe. But given the Internet's increasingly vital role in commerce, it also cost a slew of people money as well as time.

In the Netherlands, DDOS attacks are a crime. At one time, CyberBunker had a facility in Holland. It may still, though Spanish authorities reported that when they arrested Kamphuis they seized a vehicle-mounted cyber operations center crammed with sophisticated digital equipment. Nonetheless, the Dutch government is asserting jurisdiction. Kamphius' attorneys will dispute Dutch sovereignty. Hacktivist radicals dispute any claim of sovereignty over the Internet.

Kamphuis' impending confrontation with Holland's legal system may or may not set European Union precedents for defining (more accurately) cybercrime, investigating and arresting alleged cybercriminals, prosecuting them and then punishing the convicted.

But it could. The incident illustrates, for the umpteenth time, that even if the legal definitions of cybercrime have become more precise, the legal mechanisms for addressing cybercrime (ranging from vandalism to bank robbery) and various non-criminal disputes in cyberspace lag behind the technology and capabilities. 

Difficulties in detecting cybercriminal activity frustrate vulnerable companies and individuals, as well as police and prosecutors. Pickpockets flee into alleys. The Internet is a labyrinth. Once detected, tracing the crime back to the criminal requires more than time and computer expertise, it often takes high-level political cooperation.

Cooperation between Holland and Spain is routine. Both are European Union members and NATO allies. However, South Korean businesses recently experienced a wave of criminal cyberattacks (to include theft of proprietary data) investigators tied to North Korean hackers.

Cooperation between North and South Korea to solve cybercrime is unlikely. Every other week, North Korea threatens South Korea with nuclear immolation.

Responsible citizens and governments worry that terrorists may acquire nuclear weapons. The Spamhaus incident demonstrated that a collection of highly skilled hackers can launch a cyberattack on a scale once believed to be the province of high-tech nation-states employing battalions of computer scientists. The hackers swamped Spamhaus servers with 300 billion data bits per second (300 gigabytes). Fifty gigabytes per second was the previous record.

North Korean hackers were attacking one of South Korea's strengths, its economy. Thus cyberwarfare adopts the tactics of cybercrime. Apparently cybercriminals are prepared to return the favor. 

Read Austin Bay's Latest Book

To find out more about Austin Bay and read features by other Creators Syndicate writers and cartoonists, visit the Creators Syndicate Web page at www.creators.com.


On Point Archives:

On Point Archives: Current 2021  2020  2019  2018  2017  2016  2015  2014  2013  2012  2011  2010  2009  2008  2007  2006  2005  2004  2003  2002  2001



Help Keep Us Soaring

We need your help! Our subscription base has slowly been dwindling. We need your help in reversing that trend. We would like to add 20 new subscribers this month.

Each month we count on your subscriptions or contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage. A contribution is not a donation that you can deduct at tax time, but a form of crowdfunding. We store none of your information when you contribute..
Subscribe   Contribute   Close