IP: Current attacks

[Dave Farber <farber () cis upenn edu>]

> > Date: 12 Feb 00 11:22:51 -0800
> > From: "Donn Parker" <dparker () sric sri com>
> > To: Bernie Galler <galler () umich edu>
> >
> >
> > Based on what I have read, nobody has seen the big picture and future of what
> > is occurring in the current denial of service attacks. We are entering 
> > the era of
> > automated crime. (See my book, Fighting Computer Crime, Wiley 1998 and 
> > article
> > on Automated Crime in Information Security Magazine, September 1999.) For
> > several years I have been warning about complete crimes from creation of 
> > virtual
> > perpetrators, selection of victims, execution,  irreversible conversion 
> > to gain, and
> > erasure of evidence all packaged in a single computer program. The 
> > program may
> > be designed and developed by technologists and distributed and used by 
> > anybody.
> > For the first time in human history it is now possible to possess crimes, not
> > just do them one up, just like it is now possible to possess business and
> > manufactering processes. This means that crimes can be endlessly 
> > distributed and improved
> > to achieve the perfect crime. The perpetrator may not know where he got the
> > crime, what the crime does, how it does it, or who or where the victim 
> > is. He may
> > only know that he has benefited in some way. The victim does not know who or
> > where the perpetrator is, what crime was committed, when it was 
> > committed, or how it
> > was done. He only knows that he lost something of value. The investigator has
> > no means of relating the known victim to any possible perpetrator and has no
> > evidence except that a loss occured. And it is not a crime to design, 
> > develop, or
> > distribute an automated crime. Only executing it against a specific victim
> > (victimless crimes excluded) would be a crime, but the perpetrator may 
> > not be aware
> > that he is a perpetrator.This defines a perfect crime.