booklets and brochures

networked information systems

threats to networked systems

The increasing numbers of intruders attempting to gain surreptitious access to networks has paralleled the rapid expansion of computer networks. In general, those who illegally exploit computer networks, and the information they contain, can be grouped into three categories: agents of governments, independent or semiautonomous organizations, and private individuals.

Agents of governments may be foreign intelligence services (FISs), a research and development organization, or other governmental entities. Independent or semiautonomous organizations would include confederations such as terrorist or radical groups, narcotic traffickers, and criminal enterprises. Individuals or independent operators can include insiders, hackers, crackers, and script kiddies. These individuals may or may not collaborate with each other on occasion, but they generally act in their own interests.

All three groups have the capability to employ sophisticated tools to collect, destroy, alter, exploit, or deny legitimate users access to information. Intruders have also used computer programs that automate their attack. This includes the use of worms (programs that propagate across a network by using the resources of compromised hosts to attack other machines) or implanting Trojan horse programs (programs altered by an attacker for malicious purposes, such as collecting passwords). Such programs conduct the intruder's malicious activity without requiring direct oversight. Some attacks may also take the form of coordinated multi step exploitation, using parallel sessions in which the distribution of steps between sessions is designed to obscure the unified nature of the attack or to allow the attack to proceed more quickly.

Illegal computer intruders can also be categorized as outsider or insider attacks. Outsider attackers include intelligence services, terrorists, organized criminal groups, economic competitors, hackers, and vandals. In an insider attack, the intruder has legitimate access to a computer system but uses malicious activities to gain additional unauthorized privileges. Even though such attacks receive less attention, they can be more harmful and insidious than outsider attacks because of the information and system privileges available to legitimate users.