CYBERCRIME: THE INTERNET AS CRIME SCENE

These class notes were composed by Dr. Tom O'Connor for his class on Homeland Security at NORTH CAROLINA WESLEYAN COLLEGE, original documents can be found here

CYBERCRIME: THE INTERNET AS CRIME SCENE
"We need privacy from technology, but we need technology to obtain privacy"
- Lecture on Privacy and Cyberspace Law

Computers are the hottest crime tool today. People that know how to use them can unlock doors few of us even know exist. By its very nature, the Internet is analogous to the Wild West (Biegel 2003) where the law is mostly unwritten and power falls into the hands of those with the best technology. Traditional concepts of privacy are now being transformed before out eyes, and if you haven't already, I strongly suggest you read the above highlighted lecture on Privacy and Cyberspace Law. You won't understand cybercrime without understanding cyberspace law, and maybe privacy law behind that. Cybercrime has many definitions (see Wall 2001 for a typical, academic essay over definitional issues), but most experts believe it is the wave of the future, and it's here to stay, not just a passing fad. With over one trillion dollars moved electronically every week, the Internet is where the money is. The rates of cybercrime are skyrocketing. The annual "take" by theft-oriented cybercriminals is estimated as high as $100 billion, and 97% of offenses go undetected (Bennett & Hess 2001). Then, there are those who just abuse the Internet and computer systems -- hackers or hooligans, whatever you want to call them -- but cybercriminals nonetheless (at least in 48 states). Their shenanigans are often detected, resulting in an average cost of $104,000 per incident in damage, labor, and lost productivity (Brown et al. 2001). In addition, there's corporate espionage (pdf), which some experts say is the real problem, with annual losses of proprietary information in the $60 million range. Toss in organized crime, terrorism, infowar, embezzlement, extortion, and a variety of other ways to offend or harm with computers, and it's anybody's guess what the real cost is.

In this lecture, I'm going to try classifying all the possible methods of evil-doing with computers. As a criminologist, I realize I'm on dangerous ground. Theory is weak, and there are only many typologies. I also don't want to add to any legislative frenzy because there are things here that are criminally wrong, deliberately wrong, accidentally wrong, wrong for all the right reasons, and just plain annoying. Legal systems everywhere are busy studying ways of passing new laws dealing with Internet misbehavior, so the arena has become a sort of "test-bed" or "mini-society" where all sorts of symbolic interactions and moral panics play out. My interest is less with the criminals and more with the Internet, or what I call cyberspace (explained in a moment), so I'm not all that concerned about whether mobsters, for example, keep records of their finances on computers. I am concerned about this ethereal realm called CYBERSPACE because I find it personally intriguing and full of potential.

While I'm at it, I might as well chime in about "Internet Addiction" (sometimes called being an "onlineaholic" or having the non-insurable diagnosis of "Internet addiction disorder"). In a world of news feeds, instant messaging, emails, and games, it sometimes seems like Blackberry devices might be called "Crackberry" devices because of their addictive potential (like cell phones). I personally feel that Internet addiction can indeed be a disorder as destructive as any obsessive disorder, although I would be hard-pressed to describe the forensic or clinical outlines of this. Specialists estimate that 6 percent to 10 percent of Internet users develop a dependency, at least according to some experts (e.g., Dr. Hilarie Cash, head of Seattle-based Internet/Computer Addiction Services; Dr. Kimberly S. Young, head of the Center for Online Addiction in Bradford, Pa.; & Dr. Maressa Hecht Orzack, the director of the Computer Addiction Study Center at McLean Hospital in Belmont, Mass., and an assistant professor at Harvard Medical School; but in contrast, Sara Kiesler, professor of computer science and human-computer interaction at Carnegie Mellon University calls it a "fad illness"). However, I think the following can be modestly stated -- Internet addiction exacts a toll on health and family life; it aggravates pre-existing disorders; it can lead to further addictions such as gambling or pornography; and it can lead to cybercrime. The "hook" involves the ever-present hope of escape that the Internet offers to people who are longing for something.

First of all, anytime you use the prefix cyber-, you're talking about something somebody is doing online. In other words, there has to be a modem or networking involved somehow. Motion is always involved. Anything related to the Internet falls under the cyber category when online. Besides being a prefix, it's also a verb, not a noun. So plugging in some 3D game and donning your goggles to go "cyber" doesn't count. There's always action, motivation, movement, and interaction when you cyber. It's impossible to just be cyber. There's no steady state of being cyber. To cyber means that you are constantly exchanging information, lots of information, and you are constantly using technology to the max. You are doing both at the same time -- exchange of information technology is to cyber. It's an activity unique to the Information or Knowledge Age we are entering, and by its very nature, it involves sharing or giving away things.

Cyber activity is very different from the use of computers for traditional activities where the purpose is to "stash" or "store" something and keep it from prying eyes. Many criminologists don't grasp this distinction, and would argue that theft is theft regardless of the medium used. However, I would argue that cyber theft is substantially different, and cyberterrorism is substantially different from terrorism. Cybercrime is also substantially different from computer crime. It's like the difference between people who use computers for all they can be versus people who use computers as a tool like a typewriter. In each case, the motivation might be the same, but the action or movement is different. One could even argue that the motivation is different. Our criminal law simply hasn't got enough concepts to grasp the element of mens rea when it comes to cybercrime. For example, there are different kinds of glee, elation, and glory involved in cyberspace that don't exist in the real world. There is an excess of information, not a deficit or "coverup" of information. Nor are the concepts of white-collar crime of any use, because you're dealing with something more revolutionary than just trying to make money -- you're dealing with cyberspace and technoculture, two concepts that are essential to any definition of cyber.

Cyberspace is a bioelectronic ecosystem that exists anywhere there are phones, coaxial cables, fiber optic lines, or electomagnetic waves (Dyson 1994). Nobody's really sure how big the Internet is (see CAIDA's map of Internet) for a map), but 135 countries have access, 54 world cities are the major hosts, and 72 million people logon every day. You should get the idea that cyberspace is pretty big, in fact, bigger than anything that's ever happened before in human history, and it's constantly growing, tripling in size every year. There are 13 main servers -- known as "root" servers -- which control all traffic on the Internet, and they are controlled by the U.S. Government (specifically the U.S. Commerce Department). Notice I didn't say "owned" by the government. Those 13 computers are in private hands, but they contain government-approved, master lists of the 260 or so Internet suffixes, such as ".com" and ".org." The master lists serve as the Internet’s master directories and tell Web browsers and e-mail programs how to direct traffic. Internet users around the world interact with them every day, likely without knowing it. If the U.S. government wanted to, it could render a policy decision that in one stroke could make all Web sites ending in a specific suffix essentially unreachable. The history is that in 1998, the Commerce Department selected a private organization with international board members (ICANN, or Internet Corporation for Assigned Names and Numbers) to decide what goes on those lists. Commerce kept veto power, and indicated it would let go of control eventually, and maybe turn control over to an international organization like the U.N. International Telecommunication Union, but in 2005, the U.S. reversed itself and said it would never cede control of the 13 main servers. The U.S. Commerce department does, however, endorse having foreign governments manage their own country-code suffixes, such as “.fr” for France.

*Countries with the Most Hosts:*		*Fastest Internet Growing Countries:*
1. USA 2. Japan 3. Canada 4. Germany 5. UK	6. Italy 7. Netherlands 8. Taiwan 9. Australia 10. France	1. China 2. Brazil 3. Iceland 4. Romania 5. Poland	6. Argentina 7. Taiwan 8. Hong Kong 9. Canada 10. Portugal

Although humans created cyberspace, and are continually expanding it, the real inhabitants are data, information, ideas, and knowledge. This is what is meant by the Information or Knowledge Age. The real estate, or property, is intellectual and public. No one "owns" it, or operates it with any central authority. Politically, it makes governments obsolete. Economically, it can be replicated at zero cost, and unlike an industrial economy where you can only consume so many widgets, the average person in an information economy taps into all the world's knowledge and consumes information as fast as they can. Humans can only benefit from this new medium if they exercise their freedom.

Technoculture is best explained by reference to the CYBERPUNK movement that began in the mid-80s. Hackers, crackers, and phreaks made up the cyberpunk movement. Hackers could make magical things happen with computers, crackers would break into computer systems simply for the pleasure of it, and phreaks would do similar things with telephone systems. Other groups that joined the movement later were cypherpunks, who popularized cryptography to get over on "the System", and ravers, who used computer music, art, and designer drugs at massive all-night dance parties and love-fests in empty warehouses. Literature that glorifies cyberspace and the people on it is called cyberpunk literature. Here's a link to an online Dictionary of Cyberpunk Slang.

A computer hooked up to the Internet is a publishing company, telephone, television, library, megaphone, and more all rolled into one. This means that any administration of justice for suspected evil-doing with computers is covered by the First Amendment (freedom of speech) as much as the Fourth Amendment (freedom from search and seizure). The traditional approach in this legal area involves thinking in terms of certain protected zones or spheres of privacy. No one's really sure where Internet freedom is protected in the Constitution. Cyberspace isn't really a zone or sphere. Nobody really owns it, nobody considers it "home", reasonable people shouldn't expect privacy from it, but not too many people want the government or anybody else sniffing, snooping, or regulating every part of this special place. Those are the First Amendment issues. The Fourth Amendment issues, such as those contained in the Personal Privacy Act (PPA) and Title III of the Electronics Communications Privacy Act (ECPA), involve people, not places, but the distinction between wiretapping unread mail (which law enforcement can freely do) and wiretapping previously read mail (which requires consent via Acceptable Use Policies) is less than perfect. When computer forensics specialists seize and search a hard drive for all its contents, the only Fourth Amendment issues they're concerned about are privileged relationships, work product, documentary materials, and/or whether or not the data was intended for publication or dissemination. It seems like we are not only criminalizing a special place, but the person-based activity of having too much fun with computers.

The other challenging legal question is when does Internet activity involve actus reus. In cyberspace, as in virtual reality, it's the impression that what one is experiencing is real. It doesn't require tactile sensation to be virtually raped in a chat room, but the consequences or trauma can be just as real. People can get married in cyberspace, obtain college degrees, and do other things that have real consequences. Plagiarism and copyright infringement is rampant on the web, and companies regularly install cookies and engage in data mining. A lot of Internet content is inappropriate for children. Just how many crimes are possible to commit in cyberspace is difficult to determine, and to prove some harmful action took place. Computer impressions, symbols, and persona do not make for anything more than conspiracy and inchoate offense charges. When AI (Artificial Intelligence) systems come online, it will prove difficult who had the thought first -- the person or the machine.

Then, there's the whole problem of jurisdiction. Where exactly does cyberspace begin and end? In general, a government's jurisdiction extends to those individuals who reside within its borders or to transactions or events which occur within those borders. The Internet, like space, doesn't have any borders. A few states have been daring, claiming that the flow of commerce, or financial stream, across their Internet nodes gives them jurisdiction. However, it's unlikely that any state authority would issue a warrant for an overseas offender who has less than minimal physical contact with U.S. soil. The minimal contact requirement usually governs transborder technology-related commerce (International Shoe Co. v. Washington 1945). International law enforcement compacts also require dual criminality, which means that investigative cooperation only exists if the offense has similar meaning in both nations. Sometimes, it's better to prosecute overseas, sometimes locally, sometimes federally, and this leads to a lot of disparities and inequities in the justice system.

What and when to seize are also baffling issues. Reactive response to hard drives have become a pattern in law enforcement because they conveniently record voyages in cyberspace. However, it might be easier, and more proactive, to monitor bulletin boards, websites, posts, emails, finger and Usenet. The computer's role should determine if the machine itself is to be seized or simply searched onsite. If the computer was used to commit a crime, the entire system should be seized. If the computer was used to store information about a crime, the hard drive, printer, and printout should be seized. Other situations might call for a quick copy of the hard drive and all floppies. The independent component doctrine requires that probable cause elements be present before any peripheral devices are seized. Getting ISPs to turn over their log files in a timely fashion, and getting upstream carriers to cooperate, are additional problems.

It must be remembered that this is an area, along with drugs, that helped develop the practice of no-knock warrants. Judges apparently felt that hackers could install time-delay devices or hot keys to permit quick disposal of evidence. A time-delay device destroys evidence if the keyboard is not accessed for awhile, and a hot key program erases data when a certain keystroke combination is depressed. Courts have also dealt with the time element for when a computer search warrant keeps from going stale, which is 3-6 months, the latter being the time when an unread message becomes a stored message, for legal purposes (Becker 2000).

Cyberspace law is a patchwork of loosely-articulated protections, liberally punctuated with loopholes and exceptions. Consider, for example, that there is privacy protection for bank records but not for medical records; protection for videotape rentals, but not magazine subscriptions; credit record protection, but not insurance records. New business practices and new technological developments often make good laws quickly obsolete. It's no wonder that cyberspace is the perfect breeding ground for crime because cyberlaw is such a mess. 48 states have some version of a Computer Fraud and Misuse Act (Title 18, Section 1030 of the Federal Criminal Code). This act was passed into law by Congress in 1986, and has been amended at least five times to touch up the language. There's also the Economic Espionage Act (Title 18, Section Chapter 90). Most cybercrime is prosecuted at the federal level under either of these two acts. Let's take a look at these two laws.

Computer Fraud and Misuse Act (last amended 1999): "Whoever knowingly accesses a computer without permission...to obtain information...defined as harmful to national defense, foreign relations..., or injury to the United States, intentionally accesses the financial record of a financial institution, any computer of any department or agency of the U.S., any protected computer involved in interstate or foreign communication, any nonpublic computer that conducts affairs for the government...with intent to defraud, extort, or cause damage...shall be punished by fine and imprisonment for five to twenty years."

Economic Espionage Act of 1996: "Whoever intentionally or knowingly steals, copies, receives, or conspires to benefit any foreign instrumentality by converting any trade secret related to interstate or foreign commerce shall be subject to criminal and civil forfeiture of all property used or derived from the offense as well a fine from $500,000 to $5,000,000 and imprisonment from ten to fifteen years."

State laws tend to be written as theft or fraud statutes, the evils being stealing and undermining confidence. You might want to review the common law elements of theft, fraud, and consumer fraud if you're unfamiliar with these offenses. CardCops, a company that tracks and stings fraudulent (stolen) credit card use over the Internet, estimates online fraud at ten times the rate of real world fraud. EscrowFraud.com estimates that 99% of web sites a seller of something on the Internet tries to "steer" you toward is "fake." Virtual returns of merchandise are almost as costly as virtual purchases, and so-called carders regularly post sniffed credit card numbers in chat rooms and on web sites. In the long run, it's the perception of dangerousness that hurts e-commerce, but in the short run, it's the speed of offenders and the slowness of law enforcement that is of concern. The typical state-level cybercrime statute is long, often longer than federal code, and the wording is extremely general, but a short example might be as follows:

Typical State Cybercrime Statute (circa 2000): "A person commits computer theft or fraud when they knowingly and without authorization access or cause to be accessed any computer or network for obtaining goods, services or information with the intent to permanently deprive the owner of possession or use."

Not everything computer-related is cybercrime, and not everything computer-related is computer crime. A person using a stolen telephone code to make free calls, even though the number is processed by a computer, is engaging in toll fraud, not computer crime. A person who embezzles $200 from the ATM of a company they work for still commits embezzlement, not cybercrime. The use of computers as incidental to another offense is not cybercrime. There are plenty of laws on the books already to classify many types of cybercrime. One way to do this involves thinking along the lines of asset forfeiture, or whether computers make up the fruits or instrumentalities of crime. This is a classification of cybercrime with the computer as target and computer as tool.

Computer as Target: This kind of activity is the wrongful taking of information or the causing of damage to information. Targeting a computer just to obtain unauthorized access is the hallmark of hacking, and the most serious criminal offense here is theft of information, followed by maliciousness, mischief, and wayward adventuring. Bypassing a password protected website to avoid payment would be theft of services, and foreign intelligence break-ins would be espionage. These are all familiar types of crimes, but hacking is typically done in furtherance of a larger scheme since the hacker wants to exploit all computational and encryption capabilities of a hacked system in order to weave through related computer systems. The activity can range from large-scale disruption to elegant hacking. DNS rerouting and denial of service attacks are the most disruptive. Subtle changes to a web page are elegant. Hackers also generally collect password lists, credit card info, proprietary corporate info, and warez (pirated commercial software). A list of specific offenses in this category might include:

Computer as Tool: This kind of activity involves modification of a traditional crime by using the Internet in some way. The traditional analogue here is fraud. It can something as simple as the online illegal sale of prescription drugs or something as sophisticated as cyberstalking. Pedophiles also use the Internet to exchange child pornography, pose as a child, and lure victims into real life kidnappings. Laws governing fraud apply with equal force regardless if the activity is online or offline, but a few special regulations apply at the federal level:

Another way of classifying cybercrime is to use a location-based approach that distinguishes between insiders and outsiders. This is the approach the FBI uses (see Director Freeh's testimony 2000), which is also based on an evaluation of societal costs and the capabilities of law enforcement. Such categorizations are merely descriptive, but the geographic profiling of hackers has been a law enforcement pastime for quite some time (Taylor 1991). It's also true that the rest of the country follows the lead of the FBI. The National Infrastructure Protection Center (now part of the DHS) reflects a changing set of priorities and emphases, but you can see how about half the tips relate to insiders (using e-mail safely within your organization) and half to outsiders (cyberprotests by foreign nationals).

Insider Threats: The disgruntled insider is the principle source of computer crime. As much as 75% of computer crimes are done by employees. Their average age is 29, and they generally hold managerial or professional positions. The FBI regards disgruntled employees as motivated by a perception of unfair treatment by management or snubs by co-workers. Another fraction of incidents are caused by blunders, errors, or omissions. The FBI regards the insiders here as incompetent, inquisitive, or unintentional. The difference appears to be in the intent to disrupt. Crimes involving the computer only incidentally are treated as traditional crimes -- theft, for example, if an employee tampers with the payroll system (called "data-diddling"). However, even the FBI is continually surprised, when under the plain view doctrine, they investigate an insider threat and find examples of child pornography, organized crime connections, and even recreational hacking. Employees often waste a lot of company time using their network access to surf, shop, or engage in other instances of lost productivity. It makes sense to profile the typical computer abuser. Every organization has them, and here are some of the signs:

Outsider Threats: Hackers are the most common group in this category. Their typical age is between 14 and 19, and they are generally part of the cyberpunk subculture. Hacking for illicit financial gain has been increasing, and less-skilled "script kiddies" (using point-and-click software instead of programming) are increasing in number. Distributed Denial of Service Attacks are also increasing, which plant a tool such as Trinoo, Tribal Flood Net (TFN), TFN2K, or Stacheldraht (German for barbed wire) on a number of unwitting victim systems. Then when the hacker sends the command, the victim systems in turn begin sending messages against the real target system. 2001 was also the Year of the Virus, and several large-scale hacks were accompanied by viruses released in the wild, which led authorities to suspect that hackers and virus writers were uniting. The FBI uses the following typology to classify outsider threats:

Industrial espionage is a very high-stakes game which the U.S. plays along with everyone else. There is a 1996 Anti-Economic Espionage law that defines "trade secret" quite broadly, but arrests usually involve sting operations conducted against foreign nationals attempting to bribe somebody (see Hacking and Industrial Espionage for updates on the latest arrests). It's the perfect example of an exception to the insider-outsider typology because sometimes, the crime originates with an employee who is in a position to sell trade secrets, and other times, the employee is tempted by an outsider.

Terrorists are known to use information technology to formulate plans, raise funds, spread propaganda, and to communicate securely. For example, Ramzi Yousef, mastermind of the first World Trade Center attack, stored detailed plans to destroy United States airliners on encrypted files in his laptop computer. Osami bin Laden was known to use steganography for his network's communications. A website that was known as the Muslim Hacker's Club listed tips for things such as hacking the Pentagon. A hacker known as DoctorNuker has been defacing websites for the last five years with anti-American, anti-Israeli, and pro-Bin Laden propaganda. Other than by using computers to communicate and coordinate, few examples exist of cyberterrorism, or politically motivated attacks on computer systems. In fact, it is advantageous to a terrorist group to keep the Internet working, as a means of communication and outlet for propaganda. The main tools of terrorism remain guns and bombs, not computers. There are a few instances of cyberterrorism, however, such as the 1998 attack on Sri Lankan servers by the Internet Black Tigers, or the Mexican Zapatista movement of the same year, which eventually teamed up with protesters of the World Trade Organization. We have yet to see a significant instance of "cyber terrorism" with respect to widespread disruption of critical infrastructures. However, the FBI and many others, are concerned about the growth of something called hactivism, which is a word that combines hacking and activism. These are politically motivated attacks, but they may also be a form of electronic civil disobedience. Such attacks are usually elegant. For example, the Zapatistas target the URLs of companies they think don't support human rights. The attack is nothing more than adding the phrase "/human_rights" to the end of the URL. The page returns a display that says "human rights not found on this server", which is also found in the server logs. They don't actually flood the server, just enough times to make sure it's noticed in the server logs.

Foreign intelligence services have adapted to using cyber tools as part of their information gathering and espionage tradecraft. In a case dubbed "the Cuckoo's Egg," between 1986 and 1989 a ring of West German hackers penetrated numerous military, scientific, and industry computers in the United States, Western Europe, and Japan, stealing passwords, programs, and other information which they sold to the Soviet KGB. Significantly, this was over a decade ago -- ancient history in Internet years.

Infowarfare usually involves foreign military forces against another foreign military force. We know that several nations are already developing information warfare doctrine, programs, and capabilities for use against each other and the United States. China and Taiwan have been at infowar for years. Foreign nations develop such programs because they feel they cannot defeat the United States in a head-to-head military encounter and believe that information technology is our Achilles Heel.

Cyberextortion is an outsider threat designed to obtain money, products, or favorable considerations from an organization or an organization's individual employees using illegal means of persuasion related to a computer intrusion or threatened computer intrusion that would make it impossible or difficult for that organization to do business. The method of attack is most typically a Denial of Service (DoS) although theft of data or public ridicule (web defacement) are also common. The crime takes advantage of the tendency for most businesses to NOT want their infrastructure vulnerability made public. The target is typically a company that is involved heavily in e-commerce, and there is some tendency for targets to be companies that outsource their help desk function to places like India and Pakistan. Not much is known about cyberextortionists, but a research study at Carnegie Mellon promises to shed some light on the subject.

This crime is a good example of a transnational crime. While it can occur within the boundaries of a single nation (Japanese businesses, for example, tend to be cyberextorted by Japanese criminals), it is more commonly found in the form of Russian or Eastern European hackers, hired or coerced by some organized crime group into finding American and European companies to break into. Banking organizations are a particular target. The Bank victim is threatened with having all or most of their customer's PIN numbers placed on the Internet somewhere, and a suprising number of victims "pay up" rather than report the problem to law enforcement. Cyberextortion, in its organized crime variety, also represents an interesting division of labor among criminals since the hackers do specialized, technical work and their "handlers" do specialized, nontechnical work.

At the heart of cybercrime are the hackers. These people are the ones with the skills to commit the crimes, and an interesting way to look at them is to focus upon the lifestyles and personalities of hackers. Take it for what it's worth. None of these personality characteristics have been validated by any empirical tests. The first typology comes from Maxfield (1985):

A second typology (Coutourie 1989) describes the relationship of a hacker to their computer:

There have been no attempts (that I know of) to apply these typologies to real-life case studies, although allow me to give you some cases, and let you see if you can apply anything yourselves:

Case Studies of Hackers
"Captain Crunch"	In 1972, "Capt. Crunch" aka John Draper, realized that by blowing the whistle that came in Capt. Crunch cereal boxes, he could replicate the tones necessary to place free long-distance phone calls. He spent some time on probation and in prison, then went to work for Apple Computer.
Kevin Mitnick	In 1994, Mitnick was the world's most wanted hacker for breaking into Digital Equipment's computers and stealing source codes. He served some years in prison, then became a book author.
Kevin Poulsen	In 1995, Poulsen, a friend of Mitnick's, broke into FBI computers. He spent some years in prison, and is now a computer security journalist.
"Mafiaboy"	In 2000, this Canadian boy launched denial-of-service attacks on CNN, Yahoo, and other major websites. He ended up under house arrest and was restricted from using the Internet.
Onel DeGuzman	In 2000, this Filipino computer science student unleashed the "ILOVEYOU" virus on the Net. He went unpunished because the Philippines had no law covering the crime.

Hackers, like terrorists, tend to work in asymmetric, non-hierarchical formation, which means that they do not have organizations like gangs and so forth. The concept of netwar (Arquilla & Ronfeldt 2001) might or might not be useful at explaining these new kinds of formations. Although the concept of netwar is at odds with traditional forms of organization, criminal networks tend to have the following types of members, which can be compared to the components of a terrorist cell:

*Membership Roles/Components of Hacking/Terrorist Networks*
Organizers -- core members who steer group	Leadership -- charismatics who lead group
Insulators -- members who protect the core	Bodyguards -- members who protect leaders
Communicators -- pass on directives	Seconds in command -- pass on orders
Guardians -- security enforcers	Intelligence -- and counterintelligence agents
Extenders -- recruiters of new members	Financiers -- fund raisers & money launderers
Monitors -- advisors about group weaknesses	Logistics -- keepers of safe hourses
Members -- those who do the hacking	Operations -- those who commit the terror
Crossovers -- people with regular jobs	Sleepers -- members living under deep cover

Netwar is the most likely way cyberterrorists would operate. They have an interest in getting their message and/or demands across, so therefore would use the Internet to disseminate information or misinformation. A number of terrorist groups already have websites, and more can be expected. Hackers also seem to be evolving more in the direction of hactivism. It is unlikely that terrorists will ever give up their traditional weapons. The most likely scenario is a traditional attack that is simultaneously accompanied by a PsyOp-like netwar. The definition of netwar is as follows:

NETWAR refers to information-related conflict at a grand level between nations or societies. It means trying to disrupt or damage what a target population knows or thinks it knows about itself and the world around it. A netwar may focus on public or elite opinion, or both. It may involve diplomacy, propaganda and psychological campaigns, political and cultural subversion, deception of or interference with local media, infiltration of computer networks and databases, and efforts to promote dissident or opposition movements across computer networks (Arquilla & Ronfeldt's RAND archives).

Cybercrime and cyberterrorism are not coterminous. Cyberspace attacks must have a 'terrorist' component in order to be labelled cyberterrorism. The likelihood of a cyberterror attack increases every day, as every day the Internet and countless other computer systems are under increasing attack and/or used by terrorists in various ways. "Use" by itself does not normally comprise cyberterrorism, just "use" which borders on "offensive use" or "misuse" at least according to Kent Anderson's article on Politically Motivated Computer Crime, pdf, however, thought on the offensiveness of "supporter websites" is still evolving (Weimann 2006), and the Jamestown Foundation probably has a good set of experts who analyze the websites of terrorist organizations and supporters. In 1999, Time magazine reported that 12 of the 30 terrorist groups deemed Foreign Terrorist Organisations (FTOs) by the United States Department of State had their own Web sites, and by 2005, a majority of the groups on the same list have an online presence, some of which are hosted by American site hosting companies. A determined attacker (or attackers) will soon learn what works and what doesn’t, where the vulnerabilities are, how responses are patterned, and what methods are used for detection, apprehension, and prosecution. Cyberterrorism is not a matter of if, but when. Some definitions are given below:

CYBERTERRORISM is the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives. (Source: Kevin Coleman's 2003 article)

Cyberterrorism refers to premeditated, politically motivated attacks by sub-national groups or clandestine agents against information, computer systems, computer programs, and data that result in violence against non-combatant targets" (Pollit n.d.)

Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not. (Denning 2000 & 2001)

PRINTED RESOURCES
Arquilla, J. & D. Ronfeldt. (2001). Networks and Netwars. Santa Monica: RAND.
Ballard, J., Hornik, J, & McKenzie, D. (2002). Technological Facilitation of Terrorism: Definitional, Legal, and Policy Issues. American Behavioral Scientist 45(6):989-1016.
Becker, R. (2000). Criminal Investigation. Gaithersburg, MA: Aspen.
Bennett, W. & K. Hess. (2001). Criminal Investigation. Belmont, CA: Wadsworth.
Biegel. S. (2003). Beyond our Control: Confronting the Limits of our Legal System in the Age of Cyberspace. Cambridge, MA: MIT Press.
Brown, S., F. Esbensen & G. Geis. (2001). Criminology. Cincinnati: Anderson.
Clifford, R. (2001). Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime. Durham: Carolina Academic Press.
Collin, B. (1996). "The Future of Cyberterrorism," paper presented at the 11th Annual International Symposium on Criminal Justice Issues, University of Illinois at Chicago, at http://afgen.com/terrorism1.html.
Coutourie, L. (1989). "The Computer Criminal" FBI Law Enforcement Journal 58: 18-22.
Denning, Dorothy. (2000). "Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Policy." Georgetown Univ. Workshop paper.
Denning, D. (2000). "Testimony before the Special Oversight Panel on Terrorism," U.S. House of Representatives, Committee on Armed Services (23 May), at http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html.
Denning, D. (2000). "Cyberterrorism," Global Dialogue (Autumn), at http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc.
Denning, D. (2001). "Is Cyber Terror Next?" New York: U.S. Social Science Research Council, at http://www.ssrc.org/sept11/essays/denning.htm.
Deutch, J. (1996). "Statement Before the U.S. Senate Governmental Affairs Committee, Permanent Subcommittee on Investigations" (25 June), at http://www.nswc.navy.mil/ISSEC/Docs/Ref/InTheNews/fullciatext.html.
Dyson, Esther et al. (1994). Cyberspace and the American Dream. EFF [article website]
Embar-Seddon, A. (2002). Cyberterrorism: Are We Under Seige? American Behavioral Scientist 45(6):1033-43.
Garfinkel, S. (2004). "The FBI's Cyber-Crime Crackdown," Pp. 21-25 in J. Victor & J. Naughton (eds.) Annual Editions: Criminal Justice 04/05. Dubuque, IA: Dushkin.
Kalathil, S. & Boas, T. (2003). Open Networks, Closed Regimes: The Impact of the Internet on Authoritarian Rule. Washington DC: Brookings.
Kopelev, S. (2000). "Cracking Computer Codes" Law Enforcement Technology 27(1): 60-67.
Lessig, L. (1999). Code and Other Laws of Cyberspace. NY: Basic Books. [author's website]
Lipschultz, J. (1999). Free Expression in the Age of the Internet. Boulder, CO: Perseus Books.
Loader, B. & D. Thomas. (2000). Cybercrime, Law Enforcement, Security and surveillance in the Information Age. London: Routledge.
Maxfield, J. (1985). "Computer Bulletin Boards and the Hacker Problem" the Electric Data Processing Audit, Control and Security Newsletter. Arlington: Automation Training Center, October.
Mena, J. (2004). Homeland Security Techniques and Technologies. Hingham, MA: Charles River Media.
Meyer, J. & C. Short. (1998). "Investigating Computer Crime" Police Chief 65(5): 28-35.
Moore, R. (2005). Cybercrime: Investigating High-Technology Computer Crime. Cincinnati: LexisNexis Anderson.
Parker, T., Sachs, M., Shaw, E., Stroz, E. & Devost, M. (2004). Cyber Adversary Characterization: Auditing the Hacker Mind. NY: Syngress.
Pollitt, M. (n.d.) "Cyberterrorism: Fact or Fancy?" http://www.cs.georgetown.edu/~denning/infosec/pollitt.html.
Power, R. (2000). Tangled Web: Tales of Digital Crime from the Shadows of CyberSpace. Indianapolis: Que.
Rose, L. (1995). Net law: Your rights in an online world. NY: McGraw Hill.
Sullivan, S. (1999). "Policing the Internet" FBI Law Enforcement Bulletin 68(6): 18-21.
Taylor, R. (1991). "Computer Crime" in C. Swanson, N. Chamelin & L. Teritto, Criminal Investigation. NY: Random House.
Wall, David. (Ed.) (2001). Crime and the Internet. NY: Routledge.
Weimann, G. (2006). Terror on the Internet: The New Arena, the New Challenges. Dulles, VA: Potomac Books.
Whine, M. (1999). Cyberspace -- A New Medium for Communication, Command, and Control by Extremists" Studies in Conflict and Terrorism 22:231-245.