Articles Data Breaches and Identity Theft | Page 16

Cyber security and the Internet of Things 79
their interest. Credit card information theft has a long history with individual
hackers. With the growth of e-commerce, it is easier to use stolen credit card
information to buy goods and services.
Individual hackers use tools such as viruses, worms and sniffers to exploit
a system. They plan attacks based on equipment availability, internet access
availability, the network environment and system security.
One of the individual hacker categories is the insider [21, 37]. Insiders are
authorized individuals working against a system using insider knowledge or
privileges. Insiders could provide critical information for outsider attackers
(third party) to exploit vulnerabilities that can enable an attack. They know the
weak points in the system and how the system works. Personal gain, revenge,
and financial gain can motivate an insider. They can tolerate risk ranging from
low to high depending on their motivation.
3.2.2 Organized groups
Criminal groups are becoming more familiar with ongoing communications
and IoT technology. In addition, as they become more comfortable with
technological applications, these groups can be more aware of opportuni-
ties offered by the infrastructure routing information of different networks.
The motivations of these groups are quite diverse; their targets typically
include particular organizations for revenge, theft of trade secrets, economic
espionage, and targeting the national information infrastructure. They also
involve selling personal information, such as financial data, to other criminal
organizations, terrorists, and even governments.
They are very capable in terms of financial funding, expertise and
resources. Criminal groups capabilities in terms of methods and techniques are
moderate to high depending on what the goals are. They are very skillful at
creating botnets and malicious software (e.g., computer viruses and scare-
ware) and denial-of-service attack methods [44]. Organized criminals are
likely to have access to funds, meaning they can hire skilled hackers if
necessary, or purchase point-and-click attack tools from the underground
economy with which to attack any systems [46]. Such criminals can tolerate
higher risk than individual hackers and are willing to invest in profitable
attacks.
Cyber terrorism [21, 56] is a form of cyber-attack that targets military
systems, banks, and specific facilities such as satellites, and telecommunica-
tion systems associated with the national information infrastructure based on
religious and political interests. Terrorist organizations depend on the internet
to spread propaganda, raise funds, gather information, and communicate