International Journal on Criminology Volume 2, Number 1, Spring 2014 | Page 17

The Behavioral Intelligence Paradigm in Fighting Cyber-Crime
techniques sharing, and image sharing
around the 4chan platform. Massive raids
and pranks, known as “4chan raids”, popularize
a perspective of hacking as a blend of
activism, bullying, and satirist information
campaigns, although opting out of political
campaigns in the early years (2003–2006).
Meanwhile, preparation and sponsorship
of large-scale attacks also gain considerable
traction as the core philosophy of
hacking (based on freedom and activism
values) is fading away with the diffusion
of embedded cracking tools and libraries.
Titan Rain (2003–2006) is an exemplar of
these first explorations of cyber-warfare involving
low-tech methodologies embedded
into advanced campaigns (see Figure 3).
The years 2005–2013 are marked by
a double shift, and to some extent a seizure,
between “target and sponsored campaigns”
led by States or organized crime, and more
pervasive “spontaneous and long-reach
campaigns” led by activist groups, hackers’
collectives, and loosely coupled entities
such as Anonymous and LulzSec. This period
is characterized by a rapid growth of
strategic and politically motivated attacks
(Kerem125 against the United Nations,
Chinese APT1 global campaign, Estonia
DoS attacks, Stuxnet, and Operation Aurora)
(Figure 4).
The technology used in these largescale
campaigns does not dramatically
differ from the early days of hacking. One
hundred and twenty-five lines of codes are
still very efficient in 2013 to conduct the exploitation
of vulnerabilities, even when the
lines of defense have exponentially grown
in the past 25 years. As most innovation
disruptions in the early twenty-first century,
the performance of these campaigns is
rooted in the accessibility and diffusion of
combinatory learning, i.e., the capacity of
outpacing the defensive learning of targets
by a better and faster behavioral intelligence.
The formation of two distinctive
groups (large-scale spontaneous groups
versus sponsored targeted large-scale campaigns)
is typical of the two paths that can
be used to attain a superior collective behavioral
learning advantage. Large spontaneous
groups benefit from distributed
astute learning, i.e., the learning conducted
by individual hackers who can coordinate
on a very large scale, making their collective
learning ubiquitous and efficient. Targeted
sponsored campaigns (such as APTs)
benefit from the advance of automated artificial
intelligence embedded into technology
(e.g., Stuxnet and FLAME).
Most defensive systems are based on
the recognition of signatures (“embedded
malicious codes”) of malwares, or on the
normative analysis of behaviors compared
to “healthy behaviors” (knowledge-based
detection systems). Both the collective
learning of spontaneous groups and advanced
machine learning currently outpace
signature-based detection systems. The
nature of the current paradigm shift is, in
this sense, very similar to the evolution of
information warfare in the early 1990s. We
are witnessing a strategic disruption where
defenders are consolidating their information
infrastructures, while attackers are
engaging in knowledge-warfare (Baumard
1994). Superior knowledge, through astute
combination, can be gained from truncated
and partial information. Superior information
rarely defeats even poorly articulated
knowledge.
A behavioral intelligence paradigm
is synonymous with an inescapable rise of
“zero days” threats. Pervasive and highly
available combinatory learning allows
the creation of many variants of an exploit
(exploitation of a vulnerability) within 24
hours of its discovery. Re-encapsulating
and re-combining the exploits of undiscovered
flaws (“zero days”) is made possible
15