Abstract
Current investigations into computer intrusions usually focus on individual
systems and geographically localized incidents. However, in reality, many
intrusions are interrelated and international in scope. To better protect
systems, intrusions must be understood in their proper context; not in the
isolated focus of a single incident. Key to a global understanding of these
threats is classifying the various motives of individuals and groups involved.
When incidents are investigated in their global context, it is possible to
analyze the dynamics and patterns of interrelated incidents previously
misunderstood or ignored.
This paper will summarize the author's investigations of international
intrusions during the last eight years to present a classification model
of attributes and motives displayed by intruders, and explain common
patterns of activities. Finally, current technical trends are considered
in order to understand potential future risks.