The consequences of unauthorized access, on the one hand, and the tampering with information, on the other, are enormous, whether accessed in terms of its impact upon individuals, corporate entities or the economy as a whole (Sturdevant, 2005). Indeed, a considerable of the potential consequences of the unauthorised violation of information, or of cyberattacks, highlights the aforementioned.
Much has been written about the consequences of cyberattacks and the extent to which the theft, unauthorized access or tampering with information has the potential to wreak havoc upon individual lives, companies and economies. In explaining this, Schwartau (1994) identified three levels of information warfare, each of which had its own unique characteristics, targets and, naturally, consequences. The first level, referred to by Schwartau (1994) as interpersonal Attacks,' focuses on identity theft, both of individuals and of corporations. The successful theft of identity, entailing the gathering of personal/corporate information and records, allows the identity thief to pose as the person/entity in question. Through possession of information such a credit history, driving records, medical files/history and accounts, the identity thief can proceed to harass the entity/person in question and assassinate his/her character or corporate reputation (Schwartau, 1994).
While interpersonal attacks, primarily limited to identity threat, are classified as the first level of information warfare, the harm done to victims can take years and substantial amounts of money to repair. As Block (2007) reports, official crime statistics indicate that approximately 5% of all American adults have been victimized and, as a consequence, have witnessed both the destruction of their credit history and, in many instances, their reputation. On the corporate level, however, identity theft may be identified as a serious annoyance more than a problem insofar as the theft of corporate identity is much more difficult than the theft of individual identity and much easier to disprove. That does not mean to imply that it is not problematic or that it does not expose the entity in question to both financial loss and negative publicity but only that its consequences are much more containable than those which result from one of the other two levels of information warfare.
Within the context of level two information warfare, referred to by Schwartau (1994) as InfoWar, the consequences are infinitely more serious and substantially more costly. InfoWar, as defined by Schwartau (1994), involves sabotage, the theft of company records, including client and subscriber lists, and industrial espionage. A not uncommon scenario can involve the theft of client and subscriber lists and their subsequent selling to a competitor. In order to highlight the magnitude of the consequences of this act of InfoWar, Gold (2001) discusses the consequences of InfoWar in relation to Encyclopedia Britannica, which was subjected to such a cyberattack incident approximately ten years ago. Its database, containing the names of 3,000,000 subscribers was stolen and sold to a competitor. That database, considered the company's most valuable asset, was conservatively estimated at $1,000,000. Needless to say, the company lost tens of thousands of subscribers, not to mention the financial loss it incurred (Gold, 2001).
InfoWar is not,