Malware

From Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Malware 

 

Malware (a portmanteau for malicious software) is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types (i.e. computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, wiper and keyloggers).

Malware poses serious problems to individuals and businesses on the Internet. According to Symantec's 2018 Internet Security Threat Report (ISTR), malware variants number has increased to 669,947,865 in 2017, which is twice as many malware variants as in 2016. Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy $6 trillion USD in 2021, and is increasing at a rate of 15% per year. Since 2021, malware has been designed to target computer systems that run critical infrastructure such as the electricity distribution network.

The defense strategies against malware differ according to the type of malware but most can be thwarted by installing antivirus software, firewalls, applying regular patches, securing networks from intrusion, having regular backups and isolating infected systems. Malware can be designed to evade antivirus software detection algorithms.

History

Main article: History of computer viruses

For a chronological guide, see Timeline of computer viruses and worms.

The notion of a self-reproducing computer program can be traced back to initial theories about the operation of complex automata. John von Neumann showed that in theory a program could reproduce itself. This constituted a plausibility result in computability theory. Fred Cohen experimented with computer viruses and confirmed Neumann's postulate and investigated other properties of malware such as detectability and self-obfuscation using rudimentary encryption. His 1987 doctoral dissertation was on the subject of computer viruses. The combination of cryptographic technology as part of the payload of the virus, exploiting it for attack purposes was initialized and investigated from the mid 1990s, and includes initial ransomware and evasion ideas.

Before Internet access became widespread, viruses spread on personal computers by infecting executable programs or boot sectors of floppy disks. By inserting a copy of itself into the machine code instructions in these programs or boot sectors, a virus causes itself to be run whenever the program is run or the disk is booted. Early computer viruses were written for the Apple II and Macintosh, but they became more widespread with the dominance of the IBM PC and MS-DOS system. The first IBM PC virus in the "wild" was a boot sector virus dubbed (c)Brain, created in 1986 by the Farooq Alvi brothers in Pakistan. Malware distributors would trick the user into booting or running from an infected device or medium. For example, a virus could make an infected computer add autorunnable code to any USB stick plugged into it. Anyone who then attached the stick to another computer set to autorun from USB would in turn become infected, and also pass on the infection in the same way.

Older email software would automatically open HTML email containing potentially malicious JavaScript code. Users may also execute disguised malicious email attachments. The 2018 Data Breach Investigations Report by Verizon, cited by CSO Online, states that emails are the primary method of malware delivery, accounting for 96% of malware delivery around the world.

The first worms, network-borne infectious programs, originated not on personal computers, but on multitasking Unix systems. The first well-known worm was the Morris worm of 1988, which infected SunOS and VAX BSD systems. Unlike a virus, this worm did not insert itself into other programs. Instead, it exploited security holes (vulnerabilities) in network server programs and started itself running as a separate process. This same behavior is used by today's worms as well.

With the rise of the Microsoft Windows platform in the 1990s, and the flexible macros of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications (executables), but rely on the fact that macros in a Word document are a form of executable code.

Many early infectious programs, including the Morris Worm, the first internet worm, were written as experiments or pranks. Today, malware is used by both black hat hackers and governments to steal personal, financial, or business information. Today, any device that plugs into a USB port – even lights, fans, speakers, toys, or peripherals such as a digital microscope – can be used to spread malware. Devices can be infected during manufacturing or supply if quality control is inadequate.

Purposes

Since the rise of widespread broadband Internet access, malicious software has more frequently been designed for profit. Since 2003, the majority of widespread viruses and worms have been designed to take control of users' computers for illicit purposes. Infected "zombie computers" can be used to send email spam, to host contraband data such as child pornography, or to engage in distributed denial-of-service attacks as a form of extortion. Malware is used broadly against government or corporate websites to gather sensitive information, or to disrupt their operation in general. Further, malware can be used against individuals to gain information such as personal identification numbers or details, bank or credit card numbers, and passwords.

In addition to criminal money-making, malware can be used for sabotage, often for political motives. Stuxnet, for example, was designed to disrupt very specific industrial equipment. There have been politically motivated attacks which spread over and shut down large computer networks, including massive deletion of files and corruption of master boot records, described as "computer killing." Such attacks were made on Sony Pictures Entertainment (25 November 2014, using malware known as Shamoon or W32.Disttrack) and Saudi Aramco (August 2012).

Types

There are many possible ways of categorizing malware and some malicious software may overlap into two or more categories. Broadly, software can categorised into three types: (i) goodware; (ii) greyware and (iii) malware.

Classification of potentially malicious software
Data sourced from: Molina-Coronado et. al. (2023)

Type	Characteristics	Examples	Notes
Goodware	Obtained from trustworthy sources	Google Play apps Buggy software
Greyware	Insufficient consensus and/or metrics	Potentially unwanted programs Spyware Adware
Malware	Broad consensus among antivirus software that program is malicious or obtained from flagged sources.	Viruses Worms Root kits Backdoors Ransomware Trojan horses

Malware

Hex dump of the Blaster worm, showing a message left for Microsoft co-founder Bill Gates by the worm's programmer

Virus

Main article: Computer virus

A computer virus is software usually hidden within another seemingly innocuous program that can produce copies of itself and insert them into other programs or files, and that usually performs a harmful action (such as destroying data). They have been likened to biological viruses. An example of this is a portable execution infection, a technique, usually used to spread malware, that inserts extra data or executable code into PE files. A computer virus is software that embeds itself in some other executable software (including the operating system itself) on the target system without the user's knowledge and consent and when it is run, the virus is spread to other executable files.

Worm

A worm is a stand-alone malware software that actively transmits itself over a network to infect other computers and can copy itself without infecting files. These definitions lead to the observation that a virus requires the user to run an infected software or operating system for the virus to spread, whereas a worm spreads itself.

Rootkits

Main article: Rootkit

Once malicious software is installed on a system, it is essential that it stays concealed, to avoid detection. Software packages known as rootkits allow this concealment, by modifying the host's operating system so that the malware is hidden from the user. Rootkits can prevent a harmful process from being visible in the system's list of processes, or keep its files from being read.

Some types of harmful software contain routines to evade identification and/or removal attempts, not merely to hide themselves. An early example of this behavior is recorded in the Jargon File tale of a pair of programs infesting a Xerox CP-V time sharing system:

Each ghost-job would detect the fact that the other had been killed, and would start a new copy of the recently stopped program within a few milliseconds. The only way to kill both ghosts was to kill them simultaneously (very difficult) or to deliberately crash the system.

Backdoors

Main article: Backdoor (computing)

A backdoor is a broad term for a computer program that allows an attacker persistent unauthorised remote access to a victim's machine often without their knowledge. The attacker typically uses another attack (such as a trojan, worm or virus) to bypass authentication mechanisms usually over an unsecured network such as the Internet to install the backdoor application. A backdoor can also be a side effect of a software bug in legitimate software that is exploited by an attacker to gain access to a victim's computer or network.

The idea has often been suggested that computer manufacturers preinstall backdoors on their systems to provide technical support for customers, but this has never been reliably verified. It was reported in 2014 that US government agencies had been diverting computers purchased by those considered "targets" to secret workshops where software or hardware permitting remote access by the agency was installed, considered to be among the most productive operations to obtain access to networks around the world. Backdoors may be installed by Trojan horses, worms, implants, or other methods.

Trojan horse

A Trojan horse misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth.

Trojan horses are generally spread by some form of social engineering, for example, where a user is duped into executing an email attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by drive-by download. Although their payload can be anything, many modern forms act as a backdoor, contacting a controller (phoning home) which can then have unauthorized access to the affected computer, potentially installing additional software such as a keylogger to steal confidential information, cryptomining software or adware to generate revenue to the operator of the trojan. While Trojan horses and backdoors are not easily detectable by themselves, computers may appear to run slower, emit more heat or fan noise due to heavy processor or network usage, as may occur when cryptomining software is installed. Cryptominers may limit resource usage and/or only run during idle times in an attempt to evade detection.

Unlike computer viruses and worms, Trojan horses generally do not attempt to inject themselves into other files or otherwise propagate themselves.

In spring 2017 Mac users were hit by the new version of Proton Remote Access Trojan (RAT) trained to extract password data from various sources, such as browser auto-fill data, the Mac-OS keychain, and password vaults.

Droppers

Main article: Dropper (malware)

Droppers are a sub-type of Trojans that solely aim to deliver malware upon the system that they infect with the desire to subvert detection through stealth and a light payload. It is important not to confuse a dropper with a loader or stager. A loader or stager will merely load an extension of the malware (for example a collection of malicious functions through reflective dynamic link library injection) into memory. The purpose is to keep the initial stage light and undetectable. A dropper merely downloads further malware to the system.

Ransomware

Main article: Ransomware

Ransomware prevents a user from accessing their files until a ransom is paid. There are two variations of ransomware, being crypto ransomware and locker ransomware. Locker ransomware just locks down a computer system without encrypting its contents, whereas crypto ransomware locks down a system and encrypts its contents. For example, programs such as CryptoLocker encrypt files securely, and only decrypt them on payment of a substantial sum of money.

Some malware is used to generate money by click fraud, making it appear that the computer user has clicked an advertising link on a site, generating a payment from the advertiser. It was estimated in 2012 that about 60 to 70% of all active malware used some kind of click fraud, and 22% of all ad-clicks were fraudulent.

Lock-screens, or screen lockers is a type of "cyber police" ransomware that blocks screens on Windows or Android devices with a false accusation in harvesting illegal content, trying to scare the victims into paying up a fee. Jisut and SLocker impact Android devices more than other lock-screens, with Jisut making up nearly 60 percent of all Android ransomware detections.

Encryption-based ransomware, like the name suggests, is a type of ransomware that encrypts all files on an infected machine. These types of malware then display a pop-up informing the user that their files have been encrypted and that they must pay (usually in Bitcoin) to recover them. Some examples of encryption-based ransomware are CryptoLocker and WannaCry.

Grayware

See also: Privacy-invasive software and Potentially unwanted program

Grayware is any unwanted application or file that can worsen the performance of computers and may cause security risks but which there is insufficient consensus or data to classify them as malware. Types of greyware typically includes spyware, adware, fraudulent dialers, joke programs ("jokeware") and remote access tools. For example, at one point, Sony BMG compact discs silently installed a rootkit on purchasers' computers with the intention of preventing illicit copying.

Potentially Unwanted Program (PUP)

Potentially unwanted programs (PUPs) are applications that would be considered unwanted despite often being intentionally downloaded by the user. PUPs include spyware, adware, and fraudulent dialers.

Many security products classify unauthorised key generators as PUPs, although they frequently carry true malware in addition to their ostensible purpose. In fact, Kammerstetter et. al. (2012) estimated that as much as 55% of key generators could contain malware and that about 36% malicious key generators were not detected by antivirus software.

Adware

Some types of adware (using stolen certificates) turn off anti-malware and virus protection; technical remedies are available.

Spyware

Programs designed to monitor users' web browsing, display unsolicited advertisements, or redirect affiliate marketing revenues are called spyware. Spyware programs do not spread like viruses; instead they are generally installed by exploiting security holes. They can also be hidden and packaged together with unrelated user-installed software. The Sony BMG rootkit was intended to prevent illicit copying; but also reported on users' listening habits, and unintentionally created extra security vulnerabilities.

Detection

Antivirus software typically uses two techniques to detect malware: (i) static analysis and (ii) dynamic/heuristic analysis. Static analysis involves studying the software code of a potentially malicious program and producing a signature of that program. This information is then used to compare scanned files by an antivirus program. Because this approach is not useful for malware that has not yet been studied, antivirus software can use dynamic analysis to monitor how the program runs on a computer and block it if it performs unexpected activity.

The aim of any malware is to conceal itself from detection by users or antivirus software. Detecting potential malware is difficult for two reasons. The first is that it is difficult to determine if software is malicious. The second is that malware uses technical measures to make it more difficult to detect it. An estimated 33% of malware is not detected by antivirus software.

The most commonly employed anti-detection technique involves encrypting the malware payload in order to prevent antivirus software from recognizing the signature. Tools such as crypters come with an encrypted blob of malicious code and a decryption stub. The stub decrypts the blob and loads it into memory. Because antivirus does not typically scan memory and only scans files on the drive, this allows the malware to evade detection. Advanced malware has the ability to transform itself into different variations, making it less likely to be detected due to the differences in its signatures. This is known as polymorphic malware. Other common techniques used to evade detection include, from common to uncommon: (1) evasion of analysis and detection by fingerprinting the environment when executed; (2) confusing automated tools' detection methods. This allows malware to avoid detection by technologies such as signature-based antivirus software by changing the server used by the malware; (3) timing-based evasion. This is when malware runs at certain times or following certain actions taken by the user, so it executes during certain vulnerable periods, such as during the boot process, while remaining dormant the rest of the time; (4) obfuscating internal data so that automated tools do not detect the malware; (v) information hiding techniques, namely stegomalware; and (5) fileless malware which runs within memory instead of using files and utilizes existing system tools to carry out malicious acts. The use of existing binaries to carry out malicious activities is a technique known as LotL, or Living off the Land.  This reduces the amount of forensic artifacts available to analyze. Recently these types of attacks have become more frequent with a 432% increase in 2017 and makeup 35% of the attacks in 2018. Such attacks are not easy to perform but are becoming more prevalent with the help of exploit-kits.

Risks

Vulnerable software

A vulnerability is a weakness, flaw or software bug in an application, a complete computer, an operating system, or a computer network that is exploited by malware to bypass defences or gain privileges it requires to run. For example, TestDisk 6.4 or earlier contained a vulnerability that allowed attackers to inject code into Windows. Malware can exploit security defects (security bugs or vulnerabilities) in the operating system, applications (such as browsers, e.g. older versions of Microsoft Internet Explorer supported by Windows XP), or in vulnerable versions of browser plugins such as Adobe Flash Player, Adobe Acrobat or Reader, or Java SE. For example, a common method is exploitation of a buffer overrun vulnerability, where software designed to store data in a specified region of memory does not prevent more data than the buffer can accommodate being supplied. Malware may provide data that overflows the buffer, with malicious executable code or data after the end; when this payload is accessed it does what the attacker, not the legitimate software, determines.

Malware can exploit recently discovered vulnerabilities before developers have had time to release a suitable patch. Even when new patches addressing the vulnerability have been released, they may not necessarily be installed immediately, allowing malware to take advantage of systems lacking patches. Sometimes even applying patches or installing new versions does not automatically uninstall the old versions. Security advisories from plug-in providers announce security-related updates. Common vulnerabilities are assigned CVE IDs and listed in the US National Vulnerability Database. Secunia PSI is an example of software, free for personal use, that will check a PC for vulnerable out-of-date software, and attempt to update it. Other approaches involve using firewalls and intrusion prevention systems to monitor unusual traffic patterns on the local computer network.

Excessive privileges

Users and programs can be assigned more privileges than they require, and malware can take advantage of this. For example, of 940 Android apps sampled, one third of them asked for more privileges than they required. Apps targeting the Android platform can be a major source of malware infection but one solution is to use third party software to detect apps that have been assigned excessive privileges.

Some systems allow all users to modify their internal structures, and such users today would be considered over-privileged users. This was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an administrator or root, and a regular user of the system. In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This can be because users tend to demand more privileges than they need, so often end up being assigned unnecessary privileges.

Some systems allow code executed by a user to access all rights of that user, which is known as over-privileged code. This was also standard operating procedure for early microcomputer and home computer systems. Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user.

Weak passwords

A credential attack occurs when a user account with administrative privileges is cracked and that account is used to provide malware with appropriate privileges. Typically, the attack succeeds because the weakest form of account security is used, which is typically a short password that can be cracked using a dictionary or brute force attack. Using strong passwords and enabling two-factor authentication can reduce this risk. With the latter enabled, even if an attacker can crack the password, they cannot use the account without also having the token possessed by the legitimate user of that account.

Use of the same operating system

Homogeneity can be a vulnerability. For example, when all computers in a network run the same operating system, upon exploiting one, one worm can exploit them all. In particular, Microsoft Windows or Mac OS X have such a large share of the market that an exploited vulnerability concentrating on either operating system could subvert a large number of systems. It is estimated that approximately 83% of malware infections between January and March 2020 were spread via systems running Windows 10. This risk is mitigated by segmenting the networks into different subnetworks and setting up firewalls to block traffic between them.

Mitigation

Antivirus / Anti-malware software

Anti-malware (sometimes also called antivirus) programs block and remove some or all types of malware. For example, Microsoft Security Essentials (for Windows XP, Vista, and Windows 7) and Windows Defender (for Windows 8, 10 and 11) provides real-time protection. The Windows Malicious Software Removal Tool removes malicious software from the system. Additionally, several capable antivirus software programs are available for free download from the Internet (usually restricted to non-commercial use). Tests found some free programs to be competitive with commercial ones.

Typically, antivirus software can combat malware in the following ways:

1. Real-time protection: They can provide real time protection against the installation of malware software on a computer. This type of malware protection works the same way as that of antivirus protection in that the anti-malware software scans all incoming network data for malware and blocks any threats it comes across.
2. Removal: Anti-malware software programs can be used solely for detection and removal of malware software that has already been installed onto a computer. This type of anti-malware software scans the contents of the Windows registry, operating system files, and installed programs on a computer and will provide a list of any threats found, allowing the user to choose which files to delete or keep, or to compare this list to a list of known malware components, removing files that match.
3. Sandboxing: Provide sandboxing of apps considered dangerous (such as web browsers where most vulnerabilities are likely to be installed from).

Real-time protection

A specific component of anti-malware software, commonly referred to as an on-access or real-time scanner, hooks deep into the operating system's core or kernel and functions in a manner similar to how certain malware itself would attempt to operate, though with the user's informed permission for protecting the system. Any time the operating system accesses a file, the on-access scanner checks if the file is infected or not. Typically, when an infected file is found, execution is stopped and the file is quarantined to prevent further damage with the intention to prevent irreversible system damage. Most AVs allow users to override this behaviour. This can have a considerable performance impact on the operating system, though the degree of impact is dependent on how many pages it creates in virtual memory.

Sandboxing

Because many malware components are installed as a result of browser exploits or user error, using security software (some of which are anti-malware, though many are not) to "sandbox" browsers (essentially isolate the browser from the computer and hence any malware induced change) can also be effective in helping to restrict any damage done.

Website security scans

Website vulnerability scans check the website, detect malware, may note outdated software, and may report known security issues, in order to reduce the risk of the site being compromised.

Network Segregation

Structuring a network as a set of smaller networks, and limiting the flow of traffic between them to that known to be legitimate, can hinder the ability of infectious malware to replicate itself across the wider network. Software-defined networking provides techniques to implement such controls.

"Air gap" isolation or "parallel network"

As a last resort, computers can be protected from malware, and the risk of infected computers disseminating trusted information can be greatly reduced by imposing an "air gap" (i.e. completely disconnecting them from all other networks) and applying enhanced controls over the entry and exit of software and data from the outside world. However, malware can still cross the air gap in some situations, not least due to the need to introduce software into the air-gapped network and can damage the availability or integrity of assets thereon. Stuxnet is an example of malware that is introduced to the target environment via a USB drive, causing damage to processes supported on the environment without the need to exfiltrate data.

AirHopper, BitWhisper, GSMem  and Fansmitter are four techniques introduced by researchers that can leak data from air-gapped computers using electromagnetic, thermal and acoustic emissions.

Research

Utilizing bibliometric analysis, the study of malware research trends from 2005 to 2015, considering criteria such as impact journals, highly-cited articles, research areas, productivity, keyword frequency, institutions, and authors, revealed an annual growth rate of 34.1%. North America led in research output, followed by Asia and Europe. China and India were identified as emerging contributors.

Poaching

From Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Poaching 

 

The Poacher by Frédéric Rouge (1867–1950)

Poaching is the illegal hunting or capturing of wild animals, usually associated with land use rights. Poaching was once performed by impoverished peasants for subsistence purposes and to supplement meager diets. It was set against the hunting privileges of nobility and territorial rulers.

Since the 1980s, the term "poaching" has also been used to refer to the illegal harvesting of wild plants. In agricultural terms, the term 'poaching' is also applied to the loss of soils or grass by the damaging action of feet of livestock, which can affect availability of productive land, water pollution through increased runoff and welfare issues for cattle. Stealing livestock, as in cattle raiding classifies as theft, not as poaching.

The United Nations' Sustainable Development Goal 15 enshrines the sustainable use of all wildlife. It targets the taking of action on dealing with poaching and trafficking of protected species of flora and fauna to ensure their availability for present and future generations.

Legal aspects

The Poacher, 1916 sketch by Tom Thomson, Art Gallery of Ontario, Toronto

In 1998, environmental scientists from the University of Massachusetts Amherst proposed the concept of poaching as an environmental crime and defined as any illegal activity that contravenes the laws and regulations established to protect renewable natural resources, including the illegal harvest of wildlife with the intention of possessing, transporting, consuming or selling it and using its body parts. They considered poaching as one of the most serious threats to the survival of plant and animal populations. Wildlife biologists and conservationists consider poaching to have a detrimental effect on biodiversity both within and outside protected areas as wildlife populations decline, species are depleted locally, and the functionality of ecosystems is disturbed.

Continental Europe

End of the poacher, illustration based on a painting by August Dieffenbacher, 1894

Grave of a poacher in Schliersee, quoting the first stanza of the Jennerwein song. Now and then, poached game is being placed on the grave to commemorate 'Girgl'.

Marterl at the Riederstein, near Baumgartenschneid, Tegernsee. The remains of a poacher, who had never returned from a hunting expedition in 1861, were found at the site in 1897.

Austria and Germany refer to poaching not as theft but as intrusion into third-party hunting rights. While ancient Germanic law allowed any free man, including peasants, to hunt, especially on common land, Roman law restricted hunting to the rulers. In medieval Europe rulers of feudal territories from the king downward tried to enforce exclusive rights of the nobility to hunt and fish on the lands that they ruled. Poaching was deemed a serious crime punishable by imprisonment, but enforcement was comparably weak until the 16th century. Peasants were still allowed to continue small game hunting, but the right of the nobility to hunt was restricted in the 16th century and transferred to land ownership. The low quality of guns made it necessary to approach the game as close as 30 m (100 ft). Poachers in the Salzburg region were typically unmarried men around 30 years of age and usually alone on their illegal trade.

The development of modern hunting rights is closely connected to the comparatively modern idea of exclusive private ownership of land. In the 17th and the 18th centuries, the restrictions on hunting and shooting rights on private property were enforced by gamekeepers and foresters. They denied shared usage of forests, such as resin collection and wood pasture and the peasants right to hunt and fish. However, by end of the 18th century, comparably-easy access to rifles increasingly allowed peasants and servants to poach. Hunting was used in the 18th century as a theatrical demonstration of the aristocratic rule of the land and also had a strong impact on land use patterns. Poaching not only interfered with property rights but also clashed symbolically with the power of the nobility. Between 1830 and 1848, poaching and poaching-related deaths increased in Bavaria. The German revolutions of 1848–49 were interpreted as a general permission for poaching in Bavaria. The reform of the hunting law in 1849 restricted legal hunting to rich landowners and middle classes who could pay hunting fees, which led to disappointment among the general public, who continued to view poachers favourably. Some of the frontier regions, where smuggling was important, showed especially strong resistance to that development. In 1849, the Bavarian military forces were asked to occupy a number of municipalities on the frontier with Austria. Both in Wallgau (now part of Garmisch-Partenkirchen) and in Lackenhäuser, in the Bavarian forest, each household had to feed and accommodate one soldier for a month as part of a military mission to quell the disturbance. The people of Lackenhäuser had several skirmishes with Austrian foresters and military that started due to poached deer. The well-armed people set against the representatives of the state were known as bold poachers (kecke Wilderer). Some poachers and their violent deaths, like Matthias Klostermayr (1736–1771), Georg Jennerwein (1848–1877) and Pius Walder (1952–1982) gained notoriety and have had a strong cultural impact, which has persisted until today. Poaching was used as a dare. It had a certain erotic connotation, as in Franz Schubert's Hunter's love song, (1828, Schubert Thematic Catalogue 909). The lyrics of Franz von Schober connected unlimited hunting with the pursuit of love. Further poaching related legends and stories ranged from the 1821 opera Freischütz to Wolfgang Franz von Kobell's 1871 story about the Brandner Kasper, a Tegernsee locksmith and poacher who struck a special deal with the Grim Reaper.

While poachers had strong local support until the early 20th century, Walder's case showed a significant change in attitudes. Urban citizens still had some sympathy for the hillbilly rebel, but the local community were much supportive.

United Kingdom

Brass plaque on door at Tremedda farm dating to 1868, warning that poachers shall be shot on first sight

Poaching, like smuggling, has a long history in United Kingdom. The verb poach is derived from the Middle English word pocchen literally meaning bagged, enclosed in a bag, which is cognate with "pouch". Poaching was dispassionately reported for England in "Pleas of the Forest", transgressions of the rigid Anglo-Norman forest law. William the Conqueror, who was a great lover of hunting, established and enforced a system of forest law that operated outside the common law and served to protect game animals and their forest habitat from hunting by the common people of England and reserved hunting rights for the new French-speaking Anglo-Norman aristocracy. Henceforth, hunting of game in royal forests by commoners, or in other words poaching, was invariably punishable by death by hanging. In 1087, the poem "The Rime of King William", contained in the Peterborough Chronicle, expressed English indignation at the severe new laws. Poaching was romanticised in literature from the time of the ballads of Robin Hood, as an aspect of the "greenwood" of Merry England. In one tale, Robin Hood is depicted as offering King Richard the Lion Heart venison from deer that was illegally hunted in the Sherwood Forest, the King overlooking the fact that this hunting was a capital offence. The widespread acceptance of the common criminal activity is encapsulated in the observation Non est inquirendum, unde venit venison ("It is not to be inquired, whence comes the venison") that was made by Guillaume Budé in his Traitte de la vénerie. However, the English nobility and land owners were in the long term extremely successful in enforcing the modern concept of property, such as expressed in the enclosures of common land and later in the Highland Clearances, both of which were forced displacement of people from traditional land tenancies and erstwhile-common land. The 19th century saw the rise of acts of legislation, such as the Night Poaching Act 1828 and the Game Act 1831 in the United Kingdom, and various laws elsewhere.

United States

Lady Baltimore, a bald eagle in Alaska survived a poaching attempt in the Juneau Raptor Center mews on 15 August 2015

In North America, the blatant defiance of the laws by poachers escalated to armed conflicts with law authorities, including the Oyster Wars of the Chesapeake Bay and the joint US-British Bering Sea Anti-Poaching Operations of 1891 over the hunting of seals.

Violations of hunting laws and regulations concerning wildlife management, local or international wildlife conservation schemes constitute wildlife crimes that are typically punishable. The following violations and offenses are considered acts of poaching in the US:

• Hunting, killing or collecting wildlife that is listed as endangered by the IUCN and protected by law such as the Endangered Species Act, the Migratory Bird Treaty Act of 1918 and international treaties such as CITES.
• Fishing and hunting without a license.
• Capturing wildlife outside legal hours and outside the hunting season; usually the breeding season is declared as the closed season during which wildlife is protected by law.
• Prohibited use of machine guns, poison, explosives, snare traps, nets and pitfall traps.
• Other offenses of incorrect weaponry, such as the use of cartridge rifles in muzzleloader or archery season or in shotgun-only areas, or the killing of big game animals with insufficient firepower such as .22 Long Rifle rounds.
• Prohibited use of baiting with food, decoys or recorded calls in order to increase chances for shooting wildlife.
• Hunting from a moving vehicle or aircraft.
• Scouting game animals from an aircraft.
• Shining deer with a spotlight at night to impair its natural defenses and thus facilitate an easy kill is considered animal abuse. This hunting method is illegal in California, Virginia, Connecticut, Florida, Michigan, and Tennessee.
• Taking wildlife on land that is restricted, owned by, or licensed to somebody else.
• The animal or plant has been tagged by a researcher.
• Shooting an animal in a confined area (canned hunting).

Africa

Stephen Corry, the director of the human rights group Survival International, has argued that the term "poaching" has at times been used to criminalize the traditional subsistence techniques of indigenous peoples and to bar them from hunting on their ancestral lands when they are declared as wildlife-only zones. Corry argues that parks such as the Central Kalahari Game Reserve are managed for the benefit of foreign tourists and safari groups at the expense of the livelihoods of tribal peoples such as the Kalahari bushmen.

Motives

Sociological and criminological research on poaching indicates that in North America people poach for commercial gain, home consumption, trophies, pleasure, and thrill in killing wildlife or because they disagree with certain hunting regulations, claim a traditional right to hunt, or have negative dispositions toward legal authority. In rural areas of the United States, the key motives for poaching are poverty. Interviews conducted with 41 poachers in the Atchafalaya River basin in Louisiana revealed that 37 of them hunt to provide food for themselves and their families; 11 stated that poaching is part of their personal or cultural history; nine earn money from the sale of poached game to support their families; and eight feel exhilarated and thrilled by outsmarting game wardens.

In rural areas in Africa, the key motives for poaching are the lack of employment opportunities and a limited potential for agriculture and livestock production. Poor people rely on natural resources for their survival and generate cash income through the sale of bushmeat, which attracts high prices in urban centres. Body parts of wildlife are also in demand for traditional medicine and ceremonies. The existence of an international market for poached wildlife implies that well-organised gangs of professional poachers enter vulnerable areas to hunt, and crime syndicates organise the trafficking of wildlife body parts through a complex interlinking network to markets outside the respective countries of origin. Armed conflict in Africa has been linked to intensified poaching and wildlife declines within protected areas, likely reflecting the disruption of traditional livelihoods, which causes people to seek alternative food sources.

Results of an interview survey conducted in several villages in Tanzania indicate that one of the major reasons of poaching is for consumption and sale of bushmeat. Usually, bushmeat is considered a subset of poaching because of the hunting of animals regardless of the laws that conserve certain species of animals. Many families consume more bushmeat if there are no alternative sources of protein available such as fish. The further the families were from the reserve, the less likely they were to illegally hunt wildlife for bushmeat. They were more likely to hunt for bushmeat right before the harvest season and during heavy rains, as before the harvest season, there is not much agricultural work, and heavy rainfall obscures human tracks and makes it easier for poachers to get away with their crimes.

Poverty seems to be a large impetus to cause people to poach, something that affects both residents in Africa and Asia. For example, in Thailand, there are anecdotal accounts of the desire for a better life for children, which drive rural poachers to take the risk of poaching even though they dislike exploiting the wildlife.

Another major cause of poaching is the cultural high demand of wildlife products, such as ivory, which are seen as symbols of status and wealth in China. According to Joseph Vandegrift, China saw an unusual spike in demand for ivory in the 21st century because the economic boom allowed more middle-class Chinese to have a higher purchasing power, which incentivized them to show off their newfound wealth by using ivory, which has been a rare commodity since the Han dynasty.

In China, there are problems with wildlife conservation, specifically relating to tigers. Several authors collaborated on the piece "Public attitude toward tiger farming and tiger conservation in Beijing, China", and explored the option of whether it would be a better policy to raise tigers on a farm or put them in a wildlife conservation habitat to preserve the species. Conducting a survey on 1,058 residents of Beijing, China, with 381 being university students and the other 677 being regular citizens, they tried to gauge public opinion about tigers and conservation efforts for them. They were asked questions regarding the value of tigers in relations to ecology, science, education, aestheticism, and culture. However, one reason emerged as to why tigers are still highly demanded in illegal trading: culturally, they are still status symbols of wealth for the upper class, and they are still thought to have mysterious medicinal and healthcare effects.

Effects

Memorial to rhinos killed by poachers near St Lucia Estuary, South Africa

Further information: Species affected by poaching

The detrimental effects of poaching can include:

• Defaunation of forests: predators, herbivores and fruit-eating vertebrates cannot recover as fast as they are removed from a forest; as their populations decline, the pattern of seed predation and dispersal is altered; tree species with large seeds progressively dominate a forest, while small-seeded plant species become locally extinct.
• Reduction of animal populations in the wild and possible extinction.
• The effective size of protected areas is reduced as poachers use the edges of these areas as open-access resources.
• Wildlife tourism destinations face a negative publicity; those holding a permit for wildlife-based land uses, tourism-based tour and lodging operators lose income; employment opportunities are reduced.
• Emergence of zoonotic diseases caused by transmission of highly variable retrovirus chains:
  • Outbreaks of the Ebola virus in the Congo Basin and in Gabon in the 1990s have been associated with the butchering of apes and consumption of their meat.
  • The outbreak of SARS in Hong Kong is attributed to contact with and consumption of meat from masked palm civets, raccoon dogs, Chinese ferret-badgers and other small carnivores that are available in southern Chinese wildlife markets.
  • Bushmeat hunters in Central Africa infected with the human T-lymphotropic virus were closely exposed to wild primates.
  • Results of research on wild central chimpanzees in Cameroon indicate that they are naturally infected with the simian foamy virus and constitute a reservoir of HIV-1, a precursor of the acquired immunodeficiency syndrome in humans.

Products

A seashell vendor in Tanzania sells seashells to tourists, seashells which have been taken from the sea alive, killing the animal inside.

The body parts of many animals, such as tigers and rhinoceroses, are traditionally believed in some cultures to have certain positive effects on the human body, including increasing virility and curing cancer. These parts are sold in areas where these beliefs are practiced – mostly Asian countries particularly Vietnam and China – on the black market. Such alternative medicial beliefs are pseudoscientific and are not supported by evidence-based medicine.

A vendor selling illegal items at a Chinese market for use in traditional Chinese medicine. Some of the pieces pictured include parts of animals such as a tiger's paw.

Traditional Chinese medicine often incorporates ingredients from all parts of plants, the leaf, stem, flower, root, and also ingredients from animals and minerals. The use of parts of endangered species (such as seahorses, rhinoceros horns, binturong, pangolin scales and tiger bones and claws) has created controversy and resulted in a black market of poachers. Deep-seated cultural beliefs in the potency of tiger parts are so prevalent across China and other east Asian countries that laws protecting even critically endangered species such as the Sumatran tiger fail to stop the display and sale of these items in open markets, according to a 2008 report from TRAFFIC. Popular "medicinal" tiger parts from poached animals include tiger genitals, believed to improve virility, and tiger eyes.

Rhino populations face extinction because of demand in Asia (for traditional medicine and as a luxury item) and in the Middle East (where horns are used for decoration). A sharp surge in demand for rhino horn in Vietnam was attributed to rumors that the horn cured cancer, though this has no basis in science. In 2012, one kilogram of crushed rhino horn has sold for as much as $60,000, more expensive than a kilogram of gold. Vietnam is the only nation which mass-produces bowls made for grinding rhino horn.

Ivory, which is a natural material of several animals, plays a large part in the trade of illegal animal materials and poaching. Ivory is a material used in creating art objects and jewelry where the ivory is carved with designs. China is a consumer of the ivory trade and accounts for a significant amount of ivory sales. In 2012, The New York Times reported on a large upsurge in ivory poaching, with about 70% of all illegal ivory flowing to China.

Fur is also a natural material which is sought after by poachers. A Gamsbart, literally chamois beard, a tuft of hair traditionally worn as a decoration on trachten-hats in the alpine regions of Austria and Bavaria formerly was worn as a hunting (and poaching) trophy. In the past, it was made exclusively from hair from the chamois' lower neck.

Anti-poaching efforts

There are different anti-poaching efforts around the world.

Africa

TRAFFIC brings to light many of the poaching areas and trafficking routes and helps to clamp down on the smuggling routes the poachers use to get the ivory to areas of high demand, predominantly Asia.

As many as 35,000 African elephants are slaughtered yearly to feed the demand for their ivory tusks. This ivory then goes on to be used in jewelry, musical instruments, and other trinkets.

Members of the Rhino Rescue Project have implemented a technique to combat rhino poaching in South Africa by injecting a mixture of indelible dye and a parasiticide into the animals' horns, which enables tracking of the horns and deters consumption of the horn by purchasers. Since rhino horn is made of keratin, advocates say the procedure is painless for the animal.

Another strategy being used to counter rhino poachers in Africa is called RhODIS, which is a database that compiles rhino DNA from confiscated horns and other goods that were being illegally traded, as well as DNA recovered from poaching sites. RhODIS cross-references the DNA as it searches for matches; if a match is found, it is used to track down the poachers.

Africa's Wildlife Trust seeks to protect African elephant populations from poaching activities in Tanzania. Hunting for ivory was banned in 1989, but poaching of elephants continues in many parts of Africa stricken by economic decline. The International Anti-Poaching Foundation has a structured military-like approach to conservation, employing tactics and technology generally reserved for the battlefield. Founder Damien Mander is an advocate of the use of military equipment and tactics, including Unmanned Aerial Vehicles, for military-style anti-poaching operations. Such military-style approaches have been criticised for failing to resolve the underlying reasons for poaching, but to neither tackle "the role of global trading networks" nor the continued demand for animal products. Instead, they "result in coercive, unjust and counterproductive approaches to wildlife conservation".

Chengeta Wildlife is an organization that works to equip and train wildlife protection teams and lobbies African governments to adopt anti-poaching campaigns. Jim Nyamu's elephant walks are part of attempts in Kenya to reduce ivory poaching.

In 2013, the Tanzanian Minister of Natural Resources and Tourism urged that poachers be shot on sight in an effort to stop the mass killing of elephants. Since December 2016, anti-poaching police units in Namibia are permitted to return fire on poachers if fired upon. The government of Botswana adopted a shoot-to-kill policy against poachers in 2013 as a "legitimate conservation strategy" and "a necessary evil", which has reduced poaching to the point it is thought to be "virtually non-existent" in the country, and that neighbouring countries like South Africa should also adopt similar measures in order to save wildlife from extinction. In May 2018, the Kenyan government announced that poachers will face the death penalty, as fines and life imprisonment have "not been deterrence enough to curb poaching, hence the proposed stiffer sentence". Human rights organizations oppose the move, but wildlife advocates support it. Save the Rhino, a UK-based wildlife advocacy organization notes that in Kenya, 23 rhinos and 156 elephants were killed by poachers between 2016 and 2017. As of March 2019, the measure is being put on the fast track to implementation by Kenyan lawmakers.

Asia

Large quantities of ivory are sometimes destroyed as a statement against poaching, a.k.a. "ivory crush". In 2013 the Philippines were the first country to destroy their national seized ivory stock. In 2014, China followed suit and crushed six tons of ivory as a symbolic statement against poaching.

There are two main solutions according to Frederick Chen that would attack the supply side of this poaching problem to reduce its effects: enforcing and enacting more policies and laws for conservation and by encouraging local communities to protect the wildlife around them by giving them more land rights.

Nonetheless, Frederick Chen wrote about two types of effects stemming from demand-side economics: the bandwagon and snob effect. The former deals with people desiring a product due to many other people buying it, while the latter is similar but with one distinct difference: people will clamour to buy something if it denotes wealth that only a few elites could possibly afford. Therefore, the snob effect would offset some of the gains made by anti-poaching laws, regulations, or practices: if a portion of the supply is cut off, the rarity and price of the object would increase, and only a select few would have the desire and purchasing power for it. While approaches to dilute mitigate poaching from a supply-side may not be the best option as people can become more willing to purchase rarer items, especially in countries gaining more wealth and therefore higher demand for illicit goods—Frederick Chen still advocates that we should also focus on exploring ways to reduce the demand for these goods to better stop the problem of poaching. Indeed, there is some evidence that interventions to reduce consumer demand may be more effective for combatting poaching than continually increased policing to catch poachers. However, almost no groups deploying interventions that attempt to reduce consumer demand evaluate the impact of their actions.

Another solution to alleviate poaching proposed in Tigers of the World was about how to implement a multi-lateral strategy that targets different parties to conserve wild tiger populations in general. This multi-lateral approach include working with different agencies to fight and prevent poaching since organized crime syndicates benefit from tiger poaching and trafficking; therefore, there is a need to raise social awareness and implement more protection and investigative techniques. For example, conservation groups raised more awareness amongst park rangers and the local communities to understand the impact of tiger poaching—they achieved this through targeted advertising that would impact the main audience. Targeting advertising using more violent imagery to show the disparity between tigers in nature and as a commodity made a great impact on the general population to combat poaching and indifference towards this problem. The use of spokespeople such as Jackie Chan and other famous Asian actors and models who advocated against poaching also helped the conservation movement for tigers too.

In July 2019, rhino horns encased in plaster were seized in Vietnam that were being trafficked from the United Arab Emirates. Despite the ban on trade since the 1970s, poaching level of rhino horns has risen over the last decade, leading the rhino population into crisis.

Poaching has many causes in both Africa and China. The issue of poaching is not a simple one to solve as traditional methods to counter poaching have not taken into the account the poverty levels that drive some poachers and the lucrative profits made by organized crime syndicates who deal in illegal wildlife trafficking. Conservationists hope the new emerging multi-lateral approach, which would include the public, conservation groups, and the police, will be successful for the future of these animals.

United States

Some game wardens have made use of robotic decoy animals placed in high visibility areas to draw out poachers for arrest after the decoys are shot. Decoys with robotics to mimic natural movements are also in use by law enforcement. The Marine Monitor radar system watches sensitive marine areas for illicit vessel movement.

Cartesian doubt

From Wikipedia, the free encyclopedia

https://en.wikipedia.org/wiki/Cartesian_doubt

Cartesian doubt is a form of methodological skepticism associated with the writings and methodology of René Descartes (March 31, 1596–Feb 11, 1650). Cartesian doubt is also known as Cartesian skepticism, methodic doubt, methodological skepticism, universal doubt, systematic doubt, or hyperbolic doubt.

Cartesian doubt is a systematic process of being skeptical about (or doubting) the truth of one's beliefs, which has become a characteristic method in philosophy. Additionally, Descartes' method has been seen by many as the root of the modern scientific method. This method of doubt was largely popularized in Western philosophy by René Descartes, who sought to doubt the truth of all beliefs in order to determine which he could be certain were true. It is the basis for Descartes' statement, "Cogito ergo sum" (I think, therefore I am). A fuller version of his phrase: "dubito ergo cogito, cogito ergo sum" translates to "I doubt therefore I think, I think therefore I exist." Sum translated as "I exist" (per various Latin to English dictionaries) presents a much larger and clearer meaning to the phrase.

Methodological skepticism is distinguished from philosophical skepticism in that methodological skepticism is an approach that subjects all knowledge claims to scrutiny with the goal of sorting out true from false claims, whereas philosophical skepticism is an approach that questions the possibility of certain knowledge.

Characteristics

Cartesian doubt is methodological. It uses doubt as a route to certain knowledge by identifying what can't be doubted. The fallibility of sense data in particular is a subject of Cartesian doubt.

There are several interpretations as to the objective of Descartes' skepticism. Prominent among these is a foundationalist account, which claims that Descartes' skepticism aims to eliminate all belief that it is possible to doubt, thus leaving only basic beliefs (also known as foundational beliefs). From these indubitable basic beliefs, Descartes then attempts to derive further knowledge. It's an archetypal and significant example that epitomizes the Continental Rational schools of philosophy.

Mario Bunge argues that methodological skepticism presupposes that scientific theories and methods satisfy certain philosophical requirements: Idealism, materialism, realism, rationalism, empiricism, and systemism, that the data and hypotheses of science constitute a system.

Technique

Descartes' method of hyperbolic doubt included:

• Accepting only information you know is true
• Breaking down these truths into smaller units
• Solving the simple problems first
• Making complete lists of further problems

Hyperbolic doubt means having the tendency to doubt, since it is an extreme or exaggerated form of doubt. Knowledge in the Cartesian sense means to know something beyond not merely all reasonable doubt, but all possible doubt. In his Meditations on First Philosophy (1641), Descartes resolved to systematically doubt that any of his beliefs were true, in order to build, from the ground up, a belief system consisting of only certainly true beliefs; his end goal—or at least a major one—was to find an undoubtable basis for the sciences. Consider Descartes' opening lines of the Meditations:

Several years have now elapsed since I first became aware that I had accepted, even from my youth, many false opinions for true, and that consequently what I afterward based on such principles was highly doubtful; and from that time I was convinced of the necessity of undertaking once in my life to rid myself of all the opinions I had adopted, and of commencing anew the work of building from the foundation...—Descartes, Meditation I, 1641

Descartes' method

René Descartes, the originator of Cartesian doubt, put all beliefs, ideas, thoughts, and matter in doubt. He showed that his grounds, or reasoning, for any knowledge could just as well be false. Sensory experience, the primary mode of knowledge, is often erroneous and therefore must be doubted. For instance, what one is seeing may very well be a hallucination. There is nothing that proves it cannot be. In short, if there is any way a belief can be disproved, then its grounds are insufficient. From this, Descartes proposed two arguments, the dream and the demon.

The dream argument

See also: Dream argument

Descartes, knowing that the context of our dreams, while possibly unbelievable, are often lifelike, hypothesized that humans can only believe that they are awake. There are no sufficient grounds to distinguish a dream experience from a waking experience. For instance, Subject A sits at the computer, typing this article. Just as much evidence exists to indicate that the act of composing this article is reality as there is evidence to demonstrate the opposite. Descartes conceded that we live in a world that can create such ideas as dreams. However, by the end of The Meditations, he concludes that we can distinguish dream from reality at least in retrospect:

"But when I distinctly see where things come from and where and when they come to me, and when I can connect my perceptions of them with the whole of the rest of my life without a break, then I am quite certain that when I encounter these things I am not asleep but awake."—Descartes: Selected Philosophical Writings

The Evil Demon

Main article: Evil demon

Descartes reasoned that our very own experience may very well be controlled by an evil demon of sorts. This demon is as clever and deceitful as he is powerful. He could have created a superficial world that we may think we live in. As a result of this doubt, sometimes termed the Malicious Demon Hypothesis, Descartes found that he was unable to trust even the simplest of his perceptions.

In Meditation I, Descartes stated that if one were mad, even briefly, the insanity might have driven man into believing that what we thought was true could be merely our minds deceiving us. He also stated that there could be 'some malicious, powerful, cunning demon' that had deceived us, preventing us from judging correctly.

Descartes argued that all his senses were lying, and since your senses can easily fool you, his idea of an infinitely powerful being must be true—since that idea could have only been put there by an infinitely powerful being who would have no reason for deceit.

I think, therefore I am

While methodic doubt has a nature, one need not hold that knowledge is impossible to apply the method of doubt. Indeed, Descartes' attempt to apply the method of doubt to the existence of himself spawned the proof of his famous saying, "Cogito, ergo sum" (I think, therefore I am). That is, Descartes tried to doubt his own existence, but found that even his doubting showed that he existed, since he could not doubt if he did not exist.