Cyberterrorism basically means the act of carrying out terrorism using cyberspace, or in other words, the Internet. It is the hacking or attacking of networks and computers to obtain or modify information for political and/or social objectives or rather, a way to quickly and easily distribute propaganda and get a lot of attention drawn to it. An important criterion in classifying an act as cyberterrorism is that it spawns fear amongst the masses and it should cause at least some damage to people or property. Acts which cause damage to non-critical structures or are just a nuisance are not acts of cyberterrorism.

Cyber space is constantly being attacked or abused. There are many criminals out there out to achieve their ulterior motives (most of them, criminal in nature). Since computers are so powerful nowadays, many very powerful and complex software programs exist to facilitate these criminal acts. In addition to that, these programs are very user-friendly are easy to use. So much so that even people who are new to computers can use these software to carry out abuse.

Back to Jump

Effects of Cyberterrorism

Cyberterrorism causes a lot of financial damage. They usually affect huge numbers of people. Cyberterrorism is a very serious crime as it can cause problems to many people at any one time. It has crippling effects on the economy. By crippling a country’s economy, a cyber terrorist can also potentially weaken the country for a military attack to be successful. Attacks on e-commerce websites such as Yahoo! And eBay caused over a US$1 billion in losses as these sites work on the basic, clichéd principle, “Time is Money”. Every second these sites are down, they are potentially losing thousands of customers. Imagine if each customer spent US$100 in purchases each. They would be losing millions of dollars per second!

Back to Jump

Examples of attacks

1996 - White Supremacist movement

An alleged White Supremacist movement computer hacker brought down Massachusetts Internet Service Provider (ISP) and destroyed a significant fraction of its record keeping system when the ISP had tried to stop him from using it to disseminate racist messages globally using its name. He left a message: “ You have yet to see true electronic terrorism. This is a promise.”

1998 - Spanish protestors & Internet Black Tigers

The Institute for Global Communications (IGC) was flooded with thousands of spam email from Spanish protestors. It brought down the ISP’s network causing a jam-up of all email on its network and all its users couldn’t receive email. These users kept calling the ISP’s support lines hogging these lines and creating problems for the ISP. The IGC staff and member accounts were also flooded and their Web pages were filled with fake credit card orders. The group of protestors also threatened to do the same to organizations which employ IGC’s services as they wanted IGC to stop hosting the website of the Euskal Herrial Journal, a publication based in New York which supported Basque independence. As a section on the site contained information on the terrorist group ETA, which was responsible for assassinating Spanish political and security officials and attacks on military installations, the protestors accused the IGC of supporting terrorism. In the end, IGC gave in and removed the site because it was flooded with too much email.

Sri Lankan embassies were flooded with 800 emails a day over a fortnight. The messages contained “We are the Internet Black Tigers and we're doing this to disrupt your communications.” It was called the first known attack by terrorists against a country’s computer systems by Intelligence authorities.

1999 - attack against NATO computers

NATO computers were flooded with email and hit with Denial of Service (DOS) attacks by hackers, who were activists (termed ‘hactivists’), protesting the NATO bombings during the Kosovo conflicts. Businesses, public organizations and academic institutions reportedly received highly politicized emails filled with viruses from a host of European countries. When the US accidentally bombed the Chinese embassy in Belgrade, Chinese hactivists put up messages on US government websites stating "We won't stop attacking until the war stops!"

Classifying these horrendous crimes as cyberterrorism is a subjective matter even though they were motivated by political and social reasons. As far as we know, no physical harm or injury has been inflicted on the victims even though they may have been intimidated. EDT and the Electrohippies think that these acts are more similar to protests and strikes rather than acts of terror and violence. Due to this very important yet subtle distinction, these people should be regarded as activists, NOT terrorists.

Back to Jump

Understanding the potential threat of cyberterrorism

Firstly, two factors have to be considered: availability of targets that are vulnerable to attack that can lead to violence or severe casualty and whether capable and motivated actors are available to carry the attacks out.

Vulnerabilities

Critical structures are vulnerable to cyber terrorist attacks, as shown by several studies. An exercise, named Eligible Receiver, was conducted by the US Department of Defense in 1997 and it was found that there were weaknesses in the power grid and emergency 911 systems which could be exploited easily by an enemy just by using tools that can be found on the Internet. Although none of these systems were attacked, it was concluded that the service on these systems could be easily disrupted. In the same year, a report was issued by the US President’s Commission on Critical Infrastructure Protection which warned that through the fact that critical infrastructures are interconnected and depended on one another, they could be vulnerable in new ways and is increasingly vulnerable while it is getting cheaper to launch an attack against them.

It is virtually impossible to eradicate all these vulnerabilities even though there are ways and methods to fix most weaknesses in computer systems. A particular technology might offer very tight security but it is often the case that it is used in ways, that make it easy to be attacked. Also, there is always the likelihood of an insider who is acting alone or in cahoots with terrorists by misusing their access capabilities. Gazprom, the Russian state-run gas monopoly was taken over by hackers with the help of an insider, according to the Interior Ministry Col. of Russia, Konstantin Machabeli. Although Gazprom refuted the report, as it the world's largest natural gas producer and the largest gas supplier to Western Europe, the report said that a Trojan horse was used to get access to the central switchboard which controlled gas flows in the pipelines.

Consultants and contractors are usually able to cause a lot of serious harm. Japan’s Metropolitan Police Department once reported that a software system they used to track 150 police vehicles which included unmarked cars was developed by the Aum Shinryko cult which gassed the Tokyo subway in 1995, causing 12 fatalities and 6000 casualties. By the time it was found out, the cult already had top secret tracking information on 115 vehicles and had developed software for more than 80 Japanese firms and 10 government agencies. They worked as subcontractors under other main contracting firms, making it virtually impossible for these organizations to keep track of who was developing the software. Being subcontractors, they had the ability to install Trojan horses to assist in the launch of terrorist attacks at a later date. Out of fear of the possibility of having a Trojan horse, an urgent cable was sent by the US State of Department to around 170 embassies requesting that they remove software, which, they found out too late, was written by citizens of the former Soviet Union.

Actors to carry out cyber terrorist acts

If a certain infrastructure has been confirmed as being vulnerable to attack, then we should ask should ask whether there are persons who are willing and able to carry out cyber terrorist attacks on that piece of infrastructure. Even though many hackers have the capability, knowledge and resources to cause widespread harm and bring down a network, they usually do not have enough motivation to do so.

Cyberspace is used by terrorists to assist traditional forms of terrorism such as suicide bombings. They use websites to propagate their messages and to recruit supporters. They organize attacks by communicating through the Internet. However, there are few signs that they are carrying out cyberterrorism be it alone or together with acts of physical violence. Clark Staten, the executive director of the Emergency Response & Research Institute in Chicago, testified in 1998 in front of the Senate Judiciary Committee Subcommittee on Technology, Terrorism, and Government Information that it was known that attempts were made by members of some extremist Islamic organizations to create a hacker network to support their computer activities and involve themselves in future information warfare attacks. In November of the same year, a member of the Indian militant separatist group, Harkat-ul-Ansar, was reported by the Detroit News as having tried to purchase military software stolen from the US Department of Defense by hackers which had forcefully entered its computers. Contract hackers were hired by the Provisional Irish Republican Army, or better known as the IRA, to hack into computers to obtain the home addresses of police and intelligence officers.

The data acquired was used to threaten the British government into meeting the terms for a new ceasefire. If those terms weren’t met, all those officers would’ve been killed by the IRA in a single night, as reportedly threatened. As shown, cyber terrorists can use data acquired though the Internet to support physical violence even if the data is not used by them to cause havoc in cyberspace.

A report entitled “ Cyber terror: Prospects and Implications” was issued in 1999 by the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California and its objective was to show how much demand there was for terrorism. More specifically, they analyzed how likely it is for terrorist organizations to depend on cyberterrorism. The conclusion was that the hurdle to anything beyond annoying hacks is just too high that most terror organizations either don’t have the motivation or the money to needed to carry out a successful or a fruitful operation through cyberterrorism. It is a thing of the future though it may be pursued as an ancillary tool now.

Back to Jump

 

The three levels of cyber terror capability

As defined by them, three levels of cyber terror capability exist:

Simple-Unstructured

This is basically the ‘script kiddy’ method where primitive hacks are launched against individual systems using tools created by other developers. The organization basically has very little control or command and is not able to carry out much target analysis.

Advanced-Structured

This is the capability to create more advanced attacks against multiple systems or networks and probably involves the modification or creation of basic hacking tools. It allows for more freedom and more control and more creativity in the type of attack carried out. The organization has a basic target analysis, command and control and learning capability.

Complex-Coordinated

This is the highest level and is the capability to cause widespread destruction against integrated, heterogeneous defenses through the pooling of resources. The organization has the ability to create sophisticated hacking tools and is highly capable of conducting target analysis, command and control, and learning capability.
A group which has just started from scratch is estimated to take around two to four years to reach the second stage and about six to ten years to reach the third and final level. However, some groups can reach there in the ultra short time span of a couple of years as they can turn to outsourcing or sponsorship to increase their capability.

Five terrorist group types were examined in the study, namely, religious, New Age, ethno-nationalist separatist, revolutionary, and far-right extremists. The final level was determined to be seeked only by religious groups as it is in line with their indiscriminate application of violence. New Age Groups tend to pose the most immediate threat but they tend to prefer disruption rather than destruction. The revolutionary and ethno-nationalist separatists are most likely to seek the second level. The far-right extremists on the other hand prefer level 1 as cyber terror does not appeal to them. It does not provide the effects that these groups are trying to achieve. It simply does not fit in into the very being of far-right extremists. It was also determined that hacker groups are not used to and comfortable with cyberterrorism and it’s against their interest to cause mass disruption of the information infrastructure.

Back to Jump

Conclusion

At this time, cyberterrorism does not pose much of a threat. However, this may change as cyberterrorism has its advantages over physical methods, especially for a terrorist. It can involve anonymity and can be carried out remotely. It also does not need to involve the loss of lives, especially of the one carrying out the mission. Media coverage is also almost certain to be widespread as the public and the media are obsessed with any forms of hacking, especially in this modern age. Cyberterrorism would definitely be appealing in the future due to its potential of garnering huge attention from the government and the media without the loss of lives.

Back to Jump

Reference

CYBERTERRORISM
http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html

Cyberterrorism, by Dorothy E. Denning
http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc

Cybercrime... Cyberterrorism... Cyberwarfare...
http://www.csis.org/pubs/cyberfor.html

The Truth about Cyberterrorism
http://www.cio.com/archive/031502/truth.html