Classification	Traditional Terrorrism Types	Bio/Chemical Terrorism	Cyber Terrorism	Nuclear Terrorism	Other Types of Terrorism

Cyberterrorism can be defined as the unlawful attack or threat of attack against computer networks and the information stored in them, with the intent to intimidate or coerce. (Verton, 2003).

One of the main targets of cyberterrorists are the computer networks that control systems that provide public services, such as electrical supply systems, airports, train networks, satellite networks, financial and emergency systems, etc. To accomplish this, they flood the system with e-mail messages to paralyze it. This form of attack is called email-bombing.

A good example of email-bombing happened in 1997, when supporters of the group ETA had a website for the Basque Country Journal hosted by an ISP called Institute for Global Communications. A group of people wanted to force IGC to put ETA’s website down, and to do this they sent thousands of emails to the ISP, paralyzing it, eventually IGC complied and put the site down. (Conway, 2002).

In some occasions, cyberterrorist attacks are accompanied by a simultaneous suicide bombing or a chemical attack, in order to draw more attention to the attack and to cause greater confusion and paralyze communications.

Another use that terrorists may have for the Internet is the interchange of encrypted email messages that contain crucial information about their target victims, addresses, photographs, itineraries, tactics, etc. They might also send intimidating messages to victims, recruit more followers and in general they manage to keep their information available to other terrorists through their own websites. It has been reported that the members of al-Qaeda, for example, prepare for an attack by interchanging encrypted packets of photographs and instructions. In Kabul, Afghanistan, U.S. soldiers found AutoCAD models of a dam, supposedly being used to plan the bombing and collapse of the structure.

Hackers might sometimes attack systems and networks in protest of something they disagree with, this is called Hacktivism, and has little to do with terrorism. These areas overlap when hackers are actually hired by terrorist groups to accomplish their goals. Otherwise, the hacktivist only wishes to make a point, not to cause fear or harm to anybody.

Cyberterrorists have several advantages over other kinds of terrorists: they are more anonymous, logging into accounts using different screen names, they are difficult to track and they can be located anywhere in the world, it’s cheap to do and the potential targets are numerous. They don’t need much training, they don’t need to commute and they run less risks.

The more complex a computer system, the easier it is to break into, although some experts think that the whole issue of cyberterrorism is an exaggeration (Verton, 2003)

In 1997 the National Security Agency (NSA) of the United States conducted an exercise to test the security of the U.S. national security systems. A team of 35 hackers, named the “Red Team” were told to act as if they had been hired by a foreign intelligence service and attempt to break into the national security systems. Their only tools could be programs they had developed themselves or that were easily available on the Internet. The hackers entered the network and began to find passwords by trial-and-error or by asking for them to unwary officials. Soon they were in control of the system, with the power of shutting it down, if they wanted. This exercise was named “Elegible Receiver”. (Verton, 2003)

While most high-profile terrorist attacks involve the use of mass destruction weapons, 1998, A hacker broke into the Arizona’s Roosevelt Dam system and for an hour, he remotely took control of the floodgates, he didn’t do anything, when interrogated, he said he was just ‘exploring’. He was only twelve years old.

Incidents like this prove that breaking into systems and causing damage is relatively easy and terrorists might seize any opportunity to cause terror by controlling, paralyzing or destroying the strategically important infrastructures.

Nuclear weapon facilities and military systems are protected in the most basic, but at the same time, most effective way: they are not connected to the Internet at all, the systems are completely isolated, thus making them inaccessible. This is known as “air-gapping”.

Cyberdefense

Recently there have been renewed efforts to prevent cybercrime and to monitor any suspicious activity that could be related to terrorism, for example, a few years ago, the French and British governments required that Internet Service Providers signed self-censorship agreements and retained during at least a year, the logs of e-mail, electronic conversations and other similar data, in case they contained information that could be used as evidence of terrorist activity. Other European countries, like Sweden and Denmark, have followed suit allowing the police to quickly access the logs, immediately after an attack, without a court order and installing ‘sniffer’ software on ISPs to intercept email and messages, similar to the Carnivore program developed by the FBI in the United States.

The government of China has tried to control the growth of cybercafes by closing thousands of them, in an effort to apprehend dissidents and criminals that use the Internet to plan and inflict harm to large companies.

In general it is very important that every nation does a careful and complete revision of its laws concerning this issue and strengthens security measures related to the Internet, regardless of how technologically advanced the country is, to prevent terrorists from taking refuge where they will have more freedom to commit acts of cyberterrorism

The United States government is also wary of encryption, which allows people to exchange email messages over the Internet with complete confidentiality, but can also aid terrorists in keeping their plans secret. Republican Senator Judd Gregg has suggested the banning of encryption software if they don’t send the decoding key to the proper authorities beforehand.

Carnivore

Carnivore is a sophisticated surveillance software package developed by FBI experts as a continuation of an earlier project called “Omnivore” that began in the mid-nineties. After somewhat negative press coverage, the FBI decided to change its name to “DCS1000” or “Digital Collection System 1000” (Verton, 2003). It was one of the first surveillance programs to be used by law enforcement agencies to monitor suspicious Internet activity. It is capable or recording all messages sent and received by the people using an ISP.

Civil rights advocates protested strongly against the use of this program, claiming it violated people’s rights, and up until 9/11, Carnivore had never been used without the permission of a judge. However, on September 13th of 2001the Senate passed the
Combating Terrorism Act, which enabled FBI officials to use the program without a court order or the consent of a judge. However, according to Assistant FBI Director Donald Kerr, DCS1000 has the ability to select between Internet Communications that are suspicious, and those who aren’t, this according to the specific set of instructions that it is given and which must be in accordance to the criteria given in a court order. For example, the program would sift through numerous messages and select only those coming from a specific individual, or those that come from a specific individual and are related to a certain bank account.

The program itself is light enough to be installed on a laptop and works according to the same principle that other commercial “sniffer” and network diagnostic programs that are routinely run by ISPs and can work with most popular e-mail and related applications.

| Classification | Traditional Terrorism Types | Bio/Chemical Terrorism | CyberTerrorism | Nuclear Terrorism |
| Other Types Of Terrorism |