Cybterrorism: threats, methods, and countermeasures

Cyber Terrorism

The Internet that we know today and use in our everyday lives was founded in the early 1970s. But all through the Cold War, the apprehension of data theft led to the Internet becoming a decentralized system. But it was not until the late 1980s when the Internet, after years and years of research was made available to public. This was a big change because now anyone in the public could gain access of huge amount of data from anywhere in the world. The following list tells us how Internet can be used to spread evil, and assist terrorist organizations to apply more danger and fear to the world. According to Weimann (2004), the Internet has:

- easily approachable

- no single controller or regulator to control or censor information

- the makings for widespread spectators all round the globe

- the power for the user to remain anonymous

- quick access to information

- little installation and usage costs

the ability to combine multimedia (such as graphics, texts, video and audio) and gain access to multiple types of data (such as applications, books, movies and posters, etc.)

- affected the way we communicate and transfer information over mass media.

There is nothing different between the physical form of terrorism and cyber terrorism except that computer are used to carry out assaults. Hacking into FBI or CIA central to intimidate the American public could be perceived as cyber terrorism. Another instance could be gaining access to patients' medical records and alter them in a way that could be detrimental to the patient's health. According to a research in 2003, the forecasted e-commerce expected through the Internet was such that without it, the world economy would have suffered a loss of 6.5 billion in transactions (Coleman, 2003, p.2).

When we attempt to classify cyber terrorism, it can be done through two means, either internet-based or effects-based. Whenever the attack is done with the objective to harm and cause serious economic destruction, it is known as internet-based attack. On the other hand whenever the attacker is intends to produce fear, as it is done in an orthodox terrorist attack, it is said to be an effect-based attack. In line with the Army (P. II-1 and II-3, 2005), low levels of (1) secrecy, (2) integrity, (3) availability, along with (4) physical destruction are the four main aims of a cyber attack.

The growth rate of the usage of technologies like Internet as well as other telecommunication tools by the terrorists is increasing day by day. The reason behind this increase could be the substantial physical border security, which leaves no other option for the extremists to attack the United States, except using internet and other similar weapons. In doing so, the terrorists group is emphasizing on formulating bonds with criminal organizations along with heightening their IT skills, so that a cyber attack can be executed perfectly. The credit card frauds and collection of money are the two major tools which are used by the terrorist groups to generate funds which could be invested in the execution of a cyber attack (Pladna, 2007).

The alliance between the terrorists and cybercriminals might be increasing rapidly. This is true particularly in the areas of South Asia and Middle East, so that the smuggling of arms and drugs, and the global movement of money can be performed without any hurdle (Rollins & Wilson, 2005). The ultimate goal of the terrorists of these partnerships with cybercriminals could be the continuous improvement of their IT skills; moreover, the cooperative drug trading could also enable them access to extremely competent computer programmers (Pladna, 2007).

The presence of the terrorists and their allies along with their huge information technology workforce was also witnessed at the time of subway and bus bombings in England, in July 2005 (Pladna, 2007).

There may however be difficult and confusing situations whereby it is actually complicated to distinguish between a normal hacker who is a cyber criminal or an actual attack which may be a cyber terrorist. The major issue with the terrorist attacks is that they search for loop holes in order to plot for attacks in future. Whereas the cyber terrorists' main motive is to search for instances where they can earn money and gain something out of the situation. The FBI has been successful in recognizing cyber crimes and reported that the internet criminal activities are basically targeted towards compromising the email accounts or defacing and logging onto different websites (Pladna, 2007).

The overload of information has however caused these network attacks to come up as one of the major problems. It was stated by Lourdeau (2004) that the FBI suggested that in the near future, trends will be seen whereby the terrorists will implement their activities through other hackers for the sole reason of complimenting the entire process of conventional internet crimes and attacks. According to the discovery of Muller (2007), in recent times, the Yearly Assessment of the threats reflect that that the terrorists have started making increasing usage of the internet as a medium of communication. Furthermore, their source of plotting out attacks, proselytize and hire as well as fully train the hackers so as to be a source of help in financial terms as well as in logistics in the entire criminal process. This is turning out to be a major source of concern for the FBI and needs to be monitored strictly.

According to IBM, in the year 2005, the statistics of threats to computer securities had almost doubled and had become a major concern for the government and its related agencies because this was becoming quite dangerous. Due to these increases, it has become quite an issue in order to clearly draw a line between a cyber criminal activity and an actual attack inflicted by a terrorist. Thus the United States along with other countries is working on devising laws to put a stop to such activities. However, by the current results it may be suggested that there might be growing trends in these attacks since they are gradually pacing up and are spreading out. This may prove to be too large for the government agencies to cater to if these statistics keep up and nothing is done about them (IBM, 2005).

Definitions

The word "terrorism" has no particular definition generally accepted all around the world up till now. Similarly, the word "Cyber terrorism" has no particular explanation generally accepted worldwide. Owing to the complications determining with confidence the intent, identity, or the political enthusiasms of the enemy, it is challenging to label a computer intrusion as "Cyber terrorism" (Rodriguez, 2006).

Cyber terrorism has been defined to be based on the impact of an intrusion, by few security specialists. Though it is not commenced with any political intention by criminals, built-in activities, where computers are embattled result to be disruptive and devastative enough to cause panic as compared to a usual act of terrorism (Rodriguez, 2006).

Cyber terrorism are defined, in this "effects" view, as computer attacks that are inadequate in extent yet, but may cause death, airplane crashes, injury, contamination of water, wide power outages or loss of confidence in some parts of the economy. Cyber terrorism can obtain the shape of a physical intrusion that demolish mechanical nodes used for vital communications, as stated by some on-lookers, which includes telecommunications, internet as well as the electric power grids, devoid of touching keyboards. Also a few federal spokespersons have declared the cyber security engraves transversely all features of critical communications protection. Furthermore, cyber operation cannot be divided from the physical features of businesses due to their inter-reliant function (Rodriguez, 2006).

At the end "Cyber terrorism" can be classified, by the above theory of effects and intents, as the usage of computer as targets, or weapons, by politically enthusiastic sub-national sets, international, or concealed agents who cause violence and destruction. Their intention to manipulate the viewers, or make government a reason to modify its strategies. This description, covering a number of ideas about cyber terrorism incorporates all three techniques for computer attacks; named as follows (Rodriguez, 2006):

1- Physical Attack

2- Electronic Attack (EA)

3- Computer Network Attack (CNA)

Methods employed in a Cyber Attack

The computer attacks when defined, take into account any activity headed against computer systems that disturbs the tasks carried out by them, alters their processing control, or harms the data stored in them. The attack methods, based on their type, vary in targeting weaknesses and have various armaments. A number of these techniques may be falling under the present capacity of a few terrorist organizations. Three different techniques of assault are named, depending upon the effects of the arms utilized. Nevertheless, the growth of technology may start to diminish the differences among them (Rollins and Wilson, 2007).

The methods are as follows:

A physical attack is the one having the use of orthodox weapons against a computer station or its communication lines.

An electronic attack (EA) comprises the exploiting the electromagnetic force as a weapon, generally signified as an electromagnetic pulse (EMP). On the one hand, it overwhelms the computer circuitry; and on the other, in a less damaging way, exposes a string of harmful digital code to an enemy's radio wave transmission region (Rollins and Wilson, 2007).

A computer network attack (CNA) consists of a malicious code utilized as a weapon, effecting enemy computers and taking advantage of vulnerability in software, in system configuration, or in computer security norms of either an entire organization or just an individual using a computer. Nonetheless, it may also fall in the category of an identity thief utilizing data to get access inside computers that are forbidden for open use. While EA and CNA attacks are less probable to occur as compared to physical attacks, they can be more devastating as they involve manipulating technologies that may create unexpected results or grant a surprising edge to an opponent (Rollins and Wilson, 2007).

Distinctiveness of a Physical Attack

A physical attack disturbs the trustworthiness of computer tools and data access. Physical attack is applied either through the use of orthodox weapons, exposure of heat, detonation, disintegration, or by directly influencing the wiring or tools, typically after obtaining illegal physical access (Pladna, 2007).

In 1991, while the Operation Desert storm was being carried out, the U.S. military allegedly interrupted Iraqi communications and computer facilities by launching cruise missiles to disintegrate carbon threads that were used to short circuit the power supply lines. Moreover, the Al Qaeda assaults launched against the Twin towers in New York along with the Pentagon on 9/11/2001 demolished numerous vital computer records and interrupted civilian as well as military, financial and communication services that were associated all across the world (Pladna, 2007).

The loss of communications and vital data for a small amount of time enhanced the effects of physical attack as financial markets were disabled for nearly one week (Pladna, 2007).

Distinctiveness of Electronic Attack (EA)

Electronic attack, referred more commonly as an Electromagnetic Pulse (EMP), compromises the trustworthiness of electronic tools by generating momentarily, a high energy pulse that overwhelms the circuit boards, transistors, and other electronic devices involved. EMP effects can infiltrate inside a computer security, remove electronic memory, disturb software, or damage electronic equipment beyond repair. Some are of the view that private sector has not focused that much on to protect computer systems against EMP. Therefore, its effects and commercially used electronic equipment can be gravely damaged by minimal range, small-scale, or transportable EMP devices (Rollins and Wilson, 2007).

Distinctiveness of Cyber attacks

Cyber-attack or CNA can compromise the integrity or reliability of data, frequently by means of malicious code that changes the logic of program controlling the data, in such a manner, that leads to output errors. Computer hackers whenever get the opportunity scan the Internet in search of those computer systems that are wrongly configured or have minimum security or protection software. Once infiltrated by the malicious code, a hacker is enabled to remotely control a computer through the Internet, forward commands as the contents of the computer are under his watch or he can infiltrate and interrupt other computers as well (Pladna, 2007).

Cyber attacks can make use of the dangerous code and can only be used in computers which already contain some software problems, viruses or faults in system design. Due to the innovation and technology development, CNA is not being used and has replaced itself with EA which provides many similar functions like CNA. For instance, at places where power is run, the communication between microwave radio towers can be controlled and specifically designed viruses or different codes can be placed in to the digital network (Pladna, 2007).

Efforts being made to minimize the threat of cyber terrorism

The phenomenon of the dark web

Before the incident of September 11, 2001 there were a large number of people using Internet all over the world who did not know each other. At that time there was around 70 to 80 terrorists' sites but after the incident, terrorism increased and 7000-8000 came into existence. The use of Internet is the easiest method of influencing people and increasing terrorism and these websites are trying to reach people and persuading them to become a part of it by providing them suggestions and wrong information about militants (Pladna, 2007).

The Dark Web had been a database created by Hsinchun Chen which contained the names of people involved in terrorist activities in a number of languages. The database allows almost five hundred thousand postings and 20000 people can host at a time. In 1997 Hsinchun Chen developed a website where people could distinguish between websites providing offensive and violent information. He created a Coplink with the assistance of not only Tucson, but also Arizona Department of Police along with National Science Foundation which helped the officials responsible in law implementation to combine data and relate files. The duty of Coplink was to seize Washington DC's Beltway Snipers in the end of year, 2002. After the achievement of this system, the NSF asked Chen to develop another database which could help them battle terrorist activities. Even though the Dark Web had certain disadvantages it was successful and Chen believes the database could have also been helpful in identifying the connection between Al Qaeda and Saddam Hussein and its reality or fiction if it was present at the time of Iraq war. (Kotler, 2007)

Many people believe that Dark Web is not a useful system for tracking terrorism and developing liberty and autonomy. Rotenburg, who is heading the Electronic Privacy Data Centre, asserts that this system could help in bringing up political rivals. Similarly German, who gives directions about strategies for ACLU's security, immigration as well as privacy, says that Dark Web is a misuse of the vital resources and even if people are saying they are campaigning on violence, it is not necessary they are really following it (Kotler, 2007)

According to Kotler (2007), Dark Web is not a useful system and it is not catching the people who should be caught. He says this from his experience on working with secret agents and the training guidebook on terrorists also proposes that the propagandists and bomb creator is different people who should not be mixed up and politics cannot be related to action. However, Chen argues that is the responsibility of NSA to track messages and phone calls of such people and locate the propagandists of jihad movement. Dark Web has been able to find out such guidebooks that provide instructions on creating explosives and how they can be downloaded which has helped the military and civilians to protect themselves and take certain measures against it. Even with all the criticism, Dark Web has been beneficial and has provided answers to many questions.

North Atlantic Treaty Organization

North Atlantic Treaty Organization, in other words NATO, is U.S.-European-based defence force. In 2005, they have started a contract with a firm that provided ICT solution called Telindus. Network coverage of NATO includes 26 members and other operational infrastructures like Balkans and Afghanistan. For communication, computers, telephones and other video conferencing are used. This network also includes coverage of non-military operations like protection of sensitive national infrastructure and disaster relief mechanism and operation (Grant, 2007).

There are around 70 systems on NATO's network and in near future it will be expended to more countries and sites, and also network will require more upgrades. However, the main focus will always be detection, prevention, recovery and reaction. Grant (2007) also stated that, for completing the project on time as well as keeping it within the budget, many cross-domain skills are required.

There have been many attacks on this network by hackers, since it went live. Soon after, 11th September, 2001 attacks and DOS attack in May 2007 on Estonia, the main focus of NATO was towards cyber defences because of the fact that they were as vulnerable as other organisations working on web. One of the biggest components of Telindus is IDS, intrusion detection system. This system identifies the attacks location of origin and also helps in identifying what will be the attackers' response towards the restorative or defensive action (Grant, 2007).

Pseudo Attacks by Hackers

Hackers can privately administer power and manage things as seen in a video meant for Homeland Security. The video shows how power is closed down when an industrial turbine breaks down after whirling uncontrollably. The video displays power shutting down, as a very important part of the U.S. electrical grid has been invaded by a hacker (Press, 2007).

Amit Yoran, previous U.S. Cyber Security Head during Bush government and chief executive of NetWitness Corp, which produce sharp network administrating software, said, as noted by Press (2007) that the hackers using cyber ways and methods have displayed an attack that we read and talk about. They displayed it in a very expressive way, visualizing a fire being spread on something has a very different effect then reading about it. They have also shown the effect that using such means can have on this framework (Press, 2007).

A sensitivity called supervisory control and data acquisition system was detected in the U.S. utility companies. The utility companies requested utilities to take care, the attack did not take place and the defect was fixed. In the past the uppermost telecommunications consultants of President Bush did say that with extreme measures of invisibility such attack can take place. Homeland Security Department member Robert Jamison assured that the company is trying to lessen such invasions (Press, 2007).

Seeking assist from various industries, pointedly from nuclear and electrical the Homeland Security is trying to strengthen the security as it seems security was not the major concern behind the design of the damaged systems. Joe Weiss, who is a security expert, also affirmed regarding these attacks in front of the Congress asserts that extremely outdated technology is used and anyone who has the ability to understand these systems and get admittance to use them can make them work however they want. The Federal Regulatory Commission put forward a plan in July which aims to fill gaps in the cyber security of the country's power infrastructure even as the electrical company is revamping their internal security. The nuclear sector is said to have good security already (Press, 2007).

Efforts made by the American Government

Efforts made by the Congress

The main idea one gathers from the CRS report is that there is a deficient in national vision on the issue of cyber terrorism. While some branches of the U.S. government plan measures to combat cyber terrorism; critics however raise concerns of inadequacy. All this means that a cyber attack by terrorists is a possibility and even though there are problems significant progress has been made to ensure safeguards.

Efforts made by the Department of Homeland Security (DHS)

It appears that terrorists are becoming more and more adept at cyber warfare while DHS has lagged behind in this area. This has caused some concern inside the DHS. Some people point out that it becomes difficult to respond when the location, intentions and factions of a cyber war are hard to figure out. DHS was part of an exercise to test the response of the U.S. government, the private sector and international allies to a large cyber attack, conducted in February 2006 labelled as Cyber Storm.