Cyber Terrorism

                                         Cyber Terrorism

---

The Internet was developed primarily as an unregulated, open architecture. Not only are we observing a predictable backlash to the ‘corporatization’ of the network, where the tools of destruction can easily be placed in the hands of the dissatisfied or malevolent people, we must also deal with the fact that the infrastructure is ideally suited to criminal activities. Some of these activities are being promoted as cyber-terrorism; however, the loose use of the term is actually undermining the defense capabilities of the very corporations and governments who are at risk.

 Cyber Terrorism: Meaning

'Cyber terrorism is the convergence of terrorism and cyber space. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.

 Further, to qualify as cyber terrorism, an attack should result in violence against persons or property or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism depending upon their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not.

To be more precise one has to think of cyber terrorism more differentiated and from different points of view. If cyber terrorism is treated similarly to conventional terrorism, then it would only include attacks that threaten property or lives, and can be defined as the leveraging of target‘s computers and information, particularly via the Internet, to cause physical harm or endanger the infrastructure.

Cyber-terrorism can also be understood as “the use of computer network tools to shut down critical national infrastructures (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population.” The premise of cyber terrorism is that as nations and critical infrastructure became more dependent on computer networks for their operation, new vulnerabilities are created – “a massive electronic Achilles' heel.” A hostile nation or group could exploit these vulnerabilities to penetrate a poorly secured computer network and disrupt or even shut down critical functions.  

At variance with this opinion there is also a definition of cyber terrorism as the use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks etc. or for exchanging information and organizing the terroristic activities. When actions as mentioned above are done for economic reasons instead of ideological, it is regarded as cybercrime.

 It is pertinent to note that while all cyber terrorism cases are cyber crimes, not all cyber crimes can be called acts of cyber terrorism ! Only those cyber crimes which are politically or ideologically motivated qualify to be called as acts of cyber terrorism In the year 2000, an engineer working in Maroochy Shire Waste Water Plant, Sunshire Coast City, Australia subverted the computers of the company which controlled its operations , to vent out his feelings of frustration with the company’s promotion policies. The result was release of millions of tons of sewage water into parks and seacoast of the city causing massive environmental damage. As the act was not ideologically or politically motivated, it was not, rightly so, called an act of cyber terrorism. It was a grave cyber crime, never the less! 

The main aim of cyber terrorists today is to cripple critical infrastructure of a country by cyber attacks to further the causes they espouse for as a terrorist group. In their wish lists are critical infrastructure like telecommunications, electric grids, transportation networks, banking & finance, water supply, fuel production & supply chains, military complexes, government operations .and emergency services. In order to wreck havoc with the critical infrastructure of a country, the cyber terrorists use a variety of sophisticated tools to perpetrate their attacks. 

Important Terms 

 Cyber warfare: The active use of computers and information technology, mainly on the internet, to indulge in acts of war, waged on governments or large organizations. This includes changing mediums, extracting relevant information, and altering a software-controlled event.

Cyber crime: The use of computers and information technology mainly on the internet for illegal purposes initiated by any individual.

Virus: A file designed to alter or change something, when uploaded on a computer, network, website, database, etc. Whether a virus is detected or not is essentially irrelevant, seeing as the damage is done, in most cases, once it is uploaded and installed.

Worm: A spike that is designed to extract information from a computer, network, website, database etc. Worms are designed to be undetectable, seeing as they are a spike implemented in an already operating program file, and therefore cannot be destroyed and extracted of the given medium without major damage.

Cyberterror: Different forms

Cyber terrorism can take the following forms:

1. Internet worms or viruses: these internet “viruses” or “worms” can be used to shut down programs, or even entire systems by hijacking email lists and address books. Worms or viruses may also be used to target communication devices like cellular phones or personal data assistants.

2. Phlooding: this new exploit targets businesses’ central authentication servers with the goal of overloading them and causing a denial−of−service attack. These simultaneous but geographically distributed attacks have targeted but are not restricted to wireless access points with login requests using multiple password combinations in what are known as dictionary attacks. The multiple requests create a flood of authentication requests to the company’s authentication server, which could slow down logins and potentially interfere with broader network operations, since many different users and applications often validate themselves against the same identity management system. Phlooding could effectively block broadband VPN or firewall connections making it temporarily impossible for employees to access their corporate network.
3. System Threats: threats to various systems, new and antiquated, that power our everyday operations. An example of a new threat would be one to the security of Voice-Over Internet Protocol (VoIP) processes, whose similarity to traditional data systems may become attractive to attackers, impacting the public’s ability to utilize them.
4. Spyware: Non detectable worms that deduce information. Dangerous seeing as these worms are mostly undetectable and the victim does not know that he/she/ it is being attacked.
5. Vandalism: Web vandalism is defined by website defacement or denial of service attacks, initiated by a virus. This is dangerous seeing as these defaced websites can give out false information that is crucial to a certain cause or plans and can result in total change of policy.
6. Propaganda: Gathering information to influence the opinion of large numbers of people, which is a powerful recruitment tool for terror organizations. Dangerous since this can motivate hackers and gifted people to indulge in cyber terrorism for a given cause.
7. Denial of Service: A virus that attempts to block and absorb the content of a certain resource to keep that resource from the intended user. This is dangerous seeing as this information might be crucial to an important, spontaneous decision that cannot be made without this source.
8. Network based attacks against civil or military infrastructure: As in conventional terrorism, critical infrastructure is an interesting target. However cyber terrorism also deals with the penetration of fuel, water or electricity outlets. A virus is created that puts the control of fuel, water, or electricity outlets under ones direct command. This is dangerous because this can result in economic breakdown when dealing with infrastructure that has to do with banks, or stocks, leakage of chemicals, and in connection with chemical storages etc. Non-Network based attacks against civil or military infrastructure: Equipment disruption can also occur from non-computerized attacks. An Electromagnetic Pulse (EMP) occurs after a nuclear device is detonated, and disables all electronic devices within range.
9. Altering virus: A virus that alters commands inflicted upon software via the computer. Most dangerous when used to interfere in military command.

Cyber terror: Some examples

·       Middle East Tension Sparks Cyber Attacks

With the Middle East Conflict at a very heated moment between bordering countries Pro-Palestinian and Pro-Israel Cyber Groups have been launching an offensive against websites and mail services used by the political sectors the opposing groups show support for. The attacks had been reported by the NIPC (National Infrastructure Protection Center) in October of 2000 to U.S. Officials. The attacks were a volley of email floods, DoS attacks, and ping flooding of such sites as the Israel Foreign Ministry, Israeli Defense Forces, and in reverse, sites that belonged to groups such as Hamas and Hezbollah.. 

·       Pakistan/India Conflict 

As tensions between the neighboring regions of India and Pakistan over Kashmir grew over time, Pro-Pakistan cyber-terrorists and recruited hackers began to target India’s Internet Community. Just prior to and after the September 11th attacks, it is believed that the sympathizers of Pakistan (which also included members of the Al Qaeda Organization) began their spread of propaganda and attacks against Indian Internet based communities. Groups such as G-Force and Doctor Nuker have defaced or disrupted service to several major entities in India such as the Zee TV Network, The India Institue of Science and the Bhabha Atomic Research Center which all have political ties. The Group, Pakistani Hackerz Club also went as far as to target the United  States Air Force Computing Environment and the Department of Energy’s Website.

·       Retaliation in China

In May 1999 the accidental bombing of a Chinese embassy in Yugoslavia by U.S. Bombers, led to a massive web site defacement and e-mail bombardment attack on American companies and agencies. Pro-Chinese hackers and political groups executed the attacks to gain sympathy for the Chinese cause. 

US Government sites such as the U.S. Departments of Energy and the Interior, and the National Park Service were all hit and had web sites defaced along with the White House web site. The site was downed for three days by continual e-mail bombing. Although the attack was rather random and brief and affected a small number of U.S. sites, the effects could have been worse.

·       Tamil Tiger Attempt

In 1998, with surges of violence committed in Sri Lankan over several years, attacks in cyber-space were the next area to target. The group known as the Tamil Tigers, a violent guerrilla organization, bombarded Sri Lankan embassies with over 800 e-mails a day. This was carried out over a two week period. The attacked the e-mail message conveyed the message, "We are the Internet Black Tigers and we're doing this to disrupt your communications." After the messages created such major disruption the local Intelligence authorities were dispatched to investigate. The authorities declared the attack as the first known attack on the Sri Lankan by the terrorists on any computer system in the nation.

Indian context

The question most often asked is how vulnerable are we to the threat of cyber terrorism. A country’s vulnerability to cyber threat is directly proportional to the dependency of its critical infrastructure on networks. In India, our critical infrastructure like power grids, telecommunication, banking etc is already highly network dependent and hence quite vulnerable. Many terrorist groups are in pursuit of capabilities of penetrating these networks . 

According to a report submitted by CRS (Congress Research Service ) to US Congress, “ the terrorists are exhibiting similar level of web knowledge as by US government agencies. ” The same report mentions that Al-Qaeda has opened web forums for its cadres to impart knowledge in hacking of computers! The use of cyber technologies by intelligence agencies of some countries for not only snooping but also for compromising the critical infrastructure of other countries adds an entirely new dimension to cyber terrorism. 

What can be done to counter the grave threat that looms large on us? A comprehensive Cyber Security Audit of our critical infrastructure shall be a good step to begin with. This shall help us in identifying our vulnerabilities and thus in plugging the same. Designing and implementing more stringent Access Control Systems and Encryption Standards, augmenting our Tech-Int capabilities to thwart a cyber attack before it happens and educating the users of critical infrastructure for adopting safe practices are some ways to combat the threat. However, we need to remember that while we have to confront the entire range of security vulnerabilities, the cyber terrorist has to exploit just one vulnerability and achieve his mission!