Cyber Terrorism The face of global terrorism as we knew it to be 50 odd years ago is changing rapidly with the advancement of technology in todays society. Be it a kid trying to get his kicks bypassing the security or his local Internet Service Provider, or an established terrorist trying to get classified information, the amount of funds we put into protecting ourselves from cyberterrorism is not nearly enough if we were to think about what could be at harm.
The vulnerability of commercial systems to cyberattacks is repeatedly demonstrated by events portrayed in the media and, there is no evidence that non-government systems are any more or less vulnerable than government ones, or that the security posture of either group, as a whole, is generally improving — despite the availability and use of a growing supply of information security tools. In a recent study conducted by PricewaterhouseCoopers (PwC) of 4900 IT professionals across 30 nations found that this year alone 39,363 human years of productivity will be lost worldwide because of viruses and hacking . In total, the cheque this year to US firms with more than 1000 employees for viruses and computer hacking will amount to $266 billion, or more than 2.5 per cent of the nation’s gross domestic product. The price tag worldwide soars to $1.6tn, according to the PwC study.
The real effects of viruses are not as much as everybody shouts about. That said, I know of two cases where clients of ours have picked up contracts because their competitors were hit by the Love Bug, said Shipp. It’s really difficult to estimate how much viruses cost. In the area of hacktivism, which involves the use of hacking tools and techniques of a disruptive nature of government or commercial systems, the Internet will serve mainly to draw attention to incidents, as such incidents are regularly over portrayed by news media. Whether that attention has the desired effect of changing policy decisions related to the issue at hand is much less certain.
Hackers may feel a sense of power, because they can do it. Others do it for the challenge of the problem, using a protected system as just another playground to tune their skills. But some just do it for the recognition, hoping that someone will notice them and make the famous in the media. These people usually dont last very long in the grand scheme of things.
In April of 1999, Yahoo!, CNN and other prominent media web sites got hit by a organized and severe DOS (Denial Of Service) attack. The attack was done through university servers, in Canada and the US, which were hacked and made to be puppets of the perpetrators of the attack. The attack sent the affected companies stocks plummeting because they could not continue their daily business. While this is an extreme situation, similar situations happen almost daily.
Packet sniffers are set up on networks to catch unencrypted passwords and logins, Trojans are planted to allow a hacker to gain access to you files without the user being even aware of it. With such lack or security evident among the bases of our society, what would happen if a hostile nation waged a cyber war on us? In the 1980s, Barry Collin, a senior research fellow at the Institute for Security and Intelligence in California, coined the term cyberterrorism to refer to the merging of cyberspace and terrorism . Mark Pollitt, special agent for the FBI, offered a definition: Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by subnational groups or clandestine agents. Politically motivated attacks that cause serious harm, such as severe economic hardship or sustained loss of power or water, might also be characterized as cyberterrorism. Like most other groups, terrorist groups are using the Internet extensively to spread their message and to communicate and coordinate action.
However, there have been few if any computer network attacks that can match up to the terrorist acts caused by non electronic warfare. The 1998 e-mail bombing by the Internet Black Tigers against the Sri Lanken embassies was perhaps the closest thing to cyberterrorism that has occurred so far, but the damage cause by the flood of e-mail, for example, is relatively nothing in comparison to the deaths of 240 people from the physical bombings of the U.S. embassies in Nairobi and Dar es Salaam in August of that year. So is cyberterrorism the way of the future? For a terrorist, it would have some advantages over physical methods.
It could be conducted remotely and anonymously, it would be cheap, and it would not require the handling of explosives or a suicide mission. It would likely attract massive media coverage, as journalists and the public alike are fascinated by practically any kind of computer attack, as we saw in recent times with the I Love You, virii and others similar to it. A recent study of the risks of computer systems began with a paragraph that concludes Tomorrow’s terrorist may be able to do more with a keyboard than with a bomb. There are off course drawbacks to terrorists using cyber weapons over physical ones.
Because systems are complex, it may be harder to control an attack and achieve a desired level of damage. Unless people are injured, there is also less drama and emotional appeal, which as you can imagine works wonders in the media. Further, terrorists may be disinclined to try new methods unless they see their old ones as inadequate. The main impact of cyberthreats on foreign and domestic policy relates to defending against such acts, particularly attacks against critical infrastructures.
At the international level, several countries, including Canada and the U.S, have been addressing such issues as mutual legal assistance treaties, extradition, the sharing of intelligence, and the need for uniform computer crime laws so that cybercriminals can be successfully investigated and prosecuted even when their crimes cross international borders, as they so often do. The Internet offers a powerful tool for communicating and coordinating action. It is inexpensive to use and increasingly pervasive, with an estimated 201 million on-line as of September 1999. Groups of any size, from two to millions, can reach each other and use the Net to promote an agenda. Their members and followers can come from any geographical region on the Net, and they can attempt to influence foreign policy anywhere in the world. Government systems which hold anything from your medical records, to doomsday nuclear launch codes are regularly access by unauthorized users, and commercial companies loose extreme amounts of money to hackers who are just having fun.
With this kind of security it leaves the public wondering what would happen when someone got serious and intended to do some real harm to our, so called, technologically advanced society. Bibliography 1) Barry Colin, The Future of Cyberterrorism, Crime and Justice International, March 1997 2) Economic Espionage, Cyberterrorism & Information Assurance, DIANE Publishing, January 1998 3) CyberTerrorism, about.com, http://netsecurity.about.com 4) Statistics USA, US Gov, Sept 1999, http://www.stat-usa.gov 5) Hackers and viruses to cost business $1.6tn, VNUnet.com, John Leyden, 11/07/2000, http://www.vnunet.com 6) Barry Colin, The Future of Cyberterrorism, Crime and Justice International, March 1997 7) Mark M. Pollitt, Cyberterrorism B Fact or Fancy?, Proceedings of the 20th National Information Systems Security Conference, October 1997 Computers and Internet Essays.