Date: Wednesday, February 07 @ 09:33:07 PST
Cyber Terrorism By:
Dr. Edward J. Maggio, Esq.
Assistant Professor of Criminal Justice
Center for Security and Disaster Response
Department of Behavioral Sciences
New York Institute of Technology (NYIT)
Cyber-terrorism is a current and real threat to U.S. businesses and to national security. Most Americans however do not realize the threat or fully understand the nature of such attacks. IT and Security personnel everyday fight and defend thousands of daily attacks upon computers and computer networks.
The FBI defines cyber-terrorism as any premeditated, politically motivated attack against information, computer systems, computer programs, networks and data, which results in violence, disruption or damage against non-combatant targets by sub-national groups or clandestine agents. It is also a threat that has existed even before 9-11. According to the U.S. Commission of Critical Infrastructure Protection, possible targets include the banking industry, military installations, power plants, air traffic control centers, and water systems.
It is important to make the clear differentiation between those engaged in cyber-terrorism and hacktivists. Hacktivists have political agendas and generally engage in e-mail attacks; hacking and computer break-ins; and computer viruses and worms for a political cause. A cyber terrorist on the other hand engages in computer attacks that result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. In addition, web sites are vandalized, service disrupted, data and systems sabotaged, viruses and worms launched, and companies harassed and threatened on a regular basis. These cyber-attacks are facilitated with easy to use and easily available software tools, often which are found free of charge from web sites on the Internet.
HISTORY OF CYBER-ATTACKS
One of the first recorded cyber-terrorist attacks was in 1996 when a computer hacker allegedly associated with the White Supremacist movement temporarily disabled a Massachusetts ISP and damaged part of the ISP's record keeping system. The ISP had attempted to stop the hacker from sending out worldwide racist messages under the ISP's name. The hacker signed off with the threat, "you have yet to see true electronic terrorism. This is a promise." Since 1996, attacks have continued with increasing severity.
• In 1998, Spanish protestors bombarded the Institute for Global Communications (IGC) with thousands of bogus e-mail messages. E-mail was tied up and undeliverable to the ISP's users, and support lines were tied up with people who couldn't get their mail. The protestors also spammed IGC staff and member accounts, clogged their Web page with bogus credit card orders, and threatened to employ the same tactics against organizations using IGC services. They demanded that IGC stop hosting the Webs site for the Euskal Herria Journal, a New York-based publication supporting Basque independence. Protestors said IGC supported terrorism because a section on the Web pages contained materials on the terrorist group ETA, which claimed responsibility for assassinations of Spanish political and security officials, and attacks on military installations. IGC finally relented and pulled the site because of the "mail bombings."
• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence authorities characterized it as the first known attack by terrorists against a country's computer systems.
• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common. After the Chinese Embassy was accidentally bombed in Belgrade, Chinese hacktivists posted messages such as "We won't stop attacking until the war stops!" on U.S. government Web sites.
• Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of protestors point their browsers to a target site using software that floods the target with rapid and repeated download requests. EDT's software has also been used by animal rights groups against organizations said to abuse animals. Electro-hippies, another group of hacktivists, conducted Web sit-ins against the WTO when they met in Seattle in late 1999. These sit-ins all require mass participation to have much effect, and thus are more suited to use by activists than by terrorists.
In financial terms, cyber-terrorism can hurt the nation’s economy. The February 2000 denial-of-service attacks against Yahoo, CNN, eBay, and other e-commerce Web sites was estimated to have caused over a billion in losses and caused fear in the e-commerce community, especially for regular customers and clients. Furthermore, cyber-terrorists can cause chaos and fear to business operations by attacking banking and other financial computer networks. They can also steal information or disrupt the data recovery processes of businesses in order to cause panic or for financial gain.
The greater danger however lies in the fear that terrorists and other criminals could attack and penetrate our nation's critical infrastructure computer systems and endanger human lives by disrupting emergency medical services, land and air transportation systems, telecommunications and utilities. Shutting down a local 9-11 emergency response system, military communication system, or electric power would disrupt business to the costs of billions and endanger the lives of many in a given area.
In 1998, the Center for Strategic and International Studies issued a report that stated Cyber-terrorists are plotting all manner of heinous attacks that if successful could "destabilize and eventually destroy targeted states and societies. The National Strategy to Secure Cyberspace should be part of our overall effort to protect the nation. However, today there are no early detection systems in place to warn of an attack. Therefore it is up to American businesses themselves to begin preparations for cyber-attacks.
It is important to understand the complex nature of cyber-terrorism in order to put in place future measures to prevent attacks.
1) It is a cheap method of attack compared to traditional terrorist methods. With a computer and on-line connection, a computer savay terrorist can cause fear among millions and cost American businesses billions.
2) It is a form of terrorism that is anonymous, with terrorists using usernames and on-line nicknames which make the job of law enforcement personnel tracking terrorists seemingly impossible. The on-line world unlike the real has no physical checkpoints, metal detectors, or body searches. Cyber-terrorists who are engaging activity on-line are always one step ahead of law enforcement personnel.
3) The diversity and high number of targets make cyber-terrorism attractive. Airlines, government networks, public utilities, if tampered with or disrupted have a major impact. Emergency services and electric power grids are highly vulnerable because such areas operate on computer systems that are impossible to eliminate all potential weaknesses.
4) Cyber-terrorism requires less physical training and can be conducted remotely.
5) In the case of the I LOVE YOU virus, cyber-terrorism can affect more people arguably than traditional terrorist modalities and generate even more media coverage desired by terrorists. In other words, cyber-terrorism is a way to attack that works and produces the desired effect for terrorists.
Terrorists do use cyberspace to facilitate the more traditional methods of terrorism such as bombings or spreading messages of hate. The web sites of Islamic Fundamentalist groups in particular are used to present messages, coordinate members, recruit young supporters. U.S. troops in Afghanistan have recovered Al Qaeda laptops, structural and engineering software, information on computerized water systems, nuclear power plans, and U.S. and European stadiums.
It should be noted that cyber-terrorism also has its drawbacks. Unless people are injured, there is less drama and emotional appeal by society, which terrorists are looking to achieve. Also many terrorists do maintain and operate under traditional methods of terrorism. In terms of danger to human life, the Improved Explosive Devise (IED) truck bomb is arguably a much greater risk than a computer virus. This doesn’t mean that the threat of cyber-terrorism should be discarded. Currently more than 120 countries or foreign organizations have or are developing formal programs to develop information weapons that can be used to attack and disrupt critical Information Systems used by the United States.
There are many types of attacks that all fall under the heading of cyber-terrorism. Attack types include:
Denial of Service Attacks
Software Vulnerability Exploitation
A computer virus is a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents. A computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells. Extending the analogy, the insertion of a virus into the program is termed as an "infection", and the infected file, or executable code that is not part of a file, is called a "host". Viruses are one of the several types of malicious software or malware. In common parlance, the term virus is often extended to refer to worms, Trojan horses and other sorts of malware; viruses in the narrow sense of the word are less common than they used to be, compared to other forms of malware.
While viruses can be intentionally destructive, for example, by destroying data, many other viruses are fairly benign or merely annoying. Some viruses have a delayed payload, which is sometimes called a bomb. For example, a virus might display a message on a specific day or wait until it has infected a certain number of hosts. A time bomb occurs during a particular date or time, and a logic bomb occurs when the user of a computer takes an action that triggers the bomb. The predominant negative effect of viruses is their uncontrolled self-reproduction, which wastes or overwhelms computer resources.
Now there are over 60,000 viruses in existence, many of which have multiple mutant strains. The rate of virus creation and release has accelerated over the past few years with nearly 250 new and mutated viruses appearing each month. 2005 saw the first hacking and virus attacks on cell phones and smart phones with PDAs built in. The most notable was when a celebrity phone was hacked and the contents of the contact list was taken and used. 2006 got off to a bad start with four massive virus attacks in January, including a multi-wave attack of 7 variants. In February we also saw the second virus that affects Apple computers running the Mac OS X operating system, further eroding the long-held belief that Mac machines are more impervious to attacks than Microsoft’s Windows-based personal computers. Viruses as with all cyber attacks are becoming more complex, more damaging, more difficult to detect and the frequency of viruses being released is also increasing.
Denial of Service (DoS) Attacks
A Denial of Service attack is an assault on a network that floods it with so many additional requests or transactions that regular traffic is either slowed or completely interrupted/halted. A distributed denial of service (DDOS) attack uses multiple computers at the same time throughout the network that it has previously infected on an earlier occasion. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. The Washington Post reported that on October 22, 2002, a DoS attack struck the thirteen "root servers" that provide the primary road map for almost all Internet communications worldwide. It caused no slowdowns or outages because of safeguards built into the system, but a longer and more extensive attack could have inflicted serious damage. A well-known cyber attack took place when ten thousand Internet activists calling themselves the Electronic Disturbance Theater began a DoS attack on the Pentagon, Frankfurt Stock Exchange and Mexico presidential Web servers in support of Zapatista rebels in Chiapas, Mexico.
Cyber attacks have caused billions of dollars in damage and affected the lives of millions. Recent data indicate several troubling trends. First of all the number of software vulnerabilities that can be exploited are increasing as the demands for more software to be released early, rises. Software vulnerabilities are exploited with software containing code that can allow the software to be used in a malicious fashion.
The increasing availability of these information weapons is partially related to certain groups whose sole purpose is to create attack kits that are sold via the internet to anyone willing to pay the price. Within the information security industry, there is wide spread belief that an organization in South America has been created and funded with the sole purpose of developing malicious code that takes advantage of recently vulnerabilities uncovered in commercial software. The time from when a vulnerability is reported and announced until the first malicious code is discovered is shrinking. The last few announcements of commercial software vulnerability saw the exploitation code released in less than 24 hours – one taking only 17 hours. The time required for the software vendor to create a patch, was 8 days.
In March 2000, Japan's Metropolitan Police Department reported that a software system they had procured to track 150 police vehicles, including unmarked cars, had been developed by the Aum Shinryko cult, the same group that gassed the Tokyo subway in 1995, killing 12 people and injuring 6,000 more. At the time of the discovery, the cult had received classified tracking data on 115 vehicles. Further, the cult had developed software for at least 80 Japanese firms and 10 government agencies. They had worked as subcontractors to other firms, making it almost impossible for the organizations to know who was developing the software. As subcontractors, the cult could have installed Trojan horses to launch or facilitate cyber terrorist attacks at a later date.
Software companies are highly concerned about their products. A survey of almost four hundred IT professionals conducted for the Business Software Alliance during June 2002 revealed widespread concern. About half (49 percent) of the IT professionals felt that an attack is likely, and more than half (55 percent) said the risk of a major cyber attack on the United States has increased since 9/11. The figure jumped to 59 percent among those respondents who are in charge of their company's computer and Internet security. Seventy-two percent agreed with the statement "there is a gap between the threat of a major cyber attack and the government's ability to defend against it," and the agreement rate rose to 84 percent among respondents who are most knowledgeable about security.