Global Threat Cyberterrorism

Global Threat Cyberterrorism By inner government policy writers, analysts, and the public. The social and global tactics that terrorist cells use, the countries that support terrorist groups, and the policies and procedures that have been used to counter terrorist actions by the target countries are all becoming unmanageable, billions are being spent in security measures but the whole concept is untraceable and can easily change, it is essential to keep the publics confidence. The information age or the technological era is magnificently shaping the way in which terrorists operate; new technologies mean newer weapons with more destructive powers, more ways to cause death and damage. Not only the types of weapons and targets the terrorists select, but also the ways in which terrorist cells have cemented their internal structure and the operation of their organisations (Zanini and Edwards, 2001, p. 30). According to Zanini and Edwards, terrorist organizations are using information technologies, such as computers, telecommunication devices, software, and the Internet to organize and coordinate activities (2001, p. 30). Criminality and Cybercrimes are now continually originating from new technologies, such as the Internet, wireless communications, military sciences this all in all creates many challenges for law enforcement around the world (Sussmann 2000). Responding to Cyberterrorism and investigating computer-related crimes pose challenges for law enforcement, as well as the legal system. There are many loopholes with the justice system that enables those with malicious intent to evade capture. The internet can be of so much use to terrorists, first of all, the communication that can be done over the internet is endless and alot more harder to trace then conventional ways of communication. Electronic mail has become one of the cheapest, quickest and anonymous as well as effective ways of communication today, to communicate with any part of the world. So overall the terrorists of this world are able to use the internet as a platform to communicate and swap information and messages to further their cause. General information on targets like maps and instructions are widely available, terrorist organisations can make their own WebPages to promote their ideologies, distribute propaganda and recruit sponsors or supporters. As being a platform for propaganda they are able to reach the public directly and make their existence known in international circles. Terrorists can also obtain funds through the internet, using services such as PayPal and western union; people can deposit monies anonymously so it is perfect for terrorist organisations to operate. In recent times after atrocities such as September 11th and Afghanistan you have often seen terrorists put up film footage on the internet to promote their groups, when terrorist cells kidnap any westerners, they will publicise their crimes by recording beheadings and playing them live on news sites for the world to see. According to news reporters from NBC who have been abducted previously by Al-Qaeda, claim that within their fortress of caves they have large banks of computer servers, communications devices and mass storage data discs. Hamas are another group that use advanced technology for their cause; they reportedly use 128 256 bit encryption for their files and communications. The more a country is technologically advanced, the more vulnerable it is to attack against its infrastructure, at the last count the number of computers that the USA have installed is just over 180 million, at least 5 times the number that of Japan, seven times as much as in Germany and twice as many as all of Europe combined. US computers account for 42% of the worlds computing power, whilst China represents only a meagre 1% and Russia 8%. The objective of this paper is to provide a general overview of the research; First of all, we look at the critical concepts of this research. These concepts are terrorism, cybercrime, information warfare, and Cyberterrorism. Definition of the Concepts Terrorism Defining the word terrorism itself constitutes problems. The problems that occur when Defining terrorism is the difficulty to have an agreed upon definition of terrorism. In other Words, there is no consensus in the international arena as to what terrorism comprises. No statement has been made to clarify the concepts under which the terrorism heading falls into. The problem emerges from the fact that terrorism is solely a political issue which means A terrorist for one country could be a freedom fighter for another. Furthermore, as Laqueur claimed in 1977 â€Å"It can be predicted with confidence that disputes about a comprehensive, Detailed definition of terrorism will continue for a long time, that they will not result In consensus and that they will make no noticeable contribution to the understanding of terrorism. â€Å" While the statement seems to be vague in character, the true statement of terrorism is in fact much closer to the truth then imagined. Of course the Human Rights Act and other international agreements set the scene for the standards in terms of human rights; but the non existence of procedures for the use of responding to terrorism creates confusing, irregularity and severe turmoil. On top of this, any such effort that is taken by a country which is targeted by cyber terrorists may not have a desired effect since other countries may not consider that group as a terrorist organisation. In terms of legal stature, by not having any by laws as to what Terrorism constitutes, while country 1 may deem a specific act as terrorism, country 2 may judge the action to be a meaningless computer mistake. Enders and Sandler define terrorism as â€Å"the premeditated use or threatened use -of extra-normal violence or force to gain political objectives through intimidation or fear† (1993, p. 829). The US Department of State defines terrorism as â€Å"premeditated, politically motivated violence perpetrated against non-combatant targets by sub-national Groups or clandestine agents usually intended to influence an audience† (1999). Classes of Information warfare Many authors have written substantial articles on the subject of Cyberterrorism and such activities, the subject itself is deemed to a very grey area with mostly myths and hear say, obviously hackers do exist and they can cause serious and malicious damage to an infrastructure but not all are convinced of their overall threat, many authors publish hard hitting texts to drive the point home that our world is at risk from this ruthless wave of technological storming.In his book, Chaos on the Electronic Superhighway: Information Warfare, Winn Schwartua, talks about the concept of information warfare in comparison to everything around us including politics, economy, power, fear, survival and harmony. He has even led claims that information warfare and information age weaponry will replace bombs and bullets, which are not restricted to the governments of superpowers (Schwartua 1996, p. 16). Schwartua also proposes the classification of information warfare. According to him there are three types of information warfare: Class 1: Personal Information Warfare. This includes attacks against an individuals privacy. Cyber attacks on the personal computer or wireless devices or use of private information about an individual are possible examples of personal information warfare. Class 2: Corporate Information Warfare. This classification involves large corporate companies of magnitude and focuses on the issues of competition between companies, industrial espionage, misinformation, sponsors, shareholders etc Class 3: Global Information Warfare. This type of warfare is â€Å"waged against industries† (p. 195). This level of warfare is waged by the most elite individuals through Internet and other computer network systems according to Schwartau (1996). According to Monge and Fulk (1999), the use of new age computing advancement and various wireless communication devices has led to the establishment of networks in three ways: Firstly, the new technologies have enabled terrorist cells to reduce the transmission time of their encrypted messages so that members of the organization can communicate faster. Secondly, new technologies also reduced communication expenses. Obviously before the internet, as the same with all of mankind, sensitive communication was done by either word of mouth or by coded messages. Not only have new advancements in technology visibly reduced the length of transmission time and considerable expense, but have also significantly increased the scope and complexity of the information due to the combined technologies. Terrorist organisations have now gained their own independence, whereas a time once existed where terrorist and fundamentalist groups were once linked with governments due to lack of financing now have the platform to better finance themselves due to the broader scope of the internet. Zanini and Edwards compare the Palestine Liberation Organization (PLO), who are considered to be more politically and hierarchical in contrast to the Palestinian Islamic Jihad (PIJ) and al-Qaeda, these are considered to be more recent forming and less hierarchical groups more intent on bloodshed then political uprising. Dispersed groups find that the advantages of the new technologies eliminate normal problems gained through distance. In particular, using the World Wide Web for communication amongst the cells can not only increase the flexibility of peoples time. In fact, these technologies may enable terrorists to operate from nearly any country in the world (Zanini and Edwards, 2001, p. 38). We are seeing that terrorists gain momentous advantage from new technologies and that the world cannot prevent much, due to the general era that we are in, everyone has access to anything as long as funds are available. The internet provides the best and most effective communication dial-ups between the terrorist organization and its members. Weimann identifies eight different ways that terrorists use the Internet: Psychological Warfare, Publicity and Propaganda, Data Mining, Fundraising, Recruitment and Mobilization, Networking, Sharing Information, Planning and Coordination (2004). Different terrorist organisations have different causes so the web sites they setup can act with a purpose of a communication channel between the various members of the organisation, the supporters and those anonymous sympathisers of the organization, Through this channel, terrorist groups can broadcast their harsh messages to the world stage and have regular updates to their recent campaigning and recent activities. They often use the Web site to justify their violent sadistic murders and killings. These Web sites are a platform to the whole world and can lead to recruitment of potential supporters, and target population or government entities (Weimann 2004). In addition to being a communication method between terrorists and the public, advanced tools, such as; Cryptography Steganography These types of advancements are used by terrorists to convey their messages to the world around them. Here we look at these two tools in more detail; Cryptography Bruce Schneier describes the act of Cryptography as â€Å"the art and Science of securing messages† (as cited in Taylor et al., 2004, p. 29). The method is a process of â€Å"extreme strong encryption† of the data transmitted between sources to a target. Even though this technology can be useful to those in the private and public sectors it can also be an explosive and damaging weapon to hide information from law enforcement agencies. (Slambrouck, 1998). Denning argues that the threat to law enforcement and government agencies is widespread; she explains four ways that the encrypted data presents danger: 1) It will hinder the intelligence community from getting foreign intelligence critical to national security (Denning, 1997). 2) The intelligence community will have hard time retrieving vital Information about any given investigation, 3) It may avoid the law enforcement from gathering evidence to convict offenders, 4) The law enforcement community may be unable to avoid attacks or any harm. (Denning 1997) Members of the group Al-Qaeda have been using the newly advanced computer technologies to communicate and relay information to sub-coordinates around the globe, it has been heard in social circles that Al-Qaeda love the internet as they are able to keep in real time with all information even though they are based within caves in mountainous regions. According to some research forensics evidence that was collected and compiled after the September 11th attacks shows that terrorist cells often used the internet for their vigorous planning before the attacks. Overall the internet is a source of great value to all those who use it whether it maybe for a student at university or a terrorist with plans to blow up an airliner, information is free and in abundance. Terrorists especially from the Arab continent frequently upload their propaganda and messages via news channels as it is the quickest way to get publicised. Most commonly used is the Jazeera TV network, an example of the use of news channels by terrorists is the final message sent to Mohammed Atta of Al Jazeera by the two senior members of Al- Qaeda 3 weeks before September 11th, 2001 attacks, what was sent was a simple code that showed the four targets the Twin Towers, the Pentagon and Capitol Hill which were referred to as faculties† in the message. The communication said, The semester begins in three more weeks. Weve obtained nineteen confirmations for studies in the faculty of law, the faculty of urban planning, the faculty of fine arts and the faculty of engineering.† Many other political and terror organisations within Europe and America use an encryption program known as Pretty Good Privacy (PGP), an easily downloadable program that provides basic and stronger encryption to use within coded emails for intelligence sharing. Steganography Steganography is the art of hiding data within objects such as Documents, pictures etc files (Collin, 1997). It is a wide method used by many organisations as a simple way to hide information from those who do not have the clearance to view but it can also be severely exploited by terrorist organisations. This technology relies on â€Å"security-by-obscurity,† basically the person will know that a message is hidden within and once he accesses it he be able to read the hidden information behind the veil. From the exterior appearance, a picture would be entirely perceived as a normal picture, but an encrypted message can be extracted from that picture if the person knows where to look. Obviously there are some major drawbacks to technological advancements, computer memory is very hard to completely erase and often leave a trail for law enforcement agencies to use against criminals, For instance, in Turkey, towards the end of 2000, practically a thousand members of the radical group, Hezbollah, were arrested in a serious of raids and taken into custody, and allegedly about 20,000 pages of documents were recovered from computer archives (Aras Bacik, 2002). Fund Raising and Promotion In todays day and age, terrorists have so much available to them, websites are full of propaganda and due to the advancements in software language barriers are no problem to overcome (Weimann, 2004). The information that the terrorist Web sites usually give is usually about general history, their activities, their ideology and political statements, current news regarding their activities, as well as information about their targets, often they will also give out rogue information on targets which will get the security services into a twist, but this information is designed to mislead. The way in which the Internet is used to raise money by terrorist organisations is a good example as to how information technology can provide new ways to fund their operations. Cost of Cyberterrorism. Between 1993 and 1995, there were 40 threats made directly to banks in the US and Great Britain. It is reported that in January 1999, a investment bank paid roughly ten million pounds after receiving a threat against their computer systems, the hackers reportedly crashed a computer in order to show the seriousness of their intent, the bank gave in and paid them off, knowing that the authorities were helpless to act and if their systems did crash there would be alot more then 10 million pounds worth of losses. It is estimated that in United Kingdom, during the three years between 1993 and 1995, terrorists gained more than 400 million pounds (Statistics on Cyber-terrorism, 2000). The Security Industry Survey carried out in 1999 largely showed that the number of companies that were successfully penetrated went up from 12% in 1997 to 23% in 1998. Malicious code is used by hackers which attack systems is devastating as the code mutates and leaves systems vulnerable to attack. The most costly malicious code attacks were Low Bug in 2000 at $ 8.75 billion and Code Red at $ 2.62 billion (Wiederin, Hoefelmeyer, and Phillips, 2002) The consequences of cyber terrorist attacks are not as devastating as the physical terrorist attacks, at least until now. For example, cyberspace provides opportunities for e-bombs and cracking down a Web site but the ramifications of these acts seem less significant than the effect of a physical bomb killing hundreds of people in a matter of seconds, such as the bomb attack in Nairobi in 1998 and Oklahoma City in 1995. Regarding the potential attacks outlined by Collin, they would be difficult to execute, because of the human factor in these processes. For example, even if it is possible to hack an air traffic control station, there are pilots who have been trained to double-check unusual commands. Cybercrime Cybercrime can be looked on as computer-related activities which are illegal and or destructive, the sole object points at thievery, dishonest means of obtaining cash or leading others to stray by the attacking of infrastructure. Cybercrime can be conducted through global electronic networks† (Thomas and Loader, 2000, p. 3). Cybercrime can be defined as a crime committed in a cyber environment, including the Internet, computer networks, and wireless communication systems. In other words, cybercrime involves crime committed through use of the personal computer. Cybeterrorism is the word given to acts of malicious intent with the convergence of Cyberspace and Terrorism, networks, servers and computers alongside data storage are constantly at threat from unlawful attacks, for an attack to qualify under the Cyberterrorism heading it should result in violence against persons or property, at the minimum it shouild cause or generate fear. Acts upon infrastructure, economic loss, plane crashes and explosions are all forms of Cyberterrorism. Cyberterrorism and Cybercrime makes the job for law enforcement even harder ,law enforcement and policy makers already struggle under immense pressure to meet targets and maintain the peace proving a safe environment for the public. Due to the nature of cyber-criminals rerouting their trail through international countries, a response to such a malicious threat requires international cooperation involving participation of all concerned parties . However, society today is cased within the technological bubble, everything is controlled by computers and vulnerability emerges from increased reliance on technology, lack of legal measures, and lack of cooperation at the national and international level represents major obstacles toward effective and immediate response to these threats. In all the sheer lack of global peacekeeping in terms of responding to cyberterrorism and cybercrime is the general problem. Pollitt (1997) defines Cyberterrorism as â€Å"the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents.† Terrorists and cyber criminals will spend sometimes months to exploit vulnerabilities in a system, all the time remaining undetected and hitting key sectors including technical, legal, Political, and cultural, as well as defence. Such a broad range of vulnerabilities can be dealt with by Comprehensive cooperation which requires efforts both at the national and international level. Expert opinions suggest that cyberterrorism is split into three general classifications; Disruptive and destructive information attacks, Disruptive and destructive information attacks Facilitation of technology to support the ideology, and Communication, Fund raising, Recruitment and Propaganda Terrorist use for the Internet Terrorists use the internet for mainly communication, essentially covert operations and as a means for a new command and control infrastructure. Access to information via the Internet and the world wide net, as well as maps for target locations and applications that will help with encryptions and monitoring. Technical data is widely accessible on the net for weapons and bomb construction. Use of the internet as a platform for distributing propaganda on terrorist groups and causes, and related recruitment of individuals, Examples of Attacks In 1998, what was once known as the first attack by terrorists against a countries computer systems was when Tamil guerrillas jammed the servers located at all Sri Lankan Embassies with 800 emails a day over a 2 weeks period with messages such as â€Å"We are the Internet Black Tigers and we are doing this to disrupt your communications† The statement couldnt have been more true, everything stops, whilst security specialists comb the networks using off the shelve virus removers and other software to get rid of the spam. During the Kosovo conflict in 1999, NATO computer systems were targeted in a huge blitz by several eastern European countries in a protest to object against the bombings. Businesses and public organisations with ties to NATO were targeted and considerable money was lost in the turmoil. More recently Estonia was hit by a spate of terror acts from Russia in what is deemed a Cyberterrorism act of vengeance for the movement of a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. Government websites that normally received 1000 hit a day were getting 2000 hits per second, causing the servers to crash and be shut down for hours, even days and weeks. The public just think that a few guys with nothing better to do sit on their pcs and create viruses and mess around, but there is no actual threat to physical life but this is a myth, the business world and people within are often exposed to grave harm. Another example showing the problems of hackers infiltrating web sites and Web site defacement was between attackers from Pakistan and India. At the time of much unrest between Indian and Pakistani soldiers in Kashmir in 1999, both countries computer geniuses also fought in the cyber world. Pakistans experts hacked the Indian Army Web site www.atmyinkashmir.org and left anti-Indian statements about the Kashmir issue. The Indian Government, in retaliation, cut off all network access to the Web site of the prominent Pakistani newspaper, Dawn (Varma, 1999). Processes of attack Different forms of attack are available to hackers and those who wish to deface or destroy data, they use malicious code attacks: â€Å"Malware.† The term malware represents the combination of â€Å"malicious† and â€Å"software† (Furnell, 2000, p. 143). There are different types and processes of malware attacks. The common forms of malware attacks are viruses, worms, Trojan horses and software bombs. These are examined in detail in the following section. Internet worms or Viruses These viruses and worm programs are designed to imbed themselves within the codes of programs and lie dormant till the hacker requires them to destroy or shit down computers; they can hijack the computer and can copy and destroy email lists and address books. Communication devices such as mobiles and PDA are also hot items to target. Viruses: Brunnstein, Fischer-Hubner, and Swimmer define a virus as â€Å"a non-autonomous set of routines that is capable of modifying programs or systems so that they contain executable copies of itself† Furnell, 2000, p. 144). Viruses are malicious software that has the ability to replicate themselves, the virus will attach itself to other applications and software and slowly spread as infected files and disks are used by users. With every new host, the malicious virus inserts itself and executes its payload, they are often weird and strange warning messages or look like innocent files when clicked can wipe all the files from the hard drive (Taylor et al., 2004). A brilliant example of how a virus can be very expensive is the much publicised I LOVE YOU virus. ICSA, a computer security company estimated the cost of the I LOVE YOU virus to be up to 1$ billion (Miastkowski, 2000). Worms: Unlike Viruses, worms do not attach themselves to other software programs. They exist entirely as separate programs and they can spread themselves automatically (Stephenson, 2000, p. 37). Trojan Horse Trojan horses: Hackers and attackers will often use Trojan horses to gain access to important and highly sensitive data information, often a Trojan is used where access is restricted and the hacker is lucky enough to find a ‘Backdoor basically a loop within the code for access, for example, the targets password is captured by the dormant Trojan, it will replicate it, and forward it to the hacker. There are differences between viruses and Trojan horses, firstly the Trojan horses will not replicate or infect any other files on the hard disk. Secondly, the Trojan Horse can stand alone without any attachment to other applications and programs. And finally, the target source may not always be entirely aware of the fact that a maliciously intended Trojan horse was sent to him or her. Basically Trojan horses can be sent with under covert means where the intended target perceives it to be harmless, like an email attachment that looks conspicuous enough and looks safe enough. For example, the attacker may send a message that may be interpreted as friendly information for the receiver, such as a link to a competition etc Phlooding This is a new wave of attack used by hackers and fraudsters to simultaneously launch geographically distributed attacks that targets a businesss authentication or network log-in structure, with the goal of overloading its central authentication server, these attacks have originated from all across the globe, they bombard a wireless Access points (APs) with login requests using multiple password combinations which have the ability to severely slow down logins and critically interfere with broader network operations causing major security breaches. Security specialists reckon businesses with multiple office locations served by a single identity management server could be particularly vulnerable to Phlooding attacks. Malware Programmes such as the ‘Trojan Horse hides a malicious code within a document that will in turn collect usernames and passwords for email accounts amongst other information, These programs can download programmes without the user knowing and relay attacks against other computers remotely. An infected computer can be controlled by the attacker and directed to carry out functions normally available to the systems owner. Hacking Nowadays increasingly the method of attack most favoured is the art of hacking, to use the knowledge of codes and programming to access systems to find secrets. Government computers in Britain have a network intrusion detection system, which monitors traffic and alerts officials to misuse or anomalous behaviour. Botnets These are compromised networks that the attacker can exploit. Deliberate programming errors in the software can easily remain undetected, Attackers can exploit the errors to their advantage to take full control of the computer remotely. Botnet can be used to steal information from highly encrypted computers or to collect sensitive information such as credit card numbers by ‘sniffing or logging the keystrokes of the victims keyboard. Software Bombs This software acts like a bomb connected to a detonator, which may contain an execution of a program. The malicious code may be hidden in a program, and once the program is activated, malicious code becomes activated. For example, a sacked employee who feels dissatisfied with the employer who has access to internal software may upload and hide a software bomb in the companys payroll program. In 1992, an employee of the United Kingdoms Chilworth Communications was convicted of planting a logic bomb before his resignation in September 1990. The bomb was triggered in October 1990 and damaged important files that cost the company more than $50,000. (Larry Greenemeier, InformationWeek, June 12, 2006) Keystroke Loggers This is a device that can be fitted to the keyboard or an application that can be installed on the computer that automatically records every key that is typed on the keyboard, obviously all information such as passwords, email, basically anything that is typed on the keyboard will get logged and then accessed by the third party. Denial of service Attacks Overloading a computer system with data so that it can no longer function. This is the method allegedly used by the Russian hackers which targeted the Estonian government computers in May. Phishing and Spoofing This is a system of attack designed to trick an organisations computer user to reveal passwords and confidential data such as card details. Those that use this method impersonate a trusted source such as a bank or a well known service to persuade the victim to hand over the details in complete faith. IP spoofing: After overloading the system, an attacker can pretend to be an authorized system, while blocking the actual systems service. Since the flooded system cannot respond to the inquiries, the unauthorized system will receive all of the legitimate Computers packets (Stephenson, 2000, p. 46). Force Multiplier Effects Different types of Cyberterrorism may also be used to multiply Cyber-terrorists commit acts of terrorism simply for personal gain or sometimes out of boredom. A less known group known as Chaos Computer Club was discovered in 1997. They had created a simple Active X Control for the Internet that could trick the Quicken accounting program into removing money from a users bank account