Components of Cyber-Terrorism - Essay Example

Project 2 Cyber-Terrorism Grear Dale III CJ354 CDROM Cyber-Terrorism Cyberspace and Its Importance: The major components which together constitute a nation's infrastructure are the sectors of food, agriculture, telecommunications, public utilities, banking and finance, defence, emergency services, transportation, trade and postal services. But the basic, and perhaps the most important, part of any infrastructure today is 'cyberspace', which acts like the nervous system which connects and controls all the other functions of a country. Cyberspace is defined as "The electronic medium of computer networks, in which online communication takes place." It is made up of millions of interconnected networks, servers, computers, and fibre optic cables which help control the entire infrastructure. It is thus, of utmost importance to a nation's economy and its national security. Even from an individual's perspective, the internet is beneficial as it provides services like e-trading, online shopping and home-delivery, overseas reservations, games and music downloads, financial services, access to remote terminals and information, etc. at high levels of convenience. Today, almost every organization in the world has expanded its domain into the realm of cyberspace. Large amounts of information are electronically stored in interconnected databases. However, the increasing influence of cyberspace has extended into the area of terrorism. Electronics technologies are vulnerable to a large extent to cyberterrorism. According to the Computer Emergency Response Team (CERT) Coordination Center, there were about 2,500 vulnerabilities detected in the nation's cyber system in 2001, and this number rose to 6,000 in 2005. In 2006, more than 7,200 vulnerabilities were found out. This exponential increase in cyber vulnerabilities of systems coupled with increasing cyberterrorism is leaving a critical part of the nation's security exposed to terrorist pursuits. Cyberterrorism: Cyberterrorism is he mingling of cyberspace with terrorism. It encompasses all unlawful threats and attacks against electronic equipment and data with an objective to intimidate a nation's population or its government. It generally leads to destruction of property, severe economic loss and negative impact on critical infrastructures. Reasons for Cyberterrorism: Cyberterrorism can be driven by several motives. Following are some of the reasons for the recent growth in cybercrime and cyber attacks- All terrorist organizations on the web are now using it as a means to broadcast their philosophies and messages across the world, and thereby misguiding and misinforming people from many nations. Cyberspace is being used for recruiting new terrorists and sympathisers, raise funds for operations and communicating with fellow terrorists. Cyberterrorism involves low risk, and allows collaboration between people throughout the world. Moreover, cyber attacks are cheap, quick and do not require much planning. Numerous cyber attacks have social or political motives behind them. The money gained through cyber crime (estimated to be about $100 billion) can be used to finance terrorism. Internet gives hackers and scammers anonymity with which they can access remote computers and personal information easily through identity theft. The advanced internet search technology provides attackers with a greater degree of information about hacking skills, far away from the eye of security officials. Moreover, the internet allows criminals to attack in an untraceable manner by enabling them to use computers owned by others to commit crimes. It must be noted that many a times, cyberterrorism is motivated by a separate category of factors like greed, curiosity, thrill, ego, revenge, etc. These are mostly carried out by non-ideological individuals who do not have a very sound purpose behind the attacks. Incidents of Cyberterrorism: In the past decade, there have been several cases of cyberterrorism which prove that the threat of terrorism committed electronically is 'real'. It was recorded that the headquarters of Osama bin Laden in Afghanistan was equipped with computers and other electronic communication equipment by 1996. It is said that Egyptian computer experts helped him devise a sound and fool-proof communication network via the Web. Hama activists in Israel are suspected to use chat rooms to co-ordinate operations, which makes them difficult to be traced. As noted in 1998, the militant group Hizbullah was operating through three websites, each for a separate purpose: www.hizbollah.org was used for the central press office; www.moqawama.org to describe Israeli targets; and www.almanar.com.lb for news and information. According to a report by the U.S. News & World Report, 12 out of the 30 groups listed down as terrorist organization in the US database are on the web. The main targets for attacking the security of the nation are Government computers, especially the Department of Defence (DoD) computers, which store highly critical defence data. About 22,144 attacks were detected against DoD computers in 1999, which was 280% increase from the previous year, and a whopping 2800% increase from the year before. It is impossible to force terrorist organizations off the cyberspace because they generally set up their websites in countries with free-speech laws. For example, the LTTE (Liberation Tigers of Tamil Eelam) were banned on the web by the Sri Lankan Government, but they still have their London based website in full operation. Insight into Cyberterrorism: To feel the real essence of crimes in cyberspace, it is essential to know the various forms of malicious codes that are sent out for attacking a remote computer by cyber criminals- Viruses are types of files/ programs which require the user to do something with the file/program to actually infect the computer. Worms are exactly like viruses in the way they destroy a system, but they propagate without user intervention. Trojan Horses are programs/ software which claim to be a helpful thing, but in fact do something different and harmful behind the scenes. Hoaxes are chain mails that attempt to trick or defraud users to obtain important information from them. Urban Legends are designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. They usually have no negative effect other than wastage of time and bandwidth. Malware are software designed to infiltrate or damage a computer system without the owner's informed consent. It is used to refer to a variety of forms of hostile, intrusive, or annoying software or program code. Phishing, is a hacking technique, which is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Social Engineering is another hacking technique, which is defined as "the act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information." The victims of social engineering are tricked into releasing information that they do not realize will be used to attack a computer network. These malicious code programs can cause immense harm to any system which they infect, thereby destroying critical data and files. The US Department of Homeland Security's cyber division has defined three levels of cyberterrorism. The first is simple and unstructured attacks, conducted against individual systems using basic hacking tools and skills. This level encompasses little target analysis, control or planning. The second level is advanced and structured attacks, conducted against multiple systems/ routers using sophisticated techniques and modified, or self created, basic hacking tools. It encompasses an elementary target analysis, control and basic planning. The third, and most dangerous level, consists of complex and coordinated attacks, conducted against national or organizational defence so as to cause mass-chaos, disruption, or even violence. It encompasses the ability to create sophisticated hacking tools with a high target analysis, planning and control. To understand the potential threat of cyberterrorism, an organization must consider whether there are vulnerable targets within its system which can be attacked and would lead to widespread inconvenience or severe harm to the general public. Also, it must see whether there are actors with the capability and motivation to carry out cyber attacks on their system. Cyber crimes are no longer committed on a small scale when we view them from a global perspective. Highly sophisticated phishing scams in the financial services industry is an example of growing cyber-terrorism on a global stage. The growth the private sector has seen in phishing attacks is emblematic of a trend in cyber-crime; which is the movement away from individual entities launching viruses and worms towards a highly sophisticated, transactional form of Internet-based theft and fraud. The evolving cyberterrorism has continued to move beyond attacking the online banking market to investment portfolios and even healthcare benefit sites. Al-Qaeda, the terrorist organization under Osama bin Laden, has been using the internet to collect information about potential infrastructure targets in some of the leading developed nations of the world. Such critical information can be used to assist a physical real world, or electronic terrorist attack. An even more dangerous threat has been issued by Iraqi fundamentalists, who have announced that if the Iraq war continues, then they would be releasing a 'super-virus' code-named 'Scezda' into western computer systems. This super-virus, claimed to have been developed by a Malaysian virus writer known as "Melhacker", has the capability to destroy each bit of information in the US computer network and supposedly has no anti-virus to face it for now. We have witnessed the damage caused by viruses in the past, like Code Red, Bugbear, and I Love You viruses, amount upto many billions of dollars. Considering this, the threat of 'Scezda' is a potential hazard for the whole country. Apart from destruction of information, security officials fear the corruption and tampering of critical information, such as social security, hospital records, or aircraft maintenance registers. By deleting, inserting, or modifying part of the information, they may create panic and havoc in certain databases, which may result in general chaos. Cyber Security: To protect the nation from attacks by cyber-terrorists, organizations need to resort to cyber-security. Cyber-security is the protection of information in databases by preventing, detecting, and responding to attacks. Computer systems must be prepared at all times to tackle a malicious code, or any other form of electronic attack. Plans and procedures should be stored and updated on computers, and all networks must have an updated firewall, antivirus, and spyware software. There are many Government organizations who have undertaken the task to propagate the concept of cyber security throughout the nation. The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sector institutions. It aims to protect the nation's Internet infrastructure, and coordinate defence against cyber attacks on the nation's cyberspace. Anti-cyber terrorist campaigns worth $6.3 billion are to be carried out this year. Moreover, the US congress aims to legislate a centralized authority over IT policies' implementation and enforcement. The National Cyber Security Division (NCSD) is a part of the Department of Homeland Security, and is responsible for the protection of the cyber infrastructure. To reduce control system risks within all critical infrastructure sectors, the NCSD established the Control Systems Security Program to coordinate efforts among federal, state, local, and tribal governments, as well as control systems owners, operators and vendors. This program coordinates operations to reduce the severity of impact of a cyber attack against the nation's cyber infrastructure and electronic databases. Drawbacks of Cyberterrorism: Although it is an attractive avenue for innovative terrorists, cyberterrorism has its own drawbacks, which reduce the likelihood of it being used as a tool to spread terrorism. Terrorists generally stick with tried and tested methods. Novelty of the attack technique may be much less important than the assurance of a mission being operationally successful. So, terrorists may not be interested in trying out new methods unless they see their old ones as inadequate. Also, cyber attacks generally require considerable knowledge and skill to implement plans effectively. Terrorist organizations may find it much easier to use their brawn, instead of brains, and use guns and bombs as tools for terrorism. Computer systems are complex and it may be harder to control an attack and achieve a desired level of damage than using physical weapons. Conclusion: Therefore, considering all aspects of cyberterrorism, we notice that it is a continuously evolving problem which must be taken seriously in order to be stopped, or prevented. Sever measures must be take by authorities against cyber criminals, which would not only punish those propagating violence and chaos, but will also prove to be a deterrent for other potential cyber-terrorists. All organizations, especially those with highly critical information and infrastructure must take all possible steps so as to secure their networks and effectively tackle the problem of cybercrime. References Ellsmore, N. (2002). 'Cyber-Terrorism in Australia: The risk to business and a plan to prepare'. SIFT. US-CERT: United States Computer Emergency Readiness Team. http://www.us-cert.gov/ DHS: Internet Hoaxes. www.dhs.gov/xcitizens/general_1165337828628.shtm U. S. House of Representatives Select Committee on Homeland Security (2004). 'Cybersecurity for the Homeland'. Verton, D. (2003). 'Black Ice: The Invisible Threat of Cyber-Terrorism'. McGraw-Hill Osborne Media. Department of Homeland Security. http://www.dhs.gov/index.shtm Green, J. (2002). The Myth of Cyberterrorism. Gordon, S. & Ford, R. 'Cyberterrorism' Symantec. DHS: National Cyber Security Division. http://www.dhs.gov/xabout/structure/editorial_0839.shtm Allor, P. (2007). 'Understanding and Defending Against Foreign Cyber-Threats.' Journal of Homeland Security. Rollins, J. & Wilson, C. (2007). 'Terrorist Capabilities for Cyberattack: Overview and Policy Issues'. Congressional Research Service. US Army Training and Doctrine Command (2005). Cyber Operations and Cyber Terrorism. Weimann, G. (2004). 'Cyberterrorism: How Real is the Threat' United State Institute of Peace. Read More