Countering cyber-terrorism
Wiki Wickramarathna
The US Department of Defence charged the United States Strategic
Command with the duty of combating cyber-terrorism. This is accomplished
through the Joint Task Force - Global Network Operations (JTF-GNO).
JTF-GNO is the operational component supporting USSTRATCOM in defence of
the DoD’s Global Information Grid. This is done by integrating GNO
capabilities into the operations of all DoD computers, networks, and
systems used by DoD combatant commands, services and agencies.
On November 2, 2006, the Secretary of the Air Force announced the
creation of the Air Force’s newest MAJCOM, the Air Force Cyber Command,
which will be tasked to monitor and defend American interest in
cyberspace. The AFCC will draw upon the personnel resources of the 67th
Network Warfare Wing as well as other resources of the Eighth Air Force;
it will be placed under the command of Lieutenant General Robert J.
Elder, Jr.
Cyber-terrorism
is the convergence of terrorism and cyberspace. It generally means
unlawful attacks and threats of attack against computers, networks, and
the information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social
objectives.
Further, to qualify as cyber-terrorism, an attack should result in
violence against persons or property, or at least cause enough harm to
generate fear. Attacks that lead to death or bodily injury, explosions,
plane crashes, water contamination, or severe economic loss would be
examples. Serious attacks against critical infrastructures could be acts
of Cyber-terrorism, depending on their impact. Attacks that disrupt
non-essential services or that are mainly a costly nuisance would not.
Cyberspace is constantly under assault. Cyber spies, thieves,
saboteurs, and thrill seekers break into computer systems, steal
personal data and trade secrets, vandalize web sites, disrupt service,
sabotage data and systems, launch computer viruses and worms, conduct
fraudulent transactions, and harass individuals and companies. These
attacks are facilitated with increasingly powerful and easy-to-use
software tools, which are readily available for free from thousands of
web sites on the Internet.
Many of the attacks are serious and costly. The recent ILOVEYOU virus
and variants, for example, was estimated to have hit tens of millions of
users and cost billions of dollars in damage. The February
denial-of-service attacks against Yahoo, CNN, eBay, and other e-commerce
Web sites was estimated to have caused over a billion in losses. It also
shook the confidence of business and individuals in e-commerce.
Some attacks are conducted in furtherance of political and social
objectives, as the following examples illustrate: In 1996, a computer
hacker allegedly associated with the White Supremacist movement
temporarily disabled a Massachusetts ISP and damaged part of the ISP’s
record keeping system. The ISP had attempted to stop the hacker from
sending out worldwide racist messages under the ISP’s name. The hacker
signed off with the threat, “you have yet to see true electronic
terrorism. This is a promise.”
In 1998, Spanish protestors bombarded the Institute for Global
Communications (IGC) with thousands of bogus e-mail messages. E-mail was
tied up and undeliverable to the ISP’s users, and support lines were
tied up with people who couldn’t get their mail.
The protestors also spammed IGC staff and member accounts, clogged
their Web page with bogus credit card orders, and threatened to employ
the same tactics against organizations using IGC services.
They demanded that IGC stop hosting the Webs site for the Euskal
Herria Journal, a New York-based publication supporting Basque
independence. Protestors said IGC supported terrorism because a section
on the Web pages contained materials on the terrorist group ETA, which
claimed responsibility for assassinations of Spanish political and
security officials, and attacks on military installations.
IGC finally relented and pulled the site because of the “mail
bombings.”
During the Kosovo conflict in 1999, NATO computers were blasted with
e-mail bombs and hit with denial-of-service attacks by hacktivists
protesting the NATO bombings. In addition, businesses, public
organizations, and academic institutes received highly politicized
virus-laden e-mails from a range of Eastern European countries,
according to reports. Web defacements were also common.
After the Chinese Embassy was accidentally bombed in Belgrade,
Chinese hacktivists posted messages such as “We won’t stop attacking
until the war stops!” on U.S. Government Web sites.
Since December 1997, the Electronic Disturbance Theater (EDT) has
been conducting Web sit-ins against various sites in support of the
Mexican Zapatistas. At a designated time, thousands of protestors point
their browsers to a target site using software that floods the target
with rapid and repeated download requests.
EDT’s software has also been used by animal rights groups against
organizations said to abuse animals. Electrohippies, another group of
hacktivists, conducted Web sit-ins against the WTO when they met in
Seattle in late 1999. These sit-ins all require mass participation to
have much effect, and thus are more suited to use by activists than by
terrorists.
While the above incidents were motivated by political and social
reasons, whether they were sufficiently harmful or frightening to be
classified as cyber-terrorism is a judgment call. To the best of my
knowledge, no attack so far has led to violence or injury to persons,
although some may have intimidated their victims.
Both EDT and the Electrohippies view their operations as acts of
civil disobedience, analogous to street protests and physical sit-ins,
not as acts of violence or terrorism.
This is an important distinction. Most activists, whether
participating in the Million Mom’s March or a Web sit-in, are not
terrorists. My personal view is that the threat of cyber-terrorism has
been mainly theoretical, but it is something to watch and take
reasonable precautions against.
Picture courtesy:
Vicariousconversations.com |