This PPT presentation is based on the topic CYBERTERRORISM
CYBERTERRORISM is very common topic for seminar presentation.
This ppt slide on CYBERTERRORISM is a guidline for students or proffesional preparing for seminar presentation on CYBERTERRORISM.
Cyber terrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further, to qualify as cyber terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not. As ‘cyber terrorism’ relates to ‘terrorism’ a logical first step might be to look at the functional elements present in some operational definitions of ‘terrorism’. The United States Federal Bureau of Investigation (FBI) defines terrorism as, “The unlawful use of force or violence, committed by a group(s) of two or more individuals, against persons or property, to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives.” (FBI, 2002).
When terrorism is examined in view of these definitions, there are some pervasive elements: people (or groups), locations (of perpetrators, facilitators, victims), methods/modes of action; tools, targets, affiliations, and motivations2. Examples are shown in Figure 1, using two groups designated as terrorist groups by the United States government: The Liberation Tigers of Tamil Eelam (LTTE) and the Aum.
When we examine the elements in these categories in terms of the definitions provided by the government agencies, we see there is congruence between the terrorism event and the definitions used by the various agencies tasked with providing protection. This congruence is a good thing, as it results in people tasked with defense being able to determine that certain functional tasks (building blocks of modeling solutions) fit within the definitions used within their agencies/organizations. For example, as mentioned above, the United States Department of State (DOS) defines terrorism as “premeditated, politically motivated violence perpetrated against noncombatant targets by sub national groups or clandestine agents”. Thus, the activities of both of these groups fit the DOS criteria for ‘terrorism’. Integrating the computer into the matrix of their traditional terrorism introduces some interesting effects and problems, as we see when we consider two groups, the LTTE and Aum referenced in Figure 2. Note how the scope of ‘terrorism’ changes within each cell due to the addition of the computer.
In this model, not all of the elements are congruent with functional tasks assigned to given agencies. Thus, ‘terrorism’ can take place within these same groups that is not within the scope of investigation, etc. This is clearly a major problem, and one that merits further investigation. Therefore, let us look very briefly at the various sorts of issues the inclusion of computers introduce to the concept of terrorism. This is obviously an extremely complex task; each area will be considered in depth in future research, and as part of the IFIP World Computer congress workshop on Cyber terrorism (WCC, 2002).
Interactions between human beings are complex; while the obvious solutions gravitate toward monitoring, we are concerned with virtualization of interactions, which can lead to relative anonymity and desensitization. Topics of interest include methods to measure and diminish the impact of computer-mediated interactions on potential recruits and the ability for defenders to use virtual identities to influence intra- and inter-group dynamics (dissension, ‘behind the scenes’ communication and destabilization).
Location exists as an element, but is not a required’ element in traditional terrorism in that an event does not have to occur in a particular location. Thus, whether an act is virtual/virtual, virtual/real world or real world/virtual is of interest only as factor in modeling solutions. In addition, the Internet has introduced globalization of the environments. Actions that take place in virtual environments have demonstrably had real world consequences. An April Fool’s Day hoax posted to Usenet demonstrated this when claims of the resignation of Canadian Finance Minister Paul Martin resulted in the decrease in value of the Canadian dollar (Reuters, 2002).
In traditional scenarios, terrorist scenarios typically are violent or involve threats of violence. While there have been many studies of violence in the physical world, more research is called for in terms of ‘violence’ as a virtual phenomenon. Violence in virtual environments is a relatively new field, with many unanswered questions. These open issues include the psychological effects of traditional real-world violence portrayed in virtual environments.
It is possible for a person to read all about a given cause and chat with proponents of the cause without ever leaving the safety of his or her own home. New recruits can thus become affiliated with a terrorist group, commit to carrying out given actions, all without ever actually coming into contact with another human being. At the same time, these loose affiliations can complicate investigations and confuse media reports. Additionally, the introduction of computing technology facilitates alliances between groups with similar agendas; this type of affiliation can result in strengthening of the individual organizations as they can immediately acquire access to the information resources of their allies.
Political, social, and economic changes are the motivations present in real-world terrorism. Combining a dependence on Internet-connected systems for banking and E-commerce with the ability of anyone with a desire and readily available tool to disrupt these areas, results in a situation that is all too clear: unless steps are taken to significantly reduce risks, disaster is inevitable. Even with the best risk reduction, there are still likely to be problems.
TERRORISM AS THEATER
Within the terrorism literature, a common metaphor is that of terrorist incidents as theater. Those concerned with terrorism and the media frequently find the staging of incidents, the publicity sought, and the manipulation of the audience primary themes in their analyses. To this end, WWW sites can bring publicity, and this is indeed a growing trend. Additionally, currently almost half of the 30 groups on the State Department’s list of terrorist organizations have their own websites, which can be used to solicit money for their various causes or disseminate coded messages, either explicitly or steganographically. The functional tasks of the group having a WWW presence may be distributed among several sites; it is relatively easy for a terrorist organization to solicit funds for operations via the WWW (the ultimate penetration of E-commerce?), promote their cause, as well as recruit would-be operatives while maintaining somewhat of a perceptual distance between the tasks. Finally, the relative anonymity provided to those accessing information via the WWW also helps distance those sympathetic with the cause from those actively fighting for the cause in ways that may be objectionable to the sympathizers.
Computers—The Weapons Of The Cyber Terrorist
Following on from the discussions above, it becomes obvious that the most likely ‘weapon’ of the cyber terrorist is the computer. Thus, one might ask, are we arguing that one should restrict access to computers, just as access to explosives is restricted? Not quite, but close. We believe that the stockpile of connected computers needs to be protected. There are many laws that define how one should protect a firearm from illegal/dangerous use. The mandatory use of trigger locks, though controversial, has been put forward to prevent danger should the gun end up in the wrong hands. Similarly, powerful explosives like C4 are not simply sold over the counter at the corner store. Explosives and guns are certainly not entirely analogous to computers. A better analogy might stem from the concept of an ‘attractive nuisance’. For example, a homeowner shares some responsibility for injury caused by a pool on his property — it is deemed an attractive nuisance, and as such, the innocent should be prevented from simply being attracted and harmed. Thus, there are many instances of laws which already discuss damage done by/to a third party from the intentional/unintentional misuse of a piece of corporate/personal property. The application of these laws or the definition of ‘misuse’ with respect to computers seems unclear. However, there is a need for clear laws and standards which require operators of large networks of Internet-connected computers to exercise appropriate due diligence in their upkeep and security. To this end, we believe that there is an urgent need for definition of a minimum standard of security for computer networks. The definition of such a standard has far reaching implications not only for the usability of America’s technology foundation, but the security of corporations and indeed of the nation itself. By formalizing an industry best practice guideline, companies will have a clear understanding of what must be carried out. Clearly, such a guideline is a moving target, but its inception would allow the structuring of a valid and robust posture against both terrorist threats and other hostile entities. Such a set of minimum standards would have to be easily and affordably supported by the security/application vendors themselves, rather than relying on individual users needs/requirements to drive the best practice guidelines. This is not exactly a novel concept. International standards have been developed in other areas where safety and security are a concern. Consider the airline industry. There are international guidelines for airport safety; in cases where these standards are not met, consequences range from warnings to prohibited travel. The needs for such changes, and how a due diligence standard could be created are subjects of future research.
The definition of the ‘computer hacker’ has been the subject of much debate in computing circles. Caelli et al (1989) provide two definitions of the term:
1. In programming, a computing enthusiast. The term is normally applied to people who take a delight in experimenting with system hardware (the electronics), software (computer programs) and communication systems (telephone lines, in most cases).
2. In data (information) security, an unauthorized user who tries to gain entry into a computer, or computer network, by defeating the computers access (and/or security) controls.
Hackers are by no means a new threat and have routinely featured in news stories during the last two decades. Indeed, they have become the traditional ‘target’ of the media, with the standard approach being to present the image of either a “teenage whizzkid” or an insidious threat. In reality, it can be argued that there are different degrees of the problem. Some hackers are malicious, whilst others are merely naïve and, hence, do not appreciate that their activities may be doing any real harm. Furthermore, when viewed as a general population, hackers may be seen to have numerous motivations for their actions (including financial gain, revenge, ideology or just plain mischief making). However, in many cases it can be argued that this is immaterial as, no matter what the reason, the end result is some form of adverse impact upon another party.
Table 1 illustrates the extent of the hacking problem, based upon figures taken from a series of surveys conducted by the UK Audit Commission (Audit Commission 1990, 1994, 1998). These surveys consider the general problem of computer abuse, encompassing various types of incident (including hacking, viruses, fraud, sabotage and theft) across a number of industries / sectors (including government, healthcare, banking, retail and education). The table indicates the consequences of the incidents in terms of financial losses (which may have occurred directly or indirectly as a result of the incidents). However, it is likely that other, less measurable consequences may also have occurred as a result (e.g. disruption to operations, breaches of personal privacy or commercial confidentiality etc.).
•Modification of medical records (Audit Commission 1994);
•Breach of Military systems (Niccolai 1998);
•Monitoring and alteration of telecommunications services (Littman 1997).
As can be seen, breaches in all of the above categories of system offer significant opportunities to inflict damage (to both organizations and individuals) and, therefore, illustrate the nature of the hacker threat. Incidents such as those referenced indicate that many of our systems are vulnerable and that if someone has the inclination, and is willing to put in the effort, then existing security can often be breached. Furthermore, the evidence suggests that it is possible to breach systems that we would instinctively expect to be more secure (e.g. military sites). The fact that such attacks are successful leaves systems vulnerable to more insidious threats than straightforward hacking, in which information systems become the target in a more sinister way.
TERRORIST AND INTERNET
Established terrorist groups (or related organisations) are currently using the Internet for a number of purposes, as described below.
Terrorist/resistance groups have traditionally had difficulty in relaying their political messages to the general public without being censored. However, they can now use the Internet for this purpose. Examples of where this is already the case include the Irish Republican Information Service (http://joyce.iol.ie/~saoirse/) and the Zapatista Movement (http://www.ezln.org/).
Some terrorist/resistance groups linked to political parties are now using the Internet for funding raising purposes. In the future this may mean that smaller terrorist/resistance groups may be able to receive the majority of their funding through credit card donations.
It is also possible that groups may publish sensitive information about a particular country. For example, Sinn Fein supporters at the University of Texas made details about British Army establishments within Northern Ireland publicly available on the Internet (Tendler 1996).
Terrorist use of more advanced encryption methods (Malik 1996) and improved anonymous electronic re-mailers will result in a command system that is difficult to break and allows for the control of groups anywhere in the world. This causes a problem for the security services, as it means that they will have to spend more
time and resources on trying to decrypt electronic messages.
Whilst all of the above might give cause for concern, they merely illustrate how existing activities may be simplified via new technology. The real threat in the ‘cyber’ context is when the Internet (or the more general technology infrastructure) becomes the medium in which a terrorist-type attack is conducted. In this sense, it is somewhat ironic that the Internet (which was originally conceived as a means of ensuring continued communications in the event of a nuclear war destroying the conventional telecommunications infrastructure) should now itself represent a medium through which widespread damage can be caused to the new information society.
It is possible to view technology as some kind of “great equaliser” between major countries /governments and smaller groups. This is a battlefield where success relies upon intellectual skills and software creativity as opposed to sheer volume and physical resources. In short, the individuals or small groups may, in theory, have as much chance of succeeding as a super power.hsscahhhhhhhhsgghh
Why cyber t
errorism will become more TO RORIST P
•the risk of capture is reduced since attacks can occur remotely.
•it is possible to inflict grave financial damage without any loss of life.
•the expertise for these attacks can be hired.
•a successful attack would result in worldwide publicity and failure would go unnoticed.
•terrorist groups can attract supporters from all over the world.
•they can use the Internet as a method of generating funds for their cause worldwide.
•the Internet offers the ideal propaganda tool for a terrorist group, one that operates on a global basis and that individual governments cannot control or censor.
•the capability to mount an attack can be developed both quickly and cheaply.
The seriousness with which the issue is taken can be illustrated by recent activities by national governments. In the United States, for example, concern over IT related threats hasled to the establishment of the National Infrastructure Protection Centre (NIPC). This is a $64 million facility, employing some 500 staff across the country, with representatives taken from existing agencies such as the Secret Service, the CIA, NASA, the National Security Agency, the Department of Defense and several others. The role of NIPC is to “detect, deter, assess, warn of, respond to, and investigate computer intrusions and unlawful acts” that threaten or target US critical infrastructures such as telecommunications, energy, banking and finance, water systems, government operations and emergency services (NIPC 1998).
It can be already be seen that the activities of both hackers and cyber terrorists ultimately have the effect of restricting freedoms for the rest of us. For example, despite some concessions, the United States continues to maintain a relatively restrictive policy on the use of cryptographic technologies. One of the stated reasons for control is to prevent unregulated use of strong encryption techniques by terrorist organisations (FBI 1998).
CYBER TERRORISM:- A CLEAR AND PRESENT DANGER
For the last 18 months, cyber terrorism has hit the headlines. Fear of an attack on information systems supporting financial services and government agencies in the U.S. and other western countries has grown rapidly. But as time passes without major incident, companies could be forgiven for becoming blasé and assuming that cyber terrorism is just media hype. The facts, however, prove the threat is real. In February 2002, in a statement for the record in front of the Senate Select Committee on Intelligence, the FBI’s executive assistant director of counter-terrorism and counter-intelligence, Dale L. Watson, outlined the cyber terror risk.
On 19 July 2001, a variant of the “Code Red” computer virus started spreading across the Internet. Within 14 hours, some 350,000 computers were infected. This now notorious “Nimda” virus (“admin” spelled backwards) gets its host machine to e-mail other computers at a rate of up to 400 messages per second, slowing networks and, at times, destroying servers.
Companies are becoming increasingly dependent on the Internet for “business as usual”. As well as the obvious area of e-commerce, the Internet is now a vital tool for communications (voice and data), operations management, logistics, supply chain management, disaster recovery, customer relationship management and project management. Without the Internet, many businesses would be crippled. This clearly makes it a major target for cyber terrorism.
After September 11, 2001, the western world changed its perspective on risk. In the past, operational threats to organizations came from competitors and from internal systems. Businesses could be viewed as isolated objects. Following September 11, the risk landscape expanded to include “metropolitan risk” – the possibility that an entire business district could be paralyzed, with network management disabled.
E-commerce, E-learning but E-terrorism
What with media scare mongering, crusading politicians and global paranoia concerning the capabilities of Osama bin Laden and his al Quaeda network, it is hardly surprising that a new wave of terrorism has recently hit the headlines. The idea of terrorists hacking into systems to gain access to specific targets is an old concept. However the Western world is now under threat from a new form of ‘e-terrorism’ according to experts in the USA. A ‘worrying’ new report suggests that terrorists could target important internet hubs with explosives, potentially bringing down large portions of the web.
It seems that researchers are more concerned with generating alarming headlines than investigating the very real cyber crimes that occur on a daily basis. Is this wild speculation really more important than controlling on-line paedophile rings? Or credit card fraud? The 223 companies who lost a staggering $455.8 million in losses attributable to cyber crime in 2002 would probably say no. The European Union wants to throw the book at cyber criminals and is giving its member nations 20 months to get everything in order to accommodate the necessary changes. Perhaps it would be a better idea to concentrate on fighting the very real threat of cyber crime rather than creating improbable theories about cyber terrorism.
PROTECTING AGAINST CYBER TERRORISM
This risk is real, so what can companies do to protect themselves? The solution falls into two main parts: preparation and response.
Firstly, organizations must take a holistic approach to business protection,” says Carl Herberger, an Internet security specialist with SunGard Availability Services. Currently, most companies deploy three discrete operational units to handle business security and protection issues: information security; physical security; and business continuity. Herberger believes that these three should be merged to form one “business protection” unit , allowing for enhanced communications, clearer leadership and more efficient use of resources.
All asset owners should take part in a risk assessment. Their specialist knowledge should be utilized to identify critical assets, assess risks, and determine protective measures and recovery-time requirements. The rest is down to ensuring adherence to standard information security techniques such as:
It security policy documents being always up-to-date and strictly enforced.
Protecting networks and PCs with firewalls, e-mail filters and anti-virus systems.
Educating employees in the importance of strong password protection.
Ensuring latest software patches are installed, minimizing exposure to vulnerability- based attacks.
Managing users’ access privileges.
The ability to detect and identify information security attacks is the first requirement of any cyber terrorism response. Pro-active security management is essential to stop ongoing attacks and establish barriers to prevent future attacks from the same source. Procedures should be drawn up so that all employees know what to do should a cyber attack occur, and to whom they should report it.
As well as being able to respond to a cyber attack, it is also crucial that the company is able to recover any lost data and has business continuity plan in place to ensure that any damage to networks and systems as a result of the attack does not disrupt normal business operations. Cyber terrorism is a real and growing threat. Companies are now at far greater risk from it than ever before. Fortunately, however, there are many measures companies can take that will afford high levels of protection. For more information on protection against cyber terrorism contact SunGard Availability Services: www.sungard.com/availability
DEFENDING AGAINST NEW TERRORISM
Defending against terrorism where a computer or the Internet plays an important part in the terrorism matrix is very similar to defending against terrorism that does not. The regular practices (deterrence, law, defense, negotiations, diplomacy, etc.) are still effective, except that the scope of certain elements is expanded. For example, traditional strikes against military bases, targeting of key leaders, and collective punishment have been effective in traditional terrorism (Whitelaw, 1998) and certainly have potential for dealing with some aspects of cyber terrorism. These techniques are often presented, and can be to be updated to include their ‘virtual’ counterparts. It should be noted, however, that differences in international law and culture could make this process a complex task.
Governments can use their coercive capacity to make terrorism too costly for those who seek to use it. They can do this by military strikes against terrorist bases, assassinations of key leaders, collective punishment, or other methods. There are several drawbacks to this approach, however. On the one hand, it can lead to unacceptable human rights violations. In addition, groups may not come to government attention until movements are so well developed that efforts to contain them through deterrent methods are insufficient.
Governments can treat terrorism primarily as a crime and therefore pursue the extradition, prosecution, and incarceration of suspects. One drawback to this approach is that the prosecution of terrorists in a court of law can compromise government efforts to gather intelligence on terrorist organizations. In addition, criminal justice efforts (like deterrent efforts) are deployed mostly after terrorists have struck, meaning that significant damage and loss of life may have already occurred.
Governments can make targets harder to attack, and they can use intelligence capabilities to gain advance knowledge of when attacks may take place. As targets are hardened, however, some terrorist groups may shift their sights to softer targets. An example is the targeting of US embassies in Kenya and Tanzania in August 1998 by truck bombs. Although the attacks are believed to have been coordinated by individuals with Middle Eastern ties, targets in Africa were chosen because of their relatively lax security compared with targets in the Middle East.
Governments can elect to enter into negotiations with terrorist groups and make concessions in exchange for the groups’ renunciation of violence. While governments are often reluctant to do so at the beginning of terror campaigns, negotiations may be the only way to resolve some long-standing disputes. The lack of understanding of cyber terrorism, and the overall insecurity of America’s networks have allowed a situation to develop which is not in the best interests of the country or computer users. The need to protect computing resources, making the job of a cyber terrorist more difficult is obvious. However, this can only be accomplished by re-examining commonly held beliefs about the very nature of computer systems and of cyber terrorism itself.
It seems that researchers are more concerned with generating alarming headlines than investigating the very real cyber crimes that occur on a daily basis.
It would be a better idea to concentrate on fighting the very real threat of cyber crime rather than creating improbable theories about cyber terrorism.
Modern society is significantly dependent upon IT and evidence suggests that this is hardly likely to change in the years ahead. In view of this, it is vital that we are aware of threats such as those highlighted by this paper and take appropriate steps to protect the infrastructure upon which we are reliant.
The lack of understanding of cyber terrorism, and the overall insecurity of America’s networks have allowed a situation to develop which is not in the best interests of the country or computer users. The need to protect computing resources, making the job of a cyber terrorist more difficult is obvious. However, this can only be accomplished by re-examining commonly held beliefs about the very nature of computer systems and of cyber terrorism itself.