The term cyberterrorism was created in the mid 90’s by combining cyberspace and terrorism. The term has been widely accepted after being embraced by the United State Intelligence Community. Janczewski and Colarik describe cyberterrorism as “Premeditated, politically motivated attacks by subnational groups, clandestine agents, or individuals against information and computer systems, computer programs, and data that result in violence against non-combat targets” (Janczewski & Colarik, 2005, p. 43).
Cyberterrorism is a form of terrorism that uses any form of connected source to engage in attacks of information systems, incitement to violence, theft of data, and planning of terrorist attacks (Britz, 2011, p. 197). As an introduction into the topic, the following definition is key to understanding the definition: “Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coercer a government or its people in furtherance of political or social objectives.
Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not” (Denning, 2000). Cyberterrorism is considered an act of violence or intimidation using cyberspace.
It is more complicated than simply hacking into a system to see what damage can be done; it has to stem from a motivational source such as politics, foreign government, or some other rousing source (Gross, 2003). Enemies of the U. S. are strongly motivated by hate. Hate can be a strong motivator when it comes to cyberterrorism, and just terrorism in general. When hate is the driving factor of actions, the consideration for the targeted group is very minimal, and the results of hate crimes are usually violent and gruesome acts. The FBI’s definition isn’t that far off from Denning’s.
They have published three different distinct definitions of cyberterrorism: “Terrorism that…initiates attacks on information” – “the use of Cyber tools” – and “a criminal act perpetrated by the use of computers (Baranetsky, 2009). Most government agencies that have a response program for cyberterrorism have their own published definition of cyberterrorism. The question rises ‘why does cyberterrorism occur? ’ The answer is that the terrorist want cause specific damage to the target. There are three factors that are considered when this question is asked, the first being the fear factor.
It is the most common denominator of the majority of terrorist attacks. The attackers want to create as sense of fear in individuals, groups, or societies – whomever they are targeting (Janczewski & Colarik, 2005, p. 45). Perhaps a cyber example of this could be the attack of IT installations. Then there is the spectacular factor. Spectacular means that the attacks are aimed at creating direct losses or resulting in a lot of negative publicity (Janczewski & Colarik, 2005, p. 45). An example of the spectacular factor at work was in 1999 when Amazon. com was closed because of a Denial of Service (DOS) attack.
They suffered losses from the attack, but the worse affect was the publicity that that was received (Taylor, Calabresi, Krantz, Pascual, & Ressner, 2000). The last factor is the vulnerability factor. This is simply when vulnerability of an organization is exposed (Janczewski & Colarik, 2005). An example of this could be the vandalism of an organizations webpage. The importance and significance of cyberterrorism is a very debatable topic. Kim Taipale, founder and executive director for the Stilwell Center for Advanced Studies in Science and Technology Policy believes “cyberterrorism, whatever it is, is a useless term. Taipale believes that, “terrorists will use any strategic tool they can” so “cyber” terrorism is no more important then other forms (Baranetsky, 2009).
The statements by Taipale are strong, and arguments could be made supporting her, and arguments could be made that go against her beliefs. It is true that terrorism is growing all over the world, and terrorists are beginning to use various outlets to threaten nations, groups, and individuals. So the case could be made stating that cyberterrorism is just an accessible outlet terrorists have, because of the access that is granted to an individual on cyberspace.
In conflict with that argument is the argument that cyberspace is not monitored and policed enough, and has little to no restrictions as to what can be done in cyberspace. This is an ongoing debate that will not be discussed in this paper. Different Forms of Cyber Attacks Various types of cyber attacks are used within the terrorist aspect of cyberspace. According to the Center for Strategic and International Studies, cyberterrorism is “the use of computer networks to shut down critical infrastructure (such as energy, transportation, government operations) or to coerce or intimidate a government or civilian population” (Lewis, 2002, p. ).
The most commonly used tactics used to neutralize critical infrastructure are attacks known as the Trojan horse, viruses, phishing, Denial of Service (DoS), and Direct Denial of Service attacks. The first of the types of the cyber attacks to be discussed is the Trojan horse. A Trojan horse is a computer program that conceals a harmful code. Relating to the well know tale of the Trojan horse, it allows you into a system, and then leaves an outlet that allows you to get back into the system. In essence, it is software that appears to perform one action while actually performing another (Gohring, 2009, p. 6).
A Trojan horse is a program that appears harmless but hides malicious functions. The most common Trojan horse of today’s day and age is NetBus, which was used for illegally breaking into computer systems and, in particular, used to plant child pornography on computers of people of integrity. Viruses are another form of cyber attack. Viruses are programs that “infect computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to affect other files.
A virus requires human involvement to spread” (Kuehl, 2012). Virus writers write programs that infect the systems of certain users, but needs direct involvement by the creator or another human source to spread the virus. Very similar to a virus is a worm. The worm works just like a virus, implemented into a system by a creator. The difference between a worm and a virus is the fact that a worm doesn’t need the hands-on human involvement. Back in 2003, SQL Slammer worm spread throughout the cyber world.
This was a worm that exploited a buffer overflow vulnerability of Microsoft’s SQL Server. Six months prior to the launch of the worm, the vulnerability was taken notice of and a patch was developed to strengthen the vulnerability. The worm worked by generating random IP addresses, and if belonged to an SQL Server that was not covered by the patch, it was infected and immediately began sending out more copies of the worm to more random IP addresses (Leyden, 2003). There was no human involvement after the worm was created initiated by the creator.
It spread itself to random IP addresses, which categorizes it as a worm. Phishing is a form of deception used in cyberspace. Phishing attempts to trick users into giving out their personal data. The techniques used in phishing attempts are emails and websites that are designed to look like legitimate agency websites asking for an individual’s bank and financial account information and passwords (Kuehl, 2012). This method is not used so much by cyberterrorists, but the possibility is there. A more serious cyber attack comes in the form of a Denial of Service (DoS) attack.
DoS attacks deny system access to users by overwhelming the target source with messages and blocking legitimate traffic (Kuehl, 2012). It causes a system overload, and can block the ability to exchange data between systems using the Internet. DoS attacks usually target banks, and earlier this year in September, several major banks were attacked using DoS. The websites of Bank of America, JPMorgan Chase, Wells Fargo, U. S. Bank, and PNC Bank all were victims of a DoS attack (Goldman, 2012). The websites were overloaded with traffic directed at them causing them to crash.
Most of the time while the cyberterrorists use these attacks to steal information from bank customers, but in this case the motivation was simply to temporarily take down the banks’ public-facing websites, putting them under extreme heat from the public and potentially tarnishing their reputations. There are three levels of cyber capability that need to be taken into thought when considering types of cyberterrorism attacks. The first is simple-unstructured capability. This allows a cyberterrorist to conduct basic hacks against individual systems using tools created by someone else.
The organization possesses little target analysis, command and control, or learning capability (Denning, 2000). This level is sometimes not considered to be cyberterrorism, because of the simplicity of the attack. There is slight to no attention focused on the target, which does not reveal any sort of motivation. Referring back to the definition of cyberterrorism, it has to stem from a motivational source to be considered cyberterrorism (Gross, 2003). The simple-unstructured capable individuals are basically the ones who hack into systems just to see what kind of damage they can cause.
The second level of capability is the advance-structured level. This is the competence to conduct more sophisticated attacks against multiple systems or networks and possibly, to modify or create basic hacking tools. The organization possesses a straightforward and uncomplicated target analysis, command control, and learning capability (Denning, 2000). These organizations have motivations, but they are not strong enough to cause serious damage to the identified target. The last capability is the complex-coordinated capability.
This is the ability for coordinated attacks capable of causing mass-disruption against integrated, heterogeneous defenses. They have the capacity to create sophisticated hacking tools. There is a highly capable target analysis, command control, and organization learning capability (Denning, 2000). Organizations with this type of capability are highly sophisticated with dangerous motivations. These dangerous organizations are the ones that can cause millions of dollars of damage, and also tons of negative publicity, two of the main objectives of cyberterrorist.
There are cases when terrorists actually run other forms of terrorisms, such as bombings, with the use of cyberspace. The anonymity and global reach of the Internet has helped facilitate terrorism (Cole & Glasser, 2009). “They put up websites to spread their messages and recruit supporters, and they use the Internet to communicate and coordinate action. However, there are few indications that they are pursuing in cyberterrorism, either alone or in conjunction with acts of violence” (Denning, 2000). There is an example of this from the late 90’s.
In February 1998, Clark Staten, executive director of the Emergency Response and Research Institute in Chicago, testified before the Senate Judiciary Committee Subcommittee that it was believed that “members of some Islamic extremist organizations have been trying to develop a network of hackers to support their computer activities in offensive information warfare attacks in the future” (Denning, Cyberterrorism, 2000). It is the perfect way to recruit, because of the anonymity that is granted to the individual. “The Internet is the ideal medium for terrorism today: anonymous but pervasive” (Cole & Glasser, 2009, p. 95).