I wrote my first article on “Cyberterrorism – an analysis”(in Bulgarian, HiComm Magazine) back in 2003, arguing that Cyberterrorism is a fully realistic scenario, given you don’t picture terrorists melting down nuclear power plants over the Internet, but an organization determined to achieve all of its objectives, and using the digital medium to do so.
My second article "Cyberterrorism and Cyberwars - how real's the threat?"(in Bulgarian, CIO.bg) was greatly extended, and so was my understanding of the concept by the time. I often come across badly structured articles on the topic, even worse, ones starting to discuss the wrong concept -- the biased one! Where terrorists try to attack the critical infrastructure, well, they wouldn’t, they’d rather abuse instead of destroying it!
My second article "Cyberterrorism and Cyberwars - how real's the threat?"(in Bulgarian, CIO.bg) was greatly extended, and so was my understanding of the concept by the time. I often come across badly structured articles on the topic, even worse, ones starting to discuss the wrong concept -- the biased one! Where terrorists try to attack the critical infrastructure, well, they wouldn’t, they’d rather abuse instead of destroying it!
Merely evaluating a terrorist groups ability to conduct devastating DDoS attacks, or hack into U.S government computers, is the biased wrong concept I just mentioned. If terrorist groups want DDoS power, they wouldn’t rewrite their training manuals, instead, they would simply hire the people to do it, or request on point’n’click interface for their actions. Can this kill a person? If yes, how come, if not, is this Cyberterrorism at all?
Thinking about complex topics always involves dimensional approach, understanding of motives, and implying a little bit of marginal thinking to grasp the big picture. Terrorists killing people over the Internet myth is greatly influenced by the success of any terrorist organization’s “PR” activities – spread fear, and build active propaganda though taking lives, and distributing the freely available media later on. So, if no lives are taken, why call it terrorism? Mainly because, cyberterrorism in my point of view isn’t an entirely new concept as some try to put it, it’s an extension of real life terrorism activities into cyberspace, and its evolution at a later stage.
Starting from the basic premises that terrorists need to communicate with each other, keep themselves up-to-date in today’s OSINT(open-source intelligence world), recruit potential members, and continue their active propaganda taking advantage of Internet’s many joys, in respect to anonymity(given it’s achieved), speed, and a bit of a black humor – interactivity!
Cyberterrorism as a concept from my point of view consists of their need for :
- platform for communication
No other medium can provide better speed, connectivity, and most importantly anonymity, given it’s achieved and understood, and it often is. Plain encryption might seem the obvious answer, but to me it’s steganography, having the potential to fully hide within legitimate (at least looking) data flow. Another possibility is the use secret sharing schemes. A bit of a relevant tool that can be fully utilized by any group of people wanting to ensure their authenticity and perhaps everyone’s pulse, is SSSS - Shamir's Secret Sharing Scheme. And no, I’m not giving tips, just shredding light on the potential in here! The way botnets of malware can use public forums to get commands, in this very same fashion, terrorists could easily hide sensitive communications by mixing it with huge amounts of public data, while still keeping it secret.
- platform for open source intelligence
Undoubtedly, there has never been so much publicly accessible information that could aid in the organizing and plotting terrorist acts. Measure the impact of a certain bombing? – check out the news and figure out what has changed ever since, research and obtain digital photos, even satellite imagery, it’s available. Try to figure out the latest specifications for RFID passports to come, and why it matters to you – keep on reading the specifications..! Transparency is always tricky!
The way a government can successfully identify terrorist sentiments around the Web, even precise sites to be put under close surveillance, terrorists on the other hand keep track of each and every major/minor global change anyhow affecting their goals or ambitions.
- platform for propaganda/recruitment
Thinking about complex topics always involves dimensional approach, understanding of motives, and implying a little bit of marginal thinking to grasp the big picture. Terrorists killing people over the Internet myth is greatly influenced by the success of any terrorist organization’s “PR” activities – spread fear, and build active propaganda though taking lives, and distributing the freely available media later on. So, if no lives are taken, why call it terrorism? Mainly because, cyberterrorism in my point of view isn’t an entirely new concept as some try to put it, it’s an extension of real life terrorism activities into cyberspace, and its evolution at a later stage.
Starting from the basic premises that terrorists need to communicate with each other, keep themselves up-to-date in today’s OSINT(open-source intelligence world), recruit potential members, and continue their active propaganda taking advantage of Internet’s many joys, in respect to anonymity(given it’s achieved), speed, and a bit of a black humor – interactivity!
Cyberterrorism as a concept from my point of view consists of their need for :
- platform for communication
No other medium can provide better speed, connectivity, and most importantly anonymity, given it’s achieved and understood, and it often is. Plain encryption might seem the obvious answer, but to me it’s steganography, having the potential to fully hide within legitimate (at least looking) data flow. Another possibility is the use secret sharing schemes. A bit of a relevant tool that can be fully utilized by any group of people wanting to ensure their authenticity and perhaps everyone’s pulse, is SSSS - Shamir's Secret Sharing Scheme. And no, I’m not giving tips, just shredding light on the potential in here! The way botnets of malware can use public forums to get commands, in this very same fashion, terrorists could easily hide sensitive communications by mixing it with huge amounts of public data, while still keeping it secret.
- platform for open source intelligence
Undoubtedly, there has never been so much publicly accessible information that could aid in the organizing and plotting terrorist acts. Measure the impact of a certain bombing? – check out the news and figure out what has changed ever since, research and obtain digital photos, even satellite imagery, it’s available. Try to figure out the latest specifications for RFID passports to come, and why it matters to you – keep on reading the specifications..! Transparency is always tricky!
The way a government can successfully identify terrorist sentiments around the Web, even precise sites to be put under close surveillance, terrorists on the other hand keep track of each and every major/minor global change anyhow affecting their goals or ambitions.
- platform for propaganda/recruitment
Now, don’t picture “Outstanding CV, here’s the address of our training camp in Pakistan, please, first introduce the idea to your friends, then share the address. Nuke the planet!” type of conversation :-)
Recruitment over the Internet is a contradictive topic, and many will argue that it’s irrelevant. I can argue too that there are people for all kinds of things, from maintaining mailings lists, to acting as freelancers whenever a resource, like an infected PC for anonymous communication is needed. Believe it or not, terrorists are silently but very actively building a web presence. In fact, these days you could even download execution clips directly from a terrorist’s web site. What’s else to note is the irony of how many terrorists web sites are actually hosted on U.S service provider’s servers, and you keep on looking for them around the world, check your backyard before looking at the neighbors :-)
Another important aspect of recruiting in such a way, is the location of people with obsessive
islamic views, someone actively expressing his/her hate towards the U.S and actually being of any use. For instance, there are cases of terrorist propaganda malware, where the author(a teenager, or sophisticated attacks?!) clearly expresses his/her support towards a “cause”.
Recruitment over the Internet is a contradictive topic, and many will argue that it’s irrelevant. I can argue too that there are people for all kinds of things, from maintaining mailings lists, to acting as freelancers whenever a resource, like an infected PC for anonymous communication is needed. Believe it or not, terrorists are silently but very actively building a web presence. In fact, these days you could even download execution clips directly from a terrorist’s web site. What’s else to note is the irony of how many terrorists web sites are actually hosted on U.S service provider’s servers, and you keep on looking for them around the world, check your backyard before looking at the neighbors :-)
Another important aspect of recruiting in such a way, is the location of people with obsessive
islamic views, someone actively expressing his/her hate towards the U.S and actually being of any use. For instance, there are cases of terrorist propaganda malware, where the author(a teenager, or sophisticated attacks?!) clearly expresses his/her support towards a “cause”.
This case is like the one I mentioned in my previous post concerning insiders, that is the way U.S government looks for democracy minded individuals in restrictive regime countries(the Win32/Cycle.A.worm), the very same way terrorists could spot similarly minded individuals holding important positions or knowledge on certain topic. Are any of these people screaming for recruitment, and would somebody listen?
- direct attack exploitation possibllities (people eventually die?!)
- direct attack exploitation possibllities (people eventually die?!)
Is the electronically obtained a major food manufacturer's facility truck schedules of any use to terrorists interested in eventually hijacking and
Someone once mentioned a scenario related to U.S RFID passports, namely a bomb could automatically detonate, given there’re certain number of "broadcasted", note the term, U.S citizens around, that’s scary, but how about the same applies to mobile malware detecting U.S carriers for the same purpose?!
In the last article I wrote on the topic, I made an argument on where’s the line of a 19 year’s old boy shutting down 911 through ingenious technique for the fun of it, and a terrorist organization exploiting vulnerability in the system at a crucial moment in time let’s say?! What if people die out of the teen’s actions, but the terrorists’ attempt is quickly detected? Should cyberterrorism be judged based on the motives, or who’s actually behind it? I think it’s a combination of both!
- indirect attack exploitation possibilities
Should a terrorists’ use of phishing attacks, where the revenues go directly into funding further terrorist activities, both, cyber, real-life actions be considered an option?
Someone once mentioned a scenario related to U.S RFID passports, namely a bomb could automatically detonate, given there’re certain number of "broadcasted", note the term, U.S citizens around, that’s scary, but how about the same applies to mobile malware detecting U.S carriers for the same purpose?!
In the last article I wrote on the topic, I made an argument on where’s the line of a 19 year’s old boy shutting down 911 through ingenious technique for the fun of it, and a terrorist organization exploiting vulnerability in the system at a crucial moment in time let’s say?! What if people die out of the teen’s actions, but the terrorists’ attempt is quickly detected? Should cyberterrorism be judged based on the motives, or who’s actually behind it? I think it’s a combination of both!
- indirect attack exploitation possibilities
Should a terrorists’ use of phishing attacks, where the revenues go directly into funding further terrorist activities, both, cyber, real-life actions be considered an option?
Should a terrorist’s actions for hiring a person, directly obtaining certain social numbers, sensitive and detailed financial information, or anything else to assist a successful identity theft, with the idea to impersonate for a real-life terrorist scenario be considered an option? Yes, they both should!
This particular list is endless, the scenarios I can only leave to someone else’s psychological
imagination!
My worst case scenarios,though, consist of terrorists realizing the impact a target/mass directed intellectual property theft, cryptoviral extortion attack targeting the majority of U.S businesses. And as I often say, it’s all a matter of coordination with the idea to increase the impact!
To conclude, Terrorists are not rocket scientists unless we make them feel so!
Consider going through the following research for different point of views, and key facts :
How Modern Terrorism Uses the Internet
imagination!
My worst case scenarios,though, consist of terrorists realizing the impact a target/mass directed intellectual property theft, cryptoviral extortion attack targeting the majority of U.S businesses. And as I often say, it’s all a matter of coordination with the idea to increase the impact!
To conclude, Terrorists are not rocket scientists unless we make them feel so!
Consider going through the following research for different point of views, and key facts :
How Modern Terrorism Uses the Internet