Cyber Terrorism – What is the Real Threat?

This Article was shortlisted as the top entries at Educoncours 1st National Journalism Competition

“Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb” – National Research Council[i].

Cyber Terrorism has grabbed headlines and attention of security experts, politicians and the public. But what is the actual threat posed by the cyber terrorism and how real is it? What are the possibilities of attacking computer systems by terrorists and crippling military, financial and service systems? As of now not a single case of cyber terrorism has been reported. In many instances, hackers have been mistakenly understood as terrorists. However, potential threat of cyber terrorism can’t be denied considering unique features of cyber space and technology advancements. It is important to address the issue of cyber terrorism without manipulating it.

This research work is based on the theoretical study of the subject. The theoretical work will deal with the articles, review, and literature relating to the topic. The study shall also be conducted through websites, journals, books and newspapers.

Cyber terrorism is a good alternative for modern terrorism. Anonymity is one of the unique features of cyber terrorism. It also has a potential to inflict massive damage. It can create huge psychological impact and media appeal.

To make it simple the use of computer network tools and systems to shut down or harm critical national infrastructures is called as cyber terrorism. Government operations, energy, transportations will come under the ambit of critical national infrastructure. Cyber terrorism can break down millions of lives and national security systems.

Our society is getting more dependent on Information Technology. This has created a new form of vulnerability. It paves the way for the terrorists to attack the target easily. Thus we can say that more technologically developed a country is, more vulnerable it will become to cyber-attacks.

In the late 1980’s, Barry C Collin of the Institute for Security and Intelligence first coined the term Cyber Terrorism. The concept of cyber terrorism began to resonate during the year 2000, when the millennium bugs associated with the big date. It has gained wide scale recognition. Further, concept of cyber terror thrusted into the general public during 9/11 terror attacks.

Cyber terrorism is a threat to national security, economy and infrastructure. Cyberspace and terrorism are the two elements derived from the term cyber terrorism. As per the definition of United States Department of State, terrorism means “premediated, politically motivated violence perpetrated against non-combatant targets by subnational groups or clandestine agents.” Cyber terrorism can be defined as the use of networks, computer and internet intentionally to cause harm and destruction for personal objectives. Objectives can be political or ideological.

Suppose any terrorist organisation is having cyber control, what would be the condition? By simple button press or a key press it leads to devastation. World of computer and networking is very dynamic, so totally securing the services is a utopian concept. That’s why cyber-attacks are increasing day by day. Hacking, virus attacks, website defacing, denial of service are some examples of cyber-attacks.

Computer is a dumb machine and it only does what it is told. The major function of a computer is to store and process the data. It also communicates the data with other computers of various types. It is man’s machine. It needs a good user for proper execution. In cyber space, terrorists can obtain the control over the system or alter the system. Air traffic control system is one such area where we apply extensive computer application.

There are several cyber-attacks reported against state-run bodies, financial institutions, companies, budget & funds allocation, etc. As a preventive step many countries started setting up their own agencies to ensure safe computer network. United State Strategic Command along with Joint Task Force- Global Network Operations taken initiate for combating cyber terrorism. In 2006, MAJCOM, Air Force Cyber Command tasked to monitor American interest in cyber space. National Internet Defence Taskforce is a cyber security body formed by Israel in the year 2011. It takes care of Israeli online Infrastructure and also takes defensive steps against cybernetic terrorist attacks. China also started a cyber security team called Blue Army or Cyber Blue team to fight against cyber-attacks.

Cyber terrorism can also be referred as information war or electronic terrorism. Possible targets for cyber terrorism are military installations, power plants, banking industry, air traffic control centres, water systems, etc.

It is to be noted that there is a convergence point between physical world and virtual world which is considered to be vulnerable. At this point of convergence the terrorist can commit acts of destructions and alterations[ii]. Malware infections are capable to disrupt the operations at nuclear infrastructure. The best example of this can be Stuxnet virus attack in Iran.

Cesar Cerrudo is a security researcher in United States. By exploiting vulnerabilities in the traffic control devices, he was able to take control and manipulate traffic systems. Cyber-attacks on Ukraine’s energy provider resulted in deliberate blackouts.

There are different methods of attack in cyber terrorism. XSS phishing attacks[iii], spear phishing[iv] are some of methods to steal the data and cripple the system. Now, most of the cyber-attacks are hacktivist in nature rather than cyber terrorism. Now most of the cyber-attacks are cybercrimes rather than cyber terror. Cyber terrorism can range from exploiting vulnerabilities of codes to injecting malware and others. It is easy to mitigate any threats from the beginning of coding by securing application development and promoting security awareness and developing cyber security network within the organisation. This will surely mitigate the risks, which will be attributed by cyber terrorism.

By hacking into a US company’s networks, Ardit Ferizi, 20 year old hacker admitted to providing financial information, names and address of hundreds of government employees and active military personal to the Islamic State terrorist group. He has the understanding that by providing material support, it would be used to harm service members in both the virtual and physical realms. He pleaded guilty in US federal court. He is scheduled for 20 years of imprisonment for providing help and support to terrorist group and additional five years for accessing a protected computer[v]. 

Cybercrimes have no boundaries. Political, Psychological and Economic forces have combined to promote the fear of cyber terrorism. In the world of cyber space it is easy to figure out the weakness and vulnerabilities of the potential targets by the cyber terrorist. According to the author, the very idea of cyber terror threat is bit exaggerated. Neither Al Qaeda or any other terrorist groups or organisation appears to have tried serious cyber-attack. Usually, mass media or social media frequently fails to differentiate between hacking and cyber terrorism and exaggerate the threat of cyber terrorism by reasoning from false analogies. It has become sum of all the fears.

“The idea that hackers are going to bring the nation to its knees is too far-fetched a scenario to be taken seriously” – Jim Lewis[vi]

[i] American Non-profit, non-governmental organisation. Research Arm.

[ii] The Future of Cyber Terrorism: Where the Physical and Virtual Worlds Converge, Remarks by Barry C Collin, 11^th Annual International symposium on criminal justice issues. URL link: http://www.crime-research.org/library/Cyberter.htm

[iii] XSS or Cross-site scripting occurs when web pages are injected client-side scripts by the malicious parties which paves the way for the unsuspecting user’s browser into thinking that the script came from the authentic or trusted source. The malicious party can access any sensitive data, session token or cookie in the browser, once the browser executes the script and use in that site.

[iv] It’s an email spoofing attack to get the sensitive and confidential information.

[v] United States of America v. Ardit Ferizi a/k/a “Th3Dir3torY” 23-09-2016, Criminal Case No: 1:16-cr-042, In the United States District Court for the Eastern District of Virginia. 

[vi] Veteran of State and Commerce Departments, USA.

Author: Ajoy Jose

College: Rajiv Gandhi School of Intellectual Property Law, IIT Kharagpur

Disclaimer: The opinions expressed in the article or any other publication are those of the authors. They do not purport to reflect the opinions or views of Educoncours or its members.