Cyberterrorism re-surfacing?

Back in 2002, I wrote that the discourse surrounding �cyberterrorism is dominated by sensationalist and alarmist analysis based on selective interpretation of partial facts and speculation by unnamed officials and experts. Demonstrating a stunning lack of vision, the alarmist conclusions drawn by such study are buoyed by fantastic, ill-conceived scenarios that defy the circumstances and bounds of reality.� Despite some studies to the contrary, it appears that little has changed.

A recent CBC Viewpoint article continues the general trend. The article suggests that:

Cyber terrorism is a diverse set of technologies that ranges from viruses and denial-of-service attacks to posting messages, pictures and videos on websites whose purpose is to scare people.

Unfortunately, this is a description of the actions of script kiddies and pranksters not necessarily terrorists.

Experts such as Mark Pollitt and Dorothy Denning offer definitions that are similar to the FBI’s National Infrastructure Protection Center (NIPC)
proposed definition:

Cyberterrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda.

In general, experts agree that the scope and intensity of an attack should be significant. To qualify as cyberterrorism, an attack should not only be politically motivated but should cause extensive destruction, serious injury, death, and/or massive disruptions of essential services while generating a significant amount of fear.

If a website or virus reaches enough people and incites enough chaos, it’s a cheap, easy way to scare people on a level similar to a “real world” terrorist attack.

�Cyberterror: Prospects and Implications�, a report that focused on the capacity and capability of terrorist groups to acquire the necessary tools and expertise to launch a cyber-terrorist attack, published by the Naval Postgraduate School in Monterey California, concluded that it would take a terrorist organization 2-4 years to move beyond a basic attack constituting a �minor annoyance� and 6-10 years to develop the �ability to launch coordinated attacks against multiple systems that have sophisticated defenses in place causing serious disruptions or damage using sophisticated self-created and developed tools and techniques.�

In Gartner�s Digital Pearl Harbor simulation �[i]t was assumed that the operators would be bankrolled with at least $200 million, would have access to state-level intelligence, and take five years to plan their attacks.� (The Reg) That�s hardly cheap and easy.

The most obvious example of cyber terrorism so far has been websites devoted to westerners held hostage by terrorists in the aftermath of the war in Iraq.

The use of the Internet and computer technology by traditional terrorist organizations for organizational and logistical purposes, data collection, communications and propaganda is not cyberterrorism. Cyberterrorism is limited to instances �when the destructive nature of the �act� itself is carried out via computers�. Furthermore, �[d]elivery of the terrorist’s message via the Internet does not constitute a cyberterrorism event.� (Emphasis in orginal). Terrorists� use of the Internet does not necessarily constitute cyberterrorism.

Here’s a potential scenario. Let’s say a major city in the U.S. or Canada is hit with a terrorist attack similar to the attacks on the World Trade Center� But what if, at the same time as the physical attacks were occurring, an army of viruses with instructions to crash communication networks � emergency radio frequencies and cellphone radio towers � was deployed from elsewhere?

This exact scenario was suggested in Gartner�s DPH. For telecommunications disruption the Gartner study suggested that requirements for a successful attack include working knowledge of telecommunications systems, PHD level education, specific product knowledge of targets and insider assistance. They suggested that it would have large resource requirements and be fairly expensive. The terrorism experts present felt that the operation could not be kept quiet for the period of time necessary to plan and implement, given that they assumed up to 100 lower level operatives. Basically, the same disruption could be caused by �a satchel charge in a manhole�.

The Internet disruption team developed a 6 month scenario that would cost 50 million dollars and required experts in computer security, programming and networking. It assumed the use of insiders at various corporate/government targets and creation of a covert virtual private network through exploits in p2p apps to use for denial of service attacks. They suggested that using multiple worms/trojans/exploits they could disrupt backbone routing, disrupt DNS and cause PC�s to �blue screen�.

Given the expensive budget, high level of expertise, insider cooperation and access to state-level intelligence data disruption was possible. However, even with such resources the consensus was that �while local attacks are possible, it’s virtually impossible to bring off any lasting, nationwide horror.� (The Reg) In the end, cyberterrorism appears to be a dud.

Post a comment.