Electronic jihad: experts downplay imminent threat of cyberterrorism.IN EARLY 2000, ALONG THE SUNSHINE COAST There are several places around the globe that use the name Sunshine Coast. They are collections of coastal towns and/or cities that have banded together, usually for tourist promotional reasons. This list contains only those regions that use the English version of the name. OF QUEENSLAND, Australia, 49-year-old Vitek Boden broke into a local waste management computer system and altered the pump station operations, unleashing more than 264,000 gallons of raw sewage into public parks and creeks. The spill killed marine life, contaminated contaminated, v 1. made radioactive by the addition of small quantities of radioactive material. 2. made contaminated by adding infective or radiographic materials. 3. an infective surface or object. the water and left an unbearable stench. It marked the most serious reported attack against a critical infrastructure, said Dorothy Denning, a cyber security expert at the Naval Postgraduate School The Naval Postgraduate School is a graduate school operated by the United States Navy. Located in Monterey, California, it grants primarily master's degrees plus some doctoral degrees to its students, who are mostly active duty officers from U.S. and foreign military services. . U.S. officials in recent years have warned about the threat of a terrorist attack against civilian and government computer systems. They say one of the most plausible scenarios is an assault on critical infrastructures, such as water systems or financial networks. Boden's scheme was a surprising and unexpected attack that had disastrous results. But can it be defined as cyberterrorism See cyberwar and information warfare. ? Denning doesn't think so. She believes such an attack must be "sufficiently destructive or disruptive to generate fear comparable to that from physical acts of terrorism and it must be conducted for political and social reasons." Boden's motives were neither political nor social. He was a former employee of the company that had installed the system and was angry about being rejected for a council job, Denning said. Cyberterrorism has become a buzzword A term that refers to the latest technology or a term that sounds catchy. If not a flash in the pan, new technologies become mainstream. For example, Java was a hot buzzword in the 1990s, but should remain a major topic for decades. of sorts because the severity--and existence--of the threat is debated. Experts have difficulty agreeing on what it means, largely because no agency, group or institution has been seriously debilitated de·bil·i·tat·ed adj. Showing impairment of energy or strength; enfeebled. See Synonyms at weak. Adj. 1. debilitated - lacking strength or vigor asthenic, enervated, adynamic by an electronic attack. The "terrorism" in cyberterrorism infers that it will be lethal or at least catastrophically damaging. Despite varying opinions on the subject, cyberterrorism does not yet pose an imminent danger, either in the government or private sector, some analysts contend. "Although cyberspace Coined by William Gibson in his 1984 novel "Neuromancer," it is a futuristic computer network that people use by plugging their minds into it! The term now refers to the Internet or to the online or digital world in general. See Internet and virtual reality. Contrast with meatspace. is constantly under attack from non-state actors, the attacks so far are generally not considered to be acts of terrorism," said Denning. "There is some desire to conduct more damaging attacks, but there are no plans or capability to conduct devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. attacks against critical infrastructure or digital control systems," she said. Military and government officials say terrorists could wreak havoc on computer systems, compromising critical intelligence and commerce, the result of which would be a catastrophic scenario. "Airplanes will literally fall out of the sky," warned Lani Kass, former director of the Air Force cyberspace task force, during a conference last year. The Defense Department considers cyberspace the "fifth operating domain for war fighting," said Lt. Gen. Robert Elder, commander of the 8th Air Force, which is responsible for cyber warfare. "The Air Force does not currently differentiate terrorism by the domain in which the effects occur," he wrote in an e-mail to National Defense. Cyberspace threats, he added, range from a "simple disruption of communications systems to loss of combat capability." Clay Wilson, a technology and national security specialist at the Congressional Research Service The Congressional Research Service (CRS) is a branch of the Library of Congress that provides objective, nonpartisan research, analysis, and information to assist Congress in its legislative, oversight, and representative functions. U.S. , said that tighter physical security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. may encourage terrorist groups in the future to explore cyber attacks. Extremists also could turn to cyber warfare as a way to engage in a cause without resorting to physical violence, Denning said. "But they haven't pursued this kind of attack because it's not bloody," Denning explained. "Terrorism is built around physical attacks with bombs." Another reason why large-scale cyberterrorism has not materialized is because extremists may be lacking in advanced technical expertise. In one case, a computer science student at Bradley University Bradley University is a private, co-educational university located in Peoria, Illinois (Coordinates: ). It is a medium sized institution with an enrollment of approximately 6,100 undergraduate and postgraduate students. , named All S. Marri, was allegedly assigned by al-Qaida to find ways of hacking into U.S. computer systems. He had met and trained with Osama bin Laden Osama bin Laden: see bin Laden, Osama. in Afghanistan and was named an enemy combatant Captured fighter in a war who is not entitled to prisoner of war status because he or she does not meet the definition of a lawful combatant as established by the geneva convention; a saboteur. The U.S. by President Bush in 2003, Denning said. However, he has not been tied to any attacks. A more common practice is for extremists to carry out politically or religiously motivated intrusions, such as denial-of-service attacks or web defacements, often in retaliation RETALIATION. The act by which a nation or individual treats another in the same manner that the latter has treated them. For example, if a nation should lay a very heavy tariff on American goods, the United States would be justified in return in laying heavy duties on the manufactures and for web sites that are offensive to Islam, she said. In October 2006, a denial-of-service attack was planned against a Vatican web site in response to comments by Pope Benedict For other uses, see Benedict. Benedict is the regnal name of the current Roman pontiff, Pope Benedict XVI (2005–present) and has been the name of fourteen other popes (and three antipopes):
Jihadi Adj. 1. jihadi - of or relating to a jihad web sites called for volunteers, saying "We ask all our brothers to be present at the hour of the attack for a joint action, because they [Catholics] have struck our religion," Denning said. However, the attack had little impact. Denning also pointed to online training in cyber attacks, which could be a cause for concern. Al-Qaida University for Jihad jihad: see Islam. jihad In Islam, the central doctrine that calls on believers to combat the enemies of their religion. According to the Qur'an and the Hadith, jihad is a duty that may be fulfilled in four ways: by the heart, the tongue, the hand, Sciences opened in late 2003, with a college on electronic jihad. An al-Qaida safe house in Pakistan was reportedly used to train jihadists in computer hacking and to conduct reconnaissance on supervisory control and data acquisition (application) Supervisory Control and Data Acquisition - (SCADA) Systems are used in industry to monitor and control plant status and provide logging facilities. SCADA systems are highly configurable, and usually interface to the plant via PLCs. systems, which manage critical infrastructures, Denning said. The Federal Bureau of Investigation Federal Bureau of Investigation (FBI), division of the U.S. Dept. of Justice charged with investigating all violations of federal laws except those assigned to some other federal agency. found suspicious software on the computer of a person with ties to bin Laden. Cyber attacks are annoying and sometimes disruptive, but not overwhelmingly destructive, Denning said. They can be "characterized as hacktivism Hacktivism (a portmanteau of hack and activism) is often understood as the writing of code, or otherwise manipulating bit, to promote political ideology - promoting expressive politics, free speech, human rights, or information ethics. , cyber jihad or electronic jihad." Other forms of cyber activity Denning has observed include shared email accounts and password-protected web sites as repositories of information about planned physical attacks. Cyber jihadists will often write e-mails to each other and save the documents in an electronic folder, but they are careful not to send them, she said, because they know that U.S. authorities have the means to intercept those messages. During the preparatory stages of the 9/11 attacks, Khalid Shaikh Mohammad, one of the masterminds, reportedly used Internet chat software to communicate with at least two airline hijackers, Wilson said. Terrorists are not yet mobilizing to carry out extensive cyber attacks, Wilson said. Although the possibility remains, it is extremely difficult to know if they will take their current cyber activity to the next level to inflict physical harm, said Wilson. In October 2000, the Naval Postgraduate School hosted a conference to determine if terrorist groups would engage in cyberterrorism, Denning said. Participants included academics, United Nations representatives, and most interestingly, a hacker and five representatives of "violent sub-state groups." The groups included the Palestine Liberation Organization Palestine Liberation Organization (PLO), coordinating council for Palestinian organizations, founded (1964) by Egypt and the Arab League and initially controlled by Egypt. , the Liberation Tigers of Tamil Eelan, the Basque Fatherland and Liberty The Fatherland and Liberty Nationalist Front (Spanish: Frente Nacionalista Patria y Libertad or simply Patria y Libertad, PyL) was a nationalist and authoritarian political and paramilitary grouping, denounced by their opponents as being fascist and a Political/Military Army, and the Revolutionary Armed Forces of Colombia Noun 1. Revolutionary Armed Forces of Colombia - a powerful and wealthy terrorist organization formed in 1957 as the guerilla arm of the Colombian communist party; opposed to the United States; has strong ties to drug dealers . The group authorized an actual cyber attack during the game against the Russian stock exchange, Denning explained. After the war game, the participants concluded that terrorists have not integrated cyber attacks into their tactics. But experts cautioned that cyber terror could become attractive as a non-lethal weapon. A follow-up war game was never conducted because the U.S. government became nervous about engaging the controversial participants again, Denning said. Another simulated attack took place in July 2002 during a war game also hosted by the Naval War College. Called the "digital Pearl Harbor Pearl Harbor, land-locked harbor, on the southern coast of Oahu island, Hawaii, W of Honolulu; one of the largest and best natural harbors in the E Pacific Ocean. In the vicinity are many U.S. military installations, including the chief U.S. ," it simulated cyber warfare through mock attacks conducted by computer security experts against critical infrastructure systems, said Wilson. The group decided that the Internet is the most vulnerable technology, as well as financial computers. It also determined that a major attack was only a slight possibility, said Wilson. However, a vulnerability was discovered in the Internet in 2002, which the FBI determined could have caused significant problems, including bringing down telephone networks and flight control systems, Wilson said. Although vulnerabilities exist and computer intrusions will continue, Denning doesn't believe people should fear large-scale strikes. "Any cyber attacks originating from terrorists or cyber jihadists in the near future are likely to be conducted either to raise money or to cause damage comparable to that which takes place daily from web defacements, viruses and worms, and denial-of-service attacks," Denning asserted. Electronic invasions such as identity theft and viruses and worms have, in some cases, been more damaging to the average person than religiously motivated hacking. In January 2003, the "slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process " worm shut down emergency 911 systems, ATM machines and at least one airline booking system, Denning said. The worm could not be traced, but its code referenced a major Chinese hacking group, she said. Although the Naval Postgraduate School war game determined that several barriers prevent hackers and terrorists from uniting, it is certainly probable that they could share information to further individual causes. Both groups are interested in credit card and identity theft because they realize the potential financial gain. The FBI estimated that computer-related crimes cost U.S. businesses $67 billion per year. Information about computer vulnerabilities abound in the hacker "black market," Wilson said. A list of 500 addresses of computers that have already been infected by "spyware" can be bought for $150 to $500, he continued. There have been 100 million cases of privacy rights breaches since February 2005, said Kevin Richards, head of federal government relations with computer security firm Symantec. Cyber criminals are becoming more consolidated and are often funded by organized crime, he noted. Richards didn't know if these criminals could be labeled as terrorists or hackers. "Today's attackers want to be silent," he said. In a nod to increasing cyber security threats, Congress introduced new legislation in May that would increase funds for law enforcement and allow the Department of Justice to impose stricter penalties for computer criminals. The House judiciary subcommittee on courts, the Internet and intellectual property introduced the cyber crime enhancement act of 2007. If passed, the law would allocate $10 million per year to federal law enforcement through 2011. The money would be given to the U.S. Secret Service, the attorney general's office and the FBI to combat identity theft and other cyber crimes. The law would also increase the penalty for botnet herding--sending out software robots to deny service or otherwise attack computer systems--by up to five years in jail, Richards said. Active botnet computers have increased by 11 percent since late 2006, he said. In addition, more than a quarter of malicious code Symantec observes on affected computers has never been seen before, Richards said. "If people don't lock their back door, criminals will find their way in, both at home and on the Internet," Richards said. Email your comments to BWagner@ndia.org |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion