Computer Crime Research Center

terror/ct.jpg

Terror Spam and Phishing

Date: August 17, 2006
Source: Computer Crime Research Center
By: Tomer Ben-Ari , Ron Rymon , The Interdisciplinary Center Herzliya, Israel

... benefits of "outsourced" activity, but in any event this may result in higher quality attacks.

The main features that make terror spam and phishing attractive to terrorists are:
1. Anonymity and difficulty of tracing;
2. Low cost to reach a large audience and hence the ability to engage a large number of (low probability) initiatives;
3. Leverage in reaching new and otherwise inaccessible audiences
4. Ability to recruit operatives from within the attacked society
5. Ability to spread fear, even without any action being taken

Communications
Terrorists can clearly use spam as a means of communicating their messages and aspirations to a large crowd. Spam communication can be very safe for the user because it's a one way communication that is very hard to trace. Spam messages can refer users to a chat rooms infrastructure that will give a more detailed and personal support, the chat room can serve as a place where all participants are not known (double blinded) and by that increase the safety level for both sides. Terror spam is different from commercial spam. In commercial spam, the spammer wants potential buyers to get to contact him directly, whereas terrorists will use spam to initiate the first connection but will prefer to remain anonymous without revealing traceable details. This will require a technically different and more complex approach, but one that is within the current technical mainstream.

Funding
Terrorists can use spam to raise funds for their operations, seeking sympathizers in new and unknown target audiences. A terrorist fund raising campaign is likely to be conducted in a way that is similar to any other spamming campaign, and will most likely point to a website of a non-profit organization that acts as a cover for the terrorist group. In other cases, terrorist groups can use semi-legitimate store fronts for money laundering purposes. Terrorists can also use phishing techniques to acquire additional financial resources by getting hold of financial accounts, credit card and other financial resources.

Recruitment
Terrorists can use spam to recruit new members. This form of recruitment is particularly applicable to decentralized terrorist cells: members recruited through spam can be organized in separate cells, protecting the anonymity of their commanders. Spam can also be an effective means for recruiting people with technical skills. Whereas most terrorist organizations may find it difficult to cultivate such skills internally, they are relatively easy to come by on the Internet. Focused mailing lists can also be used to target specific groups, e.g., youth, disturbed and distracted individuals, and members of certain religions and ethnic groups.

Clearly, most terrorist organizations will not use web-based recruiting to staff their inner core, e.g., for fear of spying and internal alteration, but they can use it to recruit simple soldiers, low-level logistical units, etc. As we will soon discuss, they can also use web-based recruiting to form agnostic and dispersed units that will be operated in a one-way fashion.
Influencing individuals to act against specific targets
Terrorists may also try to use spam to influence individuals, which are otherwise not members and possibly not even sympathizers, to act on its behalf. For example, anti-American terrorists can call for a coordinated violence against American citizens and corporations on a certain date, around the world. The actual terrorist acts can be carried out by various types of activists, which are not members of the terrorist group, and for reasons other than the terrorists. The actual acts may even be taken by a disgruntled employee of an American firm. But the joint effect may serve the terrorists purpose very well. In this scheme, a terrorist group is likely to prey on individuals that are mentally disturbed or otherwise unstable, or that have certain grievances. This scheme can be particularly attractive to terrorist groups that lack the physical infrastructure because it does not require significant operational logistics and the terrorists simply act as coordinators.

Clearly, only a miniscule fraction of those addressed in such terror spam campaign are likely to act. However, those that do, represent a net gain to the terrorist organization and a clever way to leverage other people's grievances. The fact that bomb making knowledge is already easily available on the web may ease the recruitment and execution of such attacks by otherwise untrained individuals. In fact, the mere distribution of terror spam that calls for such action may result in a significant public panic.

5. How Terror Spam May Work
In this section, we describe how terror spam may work. We start by reviewing potential target audiences for terror spam, and the chances of response/success. We then discuss various technical modifications to traditional spam, which may be required to facilitate terror spam.

Target Audiences
In this section, we present terror as a "product" to be spammed. Like any other product, the terror spammer needs to consider the target audience(s), so that the campaign reaches the intended recipients, and so that the campaign is structured to appeal to the respective audiences. While it is true that the direct cost of spamming is very low, terror spammers may still want to avoid indiscriminant campaigns. First, spamming indiscriminately requires more resources, and will also reduce the time-to-block time frame, i.e., the time it would take law authorities to stop the spam and to block the next step of making contact with a collaborating receiver. Second, and more importantly, it may be important for terror spammers to craft different messages that will appeal to specific audiences.

We consider the following groups as primary targets for terror spammers:

Affinity religious, ethnic, and national groups. Clearly, terrorists may find their best targets among "their own" audiences. Nationalistic organizations may do well when targeting their own nationals; Islamic radicalists will likely target Muslims, and separatists will likely try to reach their own people. In that case, spam serves as merely another form of communication since it is most likely that same groups are already addressed in other ways.

Sympathizers. Terrorist groups may also find spam to be an effective tool to reach second-degree sympathizers. These are people that are not members of the former affinity groups, and who may be sparsely spread within a larger population that is otherwise not affectionate to the terrorists cause. Compared to spam, most other means to locate and reach such sympathizers may be way more expensive. Consider for example identifying and reaching Muslim radicals within a western university campus. Clearly, it may be possible to reach certain radical Islamists clubs, if existing. However, it would be more difficult to identify and reach potential sympathizers within a non-radical Islamist club, and even more difficult to identify sympathizers within the general students population. Spam to any of the latter groups may provide an effective way to identify and reach such individuals.

Disadvantaged and disgruntled groups. Terrorists may also be able to use spam to ride others' grievances, convincing them to carry out terrorist acts against a common enemy or subject of hate. Potential targets include
Ethnic groups that are discriminated against, or that carry longtime grievances. In the U.S., for instances, terrorists may address African Americans or Native Americans. In Europe, they may want to target new immigrants to EU.
Economically suffering groups may be targeted, especially in societies that harbor a wider gap between the haves and have nots, and especially in years of economic downturn.
Political minorities may also be targeted, especially in countries that do not have a long democratic tradition.
Extremist activists and anarchists of other types who may not identify with the terrorists cause, but who may believe that a certain act of terror may also serve their own purpose.

Teens. We suspect that teens may sometimes fall prey to terror spam. As a generalization, teens as a group may have weak self awareness, low self esteem and are the most easily influenced by advertised material [Erica 2004]. Some teens may also have a tendency to rebel and terrorists may provide them with the image, and the technical know-how to carry out a terrorist act. In most western societies, we are already seeing an increase in violence among teens, including some mass-murder acts that are performed by teenagers. It is possible that terrorist organizations would try to locate and recruit teens to perform acts on their behalf.

To reach their target audiences, terrorists shall simply follow the footsteps of savvy marketers. They should start by identifying their targets, and then acquire relevant email addresses. Common ways to do so include buying email lists and harvesting forums and chat groups frequented by their targets. (As aside, robotic chats may represent another way for terrorist organizations to reach and recruit people)..

Terrorists group can benefit from almost any outcome such a spam campaign will bring.
By throwing spam campaign terrorists will be able to achieve physical damage in some cases and advertisement that can lead to public panic in other cases, in both cases terror organization will benefit.

A spam campaign can be used to coordinate an attack among a number of people
This type of coordination can be achieved due to the high level of control that the technology environment provides i.e. giving guide to many...


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo