11th ANNUAL INTERNATIONAL SYMPOSIUM ON CRIMINAL JUSTICE ISSUES

The Future of CyberTerrorism:

Where the Physical and Virtual Worlds Converge

Remarks by

Barry C. Collin
Institute for Security and Intelligence

Terrorism to CyberTerrorism

The definition of "terrorism" has been well studied, defined, and documented. There is also a degree of understanding of the meanings of CyberTerrorism, either from the popular media, other secondary sources, or personal experience. This paper examines the future of CyberTerrorism - a term the author coined a decade ago, as the indicia of technological dependence and frailty were forming in our New World disOrder. Indeed, that future has come to fruition, today.

The face of terrorism is changing. While the motivations remain the same, we are now facing new and unfamiliar weapons. The intelligence systems, tactics, security procedures and equipment that were once expected to protect people, systems, and nations, are powerless against this new, and very devastating weapon. Moreover, the methods of counter-terrorism that our world's specialists have honed over the years are ineffectual against this enemy. Because, this enemy does not attack us with truckloads of explosives, nor with briefcases of Sarin gas, nor with dynamite strapped to the bodies of fanatics. This enemy attacks us with one's and zero's, at a place we are most vulnerable: the point at which the physical and virtual worlds converge. Let us first define theses two domains.

The Physical World

The physical world is matter and energy - light, dark, hot and cold, all physical matter - that place in which we live and function.

The Virtual World

The virtual world is symbolic - true, false, binary, metaphoric representations of information - that place in which computer programs function and data moves.

The physical and virtual worlds are inherently disparate worlds. It is now the intersection, the convergence, of these two worlds that forms the vehicle of CyberTerrorism, the new weapon that we face.

Reliance and Dependence

This convergence of the physical and virtual worlds, this lattice, is growing larger and more complex as we venture further into technological dependence. Each day, we move ahead with blinding speed into the computerization of every task and process that we face. We are becoming ever more inextricably reliant and dependent on the convergence of these two worlds.

Points of Convergence

What are some of the more obvious points of convergence?

• A garage door opener.
• A heart pacemaker.
• The computer chip in a late model car.
• A microwave oven.

These are all things taken for granted. Yet, as we progress into a far more technological world, what other points of convergence are taken for granted?

• Food processing plants
• Pharmaceutical processing plants
• Electric and natural gas utilities
• Train crossings and traffic control systems
• Next generation air traffic control systems
• Virtually all modern military equipment
• Military and public safety communications
• Civilian communications

Convergence Drivers

What is driving the convergence of these two worlds? There are three goals:

1.Access: the goal of universal, ubiquitous interface;

2.Control: the goal of remote administration; and

3.Mining: the goal of knowledge acquisition.

Convergence Vehicles

To achieve these goals, there are four vehicles:

• Transmission: longer lines across land and through space;
• Connections: more links to more points;
• Aggregation: more information centralized, and disconnected information linked; and
• Retrieval: more ways of retrieving information, and more importantly, knowledge.

Achieving CyberTerrorist Goals

So how does a CyberTerrorist achieve his mission? Like any terrorist, a CyberTerrorist actively exploits the goals of the target population in areas in which they take for granted.

There are three potential acts in CyberTerrorism at the point of convergence:

1.Destruction;

2.Alteration; and

3.Acquisition and retransmission (these are a unit).

As we will see, these three types of acts are most heinous at the point where the physical and virtual worlds converge.

To achieve a true terrorist goal, as we know, we must have scale and publicity. So how does the CyberTerrorist approach a new age - an age of convergence of the physical and virtual worlds? An age where, thanks to our goals, he can perform his CyberTerrorist acts from his living room, undetected, from 8,000 kilometers away?

Cracker or CyberTerrorist?

A great deal of "cracks" are committed for the purposes of anarchy, humor, or as often stated by the perpetrators, "to be annoying." However, is this the mindset of a CyberTerrorist? Does the CyberTerrorist make a garage door go up and down? Does he change an Internet web site to say a country's government is evil? Does he hack into a major corporation's voice mail system to make long distance calls? No - that is not the domain of the CyberTerrorist - that is the domain of the amateur cracker community that exists worldwide.

A CyberTerrorist's mindset is quite different. A CyberTerrorist would not alter a voice mail, or even abuse credit cards.

Potential CyberTerrorist Acts

Let us examine some example CyberTerrorist acts. Based on the definitions of terrorism, a determination can be made if they in fact constitute terrorism:

• A CyberTerrorist will remotely access the processing control systems of a cereal manufacturer, change the levels of iron supplement, and sicken and kill the children of a nation enjoying their food. That CyberTerrorist will then perform similar remote alterations at a processor of infant formula. The key: the CyberTerrorist does not have to be at the factory to execute these acts.
• A CyberTerrorist will place a number of computerized bombs around a city, all simultaneously transmitting unique numeric patterns, each bomb receiving each other's pattern. If bomb one stops transmitting, all the bombs detonate simultaneously. The keys: 1) the CyberTerrorist does not have to be strapped to any of these bombs; 2) no large truck is required; 3) the number of bombs and urban dispersion are extensive; 4) the encrypted patterns cannot be predicted and matched through alternate transmission; and 5) the number of bombs prevents disarming them all simultaneously. The bombs will detonate.
• A CyberTerrorist will disrupt the banks, the international financial transactions, the stock exchanges. The key: the people of a country will lose all confidence in the economic system. Would a CyberTerrorist attempt to gain entry to the Federal Reserve building or equivalent? Unlikely, since arrest would be immediate. Furthermore, a large truck pulling along side the building would be noticed. However, in the case of the CyberTerrorist, the perpetrator is sitting on another continent while a nation's economic systems grind to a halt. Destabilization will be achieved.
• A CyberTerrorist will attack the next generation of air traffic control systems, and collide two large civilian aircraft. This is a realistic scenario, since the CyberTerrorist will also crack the aircraft's in-cockpit sensors. Much of the same can be done to the rail lines.
• A CyberTerrorist will remotely alter the formulas of medication at pharmaceutical manufacturers. The potential loss of life is unfathomable.
• The CyberTerrorist may then decide to remotely change the pressure in the gas lines, causing a valve failure, and a block of a sleepy suburb detonates and burns. Likewise, the electrical grid is becoming steadily more vulnerable.

In effect, the CyberTerrorist will make certain that the population of a nation will not be able to eat, to drink, to move, or to live. In addition, the people charged with the protection of their nation will not have warning, and will not be able to shut down the terrorist, since that CyberTerrorist is most likely on the other side of the world.

Sadly, these examples are not science fiction. All of these scenarios can be executed today. As you may know, some of these incidents already have occurred in various nations. More of such acts will take place tomorrow. Are you prepared?

CyberTerrorists: Who, Where, and Why?

The purpose of this paper is to help you understand the threats that exist, and hopefully, to help you prevent these types of atrocities. But know this - there are people out there with very different goals, who are our real threats, and who are, or will be, attacking us. Make no mistake, the threats are real, today.

Who are the CyberTerrorists? There a great many poor movies and too many works of fiction about the hacker and cracker communities. In the popular media, there recently was the Kevin Mitnick incident, where one cracker broke into another cracker's systems. This spawned endless press and at least two best selling books. While this incident received much attention, the events amounted to meaningless children's games.

By and large, the cracker community, based primarily in the United States, Europe, the Middle East, Asia, and in the nations of the former Soviet Union, is composed of individuals who see the cracking process merely as a challenge, a brain teaser, a puzzle. They view themselves as not only being innocent of any crime, but perhaps even doing something righteous, something to counter the dark monoliths of the corporate and government worlds. They believe they are being persecuted. These individuals believe that what they are doing is not doing any true damage. At its least harmful, these crackers just look at information. However, privacy issues and military secrecy can render such infiltrations acts of terror.

Sometimes crackers make minor changes, just for fun, to be annoying, or to make a statement. The potential for damage here is enormous.

Crackers as Facilitators

Individuals with a background in intelligence are aware that a frequent element of case execution is enlisting the indigenous, sometimes called "facilitators," to assist in a campaign. At the convergence of the physical and virtual worlds, the indigenous are the crackers.

There is the incorrect assumption in the cracking community that they, the crackers, are so sophisticated or so knowledgeable as to know when they are being approached for a truly illicit reason (e.g., to be enlisted as a facilitator to commit an act of terrorism). However, despite cracker arrogance, these individuals are easy targets for enlistment.

What about those crackers who actively wish to cross the line, or more basically, need money? To a teenager, a $1,000 U.S. can purchase a good many compact disks, a new modem, and a great deal of libation. Beyond youths, there are professionals in this arena as well.

Historically, individuals engaged in the practice of terror tended not to be people working upon a computer 20 hours per day. Terrorists have not been in the business of tracking the latest holes found in UNIX or an obscure government telnet opportunity. There are people, however, who are in that business - for illicit as well as good cause. As stated, just as indigenous people may be turned into soldiers, so can crackers be turned into CyberTerrorists. Sometimes such a transition may be motivated by money or prestige. Usually, this transition will occur without the cracker's cognizance. The potential threat from such transitions is mind boggling, considering the damage even one mis-directed cracker can cause.

Further, as young, educated people are brought into the folds of terrorist groups, this new generation will have the talent to execute the acts of CyberTerrorism of which we have spoken.

We are going to see increasing levels of in-house expertise, and concomitant exponential increases CyberTerrorism. Unlike other methods of terrorism, CyberTerrorism is safe and profitable, and difficult to counter without the right expertise and understanding of the CyberTerrorist's mind. Combine our increasing vulnerability, with the explosive increases in the level of violence, and increasing expertise available inside terrorist organizations through new blood and outside through facilitators, and we can see that at the point where the physical and virtual worlds converge, the old models of managing terrorism are obsolete.

Methods of Protection: No Easy Answers

We must consider the following elements when building a counter-CyberTerrorist program:

• We must accept that while the theories of terrorism stand true, the way in which we approach counter-terrorism, in this case, counter-CyberTerrorism, must change.
• We must cooperate and share intelligence in ways we have never have before.
• We must enlist the assistance of those individuals who understand the weapons we are facing and have experienced fighting these wars.
• We must learn the new rules, the new technologies, and the new players.

Unfortunately, one cannot learn how to fight this very unconventional warfare from someone who hasn't been there, nor from someone whose experience is in the old ways and old technologies. The old data processing, auditing, and computer security models in use today are obsolete. On this battlefield, against this weapon, the terrorist is already far ahead. The building of a counter-CyberTerrorist team must be real-time and dynamic, as the weapons will continually change, to morph, in an attempt to beat you, your systems, and your people. There is no re-machining, and unlike other terrorists, if the CyberTerrorist loses today, he does not die - he learns what did not work, and will use that information against you tomorrow.

Conclusion

If a computer security advisor states that you, your organization, and your country are safe behind firewalls, behind a system put into place by people who have never fought cyberbattles, behind audit trails, passwords, and encryption, then a great and dangerous fallacy (or fantasy) is being perpetrated upon you. The only solution is the quick deployment of a counter-CyberTerrorist - someone who knows what you are up against today, someone who lives in the world of the people who are, and will be, attacking - someone who can train the people who must fight the battles.

Ex Post Facto

An effective auditing system will only inform the target manager that they have taken a hit; perhaps a fatal hit. By that point, it is too late. Now is the time to take action. Unfortunately, due to this open nature of this document, specific counter-CyberTerrorism measures cannot be discussed. Those discussions must be reserved for secured facilities.

Counter-terrorists of all backgrounds are duty-bound to save property, and more importantly, save lives. However, we are not isolated. We are all increasingly connected, dependent, and vulnerable. The very basic things we take for granted (e.g., food, medicine, energy, air, freedom of movement, communications, freedom from violence) are being threatened by the new weapon of CyberTerrorism.

If we do not work together, we will be responsible for the outcome. If we fail to be ready when and where the virtual and physical worlds converge, then all that will be left is terror - in one's and zero's.