Vladimir Golubev, Ph.D.
Struggle Against Cyberterrorism in modern conditions
Nowadays life of each person to a greater or lesser extent depends on the telecommunication technologies used practically in all spheres of a public life. The world has entered a new epoch - an epoch of an information society.
The number of the Internet users constantly grows. They are 158 million in USA, 95 - in Europe, 90 - in Asia, 14 - in Latin America, and 3 - in Africa. In Russia, by different ratings, the quantity of Internet users makes about 8 million. Connection to the Internet is possible from any place of globe. If to speak about the developed infrastructure, today the Internet covers more than 150 countries of the world .
Prompt development of informatization has resulted to occurrence of the new kinds of crimes, such as computer crimes and computer terrorism.
As the new and insufficiently investigated criminal phenomenon, a cyberterrorism deserves separate attention and demands the special approach to the decision of this, dangerous to mankind, problem. Special concern in law enforcement bodies is caused with the terrorism acts connected to Internet use. Its open sources allow to receive manufacturing techniques biological, chemical and even the nuclear weapon of terrorists. Cracking sites, cyberterrorists get access to the information of a different sort, including confidential.
In our opinion, the cyberterrorism is the non-authorized intervention in job of telecommunication networks components, computer programs functioning in their environment, removal or the updating of the computer data causing disorganization the crucial elements job of state infrastructure and creating danger of people destruction, causing of significant property damage or approach of other socially dangerous consequences .
Thus, it is necessary to understand "cyberterrorism" or «computer terrorism » as deliberate, motivated attack to the information processable by a computer, computer system and networks which creates danger to people life or health or approach of other consequences if such actions were perpetrated with the purpose of infringement of public safety, intimidations of the population, provocation of the war conflict.
It is possible to explain the growing popularity of a cyberterrorism because to realize the act of cyberterrorism much more cheaply, than to get for the same purposes the weapon.
Acts of terrorism in cyberspace can be made not only by separate persons or terrorist groups, but also by one state against another. In this aspect the cyberterrorism doesn't differ from any other kind of terrorism. Extremist groupings, separative forces, preachers of the ideas contradicting to universal values, intensively use modern technologies for propagation of the ideology and information wars.
The information weapon can become ideal means for electronic terrorists and it makes a question of information security a prominent aspect both national, and the international safety.
For acts of cyberterrorism the following tools of their fulfillment are characteristic:
- Various kinds of the attacks, allowing to penetrate into an attacked network or to intercept a network control
- Computer viruses, including - the network worms modifying and destroying the information or blocking job of computing systems
- Logic bombs - sets of commands, which take root into the program and work under certain conditions (for example, after the certain interval of time)
- The "Trojans", allowing to execute the certain actions without the knowledge of the infected system's owner
- Means of suppression of an information exchange in networks .
Complexity of cyberterrorism prevention consists in a number of the describing aspects:
- transcontinental (transboundary)
- The information, information resources, information techniques can act as the aim of criminal encroachments, environment in which offences are made, and the crime instrument
- Ease of destruction and change of the computer information (traces of a crime).
According to statistics, for the first half-year 2002, cases of computer breakings and computer viruses distributions have sharply increased. From the Carnegie Mellon Software Engineering Institute's report the quantity of computer incidents has grown from six cases in 1988 up to 52658 in 2001.
The computer terrorism more and more promptly and "effectively" gets showings of the international, global evil and according to a number of the international documents the cyberterrorism concerns to number of the international crimes.
Not on last place there is a political motivation of cyberattacks on various infrastructures of the advanced states. The basic targets of electronic terrorists became the USA, the Great Britain, Germany, Australia, Brazil, and Denmark. The opposition of the digital world against the USA in reply to the politics spent in relation to Iraq and support of Israel has increased. As acknowledgement of it can serve a recent attack Unix Security Guards on a number of corporate and governmental systems as a token of the protest against the planned American - British military action against Iraq.
The number of cyberattacks against the American Governmental bodies in September twice exceeded number of attacks in August. To that an example - appearance of new worm VBS/Nedal (Laden on the contrary). For the distribution the worm uses the text connected to sad events on September, 11, 2001 in New York. VBS/Nedal - the destructive nocuous code destroying contents of executed files. He is distributed on email, dispatching itself to each addressee found in AdressBook of Microsoft Outlook on the infected computer. A subject of the infected letter: «Osama Bin Laden Comes Back! ". In a body of the letter there is a text, calling to wipe out Israel and the USA.
In struggle against a cyberterrorism it is impossible to underestimate the opponent, relying on absence, his sufficient experience and the knowledge, qualified and the prepared staff. There is some pronouncement of Islamic fundamentalists that al-Queda and other Muslim extremist groups all over the world plan to use the Internet as the weapon against the West for the acts of terrorism. Extremists openly declare that all kinds of high technologies are actively studied by "devouts" to use the advanced achievements with a view of electronic jihad. Thus the accent is put on destructive influence on national infrastructures. As one of leaders of Near East criminal groupings has declared: «… Very soon world becomes the witness of attacks to New York, London and Tokyo stock exchanges".
The boldness of such statements and the public declares about cyber technologies use with the aggressive purposes, directly testifies to globalization of cyberterrorism and all of its displays. Extremists do not hide an opportunity of use "all kinds of technologies" with a view of protection of the Muslim Land. Groups of jihad are scattered worldwide, and in the activity actively use the Internet. There are numerous states, that al-Queda has highly skilled experts on computer technologies. A number of Muslim hacker's groupings threatens with cyberattacks to the USA and Israel governmental sites. It is not surprising, if tomorrow we shall hear about a world economic crisis owing to attacks to the basic computer systems of the largest companies.
Special services of the western countries estimate real threat of a cyberterrorism and develop preventive measures. Some possible scripts of events succession are studied, in particular, possible attack to computer systems of stock exchanges.
Consequences of computer intrusions, most likely, will be two types: intrusion into the data and intrusion into control systems.
Intrusion into the data are attacks on sites, computers network, payments systems and the databases connected to it.
Intrusion into control systems will be directed on disconnect or destruction of the state or corporate infrastructure.
Consequences of intrusion into the data will be bankruptcy of commercial structures, larceny, and destruction of the important business information, loss of intellectual property, decrease in reputation and/or reduction of stock's price. Intrusion into control systems are more dangerous - failure of communications, transport, and data transfer, financial payment systems, etc.
The Council of Europe in 90th years snowed “the world scales of terrorism”. The declaration, accepted in November, 1995 in La Gomer, provided close cooperation of police and justice bodies by means of information about terrorist groupings interchange.
Events on September, 11, 2001 have shown that the terrorism is only one of challenges in sphere of security which the multilevel system of Europe should answer.
The wave of a shock which has reached from of Atlantic has taken the European states appreciably unawares. Attacks to New York and Washington have deduced the international terrorism on a new level not only quantitatively, but also qualitative: their preparation and realization demanded use of new information technologies in the criminal purposes.
The latest news can serve as acknowledgement : Danish antiglobolists organization Global Roots planned to lead in the Internet protest action against the summit of the European Union which passed in Copenhagen on December, 12-13 2002. Participants Global Roots were going to organize the distributed DoS-attack to an official site of summit and to destroy it. In the action took part about 10000 people which could not arrive to Denmark and personally participate in protest manifestations .
There are two most typical ways of cyberattacks: a direct access to the computer information and a way of the remote access to the computer information.
Direct access to computers, computer systems is the criminal’s actions on destruction, blocking, updating, to copying of the computer information, and also infringement of computer equipment work or a computer network by special commands from a computer in which memory there is information or which is planned to destroy.
The analysis of the researches has shown, that the way of remote access to computer, system or a network represents a mediate connection with certain computer (the network server), taking place on distance. Such connection can be made through local or global computer networks and other communication facility. To network systems, alongside with usual (direct access), carried out within the limits of one computer system, is applied the specific kind of attacks caused by distribution of resources and the information in space - so-called network (or remote) attacks. This kind of attacks is most dangerous, as the potential weapon of cyberterrorists. As such attack we usually understand information destroying influence on the divided computer system, carried out on liaison channels. Results of such influence, for example, on a critical infrastructure’s or a nuclear reactor’s control system, on the consequences can have character of global accident.
Thus, the problem of struggle against a cyberterrorism should be put on one level with terrorism and the organized crime. Thus it is necessary to carry out the complex approach to solve the problem at the international level.
By way of effective cooperation of law enforcement bodies of the different states, directed on counteraction to computer terrorism, it is necessary to reconsider considerably existing complex procedure of decision-making on struggle against this kind of the crimes, arisen, in particular, because of co-ordination of the documents liabled to ratification. Such procedure at the first stage could be simplified, having refused agreements, using the frame decree. At the second stage it is expedient to distribute procedure of decision-making on the questions of internal security having the international importance, in the Council of Europe by the voting.
In view of above-stated and features of electronic terrorism, there is a complex of the legal and technical problems connected to following absence:
1. The acts regulating criminal - remedial actions.
2. Specially trained staff (the operative and investigatory personal specializing on computer crimes’ revealing and disclosing).
3. Necessary means of counteraction to cyberattacks.
4. Creation of reliable system of interaction with law enforcement bodies of foreign countries.
The solving of these priorities at the international level, will give an opportunity to law enforcement bodies of all countries to direct the efforts to counteraction and struggle against such dangerous criminal phenomenon, as a cyberterrorism in conditions of global informatization. Counteraction to this new and dangerous form of terrorism cannot be effective without serious reform of law enforcement bodies and special services.
1. V.Golubev «Cyberterrorism as the new form of terrorism»
2. A.ShChetilov «Some problems of struggle against cybercrime and a cyberterrorism»
3. T.Saitarly “US’s Experience with computer crimes investigation”
4. «Hackers – antiglobalists plan destroy a site of the next summit of the European Community»