Computer Crime Research Center

Putting cyberterrorism into context

Date: October 09, 2004
Source: AusCERT
By: Kathryn Kerr

... />
What is the threat of cyberterrorism?

Assessments of the threat of cyberterrorism require an assessment of the intent and capability of attackers to cause fear and/or physical harm through cyber attack techniques. Except perhaps for national security agencies which are tasked with collecting and analysing intelligence about terrorist threats, there are few who are able to comment authoritatively on the intent or capability of known terrorist groups to conduct acts of cyberterrorism.

Notwithstanding this, there are however, some factors which are relevant to an assessment of the threat.

1. Terrorists by and large are not innovators

Despite a relatively long history of terrorism, to date terrorists' modus operandi mostly has involved the threat of physical harm; actual maiming or killing of people; and damage to property. In the vast majority of cases, terrorists have used conventional methods which involve the use of affordable, accessible and volatile substances, eg improvised explosive devices or weaponry. Less often non-conventional methods have been used such as the Aum Shinrikyo sarin gas attack on the Tokyo subway in 1995. [14] But through the use of a chemical weapon, Aum Shinrikyo still sought to cause physical harm to a large group of people - necessary for instilling fear within a target population.

2. Terrorist attacks on critical infrastructures have used conventional methods of attack

Terrorists have frequently targeted critical infrastructure and sometimes this has been to cause disruption only. For example, during the 1990s, some of the operations planned and conducted by the Provisional Irish Republican Army were assessed to have the primary goal of causing damage and disruption to critical infrastructures while minimising harm to people. Two examples include the October 1992 week-end bombing of the Square Mile financial district of London.[16] and the planned bombing of six substations of the London power grid in 1997. [15]

At other times terrorists have targed critical infrastructures, including critical information infrastructures to maximise disruption in addition to generating fear through deliberate attacks on human life (as occurred with the World Trade Center attacks). World-wide there have been numerous cases of conventional methods used to attack critical information and other infrastructures. [17]

3. Cyber attack as a tool for terrorism has limitations and would not be regarded as the tool of choice by most terrorists

* Uncertainty of attack impact

A computer network attack on a critical information system such as a Supervisory Control and Data Acquisition (SCADA) system that controls devices which provide essential services such as power or gas, may potentially cause a harmful and unwanted incident that could seriously damage property or endanger lives. This is the essential concern associated with a cyberterrorist attack. While this is a possibility, unless the attacker has an intimate knowledge of the system being targeted then the best an attacker can expect is that the impact will be unknown or unreliable. Add to this the ability of network operators to manually over ride critical systems in the event of a malfunction or fail safe mechanisms to be triggered, then it is more difficult for an attacker to be certain his actions will achieve the desired result. By contrast, the impact of a conventional attack, on a critical information system or other target, is immediate and unequivocal and would require significantly less knowledge of the inner workings of the system itself [19].

* Recovery from a cyber attack is likely to be quicker and easier

A computer network or electronic attack on critical computer control systems, such as SCADA systems, requires the attacker to manipulate data within that system to affect the way the systems being controlled by the attacked system, function. Once a computer network attack has been detected and diagnosed, corrections can usually be made to prevent further damage and compromise to the system itself and to the systems it controls. Recovery from a computer network attack on a critical information system can occur more quickly than a conventional attack - perhaps requiring a reinstall of operating system or other critical applications, back-up files, or additonal network hardening etc. By contrast, a conventional attack will usually involve serious physical damage and require the rebuilding of complex pieces of equipment and facilities which is likely to take considerably more time and resources than would be to recover from the system changes due to a cyber attack. If recovery is able to occur quickly then from a terrorist perspective, the attack may be less effective as a means of instilling fear or causing serious damage [18].

* Plausible deniability

"Plausible deniability" in the context of cyber attacks generally refers to the ability of an attacker to conceal the true source of the attack, ie plausibly deny they did it [20]. But 'plausible deniability' may also extend to the attacked site. In the event a critical service disruption or malfunction occurs due to a cyber attack, without evidence of clear physical damage, operators may plausibly deny the cause of the disruption or malfunction was due to a cyber attack. The detection and correct diagnosis of a cyber attack relies on the examination and analysis of largely hidden computer forensic evidence (assuming it is collected and retained for examination). By contrast, conventional attacks exhibit clear observable physical evidence that an attack took place. Denying it would be more difficult, if not infeasible. Regardless of how successful a cyber attack may prove to be in causing serious disruption to critical services or serious economic damage, without the targeted population being aware that the disruption was the result of a terrorist operation, then the incident loses its ability to generate fear and be an effective tool of terror, and becomes indistinguishable from other prolonged disruptions to essential services that have occurred in Australia and elsewhere.

4. Vulnerability of critical information systems to cyber attack

Finally, an assessment of the threat of cyberterrorism depends on the extent to which critical information systems are vulnerable to cyber attack. The greater their perceived and actual vulnerability, the more likely a terrorist may consider or experiment with cyber attack and the easier an attack will be. In theory, if the systems are recognised as being critical then the owners and operators of these systems should seek to mitigate the risk by protecting against cyber attacks to these systems - not only from cyber terrorists, but from others who may hold greater intent and capability to conduct attacks, including disgruntled employees or contractors, competitors, or ordinary hackers (attackers), or possibly nation states with identified information warfare programs during times of war.

If critical information infrastructures are being protected to the extent required of a critical system, ie commensurate with the risk, then the opportunities for targeting these systems by terrorists or others should theoretically be low. (Admittedly, "should be" and "will be" are not the same and this assumption may not apply to all critical systems. There have been an increasing number of reports claiming that some SCADA and other critical information systems are vulnerable to cyber attack [21], but while relevant, is beyond the scope of this current paper).

What is the threat of other forms of politically-motivated cyber attacks?
During recent international conflicts or events and particularly since the emergence of the world wide web in the early 90s, politically motivated cyber attack activity or 'hacktivism' has been used as a form of protest around the world. But in comparison to other cyber attacks, it occurs less often. Politically motivated cyber attacks were launched during the Balkans conflict, during globalisation talks and in response to the Bali bombings, to name just a few examples [22].

Politically motivated cyber attacks, as a form of protest, usually involve web site defacements (with a political message) or some types of denial of service (DoS) attack and are usually conducted by loosely organised hacker groups or individuals, with hacker skills, sympathetic to a particular cause or who align themselves with a particular side in a conflict. For example, the downing of a US spy plane in Chinese airspace, resulted in an increase in attacks from both Chinese and US hackers (mostly web site defacements) who were apparently displeased with 'the other side' [23]. Another example occurred, in 1997 when a group aligned with the Liberation Tigers of Tamil Elam (LTTE) reportedly swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." [10] While the cyber attack was politically motivated, from the outset the attack was incapable of harming people or property or instilling fear into the target population. Its impact was primarily designed to cause disruption to the Sri Lankan embassies' email operations but with alternative forms of electronic communications available to the embassies, in all likelihood, the attack did not have a serious impact on critical lines of communication.

While DoS attacks have been used as form of political protest, they are most effective when the attacker publicly advertises the reason for the attack, eg through virtual-sit-ins...


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-03-10 12:51:02 - my sister s hot friend sex scandal in the... Alex
2007-03-10 08:08:57 - motorola t720 ringtonemotorola razr... Alena
2007-03-10 04:26:57 - free yahoo ringtone nokia monophonic... Roman
2007-03-09 12:14:29 - get now ringtone verizon bollywood... Roman
2007-03-09 10:02:30 - index.html.index1.html.free downloadable... Piter
2007-03-07 04:55:25 - kyocera se47 ringtone cheap ringtone for... Zoli
2007-03-07 04:54:40 - Good site Good site computer download... Zoli
2007-03-06 22:26:24 - download free cingular mp3 ringtone free... Roman
2007-03-06 19:40:28 - ringtone world.comringtone direct.comfree... Alena
2007-03-06 17:33:08 - Good site Good site 6i nokia ringtone... Jon
Total 27 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo