Computer Crime Research Center

Putting cyberterrorism into context

Date: October 09, 2004
Source: AusCERT
By: Kathryn Kerr

... the reason for the attack, eg through virtual-sit-ins which invite participation from ordinary Internet users as a form of political protest [24]. Such attacks are usually symbolic expressions of protest and while they may be illegal are not intended to, or are incapable of causing damage or disruption sufficient to endanger life or cause serious economic damage. Such attacks are likely to continue on an opportunistic basis in response to international and global conflict.

What is the threat of common forms of cyber attack?

Any organisation with an Internet connection faces a significant threat of cyber attack. The rate of malicious scanning that occurs against networks, the rate of new information about serious computer vulnerabilities and the frequency of reports of serious computer attacks crime demonstrate that the opportunities for attack are numerous as are the number of attackers willing to launch such attacks. The motives for other forms of cyber attack also vary and may range from illicit financial gain, personal use of resources, competitor advantage or malicious damage. Additionally, many attacks are indiscriminate, as attackers are less concerned with who they are attacking rather than launching the attack itself.

Conclusion

The threat of cyber attack for organisations with Internet connections is high. For the most part this threat has little to do with the occurrence of conventional terrorist attacks, increased international tensions or nation state conflicts. Certainly, these events may increase the threat of politically motivated web site defacements or other forms of politically motivated low impact cyber attack, but only slightly. These forms of attack still occur relatively infrequently, despite tumultous events over the last few years, and requires a system to be vulnerable in order for a compromise to succeed. Cyberterrorism, while possible, is assessed to be very unlikely - and indeed, as far as we and others are aware - there have been no reported cases of it which match the above definitions. At present, terrorists seem to prefer the mileage to be gained from conventional methods of attack.

Misuse of the term or a pre-occupation with cyberterrorism as the seeming greatest source of threat may divert attention from addressing other forms of cyber attack which are capable of causing serious harm to organisations and infrastructures and which have occurred far more often and will continue to do so. Our focus should be on preventing serious and harmful cyber attack regardless of who conducts them or what their motives may be. If organisations are taking steps to protect themselves from ordinary cyber attacks of the type that are reported in the media and the 2003 Australian Computer Crime and Security Survey, then they will be well placed to protecting against all forms of cyber attack.

As a final footnote, the Canberra bushfires earlier this year illustrated how a natural disaster, assessed to be a one in a hundred year event, was able to disrupt and damage critical telecommunications, power, gas, water and sewerage infrastructures, for an extended period of time and affected individuals, businesses, government and organisations that depended on these services. Organisations and businesses should therefore ensure they focus on managing all threats - deliberate, accidental or natural - logical or physical - and implement appropriate security measures to manage that risk. This includes having in place sound disaster recovery or business continuity plans and computer incident response plans.

Endnotes

First published in AusCERT Member Newsletter, Vol. 7, No. 2 in July 2003

3. Pollitt, M.M., Cyberterrorism Fact or Fantasy? http://www.cs.georgetown.edu/~denning/infosec/pollitt.html

4. http://scaleplus.law.gov.au/cgi-bin/download.pl?/scale/data/pasteact/3/3590

5. Merari, A., (1993) Terrorism as a Strategy of Insurgency, Terrorism and Political Violence, Volume 5, No. 4, http://www.st-andrews.ac.uk/academic/intrel/research/cstpv/pdffiles/Terrorism%20as%20a%20Strategy.pdf

6. http://searchcrm.techtarget.com/gDefinition/0,294236,sid11_gci771061,00.html

7. Garrison, L and Grand, M. (ed) (2001) Cyberterrorism: An evolving concept, NIPC Highlights, http://www.nipc.gov/publications/highlights/2001/highlight-01-06.htm

8. Denning, D. (2000), Cyberterrorism, http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc

9. Lewis, J.A., (2002) Assessing the risk of cyber terrorism, cyber war and other cyber threats, Center for Strategic and International Studies, http://www.csis.org/tech/0211_lewis.pdf

10. http://www.worldpaper.com/2000/April00/vittachi.html

11. Denning, D.E. (nd) Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, http://www.nautilus.org/info-policy/workshop/papers/denning.html

12. Denning, D.E. (2000) Cyberterrorism, http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc

13. Denning, D., (1999) Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, http://www.nautilus.org/info-policy/workshop/papers/denning.html

14. http://www.terrorismfiles.org/organisations/aum_supreme_truth.html

15. Devost, M.G., Houghton, B.K. and Pollard, N.A., Information Terrorism, http://www.geocities.com/CapitolHill/2468/itpaper.html

16. http://www.geocities.com/CapitolHill/2468/itpaper.html

17. http://www.geocities.com/CapitolHill/2468/itpaper.html

18. Denning, D.E., (1999) Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, http://www.nautilus.org/info-policy/workshop/papers/denning.html

19. Denning, D.E., (2000) Cyberterrorism, http://www.cs.georgetown.edu/~denning/infosec/cyberterror-GD.doc

20. Littleton, M.J. (1995) Information Age Terrorism: Toward Cyberterror, http://www.fas.org/irp/threat/cyber/docs/npgs/ch5.htm

21. Green, J. (2002), The Myth of Cyberterrorism, http://www.washingtonmonthly.com/features/2001/0211.green.html

22. Denning, D.E., (2001) Is Cyber Terror Next? http://www.ssrc.org/sept11/essays/denning.htm

23. eCommerce Times (2001), US, Chinese Hackers Wage Quiet War http://www.ecommercetimes.com/perl/story/9203.html

24. Denning, D.E., (1999) Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy http://www.nautilus.org/info-policy/workshop/papers/denning.html.
Add comment  Email to a Friend

Discussion is closed - view comments archieve
2007-03-10 12:51:02 - my sister s hot friend sex scandal in the... Alex
2007-03-10 08:08:57 - motorola t720 ringtonemotorola razr... Alena
2007-03-10 04:26:57 - free yahoo ringtone nokia monophonic... Roman
2007-03-09 12:14:29 - get now ringtone verizon bollywood... Roman
2007-03-09 10:02:30 - index.html.index1.html.free downloadable... Piter
2007-03-07 04:55:25 - kyocera se47 ringtone cheap ringtone for... Zoli
2007-03-07 04:54:40 - Good site Good site computer download... Zoli
2007-03-06 22:26:24 - download free cingular mp3 ringtone free... Roman
2007-03-06 19:40:28 - ringtone world.comringtone direct.comfree... Alena
2007-03-06 17:33:08 - Good site Good site 6i nokia ringtone... Jon
Total 27 comments
Copyright © 2001-2024 Computer Crime Research Center
CCRC logo