terrorism RESEARCH

Cyber Terrorism

Until recently, terrorism has been a associated with physical acts of violence and crime; for example killings, bombings, kidnapping, destruction of property, etc. Starting in the twentieth century the increasing advent of technology, and more specifically systems controlled by computers, has seen a new form of criminal activity for law enforcement to worry about. Cyber threats combined destruction of physical and/or virtual property with financial crime, propaganda, economic warfare and possibly physical harm to innocent human lives. Cyber-terrorism is relatively "young" in its evolution and has been associated with individuals, terrorist groups and state actors / countries - which in particular, could escalate into a Cyber War.

Viruses, Malware and Trojans
Computer viruses have been around almost as long as networked computers have existed. "Creeper" is credited as being the first virus that infected DEC machines on the ARPANET (predecessor of the Internet) in the 1970s. Today viruses, adware, malware and trojans may be considered as a nuisance by most everyday computer users. They are often used by criminals to either steal personal information or turn unsuspecting computers into zombie bots, used to generate spam or conduct distributed denial of service (DDoS) attacks. Methods of deployment include infected application files, infected documents, virus attachments in emails, infected USB keys/thumb drives and "drive by infections" where a website is hacked to inject malicious code to the computers that just happen to visit it. This realm of computer viruses, rootkits and trojans is not limited to hackers, terrorists and organized crime mafias - governments and their associated agencies have also been implicated in designing and deploying sophisticated systems to conduct espionage against other states. Stuxnet, Dugu and Flame are just some examples that may have involved state actors, both in their design, deployment and targets, and certainly do blur the line between cyber terrorism and cyberwarfare.

Networked Infrastructure
Electrical grids, the banking system, water distribution, traffic management, communication systems, air traffic control, mass transit, military systems, etc. all tend to be operate in some sort of a networked fashion. Connectivity in this case does not imply that these systems are openly connected to the Internet and may use private networks (physical or virtual). The problems occur when you consider that security is often compromised for the sake of convenience and corners are cut. If you want to manage the electrical grid or the traffic management system in a city remotely, you need connectivity. Does it make sense to build a completely private network (dedicated cables) for each of these infrastructure systems? In some cases yes, but many implementations tend to piggyback off of existing shared infrastructure believing that it can be secured fully. Hackers and cyber terrorists are able to find these vulnerabilities and exploit them to access core systems which can be destructive to this networked infrastructure. Therefore security this infrastructure is much harder than expected and leads to vulnerabilities that can only be countered by constant vigilance and expert personnel - a cost that is often overlooked.

Criminal elements
Cybercrime and cyberterrorism do often intersect in that one can be used to fund the other (either in its virtual or physical form). Organized crime is deeply involved in sophisticated cybercrime activities that one would see with spam, identity theft, bank fraud, shady prescription medication sales, drugs, pornography, human trafficking, prostitution, virtual heists - including stealing bitcoin and other crytocurrency fraud, credit card fraud, money laundering, peddling fake or stolen merchandise, phone fraud, malware/spyware/ransomeware and other nefarious activities. The funds and expertise they gain from their cyber crime sprees allow them to expand their virtual and "brick and mortar" operations, often making them cyber mercenaries available to the highest bidder - be they terrorist groups, countries or other criminals.

Terrorist Propaganda
The Internet has also proven to be a great venue for terrorist groups to spread their propaganda. Websites extolling terrorist views started cropping up almost as soon as the Internet started on its ascent as a revolutionary medium for communication. This is problematic but those that try to use this as an excuse to censor online content and discussions do miss the point that this is also a great eye opener to the majority of the people that do not subscribe to such views. It exposes terrorists to law enforcement agencies (as part of their investigations and by attracting terrorists to disclose their agendas through "honey pots"), the media and the public. As we mentioned in the above section, networked infrastructure and websites, though they may be "secured" by passwords, encryption or other more sophisticated tactics will always be vulnerable - in this case to those helping expose terrorist agendas.

How to protect against Cyber Terrorism
Most of targets of cyber terrorism are large organizations; governments, utilities, infrastructure, businesses, financial institutions, etc.; but there are things that individuals can do to ensure they can protect themselves or minimize the impact of cyberterrorism.

  • Use strong passwords (long in length and combination of alphabets, numbers and special characters)
  • Use different passwords for different websites and if needed, consider using a password manager
  • Update your systems when patches are released or vulnerabilities discovered (update your operating system, browsers, anti-virus/security programs, firmware, etc.)
  • Use more secure operating systems (like Linux) where possible
  • Use virtual machines (with software like Virtualbox) when installing unkown software or visiting sketchy web sites or if you require some anonymity.
  • Secure your personal networks (Wi-Fi passwords with encryption and firewalls)
  • Do not install random, untrusted software on your computers/devices - especially on smartphones and tablets
  • Test your personal network for vulnerabilities
  • Secure your data by using strong encryption where possible