Cyberterrorism can include several types of activities: the promotion of terrorist or militant groups on the Web (including propaganda and recruitment), the coordination or facilitation of terrorist activities, and actual attacks on Web sites or other information infrastructure.
Terrorists on the Web
There is little doubt that terrorist groups are increasingly computer savvy and willing to use the technology to fur-ther their purposes. Many groups have Web sites that are used for propaganda and recruiting. (In 2007 a British court sentenced three men, calling them “cyber-jihadis” and say-ing they had used a Web site to urge Muslims to attack non-Muslims.) In fact extremist groups of many kinds (including neo-Nazis and other racial extremists) have long used Web sites to attract young followers through propaganda, music, and even games.
Other material posted by terrorist groups online includes bomb-making plans, lists of potential targets (pos-sibly including maps or blueprints), and “tips” for penetrat-ing defenses or evading detection. (A project called Dark Web at the University of Arizona searches for, compiles, and analyzes massive amounts of Web content generated by terrorist groups.)
Attacks on Web Sites
Attempts to jam or disrupt Web sites (such as denial of service attacks or DOS) have been made for a variety of rea-sons. At one end of the spectrum are individuals or small groups engaged in criminal activity (such as attempted extortion) or expressing political protest (“hacktivists”). At the other end are alleged online offensives by national gov-ernments (see Information warfare).
Although there have been no major disruptions as of mid-2008, terrorists (or sympathizers) have already con-ducted cyberattacks. One site has even offered a download-able “electronic jihad” program that users can use to select from a list of targets to launch an automated DOS. While such sites are usually taken down after a few months, it is relatively easy to start another, especially because informa-tion provided for site registration is often not verified.
Fighting Cyberterrorism
Strategies and tactics to combat cyberterrorism involve both general antiterrorist intelligence and other techniques as well as those particularly adapted to the cyberspace arena (see counterterrorism and computers, computer crime and security, and computer forensics).
The cyberterrorist threat also plays an important role in the effort to better protect vital infrastructure. Although attacks on banking and other financial computer systems have the potential to cause severe economic damage, much attention has focused on computer-based attacks that have the potential to directly injure or even kill people. Back in 2000, an individual hacker in Australia took over a pumping station and dumped more than 264,000 gallons of raw sew-age into public lands and waterways. Although no humans were directly harmed, it is easy to see that such contamina-tion in the drinking water supply could be deadly.
Regardless of the type of computer system, following best security practices can go a long way to “hardening” potential targets. Such practices include the use of robust firewalls and antivirus programs, regular security updates for the operating system and software, network monitoring and intrusion detection, sharing information about secu-rity threats, and training personnel to be aware of typical attacker techniques, including deception (social engineer-ing). There needs to be a comprehensive protection plan for each facility that takes both physical and electronic security into account
Assessment
In recent years cyberterrorism has been a much publicized topic. Some critics believe that the threat of cyberterrorism has been overestimated—not because many computer sys-tems are not vulnerable, but because the most vulnerable physical systems are generally not on the Internet and not easily accessible. It has also been argued that terrorists gen-erally use simpler, more direct weapons (e.g., bombs) and aim to produce physically spectacular or terrifying results. Most cyberattacks would not seem to meet those criteria. On the other hand, a cyberattack might be launched in conjunction with physical attacks, either as a distraction or to make it harder for authorities to respond to the main attack.
Properly assessing risks and allocating resources will always be difficult, and will always be influenced by politi-cal and economic as well as technological factors.
Terrorists on the Web
There is little doubt that terrorist groups are increasingly computer savvy and willing to use the technology to fur-ther their purposes. Many groups have Web sites that are used for propaganda and recruiting. (In 2007 a British court sentenced three men, calling them “cyber-jihadis” and say-ing they had used a Web site to urge Muslims to attack non-Muslims.) In fact extremist groups of many kinds (including neo-Nazis and other racial extremists) have long used Web sites to attract young followers through propaganda, music, and even games.
Other material posted by terrorist groups online includes bomb-making plans, lists of potential targets (pos-sibly including maps or blueprints), and “tips” for penetrat-ing defenses or evading detection. (A project called Dark Web at the University of Arizona searches for, compiles, and analyzes massive amounts of Web content generated by terrorist groups.)
Attacks on Web Sites
Attempts to jam or disrupt Web sites (such as denial of service attacks or DOS) have been made for a variety of rea-sons. At one end of the spectrum are individuals or small groups engaged in criminal activity (such as attempted extortion) or expressing political protest (“hacktivists”). At the other end are alleged online offensives by national gov-ernments (see Information warfare).
Although there have been no major disruptions as of mid-2008, terrorists (or sympathizers) have already con-ducted cyberattacks. One site has even offered a download-able “electronic jihad” program that users can use to select from a list of targets to launch an automated DOS. While such sites are usually taken down after a few months, it is relatively easy to start another, especially because informa-tion provided for site registration is often not verified.
Fighting Cyberterrorism
Strategies and tactics to combat cyberterrorism involve both general antiterrorist intelligence and other techniques as well as those particularly adapted to the cyberspace arena (see counterterrorism and computers, computer crime and security, and computer forensics).
The cyberterrorist threat also plays an important role in the effort to better protect vital infrastructure. Although attacks on banking and other financial computer systems have the potential to cause severe economic damage, much attention has focused on computer-based attacks that have the potential to directly injure or even kill people. Back in 2000, an individual hacker in Australia took over a pumping station and dumped more than 264,000 gallons of raw sew-age into public lands and waterways. Although no humans were directly harmed, it is easy to see that such contamina-tion in the drinking water supply could be deadly.
Regardless of the type of computer system, following best security practices can go a long way to “hardening” potential targets. Such practices include the use of robust firewalls and antivirus programs, regular security updates for the operating system and software, network monitoring and intrusion detection, sharing information about secu-rity threats, and training personnel to be aware of typical attacker techniques, including deception (social engineer-ing). There needs to be a comprehensive protection plan for each facility that takes both physical and electronic security into account
Assessment
In recent years cyberterrorism has been a much publicized topic. Some critics believe that the threat of cyberterrorism has been overestimated—not because many computer sys-tems are not vulnerable, but because the most vulnerable physical systems are generally not on the Internet and not easily accessible. It has also been argued that terrorists gen-erally use simpler, more direct weapons (e.g., bombs) and aim to produce physically spectacular or terrifying results. Most cyberattacks would not seem to meet those criteria. On the other hand, a cyberattack might be launched in conjunction with physical attacks, either as a distraction or to make it harder for authorities to respond to the main attack.
Properly assessing risks and allocating resources will always be difficult, and will always be influenced by politi-cal and economic as well as technological factors.
No comments:
Post a Comment