Tag Archives: cyberterrorism

Hacking Cyberterrorism

Although not particular to cyberterrorism, for this discussion I have chosen hacking as a type, or means, of cyberterrorism. Hacking covers virus loading and denial of service attacks, also. In order to carry out a cyberterrorism attack, it must be based on some sort of hacking. First, however, we must agree on the definitions of hacking and cyberterrorism. US Legal, a website dedicated to providing legal reference, broadly defines hacking as “intentionally accesses a computer without authorization or exceeds authorized access” (Computer hacking law & legal definition, n.d., para 1). Cyberterrorism is, according to Denning (2006):

…[H]ighly damaging computer-based attacks or threats of attack by non-state actors against information systems when conducted to intimidate or coerce governments or societies in pursuit of goals that are political or social. It is the convergence of terrorism with cyberspace, where cyberspace becomes the means of conducting the terrorist act. Rather than committing acts of violence against persons or physical property, the cyberterrorist commits acts of destruction or disruption against digital property. (p. 124)

Arguably, in order to use a computer system to do any of the above, it involves hacking, but without hacking, there can be no cyber- component to cyberterrorism, which leaves mere terrorism. Fortunately, using these definitions, there has never been a cyberterrorism attack ever in history (Brunst, 2008; Conway, 2011). Brunst (2008) goes further using the term terrorism to include the planning (and, even pre-planning) phases of an event. I disagree with this tact in scholarship. Brunst fails to provide the distinction between cybercrime and cyberterrorism. Thinking simply, having a Facebook account in order for ease of communication does not amount to meeting for coffee. Messaging a friend on Facebook and organizing a meeting does not constitute meeting for coffee. The act of two or more persons meeting for coffee is a conventional one, however it was planned. This is the same with terrorism. I argue that, although much planning and radicalization can occur using computer networking (e.g. Facebook, MySpace, general information websites, et al.), any terroristic act that stems from such organization would still be considered conventional terrorism unless the act, itself, is described as being technological in nature (Conway, 2011).

There is potential for a cyber-attack to generate fear, economic impact, and the loss of life. This is why we concentrate on security measures to ensure difficulty in accessing systems without proper credentialing, rapid identification and response to active intrusions and threats, and recovery techniques to identify and repair data, networks, and nodes that were involved. For this reason, networks are designed with human redundancy. Human redundancy, as Clarke (2005) explains, integrates human decision points within a technological operational structure in order to detect, indicate, explain, and correct an error. Additionally, infrastructure, a commonly regarded target by the experts, tends to be resilient by its own nature making cyber-attacks inefficient and ineffectual (Conway, 2011; Lewis, 2002; Wilson, 2005)

References

Brunst, P. W. (2008). Use of the internet by terrorists: A threat analysis. Responses to Cyber Terrorism, 34(1), 34–60.

Clarke, D. M. (2005). Human redundancy in complex, hazardous systems: A theoretical framework. Safety Science, 43(9), 655-677. doi:10.1016/j.ssci.2005.05.003

Computer hacking law & legal definition. (n.d.). US Legal. Retrieved from http://definitions.uslegal.com/c/computer-hacking/

Conway, M. (2011). Against cyberterrorism: Why cyber-based terrorist attacks are unlikely to occur. Communications of the ACM, 54(2), 26-28. doi:10.1145/1897816.1897829

Denning, D. (2006). A view of cyberterrorism five years later. In K. E. Himma (Ed.), Internet security: hacking, counterhacking, and society (pp. 123-139). Sudbury, MA: Jones and Bartlett.

Lewis, J. A. (2002, December). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington, DC: Center for Strategic and International Studies. Retrieved from http://www.steptoe.com/publications/231a.pdf

Wilson, C. (2005, April 1). Computer attack and cyberterrorism: Vulnerabilities and policy issues for Congress (CRS Congressional report No. RL32114). Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA444799&Location=U2&doc=GetTRDoc.pdf

Cyberterrorism vs. WMD

Perhaps in an Orwellian society where computers are independant and there is very little human-to-computer interaction could a cyberterrorist cause such an impact as to be equal with a weapon of mass destruction. This is not true, however, regarding the technology of today. According to James Lewis (2002) from the Center for Strategic and International Studies, “cyber attacks are less effective and less disruptive than physical attacks. Their only advantage is that they are cheaper and easier to carry out than a physical attack” (p. 2). Studies of the implementation of efforts to reduce the effectiveness of infrastructure during war show a resiliency that is poorly respected. Redundant systems in conjunction with a focused human response provides mitigation to reduce the impact of disruptive efforts on infrastructure (Wilson, 2005). It seems the more important the system, the larger and focalized the response.

The northeast blackout of 2003 provides a decent case study, although the cause was a systems failure and not related to terrorism. According to the article by Minkle (2008), within an hour and a half, 50-million subscribers lost power in eight states and parts of Canada for a few days, yet it only contributed to about 11 deaths within the affected area. While the impact was significant, geographically, it was more or less a nuisance for most people.

References

Lewis, J. A. (2002, December). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington, DC: Center for Strategic and International Studies. Retrieved from http://www.steptoe.com/publications/231a.pdf

Minkle, J. R. (2008, August 13). The 2003 northeast blackout — five years later. Scientific American. Retrieved from http://www.scientificamerican.com/

Wilson, C. (2005, April 1). Computer attack and cyberterrorism: Vulnerabilities and policy issues for Congress (CRS Congressional report No. RL32114). Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA444799&Location=U2&doc=GetTRDoc.pdf