The History About Terrorism And Cyber Terrorism

Published Date: 02 Nov 2017

The problem has been placed in the Mauritian context and analysed thoroughly from this perspective. A research question was identified from which problem statements were elaborated. Four objectives were also earmarked which acted as guidelines all throughout and has been achieved. Literature in the field was ploughed and concepts chosen for its applicability to the study. A survey was also carried out and data collected was analysed and interpreted.

The study has proved the existence of a potential cyber terrorism threat for Mauritius. It has established the vulnerability due to its high internet connectivity. It has also confirmed that key critical infrastructures can be targeted by cyber terrorists due to its vulnerability. Last but not the least; the survey has also demonstrated that a possible cyber terrorism attack could lead to serious setback for the economy of Mauritius.

Moreover, some recommendations have been proposed in the form of a framework. It will comprise of the political, social, legal and economic factors for the designing of an anti cyber terrorism strategy.

Tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.

—National Research Council'

1 INTRODUCTION

You are living peacefully in your Paradise Island and then suddenly, there is a collision in the sky between two planes preparing to land at the Airport due to an attack in the air traffic control system. At the same time there is sudden change in pressure in the gas lines at the storage area, causing valve failure which lead to massive explosion in the Port area. Both the air collision and explosion of the gas storage systems cause enormous damages to infrastructures, massive loss of life and injury as well as chaos in the country. The emergency services are still thinking on how to respond. Within minutes there is a major attack on the electrical grid of the Central Electricity Board, bringing with it a total disruption of the power supply in the country. This leads to complete dysfunction of all the traffic lights in the country which cause massive traffic jam, where everybody is horning to move forward. This is not a trailer for the release of a new movie but a possibility of cyber terrorist attack in the country. Yes, all these key infrastructures can be targeted one day by Terrorist Organisations in the future. This is Cyber Terrorism, a new type of threat facing countries which are heavily dependent on internet and networking for their advancement.

Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood to

mean unlawful attacks and threats of attack against computers, networks, and the information

stored therein when done to intimidate or coerce a government or its people in furtherance of

political or social objectives. Further, to qualify as cyberterrorism, an attack should result in

violence against persons or property, or at least cause enough harm to generate fear. Attacks

that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe

economic loss would be examples. Serious attacks against critical infrastructures could be acts

of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that

are mainly a costly nuisance would not. (Denning, 2000).

The connectivity to the internet and networking are issues of concern for countries like Mauritius. Data and information which are the biggest assets can be compromised, manipulated and used by terrorist organizations by cyber terrorists. Data and information also include sensitive information on national security, economy and other key infrastructures. Risk of losing these data and information are omnipresent.

Mauritius dependency on network and internet has greatly increased recently, due to its socio- economic development, and its reliance on Information Technology as the second pillar of the economy. Nowadays, in all spheres of life from domestic to state owned enterprises, passing through commercial activities to education, computerization and its infrastructures are important keys and stars for success. This utmost reliance on information technology, as an important pillar of the economy, has made the country like any other country in the same situation, vulnerable to cyber threat. One of the threats, which has to be taken seriously in this context, is cyber terrorism. Cyber Terrorism is a new form of terrorist, activity which makes use of computers, keyboards and networks to achieve greater effect than traditional terrorist attacks, through fear, terror and violence.

1.1 RESEARCH QUESTION

The main research question for this paper is ‘Are the key critical infrastructures of Mauritius vulnerable and a potential target for Cyber Terrorist?’

1.2 PROBLEM STATEMENT

To answer the research questions, three problem statemenst have been identified. These problem statements provide the context for this study. This study is limited to three problem statements, as it limits its scope to these variables which are considered important. These three identified problem statements are listed below:

Mauritius high internet connectivity makes it vulnerable to cyber terrorism;

Mauritius key critical infrastructures are vulnerable and can be the target of cyber terrorist; and

Cyber terrorist attack can have a negative impact on the economy of Mauritius.

1.3 RESEARCH OBJECTIVES

The research objectives that have been catered for, will be the path towards the completion of this study. It will also be related to the three problem statements and are as hereunder:

Demonstrates that Cyber terrorism is the new trend of crime used by cyber criminals;

Establish that Cyber terrorism is a potential threat for Mauritius;

Indicate that key infrastructures of Mauritius can be targeted by cyber terrorist; and

Assess how far Cyber terrorist can undermine the economy of a country.

1.4 STRUCTURE OF THE STUDY

Chapter 1 introduces the concept of cyber terrorism and its applicability in the Mauritian context.

Chapter 2 consists of the literature review with emphasis on differences and together with it, the inter relationship between cyber terrorism and terrorism. This chapter also elaborates on how real is the threat of cyber terrorism, its different types of methods, used as well as its possible impacts.

Chapter 3 describes the methodology used for this study. It covers the population and sampling, data collection, statistical method used, as well as the structure of questionnaire.

Chapter 4 is based on the results of the data collected.

Chapter 5 discusses the findings of the data and relates the results to the chosen literature review.

Chapter 6 elaborates on the proposals of some recommendations.

Chapter 7 concludes with limitations in this study and also provides suggestions for future research in this field.

2. LITERATURE REVIEW

2.1 TERRORISM AND CYBER TERRORISM

Cyberterorism englobes two basic principles: cyberspace and terrorism. Cyberspace is the virtual space created by interconnected computers and computer networks on the Internet. It is a conceptual electronic space unbounded by distance or other physical limitations. William Gibson (1982), Merriam Webster Dictionary defined Terrorism as the systematic use of violence to create a general climate of fear in a population and thereby bring about a particular political objective. It has been used throughout history by political organizations of both left and right nationalist and ethnic groups, as well as, by revolutionaries to achieve their objectives. Although usually thought of, as a mean of destabilizing or overthrowing existing political institutions, terror also has been employed by governments, against their own people to suppress dissent. Cyberterrorism therefore, is the use of cyberspace to commit terrorist activities for the benefit of the one in control.

There is an inter relationship between cybercrime and cyberterrorism. The main relationship is that, both make use of computers and network technologies, to achieve their objectives. The differences between cyber crime and cyber terrorism is that in the latter violence, fear is used to achieve political or social benefits. Thus, it could be argued that only illegal actions that make use of computers and networks, as their targets would be considered as cyber terrorism. Computers, internet technology and network use alone, cannot be classified as cyber terrorism. There must be the element of fear, threat and possible violence for a particular cause associated to it. As such, the sending of a virus, to cause the damage to the memory of a gas storage station and by extension causing explosion, is different to that of sending an email virus that sends out spam mail to a user’s address book member. The key critical factor in differencing cyberterrorism, to that of other possible cybercrime activities, is the intention or the state of mind (Mens Rea) of the perpetrator and taking into account, the nature of the criminal actions perpetrated. The objective of provoking large-scale terror with accompanied political and social motive, or benefit, needs to be an inherent part of a cyberterrorist attack. Therefore, various computer and network related activities, support cyberterrorism at an implementation level, but the high-level objectives may differ from normal computer and crime (for example causing annoyance, economic loss, fraud, espionage, etc.). Actions taken in response to an attack are not considered criminal, if they are carried out in a defensive (and not malicious) capacity only.

Cyberterrorism can be viewed as acts of terrorism, carried out through computers, networks and cyberspaces. In a similar manner, cyber crime can be considered criminal acts that are committed by using computer resources, tools and environments. Cyberterrorism acts form part of cybercrime, when the action crosses legal boundaries. Both cyberterrorists and cybercriminals will use knowledge of security and hacking, to electronically leave an impact, but the underlying goal might differ. Whilst cyberterror tries to cause a political change and targets innocent victims through computer-based violence or destruction, cybercrimal activities aims, have an economic gain from individuals and companies by carrying out fraud, theft, blackmail, and other computer attacks and exploits (Lachow 2008). A cyberattack or crime needs to have an element of ""terrorism" (threats, disturbances or infliction of violence) associated with it, in order to be considered as cyberterrorism. Although, cyberterrorism may seem as a more indirect approach to launching an attack, a critical consideration is the terror that is generated from a potential attack.

It is not an easy task to make a distinction between computer network attacks, performed by terrorists and cyber-crimes done by hackers. This is so, because the attacker, whoever it is, always tries to exploit weak spots in the system, regardless of the essence of the real motives. Nevertheless, there are certain trends that can help in making a clear difference between both acts. For instance, in most of the cases of terrorist computer network attacks, the terrorists’ actions have been focused on website defacement and email bombing (Brett Pladna (2008: 5), Information Security Specialist).

Cyberterrorism, can thus be seen, as a relevant threat due to its strong relation to computer and network connectivity. However, a closer inspection of the role that is played will provide a better understanding of the pertinent forces and domains of operation.

2.2 INTERNET THE HONEY POT OF CYBER TERRORIST

For the purpose of this study, the use of internet to carry out terrorist attack will be discussed in this section. Such an attack could be directed either, at other IT-infrastructures, such as computers, servers, and routers or at objects in the "physical world", such as buildings, planes, trains, or even human life. Apart from such IT-based attacks, terrorists can use the Internet to disseminate content to the public. Since Internet connections are widely available and offer various advantages over conventional communication, terrorist organisations can put them for use: for example, to communicate with the public, in order to present terrorist point of views or disseminate threats, to find new supporters, and/or to distribute information to followers. The internet, not only does it enable terrorists to engage in confidential communication among themselves, but it also contains a multitude of information that was not easy to obtain some years back. Satellite images and construction plans, even for complicated designs, are freely available through the Internet. Therefore, the Internet as a planning instrument and as a tool for internal communication and preparation will be another focus in the analysis of threats, posed by terrorists and their use of the Internet.

The Internet is available to terrorists and terrorist organizations, as well as it is for anybody else. In addition, cybercrime, i.e., criminal acts committed with the help of computer networks, has been prevalent, since the early days of computer technology. Therefore, the possibilities that cybercrime has to offer, can also be committed with a terrorist intent. Terrorists, however, have not yet claimed responsibility for any concrete acts, so far. Additionally, the digital traces often do not allow investigators to determine whether the reason for the breakdown of a system was a mere system failure or the result of a purposeful attack. Even if an attack seems looming ahead, it is not possible to determine with certainty, whether it was the result of the purposeful aggression of a terrorist group, or an arbitrary experiment by a ten-year-old schoolgirl who tried out a program, she found while browsing the internet. For this reason, some authors have claimed that, up to now, not a single case of cyberterrorism has been recorded.

However, the threat of terrorism by making use of the internet does not remain unrealistic. Since information on how to manipulate or misuse internet services is widespread and often publicly available, not only to security specialists, but also to terrorist organizations. They can gather such information and put it for use in furtherance of their aims and objectives. Furthermore, the use of Internet-based attacks would seem to be highly attractive for terrorist purposes for the following reasons:

Attacks can be launched from anywhere in the world. An Internet connection is available at most locations or can be initiated from most up-to-date mobile phones;

Attacks are quick. Especially in cases of Distributed Denial-of-Service (DDoS) attacks, but also in many other scenarios, the attacker is not dependent on a fast Internet connection. Instead, he or she can exploit the connection speed of the victim. Worms and viruses can spread at the fastest possible rate without the need for any further involvement of the attacker;

Since actions on the Internet can be disguised by hiding services or using similar camouflage techniques, in many cases it is extremely difficult to trace evidence back to the true perpetrator;

Finally, use of the Internet is cheap. In most cases, only a small bandwidth connection is needed, which is highly affordable in most countries. Damage that can be caused via the Internet, however, can be very costly: IT-experts need to be involved constantly in order to fix newfound security flaws, and, if cases involve physical damage as well, these costs are additionally incurred.

The aim of these attacks can either, be to gather protected information or to sabotage the system or data contained within the information technology system. Another aim can be to manipulate a physical infrastructure, whose operation is controlled by an IT-system. However, in most, of these cases, it is not known whether terrorists have also made use of these possibilities. So, to a certain extent, it is necessary to speculate on which possibilities terrorist organisations would have if they were to accumulate knowledge themselves, or if they were able to hire security specialists to launch such attacks on their behalf. This may be only a question of days.

2.3 CYBERTERRORISM- HOW REAL IS THE THREAT?

In this section, the perceived threat of cyber terrorism faced by China, Estonia and South Korea will be uncovered. The objective in doing so, is to analyse whether Cyber terrorism as a threat have been used previously. Three specific cases of cyberterrorism are discussed: (1) the actions of Titan Rain (a Chinese cyberterrorist group) which targeted USA, the 2007 Estonia cyber attacks and South Korean attack.

2.3.1 ATTACK ON USA

Chinese cyberterrorists, Titan Rain work for the government in mainland China and have a political goal. Their cyber attacks come from just three routers that seem to be the first connection point from a local network to the internet. An investigation by The TIME magazine, into the case reveals, how the Titan Rain attacks were uncovered, why they are considered a significant threat which was then investigated by the Pentagon, the FBI and the Department of Homeland Security, and why the U.S. Government has yet to stop them in the U.S. military. Their mode of operation was attempting to penetrate secure computer networks at the American most sensitive military bases, defense contractors, and aerospace companies were targeted. Titan Rain had created fears. In fact, Titan Rain had the ability to cause widespread havoc, as hundreds of computer systems in the Department of Defense had been penetrated by insidious programs, such as Trojan horses. Titan Rain could control the Department of Defense (DOD) hosts,and also they could use the DOD hosts in malicious activity (Thornburgh et al., 2005).

Those cyberterrorists are voracious, never hesitating to destroy any parasitic file, they could find coming in their way. (Jonathan Matusitz & Gerald-Mark Breen). The possibility also exists for the perpetrators to shut down each host. Allied nations such as Britain, Canada, Australia, and New Zealand have also been targeted by the Chinese cyberterrorists (Thornburgh et al., 2005).

2.3.2 ESTONIAN ATTACK

In 2007, Estonia (a highly wired country) became the target of a massive cyber attack after a Russian World War II war memorial was removed by the Estonian government from downtown Talinn (Estonia’s capital city). The attack was carried through a denial-of-service (DOS) attack, in which virtually, all Estonian government ministry networks, two principal Estonian bank networks, and media web sites were taken down by the attacks (Howard, 2009). These attacks on Estonia exemplify a case of cyberterrorism (Hanlon, 2007). Not only was it a considerable electronic disruption causing massive network damage and panic in the country; but it was also implemented after a political move was made by the Estonian government.

"If a highly IT country cannot carry out its everyday activities, like banking, it sows terror among the people (Adrian Blomfield (2007)). It is not clear whether the entire Russian government launched the attacks on Estonia, but three things are certain: it was determined that (1) it was no accident, (2) it was no "simple hacking maneuver" as the targets were vital infrastructures of a country, and (3) the cyber attack was traced to computers housed in the Kremlin (Greenberg, 2008). This cyber attack was both a terrorist act and politically motivated.. The targets included the Estonian parliament, banks, ministries, newspapers and broadcasters (Von Solms 2008). The execution of such an onslaught left a state without the availability of critical services including the presidency and parliament, government ministries, news resources, banks and communications. The incident is indicative of the probability of such attack and the inconvenienced conditions that was left in its wake.

2.3.3 SOUTH KOREAN ATTACK

South Korea experienced another wave of suspected cyber-attacks which had as objectives to co-ordinate attempts to paralyze a number of major websites. One of the country's biggest banks, a leading national newspaper and the South Korean spy agency were targeted. Some reports suggest the attacks could be the work of North Korea. South Korea and the US reported similar type of these attacks with the White House and the Pentagon targeted. The South Korean government, and the country's internet service providers, are still trying to fight off what appears to be a deliberate attempt to shut down major websites that began earlier this week. In what is known as a "denial of service" attack, thousands of virus-infected computers are hijacked and simultaneously directed to a particular site, overwhelming it with the sheer volume of traffic.

(Source:http://news.bbc.co.uk/2/hi/asia-pacific/8142282.stm)

2.4 KEY CRITICAL INFRASTRUCTURES AS TARGET

Key critical Infrastructures are perceived to be privilege targets for Cyber terrorists. This is mainly due because of its disruption capabilities it offers and the extent of fear it brings along. For the purpose of this study, the key critical infrastructures have been divided into IT infrastructure and other key critical infrastructures which is then further subdivided

2.4,1 INFORMATION TECHNOLOGY INFRASTRUCTURE

The first group of attacks consists of those directed against infrastructure. In general, IT-based attacks are directed against other IT-infrastructures, resulting in a violation of IT-systems or -data. However, since an IT-infrastructure often controls other (physical) infrastructures, these digital attacks can have an effect on "real world objects" as well. These attacks are basically the same as those launched by "common" cybercriminals, but with a terrorist interest or intention.

The aim of terrorists in targeting the IT-infrastructure can have various objectives which can be summarized as the following:

By circumventing security measures, attackers can corrupt the integrity and confidentiality of computer systems and data;

By rendering systems useless, a loss of availability can be caused. This can lead to serious results, especially if mission-critical IT-systems are affected; and

Finally, if IT-systems are connected to other critical infrastructures, such as transportation, power, or water facilities, physical harm apart from a loss of integrity of the system itself can be the result.

However, these are only primary objectives. In contrast to a common hacker or cybercriminal, a terrorist typically takes a long-term perspective. In order to achieve his or her goals, a terrorist pursues an underlying agenda when committing attacks on IT-systems. Upon a closer look, three different aims can be identified: the causing of economic confusion, the discrimination of the opponent, and the generation of monetary income for the terrorist organisation. Economic confusion and the discrimination of the opponent both aid in establishing the aforementioned long-term goal, whereas the generation of monetary income is often needed to keep the organisation running, to buy food for members, or to produce information materials for followers.

The first two aims, economic confusion and the discrimination of the opponent, are closely linked to one another. Both intend to show the vulnerability of industry and state security and the lack of technical knowledge of the other party. At the same time, successful attacks demonstrate the competence of the attacker and thereby create fear on the part of others who are also vulnerable to similar attacks

However, as far as cybercriminals are concerned, such publicity is often considered undesirable. This is especially true if attacks are launched with the intent of gathering information rather than destroying resources. In these cases, terrorists might also prefer not to claim responsibility for a successful attack. However, even in cases of destructive attacks, terrorists might choose to remain incognito for two reasons. First, if it becomes known that a certain incident was the result of a hacking attack by terrorists, pity and solidarity for the victims might be the result. However, if the impression arises that a breakdown was the result of technical incompetence, a lack of trust would be the outcome. Therefore, terrorists – in some situations – might have an interest in not "showing their faces" when attacking digitally. A second aspect is that public knowledge of cyberterrorist attacks might result in an increased security level in many areas, making successful aggressions even more difficult to achieve. An unknown source of mysterious breakdowns, however, could instead lead to greater fear that could, in turn, be exploited by terrorist intents.

2.4.2 OTHER KEY CRITICAL INFRASTRUCTURES

Most of the attacks that are aimed at critical infrastructure have an effect that is immediately noticeable. Additionally, none of the scenarios that are described below have as far as it is known to the public taken place yet. Nevertheless, many authors see them as realistic possibilities that could be taken into consideration by terrorists, because their outcome is more direct and visible than most of the pure attacks on IT infrastructure described above. Furthermore, they almost guarantee what is important to generate fear within a population: extensive news coverage with impressive picture material. As such, mainly three scenarios are discussed in the literature: attacks on hydroelectric dams; tampering with control systems, especially for railways or air traffic; and taking over control of power plants.

2.4.3 ATTACKS ON HYDROELECTRIC DAMS

The most discussed scenario of cyber terrorism with an immediate danger for human lives is an attack on a hydroelectric dam. A perpetrator could gain access to a control system and remotely open the floodgates, thereby endangering the areas and inhabitants behind the gates. The consequences of (accidentally) damaged dams could be observed in the past, e.g. when, in 1975, the Banqiao and Shimantan dams on tributaries of Hang He (Yellow) river in China failed. Dozens of lower dams were damaged and at least 85,000 people died (Gleick 2006). Today, security measures at most dams probably would prevent such extreme results. However, if terrorists were able to control a dam, e.g. by hacking into the SCADA (supervisory control and data acquisition) system controlling it, a deliberate opening of the floodgates could put hundreds or even thousands of people life as well as infrastructure at risk.

The danger of dams connected to SCADA systems could be observed especially in two scenarios. In the first scenario, an individual was able to break into the computer system that runs Arizona’s Roosevelt Dam. Although some details of the attack are being disputed the fact alone that the Roosevelt dam was compromised is sufficient to show the danger of a terrorist attack. (Brunst 2008)

The second case concerns a case that took place in the year 2000 in Queensland, Australia. There, the culprit was able to manipulate the control system of the sewage treatment facilities over a period of 2 months, letting hundreds of thousands of gallons of putrid sludge ooze into parks and rivers. According to an employee of the Australian Environmental Protection Agency "marine life died, the creek water turned black and the stench was unbearable for residents". In the concrete case, the motive of the perpetrator was not to generate fear in the public. The damage was caused "only" to bargain for a consulting contract to fix the problems he had caused (Gellman 2002 ; Giacomello 2004) . However, the case also shows the potential a terrorist would have for bio-related terrorism, i.e. causing illness or death not only in people, but also in animals or plants (; Committee on Water Systems Security Research 2007; Leitenberg 2005).

2.4.4 ATTACKS ON TRAFFIC CONTROL SYSTEMS

In the attacks of 9/11, the hijackers impressively and horrifically showed the amount of damage that they could do with airplanes under their control. It is easy to imagine the possibilities and the fear that would be created if terrorists were able to gain control over airplanes or airport control systems without actually being on board. In 1997, for example, a juvenile was able to access the communication systems of Worcester, MA airport. The action disrupted the telephone service to the Federal Aviation Administration Tower at the airport, the Airport Fire Department, and other related services such as airport security, the weather service, and various private airfreight companies. Furthermore, the main radio transmitter and the circuit that enables aircraft to send an electronic signal to activate the runway lights on approach were disabled (Berinato 2002 ; Cilluffo 2000 ; Testimony of FBI Deputy Assistant Director Keith Lourdeau on "Virtual Threat, Real Terror: Cyberterrorism in the 21st Century" 2004).

Fortunately, no accidents were caused by the attack. The incident, however, shows the vulnerability of modern transportation systems. Therefore, not only airports and airplanes (which are usually quite well protected), but also train systems are the focus of the discussion. In a worst-case scenario, colliding trains or airplanes could possibly cost hundreds of lives (Giacomello 2004; Weimann 2005).

2.4.5 ATTACKS ON POWER PLANTS

The scenario that probably causes the most fear is a manipulation of power plants, especially of nuclear power plants. A similar danger is expected from intrusions into military missile control centres. Although these premises should count as areas with the highest protection and control density, authors still see a possibility for terrorist attempts (Foltz 2004). Furthermore, the massive breakdown of nuclear power plants in 2003 that was described above even these systems is vulnerable to cyber attacks.

There are other possibilities of cyberbterrorist attack which have been elaborated by Collin (1997). These possibility include the following:

• Altering the iron supplement level in a cereal manufacturing plant such that it poisons and kills all that consume the unsafe levels

• Modifying the formulas of medication at pharmaceutical companies. This could result in an enormous loss of life

• Gaining control of air traffic control systems and cause aircraft to crash into each other. The same could be applied to rail services

• Disrupting the services of financial institutions thus causing citizens to lose confidence in the economic systems

Several discrepancies could prevent the first two scenarios from materializing, as minimal quantities of supplement level is added to cereal. The necessary quantity to poison a person would be incredibly substantial. Furthermore, such increased consumption would be noticeable, when the supplement supplies ran low unnecessarily. Also routine product testing would detect such an abnormal quantity of an active ingredient. A similar argument could also be applied to the second scenario of modifying the formulas of medication. (Pollitt 1998).

The other myth is that entire human element and structuring of air traffic control rules would be overlooked where a terrorist is to gain control. Computers in air traffic control provide information and do not actually control the aircraft. Pilots are trained to use their situational awareness and thus taught to be aware of position as well as approaching aircraft. Rules are also meant to ensure smooth operation should no air traffic control be available.(Pollit 1998)

2.6 ECONOMIC IMPACT DUE TO CYBER TERRORISM

According to some organisations, the fiscal losses resulting from cybercrime attacks are costing businesses $ 48 billion annually and cost consumers $ 680 million in 2005. These numbers would increase rapidly if terrorist attacks aimed at causing maximum damage were to take place. However, in order to create economic confusion, more targeted aggressions are necessary. In a potential scenario, terrorists could combine the distribution of information to investors about an upcoming attack, e.g., against a company, with a targeted DDoS attack against a few major banks or stock exchanges. The rapid spread of false business information and even a temporary blockage of communication could seriously damage the economy. This could led to long-lasting consequences and lack of confidence in the reliability of financial services. The results could be even more disastrous if they were to be combined with a classical physical attack on resources. Since institutions such as banks or stock exchanges are vital for the economic well-being of a country, they could be promising targets for terrorists.

This was already tested in 1999, when the group called "J18" invited people to plan individual actions focusing on disrupting "financial centres, banking districts and multinational corporate power bases. The events were initiated as a protest against financial centers on the occasion of the meeting of the G8 in Cologne, Germany, and led to teams of hackers from Indonesia, Israel, Germany, and Canada attacking the computers of at least 20 companies, including a stock exchange and Barclays Bank. Exposing the vulnerability of such institutions was also one of the outcomes of a war game of the U.S. Naval War College in 2002. It was discovered that the telecommunications infrastructure in the United States was hard to bring down because many redundancy measures had been implemented. However, this was not true for the financial system. The financial funds transfer system (Fedwire) that exchanges money among U.S. banks and the electronic transactions network (Fednet), in particular, were found to have only one primary installation and three backups, all of which could easily be located with the help of the Internet – and therefore lend themselves to a targeted attack.

2.7 POSSBILITIES OF ATTACKS THAT CYBER TERRORISKS COULD EXPLORE.

Four different types of attacks that could be interesting to terrorists can be distinguished. The first makes use of so-called bot-nets that can be instructed to administer large-scale attacks against targets. Tools and know-how for the acquisition and use of such networks are widely available and can also be put to use by terrorist organisations. The second type of attack does not operate on a large scale but uses conventional hacking techniques to gain access to specific computers. A third type of attack combines one of the aforementioned two types with a conventional bomb attack, thereby effectively cumulating effects in the virtual and physical worlds. Finally, a fourth type of attack also aims at the physical world: it manipulates IT-systems that serve as control systems (e.g., for railway or airport traffic) and is thereby able to cause damage, especially to physical goods.

  2.7.1 LARGE-SCALE ATTACKS

The first example of the use of computers to attack IT-infrastructure is the implementation of large-scale DDoS attacks with the help bot-nets. In these cases, viruses and Trojan horses are used to control other computers. These computers are turned into "zombies" that are forced to report to a bot-net on a regular basis. These zombies are, in turn, controlled by a bot-master that instructs them, for instances, to send spam or forward thousands of requests to a particular site in order to make it inaccessible to its users. Currently, bot-nets can also be being rented, that is, dubious companies can pay money to have spam sent by bot-nets. By doing so, these companies cover their tracks since the spam messages originate from thousands of different computers instead of from the company itself. In other cases, operators of bot-nets are paid to bring down competing businesses. For a terrorist organisation, the operation of a bot-net could be highly interesting since, on the one hand, bot-nets can be rented to third parties as a source of income. On the other hand, they can also be used for their own terrorist purposes, e.g., sending emails with terrorist content (e.g., propaganda) or bringing down an opponent's (for example, Government) sites. Examples of this technique (executed either with bot-nets or by supporters) are the FloodNet attacks of pro-Israeli hackers that brought down Hizbollah's website or the electronic attack carried out during the allied air strikes on Kosovo and Serbia in 2000 that completely disrupted the internal and external communications of NATO troops. Even the thirteen root servers of the Internet domain name system (DNS) have been the targets of DDoS attacks.

With a view to the legal problems that result from DDoS attacks, it is important to stress that – as already mentioned above – the reason for or the motivation behind a DDoS attack cannot be determined. In 2001, for example, an online demonstration was launched against the German airline "Lufthansa" to call attention to the involvement of the company in the deportation of illegal alien residents. Over 13,000 people took part in this demonstration and opened the web page of the company at the same time. The Lufthansa server was unable to reply to the sudden peak of requests so that the web page was unavailable to customers during this time-frame. In this case, the company was informed about the campaign before it took place, it was aware of the reason for the downtime. However, Lufthansa customers not involved in the demonstration who attempted to access the web page could not know whether the error message was the result of a server problem, an online demonstration, or a criminal DDoS attack. Had the operator not been informed, they would have experienced the same uncertainty: whether the failure is due to a terrorist attack or mere sudden increase in interest on the part of customers (perhaps due to media coverage) cannot be determined by IP-packets.

2.7.2 HACKING ATTACKS

While the aforementioned large-scale attacks are a way to bring down a system and to suppress data flow, they do not enable access to protected data. If, however, a security weakness of a system can be exploited, access can be gained. This makes it possible either to shut down a computer or hinder its service in other ways, or to gain access to information that would otherwise be inaccessible. The hacking techniques used to access computers can also be used by terrorists to access and control government computers. The hacking of web servers often results in so-called defacements, in which the entry page of the website is replaced with another site that informs the user that the server has been hacked. Often, this replacement page is also used to give clues as to who the hacker was (by using nicknames), to send out greetings to fellow hackers, and also publicly to demonstrate how weak the security system of the attacked server was. In these cases where the web server belongs to a security agency, the damage to the public's confidence in the trustworthiness and abilities of the affected agency is much higher than the monetary loss. For example, according to a recent study, 85% of IT-executives believe that U.S. government agencies are not adequately prepared for cyber terror attacks. By hacking and defacing a governmental site, a terrorist group can prove its existence and also its dangerousness. Al-Qaeda, for example, hacked the website of Silicon Valley Land surveying Inc. in order to deposit a video file showing the hijacked (and later beheaded) Paul Marshal Johnson. By publishing the link to the stored video, the organisation could simultaneously demonstrate its technical as well as its conventional dangerousness.

In another case, pro-Palestinian hackers used a coordinated attack to break into 80 Israel-related sites and deface them. Even though web servers are seldom connected to other security-relevant services, the general public does not know this. Therefore, the damage to the image of the respective agency is the same. Furthermore, if a hacking attack is successful on a server actually carrying relevant data, a terrorist could make use of such a situation. For example, terrorists could attempt to steal or irreversibly damage vital data, such as the Social Security database, financial institution's records, or even secret military documents. Older and even more recent attacks have shown that even top-secret military computers and sensitive nuclear research centres are not immune against all attacks. Therefore, such scenarios are threats that need to be considered.

However, those cases in which the attack does not become publicly known are even more dangerous. In the Internet, many tools that can be used to exploit known security vulnerabilities are freely available. If, for example, by means of defacement, it becomes known that such a weakness has been exploited, the security hole can be fixed and another attack based on the same weakness prevented. If, however, a custom-made attack has been launched, it will not be detectable by any scanner available on the market. In one case, for example, a security company prepared USB sticks with a custom-designed, newly developed Trojan horse that could not be detected by virus scanners. Twenty of these sticks were "lost" on the premises of a credit union. Of these, 15 sticks were found by employees – and promptly connected to the company network where the Trojan started to collect passwords and other valuable information and emailed this data back to the creators. Such an attack would be a powerful way for a terrorist organization to start counterespionage. The same is true for so-called "Zero-Day exploits. These are exploits that are not yet known to the manufacturer (or, in some cases, to anyone else). Therefore, neither patches nor bug fixes are available against these attacks, nor can virus scanners detect them. In particular, the fact that it is not known at all that the security systems are being violated makes such an attack especially dangerous. Zero-Day exploits do not have to be developed by terrorists themselves. Instead, a black market has evolved that has the potential to put these dangerous instruments into the hands of all interested parties. Finally, custom-made Trojan horses could also be implemented via legal channels. In the year 2000 for example, Japan's Metropolitan Police Department used a software system to track 150 police vehicles, including unmarked cars. It turned out that this software had been developed by the Aum Shinrikyo cult – the same group that gassed the Tokyo subway in 1995. Additionally, members of this cult had developed software for at least eighty firms and ten government agencies. This was possible because the software developers were engaged as subcontractors, thus enabling personnel clearance of the subcontractor to be easily circumvented.

 2.7.3 HYBRID ATTACKS

Besides, the established ways of rendering a system inaccessible, hybrid attacks are also being discussed as ways to cause the greatest possible damage. To carry out a hybrid attack, a classic bomb attack could be launched. At the same time, however, the communication devices of police or ambulances could be hindered by way of a DDoS attack, resulting in even greater losses and confusion. Many security specialists agree that this would be a likely scenario. The same idea is possible in another scenario that is aimed against national financial networks (such as Fedwire or Fednet). A hybrid attack against those networks or against transfer networks such as SWIFT would be able, it is said, to wreak havoc on the entire global economy.

2.7.4 PHYSICAL DAMAGE.

When a system is being attacked either by a large-scale DDoS or a specialized hacking attack usually only the system itself is affected. However, in some settings physical damage can also occur. This can be achieved mainly by a manipulation of SCADA systems. SCADA ("Supervisory Control And Data Acquisition) systems are used to measure and control other systems. In many cases, these systems are connected to the Internet in one way or another. Even though, for security reasons, this is not advisable, the need to cut costs and the ability to remotely control several SCADA-systems centrally instead of having one person control one system on-site increases the interconnectivity of such systems. However, each system that is accessible to legitimate users through the Internet is also the potential victim of an illegitimate hacker.

Additionally, many control systems are based on the Windows- and Unix operating systems. In this way, publicly known security weaknesses in these operating systems can be exploited in these control systems. The power-down of energy systems in 2003 in the United States and Eastern Canada impressively demonstrated their dependence on SCADA systems and the hard-to-understand interdependency of linked computer systems. Even though 21 power plants were brought down, the reason was not a terrorist or even purposeful attack. Instead – as far as is publicly known – it was a mere coincidence that these systems were shut down by the W32.Lovsan worm: this worm was using the same port to exploit a weakness on individual personal computers that was being used by the plants to communicate with each other. However, had this weakness been known to terrorists, the same result – 60 million households without electricity – could have been initiated by a criminal organisation. Finally, a combination of the above-mentioned DDoS attacks and SCADA systems of critical infrastructure could lead to considerable physical damage. .

 

 2.7.5 ATTACKS ON HUMAN LIFE

The attacks described in the previous part can likely cause severe damage. However, in general, no human lives would be endangered. Therefore, it is questionable whether such attacks are an interesting option for terrorists. Even though the power cut of 2003 in the United States was caused by a computer worm, no panic erupted, there were only a few injuries, and hospitals and emergency services continued to function properly. The security hole was subsequently fixed, so a second attack based on the same weakness is not likely. From a terrorist's point of view, attacks are more interesting and efficient if they cause fear in the public and the possibility of repeatability at any point in time seems highly likely. This is especially the case if human life can be endangered or the attack results in other kinds of physical harm.

3. RESEARCH METHODOLOGY

This chapter discusses the research methodology used to understand the possible threat of cyber terrorism in Mauritius. This includes the population and sampling, survey instrument, data collection method, tests performed on the data collected as well as problems encountered. The research is based on an empirical study done through a questionnaire survey method. The questionnaire is developed based on literature review and the problem statements.

3.1 POPULATION AND SAMPLING

A population of fifty respondents were selected which are professionals from the Law Enforcement and computer security as well as IT students at the Masters level. The targeted population was chosen due to the fact that they have a direct link and knowledge in the field of cyber terrorism.

Law Enforcement Officers were chosen because they will act as investigators in the event of a cyber terrorist attack. Moreover, those targeted have either followed specific courses in Anti Terrorism both locally and abroad in highly reputed Anti Terrorism Organisations. In the same breadth, computer security professionals were chosen because they are aware and always updated of the various types of threat looming ahead. Additionally, they are the one who design strategies to prevent their systems from being compromised. They were from both the private and public sector from an array of different sectors of Mauritius. Lastly, IT students at Masters Level from the University of Technology and University of Mauritius were chosen as cyber terrorism is a new concept which they almost all students at their level must be familiar with. The sample table is provided as follows:

Table 1

Population

Sample

Response Rate

50

42

84%

3.2 DATA COLLECTION

All the questionnaires were sent individually through post and email to the chosen population accompanied by a covering letter. The Letter laid emphasis on the purpose of the study. The respondents were assured that data collected would be kept confidential and that the questionnaires would be destroyed after analysis.

The survey period lasted for two weeks. Once the questionnaires were sent, respondents were contacted through phone and politely requested to give an attention to the survey. This explained the high rate of response.

3.3 THE LIMITED POPULATION

Only fifty copies of questionnaire were sent for this survey. This is mainly due that cyber terrorism is not well known as a concept to Mauritians. Moreover, time was a major constraint for this study and its mainly for that reason that this limited number of population was chosen.

3.4 STATISTICAL METHOD

SPSS (Statistical Package for the Social Science) 17.0 for windows was used to conduct data analysis. The Descriptive statistics were mainly used for analysis of the survey result which is discussed in the next chapter.

3.5 STRUCTURE OF QUESTIONNAIRE

A copy of the final questionnaire is attached at appendix I. The questionnaire is simple and can be easily understood by anyone wishing to attempt it.

The questionnaire has a total of seventeen simple questions where fifteen of it are closed ended one. Respondents are asked to choose from a list of preset options. The remaining two are open ended where respondents are asked to specify in relation to answers given in the precedent question. The questions relate to the understanding of IT knowledge and about cyber terrorism and its impact.

4 DATA FINDINGS

4.1 DESCRIPTION STATISTICS

Out of 42 respondents for the survey, 36.2% represents professionals who work as computer security expert. The Law Enforcement officials represent 21.3% and the Students at Masters Level at 31.9%. This is projected in the table below. (Table 2)

Table 2 Category of Respondents

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Computer Security

17

36.2

40.5

40.5

Law Enforcement

10

21.3

23.8

64.3

MSC STUDENTS

15

31.9

35.7

100.0

Total

42

89.4

Missing

System

5

10.6

Total

47

100.0

Most of the respondents reply shows that they are aware of the difference between cybercrime and cyber terrorism. Out of the forty two respondents only 19.1% could not differentiate about cyber crime and cyber terrorism. This is reflected in the table below.(Table 3)

Table 3 Cyber terrorism and cyber crime difference aware

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Yes

33

70.2

78.6

78.6

No

9

19.1

21.4

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

According to the table below, high internet connectivity in Mauritius attracts cyber terrorist.More than 78.7% of the Respondents strongly agree to that statement. This is represented in the table below.(Table 4). In the same breadth 51,1% of the respondents strongly agree that even through mobile phones there can be cyber terrorism attack which is reflected in table 5. Moreover, more than 46% agree that virus and worms can be used by cyber terrorist for attacks. This is represented in table 6.

Table 4: Mauritius High internet connectivity and networking attract cyber terrorist

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Agree

5

10.6

11.9

11.9

Strongly Agree

37

78.7

88.1

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

Table 5: Attack Through mobile

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Agree

18

38.3

42.9

42.9

Strongly Agree

24

51.1

57.1

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

Table 6 Attack Virus/Worm

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Agree

22

46.8

52.4

52.4

Strongly Agree

20

42.6

47.6

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

According to the findings of the data, the respondents believe that cyber terrorism represents a serious threat for Mauritius. As such more than 70% are of the view that Mauritius is vulnerable to cyber terrorist attack. This is represented in the table below. (. (Table 7)

Table 7 Mauritius Vulnerability to cyber terrorist attack

.

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Yes

33

70.2

78.6

78.6

No

9

19.1

21.4

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

Terrorist’s organization normally targets key critical infrastructure for the accomplishment of their mission. In this survey, more than 80% strongly believe that key critical infrastructure in Mauritius are vulnerable and can be targeted by cyber terrorists. This is shown in table 8 at hereunder.

Table 8 Key infrastructure vulnerability

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Strongly agree

35

83.3

83.3

83.3

Agree

7

16.7

16.7

100.0

Total

42

100.0

100.0

In answer to the survey question as to whether a possible cyber terrorist attack will have an impact on the economic climate of Mauritius, the answer was the same for those who agree and those who strongly agree. In fact, 44.7% strongly agree and the same percentage, that is 44.7% agree that a possible attack of cyber terrorist could have an economic impact in the country. This is shown in table 9 below.

Table 9 Economic Impact

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Agree

21

44.7

50.0

50.0

Strongly Agree

21

44.7

50.0

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

The Table 10 indicates that cyber terrorism will have a negative economic impact in the country.

Table 10 Negative Economic impact

Frequency

Percent

Valid Percent

Cumulative Percent

Valid

Low

3

6.4

7.1

7.1

Moderate

14

29.8

33.3

40.5

High

25

53.2

59.5

100.0

Total

42

89.4

100.0

Missing

System

5

10.6

Total

47

100.0

5 ANALYSES AND INTERPRETATION

5.1 DIFFERENCES BETWEEN CYBER CRIME AND CYBER TERRORISM

The statistics from the survey has proved that respondents are more than knowledgeable in differentiating between cyber crime and cyber terrorism. This is against all odds as both crimes make use of computers and other information technologies to achieve their aims. The only difference is that cyber terrorism carries with it an element of terror. This can be explained by the professional background of the respondents. In fact, almost all the three categories of the respondents, that is, Law Enforcement Officials who have followed courses in anti terrorism, Computer Security Expert who by the nature of their duties must be aware of cyber problems and Masters Students in Information technology, by virtue of their field and level of study must also be updated as to cyber problems.

5.2 HIGH INTERNET CONNECTIVITY

It has been observed from the analysis of the data collected that high internet connectivity attract cyber terrorist. In fact more that 70% of the respondents strongly perceive that this is the case. This can be explained that In Mauritius most of the emerging industries and businesses want to have an international visibility and are also dealing with their customers online. This permanent connectivity to customers and international visibility make them vulnerable to cyber terrorism attack. There is an array of possibilities available to criminals like sending viruses and worms through the internet to compromise the system of any organization or Government institutions. There have been several cases in the world and even in Mauritius where the website of the National Computer Board was defaced. A high internet connectivity removes the shield of protection of the country or organization and gives the attacker a princely welcome to enter the system. This is why high internet connectivity is considered as honeypot, in the true sense for cyber terrorist. Moreover, research has proved that one of the main reason Estonia has suffered a cyber terrorist attack was its high connectivity to the internet.

5.3 MAURITIUS VULNERABILITY TO CYBER TERRORISM

In relation to the vulnerability of Mauritius to cyber terrorism, more than 70% of the respondents believe that the Island is vulnerable. This is in line with the literature in the research carried out by Thornburgh et al (2005) and Jonathan Matusitz & Gerald-Mark Breen who advocated that US and other developing countries have been attacked and that other countries also will be in the line of attack of cyber terrorism. An analysis of the targeted countries provides some similarities to that of Mauritius. These countries all have high internet connectivity, all have key critical infrastructure such as a looming financial sector, ports and airports and outsourcing business like Estonia. Moreover, though Mauritius is positively advancing in matters of IT security, not much of its work force is aware of the importance of computer security and consequences of a cyber terrorism attack.

5.4 VULNERABILITY OF KEY CRITICAL INFRASTRUCTURE

As far as key critical infrastructures are concerned, a great majority of the respondents believe that the key critical infrastructures which are port, airport, public utilities (power plant, water, electicity), financial agencies and communication system can be seriously targeted and compromised by cyber terrorists. In fact, more than 83% of the respondents are of the view that these mentioned critical infrastructures can be attacked by cyber terrorists. This can be explained again by comments made Jonathan Matusitz & Gerald-Mark Breen as well as by Thornburgh et al in the previous section. The same reasoning applies here.

5.5 ECONOMIC IMPACT IN CASE OF CYBER TERRORISM

In the event of a cyber terrorism attack, the economic climate of the country will be affected. In fact, the percentage of those who agree and those who strongly agree that the economy of the country will have an effect in case of a cyber terrorist attack is the same, that is, 44.7%. However, further analysis, demonstrates that respondents have a serious apprehension for the economy of the island in case of cyber terrorism attack. As such, more than 53% of the respondents believe that the economy will suffer from a serious setback in the eventuality Mauritius is targeted by cyber terrorists. Moreover, 29.8% believe that the negative impact on the economy will be moderate and only 6.4 % is of the view that low negative effect will result in the economy.

The reasons why the percentage who think that the economy will be highly impacted negatively is clearly explained in the literature review. It is mentioned that fiscal losses resulting from all sorts of cybercrime has cost businesses more than $ 48 Billion annually. Moreover, only in 2005, it has cost consumers more than $ 680 Million. Mauritius being a developing economy heavily dependent on Information technology (second pillar of economy) will in fact be negatively affected, In the event, this happen investors will hesitate to develop new business in the country. This will affect foreign direct investment and subsequently reduce the economic growth.

6. RECOMMENDATIONS.

Cyber terrorism has become a global threat. Mauritius must prepare itself to deal with this problem. The chosen solution to this problem must involve the legal, social, political and economical aspects.

At the level of legal aspect, the country must come up with more stringent legislations that discourage any actions from insiders either in organizations or local population. The legislations will lay the path for the development of an appropriate framework to deal with the problem of cyber terrorism.

Cyber terrorist operates across borders. They are in one country and their chosen target is remotely situated at times from two different continents. The attack that USA faced from Titan Rain as described by Thornburgh (2002) is a classic example. In that respect treaties must be signed with other nations around the world. These treaties will provide for mutual support in terms of sharing of information on cyber terrorists as well a means to enforce International Law.

At the political level, there must a coordination of effort from the Government as well as from other stakeholders to come up with an appropriate defensive strategy to counter this problem. This strategy will automatically lead to the establishment of an appropriate framework for an Anti cyber terrorism cell or organization. As such necessary resources should be made available to a research team for further research in this field.

For a solution to be more efficient and effective, the involvement of the local population is necessary. In that respect, the social aspect of the solution should be catered. For instance, the local population should be informed about the risks associated with cyber terrorism. They should be informed that online surveillance would be carried out by competent authorities for the benefit of the country and its population. As such, seminars, interactive sessions should be organized with the different categories of the population.

As regards the economy which is to be also associated with security, proper measure should be taken to have a comprehensive cyber security audit for all the critical infrastructures. This will help in identifying vulnerabilities and taking appropriate measures for their remedy. As such designing and implementing stringent access control systems and encryption standards as well as increasing the technical capabilities to prevent any possibility of cyber terrorist attack .In that respect, users at commercial organizations, Government/ministries and all other workforce sector where there is the existence of a computer system should be educated as to the risks and consequences of an attack.

7 CONCLUSIONS

Cyberspace has surfaced as a probable means for terrorists to operate in the furtherance of their aims and objectives. However, the use of cyberspace without the element of chaos, fear and violence does not amount to cyber terrorism based on the various definitions in this study. This study for its completion has ploughed through various researches in th