The History About The Cyber Terrorism

Published Date: 02 Nov 2017

—National Research Council'

INTRODUCTION

You are living peacefully in your Paradise Island and then suddenly, there is a collision in the sky between two planes preparing to land at the Airport due to an attack In the air traffic control system. At the same time there is sudden change in pressure in the gas lines at the storage area causing valve failure which lead to massive explosion in the Port area. Both the air collision and explosion of the gas storage system cause enormous damage to infrastructure, massive loss of life and injury as well as chaos in the country. The emergency services are still thinking on how to respond that within minutes there is a major attack on the electrical grid of Central Electricity Board bringing with it a total disruption of the power supply in the country. This lead to complete dysfunction of all the traffic lights in the country which causes massive traffic jam where everybody is horning to move forward. This is not a trailer for a new movie but a possibility of cyber terrorist attack in the country. Yes, all these key infrastructures can be targeted one day by Terrorist Organisations in the future. This is what we called Cyber Terrorism, a new type of threat facing countries which are heavily dependent on internet and networking for its advancement.

Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood to

mean unlawful attacks and threats of attack against computers, networks, and the information

stored therein when done to intimidate or coerce a government or its people in furtherance of

political or social objectives. Further, to qualify as cyberterrorism, an attack should result in

violence against persons or property, or at least cause enough harm to generate fear. Attacks

that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe

economic loss would be examples. Serious attacks against critical infrastructures could be acts

of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that

are mainly a costly nuisance would not. (Denning, 2000).

The world is consistently evolving. Some years back, we were talking about globalisation, where the world was considered as a global village. Nowadays, we are talking about computerization, information technology and internet where the Globe has become boundaryless. There is instant 3G to 4G communication in almost all part of the world. Internet has facilitated commerce, communication but it has also carried with its evil sides which are termed as computer crime. This type of criminal activity involves making use of computers and its derivative to commit offences of criminal nature such as phishing, hacking, cyber stalking amongst others. Cyber terrorism is another type of computer crime which is committed by making use of computers and internet.

Data and information are the biggest assets for Individual, Organisations and countries. Data and information may include sensitive information on national security, economy and other key infrastructures. With development in internet and networking, data and information are exchanged and communicated instantly as well as consistently over the air. Risk of losing these data and information are omnipresent. Storage and security of data has been the subject of many researches for the past years. In that respect, latest state of the art strategies are developed, tested and implemented on a regular basis to prevent data from being compromised. Cloud computing is the latest in the field of storage and security. Despites several studies in this field, coupled with new form of Security, data are still being stolen and compromised. Protecting these key data and information has become one of the biggest challenges these days for organizations and countries around the world. New policies and measures are applied and updated to keep the CIA triad unreachable and unbreakable. Despite all these new and modern protective measures, modus operandi of offenders are also changing in their negative roles. Nowadays, new computer crimes are being committed which can mainly be classified as phishing, hacking, cyber stalking amongst others. These types of computer crimes are committed most of the time for financial gain.

Mauritius dependency on network and internet has greatly increased recently due to its socio economic development and its reliance on Information Technology as forth pillar of the economy. Nowadays, in all sphere of life from domestic to state owned enterprise passing through commercial activities to education, computerization and its infrastructures are important keys and stars for success. This utmost reliance on information technology as an important pillar of the economy has made the country like any other country in the same situation as ours, vulnerable to cyber threat. One of the threats which have to be taken seriously in this context is cyber terrorism.

Cyber Terrorism is a new form of terrorist activity. But by making use of computers, keyboards and networks to achieve may be greater effect than traditional terrorist attacks. Many agencies specialized in combating cyber crimes have tried to come up with a definition of Cyber terrorism by linking or comparing it to terrorism. For its part, the FBI has defined terrorism as the unlawful use of force or violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Cyber-terrorism can be the use of computing assets to threaten or force others. An example of cyberterrorism could be hacking into a hospital computer system and changing someone's medicine prescription to a lethal dosage as an act of revenge. It sounds far fetched, but these things can and do happen.

RESEARCH QUESTION

The main research question for this paper is ‘Are the key critical infrastructures of Mauritius vulnerable and a potential target for Cyber Terrorist?’

PROBLEM STATEMENT

Mauritius high internet connectivity makes it vulnerable to cyber terrorism

Mauritius key critical infrastructures are vulnerable and can be the target of cyber terrorist

Cyber terrorist attack can cripple down completely the economy of Mauritius

Appropriate defensive strategy can mitigate the risk of cyber terrorism

RESEARCH OBJECTIVES

The research objectives that will be catered for will be the path towards the completion of the research and are as follows:

Demonstrates that Cyber terrorism is the new trend of crime used by cyber criminals

Establish that Cyber terrorism is a potential threat for Mauritius

Indicate that key infrastructures of Mauritius can be targeted by Cyber terrorist.

Assess how far Cyber terrorist can undermine completely the economy of a country and its National security

Formulate Strategic Policies to defend Mauritius against Cyber terrorists

2. BACKGROUND

The background of this present topic which is cyberterrorism in relation to other terrorist actions are elaborated in view of other computer and network related crime. It serves to provide a context to this current problem. Cyber terrorism encapsulates together two different ideas that is, firstly making use of cyberspace and bringing about a reign of terror. It puts forward how computer and information technology can be used to assert extremist

Cyberterorism englobes two basic principles: cyberspace and terrorism. William Gibson (1982) defined Cyberspace as the virtual space created by interconnected computers and computer networks on the Internet. It is a conceptual electronic space unbounded by distance or other physical limitations. Merriam Webster Dictionary defined Terrorism as the systematic use of violence to create a general climate of fear in a population and thereby to bring about a particular political objective. It has been used throughout history by political organizations of both the left and the right, by nationalist and ethnic groups, and by revolutionaries. Although usually thought of as a means of destabilizing or overthrowing existing political institutions, terror also has been employed by governments against their own people to suppress dissent. Cyberterrorism therefore, is the use of cyberspace to commit terrorist activities for the benefit of the one in control.

There is an inter relationship between cybercrime and cyberterrorism. The main relationship is that both make use of computers and network technologies to achieve their objectives. The difference between cyber crime and cyber terrorism is that in the latter violence, fear is used to achieve political or social benefit. Thus, it could be argued that only illegal actions that makes use of computers and networks as their targets would be considered as cyber terrorism. Computers, internet technology and network use alone cannot be classified as cyber terrorism. There must be the element of fear, threat and possible violence for a particular cause associated to it. As such, the sending of a virus to cause the damage to the memory of a gas storage station and by extension causing explosion is different to that of sending an email virus that sends out spam mail to a user’s address book members. The key A critical factor in differencing cyberterrorism to that of other possible cybercrime activities is the intention or the state of mind (Mens Rea) of the perpetrator and taking into account the nature of the criminal actions perpetrated.es. The object of provoking large-scale terror with accompanied political and social motive or benefit needs to be an inherent part of a cyberterrorist attack. Therefore, various computer and network related activities support cyberterrorism at an implementation level but the high-level objectives may differ from normal computer and crime (for example causing annoyance, economic loss, fraud, espionage, etc.) Actions taken in response to an attack are not considered criminal if they are carried out in a defensive (and not malicious) capacity only. For example, police officers sometimes have to take offensive action to bring down a violent criminal. So too the defence industry has to take retaliatory action in order to prevent further damage to systems.

Cyberterrorism can be viewed as acts of terrorism carried out through computer, networks and cyberspace. In a similar manner, cyber crime can be considered criminal acts that are committed by using computer resources, tools and environments. Cyberterrorism acts form part of cybercrime- when the action crosses legal boundaries. Both cyberterrorists and cybercriminals will use knowledge of security and hacking to electronically leave an impact, but the underlying goal might differ. Whilst cyberterror tries to cause a political change and targets innocent victims through computer-based violence or destruction, cybercrimal activities aims have an economic gain from individuals and companies by carrying out fraud, id theft, blackmail, and other computer attacks and exploits (Lachow 2008). A cyberattack or crime needs to have an element of ""terrorism" (threats, disturbances or infliction of violence) in order to be considered cyberterrorism. Athough, cyberterrorism may seem as a more indirect approach to launching an attack, a critical consideration is the terror that is generated from a potential attack. The intent of the attack will be the typical terrorist objective to cause/threaten violence or promote a social/political viewpoint. For example, consumers are petrified at the idea of a critical system like the rail lines or power station going down. Fear is a critical aspect of terrorism and though it may not seem as cyberterrorist acts are as violent as their physical counterparts, the implication of consumed fear and terror should be undermined. Thus, the psychological edge that is to be gained by keeping a nation in constant doubt and anxiety is a huge payoff for terrorists.

Brett Pladna (2008: 5), Information Security Specialist, also admits that it is often not an easy task to make a distinction between computer network attacks performed by terrorists and cyber-crimes done by hackers. This is so because the attacker, whoever that is, always tries to exploit weak spots in the system regardless of the essence of the real motives. Nevertheless, there are certain trends that can help in making a clear difference between both acts. For instance, in most of the cases of terrorist computer network attacks, the terrorists’ actions have been focused on website defacement and email bombing.

Possible Cyberterrorist situations envisaged by Collin (1997) include :

• Altering the iron supplement level in a cereal manufacturing plant such that it poisons and kills all that consume the unsafe levels

• Modifying the formulas of medication at pharmaceutical companies. This could result in an enormous loss of life

• Gaining control of air traffic control systems and cause aircraft to crash into each other. The same could be applied to rail services

• Disrupting the services of financial institutions thus causing citizens to lose confidence in the economic systems

Pollitt points out the discrepancies that could prevent the first two scenarios from materialising (1998). He argues that since such minimal quantities of supplement level is added to cereal; the necessary quantity to poison a person would be incredibly substantial. Furthermore, such increased consumption would be noticeable, when the supplement supplies ran low unnecessarily. Also routine product testing would detect such an abnormal quantity of an active ingredient. A similar argument could also be applied to the second scenario of modifying the formulas of medication. Pollitt also disputes that the entire human element and structuring of air traffic control rules would be overlooked were a terrorist to gain control (1998). Pollitt explains that computers in air traffic control provide information and do not actually control the aircraft (1998). Pilots are trained to use their situational awareness and thus taught to be aware of position as well as approaching aircraft. Rules are also meant to ensure smooth operation should no air traffic control be available.

However, in April 2007, a series of cyber attacks was launched against the Estonian state. The targets included the Estonian parliament, banks, ministries, newspapers and broadcasters (Von Solms 2008). The execution of such an onslaught left a state without the availability of critical services including the presidency and parliament, government ministries, news resources, banks and communications. The incident is indicative of the probability of such attack and the inconvenienced conditions that was left in its wake. The case is often carefully studied to understand the circumstances that led to its materialisation and furthermore how the situation can be prevented.

Cyberterrorism can thus be seen as a relevant threat due its strong relation to computer and network crime. However, a closer inspection of the role that is plays will provide a better understanding of the pertinent forces and domains of operation. The application and significance will be better revealed through a more detailed study of the field. The rest of the paper will therefore look at placing the area of cyberterrorism in

Threat Analysis: Use of the Internet for Terrorist Purposes and Cyberterrorism [1] 

The threat analysis in this chapter is therefore based on an analysis of cybercrime- and cyberterrorism literature as well as on specialized security reports and everyday news reports. This broad approach was chosen to obtain an expanded view, not only of the real occurrences of cyberterrorism and other uses of the Internet, but also of possible future forms of utilization.

The most commonly discussed use is a terrorist attack carried out via the Internet. Such an attack could be directed either at other IT-infrastructures, such as computers, servers, and routers or at objects in the "physical world," such as buildings, planes, trains, or even human life. Apart from such IT-based attacks, terrorists can use the Internet to disseminate content to the public. Since Internet connections are widely available and offer various advantages over conventional communication, terrorist organisations can put them to use: for example, to communicate with the public in order to present terrorist point of views or disseminate threats, to find new supporters, and/or to distribute information to followers. Finally, the Internet can also be used for other purposes. Not only does it enable terrorists to engage in confidential communication among themselves, it also contains a multitude of information that was hard to obtain in former times. Satellite images and construction plans − even for complicated designs − are freely available through the Internet. Therefore, the Internet as a planning instrument and as a tool for internal communication and preparation will be another focus in the following analysis of threats posed by terrorists and their use of the Internet

A.  Attacks via the Internet

The Internet is just as available for terrorists and terrorist organisations as it is for anybody else. In addition, cybercrime, i.e., criminal acts committed with the help of computer networks, has been common since the early days of computer technology. Therefore, the possibilities cybercrime has to offer can also be committed with a terrorist intent. Terrorists, however, have not yet claimed responsibility for any concrete acts. [2] Additionally, the digital traces often do not allow investigators to determine whether the reason for the breakdown of a system was a mere system failure or the result of a purposeful attack. Even if an attack seems highly likely, it is not possible to determine with certainty whether it was the result of the purposeful aggression of a terrorist group or an arbitrary experiment by a ten-year-old schoolgirl who tried out a program she found while browsing the Internet. For this reason, some authors have claimed that, up to now, not a single instance of cyberterrorism has been recorded. [3] \

However, the threat of cyberterrorism and the other uses terrorists could make of the Internet do not remain either unreal or unrealistic. Since information on how to manipulate or misuse Internet services is widespread and often publicly available, not only security specialists but also terrorist organisations can gather such information and put it to use. Furthermore, the use of Internet-based attacks would seem to be highly attractive for terrorist purposes for the following reasons: Attacks can be launched from anywhere in the world. An Internet connection is available at most locations or can be initiated from most up-to-date mobile phones;

– Attacks are quick. Especially in cases of Distributed Denial-of-Service (DDoS) attacks, but also in many other scenarios, the attacker is not dependent on a fast Internet connection. Instead, he or she can exploit the connection speed of the victim. Worms and viruses can spread at the fastest possible rate without the need for any further involvement of the attacker;

– Since actions on the Internet can be disguised by anonymizing services or using similar camouflage techniques, in many cases it is extremely difficult to trace evidence back to the true perpetrator;

– Finally, use of the Internet is cheap. In most cases, only a small bandwidth connection is needed, which is highly affordable in most countries. Damage that can be caused via the Internet, however, an be very costly: IT-experts need to be involved constantly in order to fix newfound security flaws, and, if cases involve physical damage as well, these costs are additionally incurred.

The aim of such assaults can either be to gather protected information or to sabotage the system or data contained within the attacked system. Another aim can be to manipulate a physical infrastructure whose operation is controlled by an IT-system. However, in most – if not all – of these cases, it is not known whether terrorists have also made use of these possibilities. So, to a certain extent, it is necessary to speculate on which possibilities terrorist organisations would have if they were to accumulate knowledge themselves – or if they were able to hire security specialists to launch such attacks on their behalf.

1.  Attacks on Infrastructure

The first group of attacks consists of those directed against infrastructure. In general, IT-based attacks are directed against other IT-infrastructures, resulting in a violation of IT-systems or -data. However, since an IT-infrastructure often controls other (physical) infrastructures, these digital attacks can have an effect on "real world objects" as well. These attacks are basically the same as those launched by "common" cybercriminals, but with a terrorist interest or intention. This part will therefore first address the terrorist objectives and aims behind attacks on IT-infrastructure (a). It will then analyze different types of IT-based attacks against infrastructure (b).

a)  Aims and objectives

When looking at the aims pursued by terrorist attacks on an IT-infrastructure, various objectives can be distinguished: [4] 

– By circumventing security measures, attackers can corrupt the integrity and confidentiality of computer systems and data;

– By rendering systems useless, a loss of availability can be caused. This can lead to serious results, especially if mission-critical IT-systems are affected;

– Finally, if IT-systems are connected to other critical infrastructures, such as transportation, power, or water facilities, physical harm apart from a loss of integrity of the system itself can be the result.

However, these are only primary objectives. In contrast to a common hacker or cybercriminal, a terrorist typically takes a long-term perspective. [5] In order to achieve his or her goals, a terrorist pursues an underlying agenda when committing attacks on IT-systems. Upon a closer look, three different aims can be identified: the causing of economic confusion, the discrimination of the opponent, and the generation of monetary income for the terrorist organisation. Economic confusion and the discrimination of the opponent both aid in establishing the aforementioned long-term goal, whereas the generation of monetary income is often needed to keep the organisation running, to buy food for members, or to produce information materials for followers.

The first two aims, economic confusion and the discrimination of the opponent, are closely linked to one another. Both intend to show the vulnerability of industry and state security and the lack of technical knowledge of the other party. At the same time, successful attacks demonstrate the competence of the attacker and thereby create fear on the part of others who are also vulnerable to similar attacks.

However, as far as cybercriminals are concerned, such publicity is often considered undesirable. This is especially true if attacks are launched with the intent of gathering information rather then destroying resources. [6] In these cases, terrorists might also prefer not to claim responsibility for a successful attack. However, even in cases of destructive attacks, terrorists might choose to remain incognito for two reasons. First, if it becomes known that a certain incident was the result of a hacking attack by terrorists, pity and solidarity for the victims might be the result. However, if the impression arises that a breakdown was the result of technical incompetence, a lack of trust would be the outcome. [7] Therefore, terrorists – in some situations – might have an interest in not "showing their faces" when attacking digitally. A second aspect is that public knowledge of cyberterrorist attacks might result in an increased security level in many areas, making successful aggressions even more difficult to achieve. An unknown source of mysterious breakdowns, however, could instead lead to greater fear that could, in turn, be exploited by terrorist intents. [8] 

Attacks with an Immediate Outcome

Most of the attacks that are aimed at critical infrastructure have an effect that is immediately noticeable. Additionally, none of the scenarios that are described

below have – as far as it is known to the public – taken place yet. Nevertheless,

many authors see them as realistic possibilities that could be taken into consideration

by terrorists, because their outcome is more direct and visible than most of the pure

attacks on IT infrastructure described above. Furthermore, they almost guarantee

what is important to generate fear within a population: extensive news coverage

with impressive picture material. As such, mainly three scenarios are discussed in

the literature: attacks on hydroelectric dams; tampering with control systems,

especially for railways or air traffic; and taking over control of power plants.

Attacks on Hydroelectric Dams

Probably the most discussed scenario of cyberterrorism with an immediate danger

for human lives is an attack on a hydroelectric dam. A perpetrator could gain access

to a control system and remotely open the floodgates, thereby endangering the

areas and inhabitants behind the gates. The consequences of (accidentally) damaged

dams could be observed in the past, e.g. when, in 1975, the Banqiao and

Shimantan dams on tributaries of Hang He (Yellow) river in China failed. Dozens

of lower dams were damaged and at least 85,000 people died (Gleick 2006) . Today,

security measures at most dams probably would prevent such extreme results.

However, if terrorists were able to control a dam, e.g. by hacking into the SCADA

system controlling it, a deliberate opening of the floodgates could put hundreds or

even thousands of people at risk.

The danger of dams connected to SCADA systems could be observed especially

in two scenarios. In the first scenario, an individual was able to break into the computer

system that runs Arizona’s Roosevelt Dam. Although some details of the

attack are being disputed (for details, see Brunst 2008) , the fact alone that the

2 Terrorism and the Internet 67

Roosevelt dam was compromised is sufficient to show the danger of a terrorist

attack. The second case concerns a case that took place in the year 2000 in

Queensland, Australia. There, the culprit was able to manipulate the control system

of the sewage treatment facilities over a period of 2 months, letting hundreds of

thousands of gallons of putrid sludge ooze into parks and rivers. According to an

employee of the Australian Environmental Protection Agency "marine life died, the

creek water turned black and the stench was unbearable for residents". In the

concrete case, the motive of the perpetrator was not to generate fear in the public.

The damage was caused "only" to bargain for a consulting contract to fix the problems

he had caused (Gellman 2002 ; Giacomello 2004) . However, the case also shows the

potential a terrorist would have for bio-related terrorism, i.e. causing illness or

death not only in people, but also in animals or plants (for further details on the

threat of bioterrorism see Centers for Disease Control and Prevention 2007 ;

Committee on Water Systems Security Research 2007 ; Leitenberg 2005) .

Attacks on Traffic Control Systems

In the attacks of 9/11, the hijackers impressively and horrifically showed the amount

of damage that they could do with airplanes under their control. It is easy to imagine

the possibilities and the fear that would be created if terrorists were able to gain

control over airplanes or airport control systems without actually being on board.

In 1997, for example, a juvenile was able to access the communication systems

of Worcester, MA airport. The action disrupted the telephone service to the Federal

Aviation Administration Tower at the airport, the Airport Fire Department, and other

related services such as airport security, the weather service, and various private

airfreight companies. Furthermore, the main radio transmitter and the circuit that

enables aircraft to send an electronic signal to activate the runway lights on approach

were disabled (Berinato 2002 ; Cilluffo 2000 ; Testimony of FBI Deputy Assistant

Director Keith Lourdeau on "Virtual Threat, Real Terror: Cyberterrorism in the 21st

Century" 2004). Fortunately, no accidents were caused by the attack.

The incident, however, shows the vulnerability of modern transportation

systems. Therefore, not only airports and airplanes (which are usually quite well

protected), but also train systems are the focus of the discussion. In a worst-case

scenario, colliding trains or airplanes could possibly cost hundreds of lives (Giacomello

2004 ; Weimann 2005) .

Attacks on Power Plants

The scenario that probably causes the most fear is a manipulation of power plants,

especially of nuclear power plants. A similar danger is expected from intrusions into

military missile control centres. Although these premises should count as areas with

the highest protection and control density, authors still see a possibility for terrorist attempts (Foltz 2004) . Furthermore, the massive breakdown of nuclear power plants

in 2003 that was described above (see the section "Technical Background") clearly

shows that even these systems are vulnerable to cyber attacks.

According to some organisations, the fiscal losses resulting from cybercrime attacks are costing businesses $ 48 billion annually and cost consumers $ 680 million in 2005. [9] These numbers would increase rapidly if terrorist attacks aimed at causing maximum damage were to take place. However, in order to create economic confusion, more targeted aggressions are necessary. In a potential scenario, terrorists could combine the distribution of information to investors about an upcoming attack, e.g., against a company, with a targeted DDoS attack [10] against a few major banks or stock exchanges. [11] The rapid spread of false business information and even a temporary blockage of communication could seriously damage the economy and – furthermore – could result in long-lasting consequences and lack of confidence in the reliability of financial services. [12] The results could be even more disastrous if they were to be combined with a classical physical attack on resources. Since institutions such as banks or stock exchanges are vital for the economic well-being of a country, they could be promising targets for terrorists.

This was already tested in 1999, when the group called "J18" invited people to plan individual actions focusing on disrupting "financial centres, banking districts and multinational corporate power bases." [13] The events were initiated as a protest against financial centers on the occasion of the meeting of the G8 in Cologne, Germany, and led to teams of hackers from Indonesia, Israel, Germany, and Canada attacking the computers of at least 20 companies, including a stock exchange and Barclays Bank. [14] Exposing the vulnerability of such institutions was also one of the outcomes of a war game of the U.S. Naval War College in 2002. It was discovered that the telecommunications infrastructure in the United States was hard to bring down because many redundancy measures had been implemented. However, this was not true for the financial system. [15] The financial funds transfer system (Fedwire) that exchanges money among U.S. banks and the electronic transactions network (Fednet), in particular, were found to have only one primary installation and three backups, all of which could easily be located with the help of the Internet – and therefore lend themselves to a targeted attack.

b)  Types of attacks

Four different types of attacks that could be interesting to terrorists can be distinguished. The first makes use of so-called bot-nets that can be instructed to administer large-scale attacks against targets. Tools and know-how for the acquisition and use of such networks are widely available and can also be put to use by terrorist organisations (1). The second type of attack does not operate on a large scale but uses conventional hacking techniques to gain access to specific computers (2). A third type of attack combines one of the aforementioned two types with a conventional bomb attack, thereby effectively cumulating effects in the virtual and physical worlds (3). Finally, a fourth type of attack also aims at the physical world: it manipulates IT-systems that serve as control systems (e.g., for railway or airport traffic) and is thereby able to cause damage, especially to physical goods (4).

(1)  Large-scale attacks

The first example of the use of computers to attack IT-infrastructure is the implementation of large-scale DDoS attacks [16] with the help of so-called bot-nets. [17] In these cases, viruses and Trojan horses are used to control other computers. These computers are turned into so-called "zombies" that are forced to report to a bot-net on a regular basis. These zombies are, in turn, controlled by a bot-master that instructs them, for instances, to send spam or forward thousands of requests to a particular site in order to make it inaccessible to its users. [18] Currently, bot-nets can also be being rented, that is, dubious companies can pay money to have spam sent by bot-nets. By doing so, these companies cover their tracks since the spam messages originate from thousands of different computers instead of from the company itself. In other cases, operators of bot-nets are paid to bring down competing businesses. [19] For a terrorist organisation, the operation of a bot-net could be highly interesting since, on the one hand, bot-nets can be rented to third parties as a source of income. On the other hand, they can also be used for their own terrorist purposes, e.g., sending emails with terrorist content (e.g., propaganda) or bringing down an opponent's (for example, government) sites. [20] Examples of this technique (executed either with bot-nets or by supporters) are the FloodNet attacks of pro-Israeli hackers that brought down Hizbollah's website [21] or the electronic attack carried out during the allied air strikes on Kosovo and Serbia in 2000 that completely disrupted the internal and external communications of NATO troops. [22] Even the thirteen root servers of the Internet domain name system (DNS) have been the targets of DDoS attacks. [23] 

With a view to the legal problems that result from DDoS attacks, it is important to stress that – as already mentioned above – the reason for or the motivation behind a DDoS attack cannot be determined. In 2001, for example, an online demonstration was launched against the German airline "Lufthansa" to call attention to the involvement of the company in the deportation of illegal alien residents. Over 13,000 people took part in this demonstration and opened the web page of the company at the same time. The Lufthansa server was unable to reply to the sudden peak of requests so that the web page was unavailable to customers during this time-frame. [24] Since – in this case – the company was informed about the campaign before it took place, it was aware of the reason for the downtime. However, Lufthansa customers not involved in the demonstration who attempted to access the web page could not know whether the error message was the result of a server problem, a (legitimate [25] ) online demonstration, or a criminal DDoS attack. [26] Had the operator not been informed, they would have experienced the same uncertainty: whether the failure is due to a terrorist attack or mere sudden increase in interest on the part of customers (perhaps due to media coverage) cannot be determined by IP-packets.

(2)  Hacking attacks

While the aforementioned large-scale attacks are a way to bring down a system and to suppress data flow, they do not enable access to protected data. If, however, a security weakness of a system can be exploited, access can be gained. This makes it possible either to shut down a computer or hinder its service in other ways, or to gain access to information that would otherwise be inaccessible. The hacking techniques used to access computers can also be used by terrorists to access and control government computers. [27] The hacking of web servers often results in so-called defacements, [28] in which the entry page of the website is replaced with another site that informs the user that the server has been hacked. Often, this replacement page is also used to give clues as to who the hacker was (by using nicknames), to send out greetings to fellow hackers, and also publicly to demonstrate how weak the security system of the attacked server was. [29] Especially in cases in which the web server belongs to a security agency, the damage to the public's confidence in the trustworthiness and abilities of the affected agency is much higher than the monetary loss. For example, according to a recent study, 85% of IT-executives believe that U.S. government agencies are not adequately prepared for cyberterror attacks. [30] By hacking and defacing a governmental site, a terrorist group can prove its existence and also its dangerousness. Al-Qaeda, for example, hacked the website of Silicon Valley Landsurveying Inc. in order to deposit a video file showing the hijacked (and later beheaded) Paul Marshal Johnson. [31] By publishing the link to the stored video, the organisation could simultaneously demonstrate its technical as well as its conventional dangerousness. In another case, pro-Palestinian hackers used a coordinated attack to break into 80 Israel-related sites and deface them. [32] 

Even though web servers are seldom connected to other security-relevant services, the general public does not know this. Therefore, the damage to the image of the respective agency is the same. Furthermore, if a hacking attack is successful on a server actually carrying relevant data, a terrorist could make use of such a situation. For example, terrorists could attempt to steal or irreversibly damage vital data, such as the Social Security database, financial institution's records, or even secret military documents. [33] Older [34] and even more recent attacks have shown that even top-secret military computers [35] and sensitive nuclear research centres [36] are not immune against all attacks. Therefore, such scenarios are threats that need to be considered.

However, those cases in which the attack does not become publicly known are even more dangerous. In the Internet, many tools that can be used to exploit known security vulnerabilities are freely available. If, for example, by means of a defacement, it becomes known that such a weakness has been exploited, the security hole can be fixed and another attack based on the same weakness prevented. If, however, a custom-made attack has been launched, it will not be detectable by any scanner available on the market. In one case, for example, a security company prepared USB sticks with a custom-designed, newly developed Trojan horse that could not be detected by virus scanners. Twenty of these sticks were "lost" on the premises of a credit union. Of these, 15 sticks were found by employees – and promptly connected to the company network where the Trojan started to collect passwords and other valuable information and emailed this data back to the creators. [37] Such an attack would be a powerful way for a terrorist organization to start counterespionage. The same is true for so-called "Zero-Day exploits." [38] These are exploits that are not yet known to the manufacturer (or, in some cases, to anyone else). Therefore, neither patches nor bug fixes are available against these attacks, nor can virus scanners detect them. [39] In particular, the fact that it is not known at all that the security systems are being violated makes such an attack especially dangerous. Zero-Day exploits do not have to be developed by terrorists themselves. Instead, a black market has evolved that has the potential to put these dangerous instruments into the hands of all interested parties. [40] Finally, custom-made Trojan horses could also be implemented via legal channels. In the year 2000 for example, Japan's Metropolitan Police Department used a software system to track 150 police vehicles, including unmarked cars. It turned out that this software had been developed by the Aum Shinrikyo cult – the same group that gassed the Tokyo subway in 1995. [41] Additionally, members of this cult had developed software for at least eighty firms and ten government agencies. This was possible because the software developers were engaged as subcontractors, thus enabling personnel clearance of the subcontractor to be easily circumvented.

(3)  Hybrid attacks

Apart from the "established" ways of rendering a system inaccessible, hybrid attacks are also being discussed as ways to cause the greatest possible damage. To carry out a hybrid attack, a classic bomb attack could be launched. [42] At the same time, however, the communication devices of police or ambulances could be hindered by way of a DDoS attack, resulting in even greater losses and confusion. [43] Many security specialists agree that this would be a likely scenario. [44] The same idea is possible in another scenario that is aimed against national financial networks (such as Fedwire or Fednet). A hybrid attack against those networks or against transfer networks such as SWIFT would be able, it is said, to wreak havoc on the entire global economy. [45] 

(4)  Attacks resulting in physical damage

When a system is being attacked – either by a large-scale DDoS or a specialized hacking attack – usually only the system itself is affected. However, in some settings physical damage can also occur. This can be achieved mainly by a manipulation of SCADA systems. [46] SCADA is an acronym for "Supervisory Control And Data Acquisition." Basically, SCADA- systems are used to measure and control other systems. In many cases, these systems are connected to the Internet in one way or another. [47] Even though, for security reasons, this is not advisable, the need to cut costs and the ability to remotely control several SCADA-systems centrally instead of having one person control one system on-site increases the interconnectivity of such systems. However, each system that is accessible to legitimate users through the Internet is also the potential victim of an illegitimate hacker. Additionally, many control systems are based on the Windows- and Unix operating systems. [48] In this way, publicly known security weaknesses in these operating systems can be exploited in these control systems. [49] The power-down of energy systems in 2003 [50] in the United States and Eastern Canada impressively demonstrated their dependence on SCADA systems and the hard-to-understand interdependency of linked computer systems. [51] Even though 21 power plants were brought down, the reason was not a terrorist or even purposeful attack. Instead – as far as is publicly known – it was a mere coincidence that these systems were shut down by the W32.Lovsan worm: this worm was using the same port to exploit a weakness on individual personal computers that was being used by the plants to communicate with each other. However, had this weakness been known to terrorists, the same result – 60 million households without electricity – could have been initiated by a criminal organisation. Finally, a combination of the above-mentioned DDoS attacks and SCADA systems of critical infrastructure could lead to considerable physical damage. [52] 

(5)  Result

According to current literature, cybercriminals can attack anything that is important to modern society and connected to the Internet or accessible via ation lines. [53] Therefore, terrorists in general can also use the same techniques and acquire the same knowledge as other criminals. The telecommunications, energy, and financial services sectors would seem to make interesting targets for such attacks.

2.  Attacks on Human Life

The attacks described in the previous part can likely cause severe damage. However, in general, no human lives would be endangered. Therefore, it is questionable whether such attacks are an interesting option for terrorists. Even though the power cut of 2003 in the United States was caused by a computer worm, no panic erupted, there were only a few injuries, and hospitals and emergency services continued to function properly. [54] The security hole was subsequently fixed, so a second attack based on the same weakness is not likely. From a terrorist's point of view, attacks are more interesting and efficient if they cause fear in the public and the possibility of repeatability at any point in time seems highly likely. This is especially the case if human life can be endangered or the attack results in other kinds of physical harm. [55] Specific Cases of Cyberterrorism

Two specific cases of cyberterrorism are analyzed in this section: (1) the actions of Titan Rain (a Chinese cyberterrorist group) and (2) the 2007 Estonia cyber attacks. Thornburgh, Forney, Bennett, Burger, and Shannon (2005) tell us about a Chinese group of cyberterrorists called Titan Rain that stole U.S. secrets. Those cyberterrorists are voracious, never hesitating to destroy any parasitic file they could find coming in their Jonathan Matusitz & Gerald-Mark Breen Cyberterrorism: A Description from Multiple Perspectives way, attempting to penetrate secure computer networks at the American most sensitive military bases, defense contractors, and aerospace companies. According to the same Thornburgh et al. (2005), those Chinese cyberterrorists work for the government in mainland China and have a political goal. Their cyber attacks come from just three routers that seem to be the first connection point from a local network to the Internet. A TIME investigation into the case reveals how the Titan Rain attacks were uncovered, why they are considered a significant threat now under investigation by the Pentagon, the FBI and the Department of Homeland Security, and why the U.S. government has yet to stop them (Thornburgh et al., 2005). In the U.S. military, Titan Rain is creating fears. In fact, Titan Rain has the ability to cause widespread havoc as hundreds of computer systems in the Department of Defense have been penetrated by insidious programs such as Trojan horses. Not only could Titan Rain control the DOD hosts, but they could also use the DOD hosts in malicious activity (Thornburgh et al., 2005). The possibility also exists for the perpetrators to shut down each host. Allied nations such as Britain, Canada, Australia, and New Zealand have also been targeted by the Chinese cyberterrorists (Thornburgh et al., 2005).

In 2007, Estonia (a highly wired country) became the target of a massive cyber attack after a Russian World War II war memorial was removed by the Estonian government from downtown Talinn (Estonia’s capital city). The attack was carried through a denial-of-service (DOS) attack in which virtually all Estonian government ministry networks, two principal Estonian bank networks, and media Web sites were taken down by the attacks (Howard, 2009). These attacks on Estonia exemplify a case of cyberterrorism (Hanlon, 2007). Not only was it a considerable electronic disruption causing massive network damage and panic in the country; it was also implemented after a political move was made by the Estonian government. As Adrian Blomfield (2007) stated in the Telegraph, "If a highly IT country cannot carry out its everyday activities, like banking, it sows terror among the people" (p. A1). It is not clear whether the entire Russian government launched the attacks on Estonia, but three things are certain: it was determined that (1) it was no accident, (2) it was no "simple hacking maneuver" as the targets were vital infrastructures of a country, and (3) the cyber attack was traced to computers housed in the Kremlin (Greenberg, 2008). This cyber attack was both a terrorist act and politically motivated.

Cyberterrorists use various tools to hit their targets and accomplish various objectives. Examples of cyberterror on computers and the Internet are as simple as malicious software such as computer viruses, Trojan horses, vampires, logic bombs, computer network worms, and DOS attacks