THE EMERGING THREAT OF CYBER-TERRORISM
A 2007 American action thriller film ”Live Free or Die Hard” penned by John Carlin and directed by Len Wiseman had Bruce Willis portraying the character of John McClane. In the movie, McClane thwarts the cyber-terrorists who conspire to hack into government and commercial computers across the United States to bring down the entire network and technological structure that supports the US economy.
Most films on cyber-terrorism seem to amp up the threats of cyber-terrorism or put the hackers on a pedestal. The doomsday scenarios of cyber-terrorism that result in massive deaths or injuries though authentic appear to confine themselves to the movie screens. Can the terrorists cripple critical military, financial, and service computer systems? Are these fears exaggerated: are there recorded cases of cyberterrorism? Are hackers being regularly mistaken for terrorists and are our cyber defences more robust than is being supposed?
Strangely, in the same year that Die Hard got released, an attack on similar lines unfolded in Estonia following the relocation of a Soviet-era statue in Tallinn in April 2007. The Baltic state of Estonia was the victim of a massive denial-of-service attack that eventually disabled the Internet and turned off all services dependent on Internet connectivity. During the politically motivated cyber attack campaign lasting twenty-two days, the cyberinfrastructure of Estonia, including everything from online banking and mobile phone networks to government services and access to health care information got disabled. Georgia similarly got exposed to continuous attacks on its electronic infrastructure in August 2008. Circumstantial evidence in both these cases pointed to Russia, but adequate proof to establish the legal liability of Russia was not forthcoming although both countries blamed Russia.
Likewise, during the Kosovo conflict in 1999, hacktivists crashed NATO computers with e-mail bombs and slammed it with denial-of-service attacks to rebel against the NATO bombings. Furthermore, businesses, public institutions and academic organisations also got bombarded by virus-laden emails from several Eastern European countries. Web defacements were also common. After the Chinese Embassy got accidentally bombed in Belgrade, Chinese hacktivists posted messages such as “We won’t stop attacking until the war stops!” on U.S. government Websites.
Cyberterrorism word cloud concept 3
Again in Pakistan, a group of hackers going by the name ”Pakistani Cyber Army” had become well known for defacement of websites mainly Indian, Israeli and other government organisations. The group that had been active since 2008 had claimed responsibility for defacing websites of India’s CBI, BSNL, Central Bank, ACER and the State Government of Kerala.
But would the Kosovo email bombs or hacking by Pakistani hackers qualify as a cyber-terrorist act? Or for that matter, the would the 1998 ‘e-mail bombing’ of the Sri Lankan embassy by the LTTE Tamil guerrillas qualify as a cyber-terror act; wherein Tamil guerrillas electronically jammed the computer systems in the Sri Lankan embassy with 800 e-mails a day over two weeks with messages reading ‘We are the Internet Black Tigers’. The e-mail bombing crashed the embassy’s computer systems and also made front-page news worldwide.
Cyberterrorism is terrorism in the cyberspace achieved by the intentional use of computers, networks, and the Internet to threaten, cause destruction and harm to make political or ideological gains. Further, an act of cyber terrorism should cause violence against persons or property, or at least cause enough damage to generate fear or the attacks should lead to death or bodily injury, explosions, or severe economic loss. Dangerous attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance are not cyber terrorism.
The attack on a nuclear facility using Stuxnet and the hacking of Sony Pictures Entertainment would according to me qualify as cyber-terrorism events. Stuxnet was the world’s first digital weapon or cyber-weapon that got created around 2006. The engineers designed it to hit only one particular target: the Step7 software that controlled the Siemens centrifuges at Iran’s nuclear facility in Natanz, where Iran was working on its secret nuclear weapons program.
The covert and still unacknowledged operation code-named “Operation Olympic Games” came into being under President George Bush gathered rapid speed under President Obama. Bush believed that the strategy was the only way to prevent an Israeli conventional strike on Iranian nuclear facilities. They called the cyber-weapon “Stuxnet”. It is a highly sophisticated computer worm that they discovered in 2010.
Stuxnet was developed by the American and Israeli governments to wreak havoc and cripple the Iranian nuclear facility. Stuxnet was programmed to make the uranium enrichment centrifuges spin faster than they were supposed to, causing them to get out of control to the point of damaging them.
Inside the secure operations control room at Natanz, thousands of centrifuges that got represented on the computer screens by a light, displayed green, showing perfect performance and no evidence of failure which would have meant red light. In actuality, the centrifuges were eroding and conking out, but the screens without reflecting reality lied through their teeth.
The malware was so well programmed that none of the staff had any clue what was happening. Nobody even knew that the computer virus was causing the outages and disruptions. The attack was so well-executed that the virus worked undetected for months, and the scientists at the facility didn’t know about it until security companies around the world discovered it and started talking about it.
Over a few years, about 20 percent of Iran’s centrifuges had spun out of control and got destroyed. It was a brilliant, sophisticated attack. Stuxnet was the first malware that could physically destroy something in the physical world. Until now, malware could corrupt computers and data, but Stuxnet opened up the possibility of using hacking to overtake machines.
The legal precedent of attacking another country’s physical infrastructure through computer malware had now been established.” After the Stuxnet attack, which got considered as the first cyber-physical attack, there have been other similar attacks that have targeted critical infrastructures the world over.
For example, in 2014, the German government confirmed that hackers had targeted and destroyed the furnaces of a steel mill. In December 2015, a malware called “BlackEnergy” shut down 30 electricity sub-stations in Ukraine, plunging parts of the country into darkness during winter. Despite such attacks, there’s too much secrecy around cyber-warfare and no rules of engagement.
In late November 2014, Sony Pictures Entertainment got hacked by a group calling itself the Guardians of Peace. U.S. officials believe the Sony hack was retaliation for “The Interview,” a comedy film that starred Seth Rogen and James Franco and that centred on a plot to assassinate North Korea’s leader, Kim Jong Un. The hackers, who are widely believed to be working in at least some capacity with North Korea, stole huge amounts of information off Sony’s network. The data included personal information about Sony Pictures employees and their families, also emails between employees, information about executive salaries at the company, copies of then-unreleased Sony films, plans for future Sony films, scripts for specific movies and other information. The perpetrators then used a variant of the Shamoon wiper malware to erase Sony’s computer infrastructure. The hackers involved claim to have taken over 100 terabytes of data from Sony, but that claim is yet to be confirmed by Sony. They conducted the attack using the malware. The components indicated an intent to gain repeated entry, extract information, and be destructive, and remove evidence of the attack. United States intelligence officials, after testing the software, techniques, and network sources used in the hack, alleged that the government of North Korea had sponsored the attack, but North Korea had denied all responsibility.
In another notable cyber-terrorism event Kane Gamble, a British hacker, masqueraded as a CIA Chief and cyber-terrorised the CIA Chief John Brennan and Director of National Intelligence James Clapper. After it was discovered, the British Courts sentenced him to 2 years in youth detention on charges of “politically motivated cyber terrorism.”
The threat of cyber terrorism is rising on a global scale because of our reliance on the internet. The Internet has generated a platform to conceive transnational cyber terror plots and implement it. For terrorists, cyber-based assaults have marked advantages over physical attacks. Cyber-terrorist attacks can get executed remotely, anonymously, and relatively economically, without substantial investment in weapons, explosives, and personnel. The effects of which can be extensive and profound. We can expect events of cyberterrorism to rise in the days to come. Experienced cyber-terrorists, who are very skilled to hack can cause massive damage to government systems, hospital records, and national security programs, which might leave a country, community or organization in turmoil and in fear of further attacks. Terrorists would achieve it through acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet using tools such as computer viruses, computer worms, phishing, and other malicious software and hardware methods and by programming scripts.
Cyber-attacks happen in two forms: first by an assault against data, while the second centres on control systems. The first type endeavours to loot or corrupt data and withhold services, and is the category into which bulk of the attacks fall, such as credit-card number theft, Web site defacement and the occasional major denial-of-service assault.”Control-system onslaughts, on the other hand, would be those that strive to disable or take over operations used to preserve physical infrastructures, such as the distributed control systems that control water supplies, electrical transmission networks and railroads. Although instances of such invasions exist, the catastrophic disasters that usually accompany such an attack are mainly the stuff of Hollywood screenwriting, as opposed to reality.”
Most cyberattacks appear to take place for financial reasons, but there is mounting evidence to prove that cyber terrorists are becoming more politically and ideologically motivated. For illustration, Mohammad Bin Ahmad As-Sālim’s piece ‘39 Ways to Serve and take part in Jihad’ discusses how an electronic jihad could disrupt the West through targeted hacks of the US websites, and other resources that come across as anti-Jihad, modernist, or secular in orientation
The Internet is an expanding universe of content, and it is getting bigger and bigger. Many believe that terrorism through the Internet is becoming a serious threat and could become one of the top catastrophic events to bring an end to humanity. The existence of the dark-net is facilitating people to carry out illegal activities within cyberspace while the Internet of Things is integrating the virtual and physical worlds. Such developments could encourage and induce countries to engage in cyber terrorism in furtherance of their intentions.
Finally, I remember reading somewhere that tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb. WarGames a 1983 American Cold War science fiction film directed by John Badham unfolds such a chilling scenario. In the movie the US Air Force Strategic Missile Wing controllers refuse to turn the key required to launch a missile strike during mock drill of a nuclear attack. The system engineers at NORAD, therefore, decide to automate the launch controls without human intervention. Control is given to a NORAD (North American Aerospace Defense Command) supercomputer, in which WOPR, is programmed to run war simulations and learn over time continuously. The protagonist David Lightman, a bright Seattle high school student and hacker in the film, uses his IMSAI 8080 computer to break into the school district’s computer system to change his grades but he connects to a system that unwittingly accesses War Operation Plan Response (WOPR), installed in the military supercomputer. Lightman inadvertently operates WOPR nuclear war simulation, believing it to be a computer game. The computer, now tied into the nuclear weapons control system begins to launch a massive Soviet first strike with hundreds of missiles, submarines, and bombers. NORAD, unable to know the difference between simulation and reality, believes the attack to be real and retaliates by attempting to start World War III. The protagonist in the movie happened to be a student playing a game, what if in future a NORAD like supercomputer of some country were to come in control of a cyber-terrorist?
Source from: epaper/deccanchronicle/chennai/dt:10.02.2020
Dr.K. Jayanth Murali is an IPS Officer belonging to 1991 batch. He is borne on Tamil Nadu cadre. He lives with his family in Chennai, India. He is currently serving the Government of Tamil Nadu as Additional Director General of Police, Law and Order.
