The definition of "terrorism" has been well studied, defined, and documented. There is also a degree of understanding of the meanings of CyberTerrorism, either from the popular media, other secondary sources, or personal experience. This paper examines the future of CyberTerrorism - a term the author coined a decade ago, as the indicia of technological dependence and frailty were forming in our New World disOrder. Indeed, that future has come to fruition, today.
The face of terrorism is changing. While the motivations remain the same, we are now facing new and unfamiliar weapons. The intelligence systems, tactics, security procedures and equipment that were once expected to protect people, systems, and nations, are powerless against this new, and very devastating weapon. Moreover, the methods of counter-terrorism that our world's specialists have honed over the years are ineffectual against this enemy. Because, this enemy does not attack us with truckloads of explosives, nor with briefcases of Sarin gas, nor with dynamite strapped to the bodies of fanatics. This enemy attacks us with one's and zero's, at a place we are most vulnerable: the point at which the physical and virtual worlds converge. Let us first define theses two domains.
The physical world is matter and energy - light, dark, hot and cold, all physical matter - that place in which we live and function.
The virtual world is symbolic - true, false, binary, metaphoric representations of information - that place in which computer programs function and data moves.
The physical and virtual worlds are inherently disparate worlds. It is now the intersection, the convergence, of these two worlds that forms the vehicle of CyberTerrorism, the new weapon that we face.
This convergence of the physical and virtual worlds, this lattice, is growing larger and more complex as we venture further into technological dependence. Each day, we move ahead with blinding speed into the computerization of every task and process that we face. We are becoming ever more inextricably reliant and dependent on the convergence of these two worlds.
These are all things taken for granted. Yet, as we progress into a far more technological world, what other points of convergence are taken for granted?
What is driving the convergence of these two worlds? There are three goals:
2.Control: the goal of remote administration; and
3.Mining: the goal of knowledge acquisition.
To achieve these goals, there are four vehicles:
So how does a CyberTerrorist achieve his mission? Like any terrorist, a CyberTerrorist actively exploits the goals of the target population in areas in which they take for granted.
There are three potential acts in CyberTerrorism at the point of convergence:
As we will see, these three types of acts are most heinous at the point where the physical and virtual worlds converge.
To achieve a true terrorist goal, as we know, we must have scale and publicity. So how does the CyberTerrorist approach a new age - an age of convergence of the physical and virtual worlds? An age where, thanks to our goals, he can perform his CyberTerrorist acts from his living room, undetected, from 8,000 kilometers away?
A great deal of "cracks" are committed for the purposes of anarchy, humor, or as often stated by the perpetrators, "to be annoying." However, is this the mindset of a CyberTerrorist? Does the CyberTerrorist make a garage door go up and down? Does he change an Internet web site to say a country's government is evil? Does he hack into a major corporation's voice mail system to make long distance calls? No - that is not the domain of the CyberTerrorist - that is the domain of the amateur cracker community that exists worldwide.
A CyberTerrorist's mindset is quite different. A CyberTerrorist would not alter a voice mail, or even abuse credit cards.
Let us examine some example CyberTerrorist acts. Based on the definitions of terrorism, a determination can be made if they in fact constitute terrorism:
In effect, the CyberTerrorist will make certain that the population of a nation will not be able to eat, to drink, to move, or to live. In addition, the people charged with the protection of their nation will not have warning, and will not be able to shut down the terrorist, since that CyberTerrorist is most likely on the other side of the world.
Sadly, these examples are not science fiction. All of these scenarios can be executed today. As you may know, some of these incidents already have occurred in various nations. More of such acts will take place tomorrow. Are you prepared?
The purpose of this paper is to help you understand the threats that exist, and hopefully, to help you prevent these types of atrocities. But know this - there are people out there with very different goals, who are our real threats, and who are, or will be, attacking us. Make no mistake, the threats are real, today.
Who are the CyberTerrorists? There a great many poor movies and too many works of fiction about the hacker and cracker communities. In the popular media, there recently was the Kevin Mitnick incident, where one cracker broke into another cracker's systems. This spawned endless press and at least two best selling books. While this incident received much attention, the events amounted to meaningless children's games.
By and large, the cracker community, based primarily in the United States, Europe, the Middle East, Asia, and in the nations of the former Soviet Union, is composed of individuals who see the cracking process merely as a challenge, a brain teaser, a puzzle. They view themselves as not only being innocent of any crime, but perhaps even doing something righteous, something to counter the dark monoliths of the corporate and government worlds. They believe they are being persecuted. These individuals believe that what they are doing is not doing any true damage. At its least harmful, these crackers just look at information. However, privacy issues and military secrecy can render such infiltrations acts of terror.
Sometimes crackers make minor changes, just for fun, to be annoying, or to make a statement. The potential for damage here is enormous.
Individuals with a background in intelligence are aware that a frequent element of case execution is enlisting the indigenous, sometimes called "facilitators," to assist in a campaign. At the convergence of the physical and virtual worlds, the indigenous are the crackers.
There is the incorrect assumption in the cracking community that they, the crackers, are so sophisticated or so knowledgeable as to know when they are being approached for a truly illicit reason (e.g., to be enlisted as a facilitator to commit an act of terrorism). However, despite cracker arrogance, these individuals are easy targets for enlistment.
What about those crackers who actively wish to cross the line, or more basically, need money? To a teenager, a $1,000 U.S. can purchase a good many compact disks, a new modem, and a great deal of libation. Beyond youths, there are professionals in this arena as well.
Historically, individuals engaged in the practice of terror tended not to be people working upon a computer 20 hours per day. Terrorists have not been in the business of tracking the latest holes found in UNIX or an obscure government telnet opportunity. There are people, however, who are in that business - for illicit as well as good cause. As stated, just as indigenous people may be turned into soldiers, so can crackers be turned into CyberTerrorists. Sometimes such a transition may be motivated by money or prestige. Usually, this transition will occur without the cracker's cognizance. The potential threat from such transitions is mind boggling, considering the damage even one mis-directed cracker can cause.
Further, as young, educated people are brought into the folds of terrorist groups, this new generation will have the talent to execute the acts of CyberTerrorism of which we have spoken.
We are going to see increasing levels of in-house expertise, and concomitant exponential increases CyberTerrorism. Unlike other methods of terrorism, CyberTerrorism is safe and profitable, and difficult to counter without the right expertise and understanding of the CyberTerrorist's mind. Combine our increasing vulnerability, with the explosive increases in the level of violence, and increasing expertise available inside terrorist organizations through new blood and outside through facilitators, and we can see that at the point where the physical and virtual worlds converge, the old models of managing terrorism are obsolete.
We must consider the following elements when building a counter-CyberTerrorist program:
Unfortunately, one cannot learn how to fight this very unconventional warfare from someone who hasn't been there, nor from someone whose experience is in the old ways and old technologies. The old data processing, auditing, and computer security models in use today are obsolete. On this battlefield, against this weapon, the terrorist is already far ahead. The building of a counter-CyberTerrorist team must be real-time and dynamic, as the weapons will continually change, to morph, in an attempt to beat you, your systems, and your people. There is no re-machining, and unlike other terrorists, if the CyberTerrorist loses today, he does not die - he learns what did not work, and will use that information against you tomorrow.
If a computer security advisor states that you, your organization, and your country are safe behind firewalls, behind a system put into place by people who have never fought cyberbattles, behind audit trails, passwords, and encryption, then a great and dangerous fallacy (or fantasy) is being perpetrated upon you. The only solution is the quick deployment of a counter-CyberTerrorist - someone who knows what you are up against today, someone who lives in the world of the people who are, and will be, attacking - someone who can train the people who must fight the battles.
An effective auditing system will only inform the target manager that they have taken a hit; perhaps a fatal hit. By that point, it is too late. Now is the time to take action. Unfortunately, due to this open nature of this document, specific counter-CyberTerrorism measures cannot be discussed. Those discussions must be reserved for secured facilities.
Counter-terrorists of all backgrounds are duty-bound to save property, and more importantly, save lives. However, we are not isolated. We are all increasingly connected, dependent, and vulnerable. The very basic things we take for granted (e.g., food, medicine, energy, air, freedom of movement, communications, freedom from violence) are being threatened by the new weapon of CyberTerrorism.
If we do not work together, we will be responsible for the outcome. If we fail to be ready when and where the virtual and physical worlds converge, then all that will be left is terror - in one's and zero's.
for further information
Institute for Security and Intelligence
P.O. Box 9877
Stanford, CA 94309-9877 USA