The US Department of Defence charged the United States Strategic Command with the duty of combating cyber-terrorism. This is accomplished through the Joint Task Force - Global Network Operations (JTF-GNO). JTF-GNO is the operational component supporting USSTRATCOM in defence of the DoD’s Global Information Grid. This is done by integrating GNO capabilities into the operations of all DoD computers, networks, and systems used by DoD combatant commands, services and agencies.
On November 2, 2006, the Secretary of the Air Force announced the creation of the Air Force’s newest MAJCOM, the Air Force Cyber Command, which will be tasked to monitor and defend American interest in cyberspace. The AFCC will draw upon the personnel resources of the 67th Network Warfare Wing as well as other resources of the Eighth Air Force; it will be placed under the command of Lieutenant General Robert J. Elder, Jr.
Cyber-terrorism is the convergence of terrorism and cyberspace. It generally means unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
Further, to qualify as cyber-terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of Cyber-terrorism, depending on their impact. Attacks that disrupt non-essential services or that are mainly a costly nuisance would not.
Cyberspace is constantly under assault. Cyber spies, thieves, saboteurs, and thrill seekers break into computer systems, steal personal data and trade secrets, vandalize web sites, disrupt service, sabotage data and systems, launch computer viruses and worms, conduct fraudulent transactions, and harass individuals and companies. These attacks are facilitated with increasingly powerful and easy-to-use software tools, which are readily available for free from thousands of web sites on the Internet.
Many of the attacks are serious and costly. The recent ILOVEYOU virus and variants, for example, was estimated to have hit tens of millions of users and cost billions of dollars in damage. The February denial-of-service attacks against Yahoo, CNN, eBay, and other e-commerce Web sites was estimated to have caused over a billion in losses. It also shook the confidence of business and individuals in e-commerce.
Some attacks are conducted in furtherance of political and social objectives, as the following examples illustrate: In 1996, a computer hacker allegedly associated with the White Supremacist movement temporarily disabled a Massachusetts ISP and damaged part of the ISP’s record keeping system. The ISP had attempted to stop the hacker from sending out worldwide racist messages under the ISP’s name. The hacker signed off with the threat, “you have yet to see true electronic terrorism. This is a promise.”
In 1998, Spanish protestors bombarded the Institute for Global Communications (IGC) with thousands of bogus e-mail messages. E-mail was tied up and undeliverable to the ISP’s users, and support lines were tied up with people who couldn’t get their mail.
The protestors also spammed IGC staff and member accounts, clogged their Web page with bogus credit card orders, and threatened to employ the same tactics against organizations using IGC services.
They demanded that IGC stop hosting the Webs site for the Euskal Herria Journal, a New York-based publication supporting Basque independence. Protestors said IGC supported terrorism because a section on the Web pages contained materials on the terrorist group ETA, which claimed responsibility for assassinations of Spanish political and security officials, and attacks on military installations.
IGC finally relented and pulled the site because of the “mail bombings.”
During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common.
After the Chinese Embassy was accidentally bombed in Belgrade, Chinese hacktivists posted messages such as “We won’t stop attacking until the war stops!” on U.S. Government Web sites.
Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of protestors point their browsers to a target site using software that floods the target with rapid and repeated download requests.
EDT’s software has also been used by animal rights groups against organizations said to abuse animals. Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO when they met in Seattle in late 1999. These sit-ins all require mass participation to have much effect, and thus are more suited to use by activists than by terrorists.
While the above incidents were motivated by political and social reasons, whether they were sufficiently harmful or frightening to be classified as cyber-terrorism is a judgment call. To the best of my knowledge, no attack so far has led to violence or injury to persons, although some may have intimidated their victims.
Both EDT and the Electrohippies view their operations as acts of civil disobedience, analogous to street protests and physical sit-ins, not as acts of violence or terrorism.
This is an important distinction. Most activists, whether participating in the Million Mom’s March or a Web sit-in, are not terrorists. My personal view is that the threat of cyber-terrorism has been mainly theoretical, but it is something to watch and take reasonable precautions against.
Picture courtesy: Vicariousconversations.comhttp://www.dailynews.lk/2009/07/28/fea03.asp