Professional Documents
Culture Documents
Submitted By:
Satyam Yadav(139)
Zarna Shah(140)
Jahnavi Parekh(141)
Abha Sakhuja(142)
1
“Divide their nation, tear them to shreds, destroy their economy, burn
their companies, ruin their welfare, sink their ships and kill them on land,
sea and air…Your dependence on technology makes you weak. More
brothers await orders to attack again. They will attack your powerful
companies, like Microsoft, from the inside and you will not know when or
how. Through these attacks your power will fail, your communications will
fail, your businesses will starve, your economy will crumble, your people
will panic, your military and firemen will be immobilized, and God willing,
you will one day be incapable of sustaining the sinful deployment of your
infidel army throughout the land of the two holy places.”
:-al-Qaeda
2
Introduction
The terrorist attacks of 9/11 brought unexpected focus on how vulnerable western
countries are to attacks of terrorism. Consider the economic commotion caused in the US by
three airplanes crashing into buildings:
Financial markets were closed for over a week as companies struggled to reinstate
communications and recover important information technology assets.
Trading was halted on the principal stock exchanges for nearly a week.
Telecommunications networks in and around New York City were so congested that
emergency fire, medical, and police were unable to use cellular services for critical
rescue and recovery efforts.
Companies and businesses were uncertain that their communications systems would
be available.
The air carrier industry was shut down for days and has yet to recover.
The resources of the insurance sector were severely strained, raising concerns about
their ability to provide sufficient levels of protection for cyber based attacks in the
future.
These were all collateral impacts for the information technology sector. Just imagine the
impacts of a direct assault upon the information technology infrastructure. The technological
advancements in computers, software, networks and information systems in general have
actually made technologically dependent countries more vulnerable to disruption. Physical
security is now permanently tied to cyber security. While not ''mass destructive,'' attacks on
critical infrastructure would certainly be ''mass disruptive.”
3
What is Cyber-Terrorism?
Cyber terror: The deliberate destruction, disruption or distortion of digital data or information
flows with widespread effect for political, religious or ideological reasons.
Cyber-utilization: The use of on-line networks or data by terrorist organizations for supportive
purposes.
Current Threats
4
The Threat of Disruption
The effect of disruption in communication flow, economic transactions, public
information campaigns, electric power grids, and political negotiations will be felt in economic
terms, and therefore will be of greatest concern to private sector entities. The disruption of
military communication in times of conflict presents the potential for loss of life or aborted
offensive missions. The probability of this type of threat materializing is considerable, as the
tools required to create disruptive viruses and denial-of-service attacks are simple and all-
encompassing.
5
financial data, military information, or functional infrastructure data (e.g., the timing of
dam releases).
Cyber attacks designed to disrupt major web networks present a serious weakness in
security. It exposes how vulnerabilities on the Internet can create risks for all. Cyber attacks
demonstrate the need for all nations to work together to develop strategies to strengthen cyber
security. Cyber attacks affect millions of Internet users and result in revenue losses. While this
damage is relatively minimal in proportion to the traffic volume of the Internet, cyber attacks
are a wake-up call as to the extent of cyber crime, and the degree to which we are all vulnerable.
The overall sophistication of cyber attacks has been steadily increasing. There are
several types of cyber vulnerabilities and attacks: worms, distributed denial of service
(DDoS),attacks, Domain Name Service (DNS) attacks, and routing vulnerabilities.
6
Worms
Worms and viruses are malicious, autonomous computer programs. Most modern viruses
are in fact worms. The worm epidemic is enabled by buffer overflows in which more data is
put into the buffer (computer data holding area) than the buffer has allocated. This results in a
mistmatch between the producing and consuming processes. Therefore, resulting in system
crashes or the creation of back doors leading to unauthorized access.
In a denial-of-service attack, the target system is rendered inoperable. Some attacks aim
to crash the system while other DDoS attacks make the targeted system so busy that it cannot
handle its normal workload. The attacks on Yahoo and the other companies were DDoS
attacks, where one attacker can control tens or even hundreds of servers. After installing the
DDoS script on several computers, a coordinated attack can be orchestrated from a remote
location.
Unauthorized Intrusions
These intrusions are of great concern to businesses and government. The theft of money,
credit card numbers, proprietary information, or sensitive government information can have
devastating consequences.
7
Domain Name Service (DNS) Attacks
Computers connected to the Internet use numerical Internet Protocol (IP) addresses to
communicate with one another. Domain Name Service (DNS) are the information pages that
computers consult in order to obtain the mapping between the name of a system (or website)
and the IP address of that system. If the DNS server provides an incorrect IP address for a
website, the user would connect to the incorrect server. The result will be that the user thinks
he is connected to the correct server when in reality he is connected to the attacker’s server. An
attacker can disseminate false information or deprive the original web site of its righteous
traffic. The system of DNS is hierarchical. Therefore, the cascading effect on remote servers
would result in traffic to selected sites to be redirected or lost. The potential for an attack on the
root DNS servers increases during the war on terrorism.
Terrorist Groups
Today’s terrorists, characterized by religious and social motivations, stand at the
threshold of net war. Terrorists are known to have used information technology and the Internet
to communicate securely, formulate plans, spread propaganda, and raise funds. Trends seem to
point to the possibility of terrorists using information technology as a weapon against critical
infrastructure targets.
The timing and targeting of the attacks have led to suggestions that they may be originating from
the Democratic People's Republic of Korea, aka North Korea, although these suggestions have
not been substantiated.
Timeline of attacks
First wave
The first wave of attacks occurred on July 4, 2009 (Independence Day holiday in the United
States), targeting both the United States and South Korea. Among the websites affected were
those of the White House and The Pentagon. An investigation revealed that 27 websites were
targets in the attack based on files stored on compromised systems.
Second wave
The second wave of attacks occurred on July 7, 2009, affecting South Korea. Among the
websites targeted were the presidential Blue House, the Ministry of Defense, the Ministry of
Public Administration and Security, the National Intelligence Service and the National
Assembly.
9
Third wave
A third wave of attacks began on July 9, 2009, targeting several websites in South Korea,
including the country's National Intelligence Service as well as one of its largest banks and a
major news agency. The U.S. State Department said on July 9 that its website also came under
attack. U.S. Department of Homeland Security spokesperson Amy Kudwa said that the
department was aware of the attacks and that it had issued a notice to U.S. federal departments
and agencies to take steps to mitigate attacks.
Effects
Despite the fact that the attacks have targeted major public and private sector websites, the
South Korean Presidential office has suggested that the attacks are targeted towards causing
disruption, rather than stealing data. However, Jose Nazario, manager of a U.S. network
security firm, claimed that the attack is estimated to have produced only 23 megabits of data per
second, not enough to cause major disruptions. Joe Stewart, researcher at SecureWork’s
Counter Threat Unit, said that the data generated by the attacking program appeared to be based
on a Korean-language browser.
It is expected that the economic costs associated with websites being down will be large, as the
disruption has prevented people from carrying out transactions, purchasing items or conducting
business.
Perpetrators
It is not known who is behind the attacks. Reports indicate that the type of attacks being
used, commonly known as distributed denial-of-service attacks, were unsophisticate.
Given the prolonged nature of the attacks, they are being recognized as a more
coordinated and organized series of attack. According to the South Korean National
Intelligence Service, the source of the attacks was tracked down and the government
activated an emergency cyber-terror response team who blocked access to five host sites
containing the malicious code and 86 websites that downloaded the code, located in 16
countries, including the United States, Guatemala, Japan and the People's Republic of
China, but North Korea was not among them.Later, it has been discovered that the
malicious code responsible for causing the attack, identified as W32.Dozer, is
programmed to destroy data on infected computers and to prevent the computers from
being rebooted. South Korean police are analyzing a sample of the thousands of
computers used to crash websites, stating that there is "various evidence" of North
Korean involvement, but said they may not find the culprit.Security experts said that the
10
attack re-used code from the Mydoom worm.One analyst thinks that the attacks likely
came from the United Kingdom.
On October 30, 2009, South Korea's spy agency, the National Intelligence Service, stated
the origin of the attacks were from North Korea's telecommunications ministry.
11
Solutions
It is important for the government to clearly articulate its position and define a precise
delineation of resources and chain of command in the event of a cyber attack on national or
international assets.
Government can improve cooperation with the private sector in many ways:
Building upon the successful elements of the Information Protection Centers (IPCs)
or Computer Emergency Response Teams (CERTs)
Government can provide incentives to the private sector for improving their security
beyond the minimum required by market pressures and profit concerns:
Providing tax breaks and relief from antitrust laws provisions to companies that
share information related to vulnerabilities or threats
Establishing clear corporate liability limits against disruption of service to consumers
for companies using best practices
Providing liability relief in case of cyber warfare similar to the indemnification set
up in the case of destruction of commercial assets through conventional warfare
Providing awards or credits for information leading to hacker arrests
12
Enacting intermediate regulatory steps (both domestic and international) governing
shared systems
Government can also increase its credibility with the private sector by taking certain
internal measures:
Currently there are no foolproof ways to protect a system. The completely secure
system can never be accessed by anyone. Most of the militaries classified information
is kept on machines with no outside connection, as a form of prevention of cyber
terrorism. Apart from such isolation, the most common method of protection is
encryption.
13
The wide spread use of encryption is inhibited by the governments ban on its
exportation, so intercontinental communication is left relatively insecure.
All accounts should have passwords and the passwords should be unusual, difficult to
guess.
Audit systems and check logs to help in detecting and tracing an intruder.
If you are ever unsure about the safety of a site, or receive suspicious email from an
unknown address, don't access it. It could be trouble
Conclusion
The problem of cyber terrorism is multilateral having varied facets and dimensions. Its
solution requires rigorous application of energy and resources. It must be noted that law
is always seven steps behind the technology. This is so because we have a tendency to
make laws when the problem reaches at its zenith. We do not appreciate the need of the
hour till the problem takes a precarious dimension. At that stage it is always very
difficult, if not impossible, to deal with that problem. This is more so in case of offences
and violations involving information technology. One of the argument, which is always
advanced to justify this stand of non-enactment is that “the measures suggested are not
adequate to deal with the problem”.
14