Case Study on Cyber-Terrorism

Submitted By:

Satyam Yadav(139)

Zarna Shah(140)

Jahnavi Parekh(141)

Abha Sakhuja(142)

1
 “Divide their nation, tear them to shreds, destroy their economy, burn
their companies, ruin their welfare, sink their ships and kill them on land,
sea and air…Your dependence on technology makes you weak. More
brothers await orders to attack again. They will attack your powerful
companies, like Microsoft, from the inside and you will not know when or
how. Through these attacks your power will fail, your communications will
fail, your businesses will starve, your economy will crumble, your people
will panic, your military and firemen will be immobilized, and God willing,
you will one day be incapable of sustaining the sinful deployment of your
infidel army throughout the land of the two holy places.”

:-al-Qaeda

2
 Introduction

The terrorist attacks of 9/11 brought unexpected focus on how vulnerable western
countries are to attacks of terrorism. Consider the economic commotion caused in the US by
three airplanes crashing into buildings:
 Financial markets were closed for over a week as companies struggled to reinstate
communications and recover important information technology assets.
 Trading was halted on the principal stock exchanges for nearly a week.
 Telecommunications networks in and around New York City were so congested that
emergency fire, medical, and police were unable to use cellular services for critical
rescue and recovery efforts.
 Companies and businesses were uncertain that their communications systems would
be available.
 The air carrier industry was shut down for days and has yet to recover.
 The resources of the insurance sector were severely strained, raising concerns about
their ability to provide sufficient levels of protection for cyber based attacks in the
future.

These were all collateral impacts for the information technology sector. Just imagine the
impacts of a direct assault upon the information technology infrastructure. The technological
advancements in computers, software, networks and information systems in general have
actually made technologically dependent countries more vulnerable to disruption. Physical
security is now permanently tied to cyber security. While not ''mass destructive,'' attacks on
critical infrastructure would certainly be ''mass disruptive.”

3
 What is Cyber-Terrorism?

Cyber terror: The deliberate destruction, disruption or distortion of digital data or information
flows with widespread effect for political, religious or ideological reasons.

Cyber-utilization: The use of on-line networks or data by terrorist organizations for supportive
purposes.

Cybercrime: The deliberate misuse of digital data or information flows.

Current Threats

The Internet has brought considerable change to economic transactions, social

interactions and military operations. Although it provides huge benefits, it has also significant
personal, organizational, and infrastructural dependencies that are not confined by national
borders. However, physical borders complicate international efforts to secure networks.
Governments are limited by the multitude of physical borders because they are more
constrained and face higher costs in regards to pursuing cyber attackers outside their
jurisdictions.

Threats that Emerge From the New Environment

There are four threats that emerge from the new environment: the threat of disruption, the
threat of exploitation, the threat of manipulation, and the threat of destruction.

4
The Threat of Disruption
The effect of disruption in communication flow, economic transactions, public
information campaigns, electric power grids, and political negotiations will be felt in economic
terms, and therefore will be of greatest concern to private sector entities. The disruption of
military communication in times of conflict presents the potential for loss of life or aborted
offensive missions. The probability of this type of threat materializing is considerable, as the
tools required to create disruptive viruses and denial-of-service attacks are simple and all-
encompassing.

The Threat of Exploitation

The threat of exploitation affects sensitive, proprietary, or classified information.
Information theft, fraud, and cyber crime can have extremely serious effects, at personal levels
(e.g., identity theft), institutional levels (e.g., online credit card fraud or theft of thousands of
credit card numbers), and national security levels (e.g., systematic probing of classified or
unclassified but sensitive government systems). This threat is made all the more menacing by
the difficulty in detecting these types of intrusions and compromised systems. As with the
threat of disruption, the probability of occurrence is high.

The Threat of Manipulation

The threat of manipulation of information takes places for political, economic, military,
or inflammatory purposes. Several incidents of defaced Web sites in the former Yugoslavia and
the Middle East, and of altered personal financial information on e-commerce sites, point to the
clear potential for using the Internet as a powerful tool for manipulating information. While
many instances of manipulation simply serve the cause of making a statement, and can be
remedied rapidly, the more dangerous instances are those that go undetected: manipulation of

5
 financial data, military information, or functional infrastructure data (e.g., the timing of
dam releases).

The Threat of Destruction

The threat of destruction of information or, potentially, of critical infrastructure
components can have harmful economic and national security consequences. Destruction of
information, like disruption, can be carried out through relatively simple hacker techniques.
Examples of such viruses and Trojan Horses are well-documented.

Trends In Cyber Attacks

Cyber attacks designed to disrupt major web networks present a serious weakness in
security. It exposes how vulnerabilities on the Internet can create risks for all. Cyber attacks
demonstrate the need for all nations to work together to develop strategies to strengthen cyber
security. Cyber attacks affect millions of Internet users and result in revenue losses. While this
damage is relatively minimal in proportion to the traffic volume of the Internet, cyber attacks
are a wake-up call as to the extent of cyber crime, and the degree to which we are all vulnerable.

The overall sophistication of cyber attacks has been steadily increasing. There are
several types of cyber vulnerabilities and attacks: worms, distributed denial of service
(DDoS),attacks, Domain Name Service (DNS) attacks, and routing vulnerabilities.

6
Worms
Worms and viruses are malicious, autonomous computer programs. Most modern viruses
are in fact worms. The worm epidemic is enabled by buffer overflows in which more data is
put into the buffer (computer data holding area) than the buffer has allocated. This results in a
mistmatch between the producing and consuming processes. Therefore, resulting in system
crashes or the creation of back doors leading to unauthorized access.

Distributed Denial of Service (DDoS) Attacks

DDoS attacks employ armies of unsecure servers compromised by a hacker who places
software on it. When triggered, an overwhelming number of requests towards an attacked web
site will be launched, generally in coordination with other unsecure servers.

In a denial-of-service attack, the target system is rendered inoperable. Some attacks aim
to crash the system while other DDoS attacks make the targeted system so busy that it cannot
handle its normal workload. The attacks on Yahoo and the other companies were DDoS
attacks, where one attacker can control tens or even hundreds of servers. After installing the
DDoS script on several computers, a coordinated attack can be orchestrated from a remote
location.

Unauthorized Intrusions
These intrusions are of great concern to businesses and government. The theft of money,
credit card numbers, proprietary information, or sensitive government information can have
devastating consequences.

7
Domain Name Service (DNS) Attacks

Computers connected to the Internet use numerical Internet Protocol (IP) addresses to
communicate with one another. Domain Name Service (DNS) are the information pages that
computers consult in order to obtain the mapping between the name of a system (or website)
and the IP address of that system. If the DNS server provides an incorrect IP address for a
website, the user would connect to the incorrect server. The result will be that the user thinks
he is connected to the correct server when in reality he is connected to the attacker’s server. An
attacker can disseminate false information or deprive the original web site of its righteous
traffic. The system of DNS is hierarchical. Therefore, the cascading effect on remote servers
would result in traffic to selected sites to be redirected or lost. The potential for an attack on the
root DNS servers increases during the war on terrorism.

Terrorist Groups
Today’s terrorists, characterized by religious and social motivations, stand at the
threshold of net war. Terrorists are known to have used information technology and the Internet
to communicate securely, formulate plans, spread propaganda, and raise funds. Trends seem to
point to the possibility of terrorists using information technology as a weapon against critical
infrastructure targets.

Case:July 2009 cyber attacks

8
The July 2009 cyber attacks were a series of coordinated cyber attacks against major
government, news media, and financial websites in South Korea and the United States.The
attacks involved the activation of a botnet—a large number of hijacked computers—that
maliciously accessed targeted websites with the intention of causing their servers to overload
due to the influx of traffic, known as a DdoS attack.Most of the hijacked computers were
located in South Korea. The estimated number of the hijacked computers varies widely; around
20,000 according to the South Korean National Intelligence Service, around 50,000 according
to Symantec’s Security Technology Response group, and more than 166,000 according to a
Vietnamese computer security researcher who analyzed the log files of the two servers the
attackers controlled.

The timing and targeting of the attacks have led to suggestions that they may be originating from
the Democratic People's Republic of Korea, aka North Korea, although these suggestions have
not been substantiated.

Timeline of attacks

First wave

The first wave of attacks occurred on July 4, 2009 (Independence Day holiday in the United
States), targeting both the United States and South Korea. Among the websites affected were
those of the White House and The Pentagon. An investigation revealed that 27 websites were
targets in the attack based on files stored on compromised systems.

Second wave

The second wave of attacks occurred on July 7, 2009, affecting South Korea. Among the
websites targeted were the presidential Blue House, the Ministry of Defense, the Ministry of
Public Administration and Security, the National Intelligence Service and the National
Assembly.

9
Third wave

A third wave of attacks began on July 9, 2009, targeting several websites in South Korea,
including the country's National Intelligence Service as well as one of its largest banks and a
major news agency. The U.S. State Department said on July 9 that its website also came under
attack. U.S. Department of Homeland Security spokesperson Amy Kudwa said that the
department was aware of the attacks and that it had issued a notice to U.S. federal departments
and agencies to take steps to mitigate attacks.

Effects

Despite the fact that the attacks have targeted major public and private sector websites, the
South Korean Presidential office has suggested that the attacks are targeted towards causing
disruption, rather than stealing data. However, Jose Nazario, manager of a U.S. network
security firm, claimed that the attack is estimated to have produced only 23 megabits of data per
second, not enough to cause major disruptions. Joe Stewart, researcher at SecureWork’s
Counter Threat Unit, said that the data generated by the attacking program appeared to be based
on a Korean-language browser.

It is expected that the economic costs associated with websites being down will be large, as the
disruption has prevented people from carrying out transactions, purchasing items or conducting
business.

Perpetrators

It is not known who is behind the attacks. Reports indicate that the type of attacks being
used, commonly known as distributed denial-of-service attacks, were unsophisticate.
Given the prolonged nature of the attacks, they are being recognized as a more
coordinated and organized series of attack. According to the South Korean National
Intelligence Service, the source of the attacks was tracked down and the government
activated an emergency cyber-terror response team who blocked access to five host sites
containing the malicious code and 86 websites that downloaded the code, located in 16
countries, including the United States, Guatemala, Japan and the People's Republic of
China, but North Korea was not among them.Later, it has been discovered that the
malicious code responsible for causing the attack, identified as W32.Dozer, is
programmed to destroy data on infected computers and to prevent the computers from
being rebooted. South Korean police are analyzing a sample of the thousands of
computers used to crash websites, stating that there is "various evidence" of North
Korean involvement, but said they may not find the culprit.Security experts said that the
10
attack re-used code from the Mydoom worm.One analyst thinks that the attacks likely
came from the United Kingdom.

On October 30, 2009, South Korea's spy agency, the National Intelligence Service, stated
the origin of the attacks were from North Korea's telecommunications ministry.

11
 Solutions
It is important for the government to clearly articulate its position and define a precise
delineation of resources and chain of command in the event of a cyber attack on national or
international assets.

Government can improve cooperation with the private sector in many ways:

 Information-sharing on vulnerabilities, warnings of ongoing attacks or threats

 Continued facilitation of discussions within industry sectors

 Building upon the successful elements of the Information Protection Centers (IPCs)
or Computer Emergency Response Teams (CERTs)

 Establishment of a single point of coordination for cyber concerns and alerts,

specifically, the creation of both an office for a cyber "national CIO" and a "cyber
911" virtual center that would issue warnings, provide security- related information,
and coordinate multiple-agency responses in emergencies

Government can provide incentives to the private sector for improving their security
beyond the minimum required by market pressures and profit concerns:

 Providing tax breaks and relief from antitrust laws provisions to companies that
share information related to vulnerabilities or threats
 Establishing clear corporate liability limits against disruption of service to consumers
for companies using best practices
 Providing liability relief in case of cyber warfare similar to the indemnification set
up in the case of destruction of commercial assets through conventional warfare
 Providing awards or credits for information leading to hacker arrests

12
  Enacting intermediate regulatory steps (both domestic and international) governing
shared systems

Government can also increase its credibility with the private sector by taking certain
internal measures:

 Promoting and improving internal government security practices including

strengthening the requirements for system upgrades and timely anti-virus software
upgrades, tightening personal security requirements, and instituting personnel
accountability for the handling of sensitive government data
 Improving information-sharing processes and incentives within and between agencies
 Moving from a passive response posture to a culture of planned, strategic response to
provide necessary preparedness and authority for agencies to act in case of a cyber
attack
 Altering the incentive structure in the law enforcement and intelligence community so
that prevention becomes as important as prosecution
 Improving education and training of all government professional
 Establishing more comprehensive legislation for prevention, remediation, or
prosecution of cyber crimes, acts of cyber terrorism, or acts of information warfare,
domestically and internationally

How can we protect ourself?

 Currently there are no foolproof ways to protect a system. The completely secure
system can never be accessed by anyone. Most of the militaries classified information
is kept on machines with no outside connection, as a form of prevention of cyber
terrorism. Apart from such isolation, the most common method of protection is
encryption.

13
  The wide spread use of encryption is inhibited by the governments ban on its
exportation, so intercontinental communication is left relatively insecure.

Here are few key things to remember to protect from cyber-terrorism:

 All accounts should have passwords and the passwords should be unusual, difficult to
guess.

 Change the network configuration when defects become know.

 Check with vendors for upgrades and patches.

 Audit systems and check logs to help in detecting and tracing an intruder.

 If you are ever unsure about the safety of a site, or receive suspicious email from an
unknown address, don't access it. It could be trouble

Conclusion
The problem of cyber terrorism is multilateral having varied facets and dimensions. Its
solution requires rigorous application of energy and resources. It must be noted that law
is always seven steps behind the technology. This is so because we have a tendency to
make laws when the problem reaches at its zenith. We do not appreciate the need of the
hour till the problem takes a precarious dimension. At that stage it is always very
difficult, if not impossible, to deal with that problem. This is more so in case of offences
and violations involving information technology. One of the argument, which is always
advanced to justify this stand of non-enactment is that “the measures suggested are not
adequate to deal with the problem”.

14