Professional Documents
Culture Documents
SEMINAR REPORT
ON
CYBER TERRORISM
CERTIFICATE
This is to certify that the Seminar entitled CYBER TERRORISM is a bonafide report
of the work carried out by Mr. SAURABH PARIKH (09IT049) under the guidance and
supervision for the submission of 3rd semester Department of Information Technology at
Charotar Institute of Technology -Changa. , Gujarat.
To the best of my knowledge and belief, this work embodies the work of candidate
themselves, has duly been completed, fulfills the requirement of the ordinance relating to
the Bachelor degree of the university and is up to the standard in respect of content,
presentation and language for being referred to the examiner.
Dhara Jani
Assistant Professor,
ACKNOWLEDGEMENT
It gives us immense pleasure to present this section as a tribute to those who always stood
by us as a strong and acted torchbearer for us.
Hereby my first and foremost thanking goes to Ms. Dhara Jani for knowledge and
guidance provided to us on the subject. We gratefully thank her for extending to us her
invaluable time and resources.
Now we would like to forward our thanking tribute to , Head of Information Technology
Department, Charotar Institute Of Technology, to whom we own pleasure debt for his
splendid support, inspiration and thought production.
Finally, we would like to thank our faculty members, department and institute for
providing us guidance and resources to make our seminar, a successful story.
PARIKH SAURABH
09IT049
Abstract
Cyber terrorism is the wave of the future for terrorists and extremists. Besides physical
attacks such as the bombing of U.S. Embassies and the September 11th, 2001 attacks on
the World Trade Center, Pentagon in Washington D.C. and Shanksville, PA, terrorists
have found a new way to cause destruction.
Connection to the internet has added security risks because anyone can gain access to
anything connected to it, unless there are security measures put in place to help prevent a
breach. Taking a look at cyber terrorism in more detail gives a better idea of how to
lessen these verity of attacks as well as prevent them. It is important to look at the
background of cyberterrorism, what some organizations or individuals are doing to
protect themselves and others, and what the U.S government is doing to help fight cyber
terrorism.
INDEX
ABSTRACT ..4
1. INTRODUCTION.7
3.1 BOTNETS10
SYSTEM
8. SUMMARY.25
9. REFERENCES....26
1. INTRODUCTION
[The] use of information technology and means by terrorist groups and agents.
-Serge Krasavin
Thus, it is possible that if a computer facility were deliberately attacked for political
purposes, all three methods described above (physical attack, cyberattack) might
contribute to, or be labeled as cyberterrorism.
The terrorist groups are using computers and the Internet to further goals associated with
spreading terrorism. This can be seen in the way that extremists are creating and using
numerous Internet websites for recruitment and fund raising activities, and for Jihad
training purposes. Several criminals who have recently been convicted of cybercrimes
used their technical skills to acquire stolen credit card information in order to finance
other conventional terrorist activities. It is possible that as criminals and terrorist groups
explore more ways to work together, a new type of threat may emerge where extremists
gain access to the powerful network tools now used by cybercriminals to steal personal
information, or to disrupt computer systems that support services through the Internet.
3.1 Botnets
Botnets are becoming a major tool for cybercrime, partly because they can be
designed to very effectively disrupt targeted computer systems in different ways, and
because a malicious user, without possessing strong technical skills, can initiate these
disruptive effects in cyberspace by simply renting botnet services from a cybercriminal.
Botnets, or Bot Networks, are made up of vast numbers of compromised computers that
have been infected with malicious code, and can be remotely-controlled through
commands sent via the Internet. Hundreds or thousands of these infected computers can
operate in concert to disrupt or block Internet traffic for targeted victims, harvest
information, or to distribute spam, viruses, or other malicious code.
Botnets have been described as the Swiss Army knives of the underground
economy because they are so versatile. Botnet code was originally distributed as infected
email attachments, but as users have grown more cautious, cybercriminals have turned to
other methods. When users click to view a spam message, botnet code can be secretly
installed on the users PC. A website may be unknowingly infected with malicious code
in the form of an ordinary-looking advertisement banner, or may include a link to an
infected website. Clicking on any of these may install botnet code. Or, botnet code can be
silently uploaded, even if the user takes no action while viewing the website, merely
through some un-patched vulnerability that may exist in the browser. Firewalls and
antivirus software do not necessarily inspect all data that is downloaded through
browsers. Some bot software can even disable antivirus security before infecting the PC.
Once a PC has been infected, the malicious software establishes a secret communications
link to a remote botmaster in preparation to receive new commands to attack a specific
target. Meanwhile, the malicious code may also automatically probe the infected PC for
personal data, or may log keystrokes, and transmit the information to the botmaster.
The Shadow server Foundation is an organization that monitors the number of command
and control servers on the Internet, which indicates the number of bot through May 2007,
approximately 1,400 command and control servers were found to be active on the
Internet. The number of individual infected drones that are controlled by these 1,400
CITC (I-T) Page 10
09it049 CYBER-TERRORISM
servers reportedly grew from half a million to more than 3 million from March to May
2007. Symantec, another security organization, reported that it detected 6 million bot-
infected computers in the second half of 2006. Some botnet owners reportedly rent their
huge networks for US$200 to $300 an hour, and botnets are becoming the weapon of
choice for fraud and extortion.
Newer methods are evolving for distributing bot software that may make it even
more difficult in the future for law enforcement to identify and locate the originating
botmaster. Some studies show that authors of software for botnets are increasingly
using modern, open-source techniques for software development, including the
collaboration of multiple authors for the initial design, new releases to fix bugs in the
malicious code, and development of software modules that make portions of the code
reusable for newer versions of malicious software designed for different purposes. This
increase in collaboration among hackers mirrors the professional code development
techniques now used to create commercial software products, and is expected to make
future botnets even more robust and reliable. This, in turn, is expected to help increase the
demand for malware services in future years.
4. CYBERTERRORISM ATTACKS
Cyber-attacks can happen in different ways but, in general, we can categorize them as
attacks against data and attacks against services. In attacks against data, the attacker tries
to access or compromise the data. In an attack against services, the attacker tries to
disrupt services to prevent legitimate users from using those services.
Similar attacks took place in 2000 during the Palestinian-Israeli cyber war. Pro-
Palestinian hackers used DoS tools to attack Net vision, Israels largest ISP.
Although the initial attacks crippled the ISP, Net vision succeeded in fending off
later assaults by strengthening its security.4 In October 2007, hackers attacked
Ukrainian president Viktor Yushchenko's website. A radical Russian nationalist
youth group, the Eurasian Youth Movement, claimed responsibility (Radio Free
Europe, 2007). Even more recently, in November 2008, the Pentagon suffered
from a cyberattack by a computer virus so alarming that the DOD took the
unprecedented step of banning the use of external hardware devices, such as flash
drives and DVDs (FOX News, 2008).
Estonia, 2007
In 1999 hackers attacked NATO computers. The computers flooded them with
email and hit them with a denial of service (DoS). The hackers were protesting
against the NATO bombings in Kosovo. Businesses, public organizations and
academic institutions were bombarded with highly politicized emails containing
viruses from other European countries.
As of October 2007, there are over a billion internet users, some of which are not friends.
Since September 11th, 2001 there has been a tenfold increase in the number of terrorists
online. There were 70-80 terrorist sites and now there are around 7,000-8,000. What these
websites are doing is spreading militant propaganda to give advice so that others might
join. This is one of the most effective ways of spreading violence around the world.
A man by the name of Hsinchun Chen has created Dark Web, a database, which holds
names of extremists around the world. This database is posted in many languages, can
host as many as 20,000 members and half a million postings. Before Dark Web, Chan
began his first project in 1997. It was a website used for tracking social change such as
crime and terrorism being the main focus. He had the help of the Tucson, Arizona Police
department as well as the National Science Foundation to help develop CopLink. This
was a way that Law enforcement officials could link files and consolidate data. CopLink
is responsible for helping catch the Beltway Snipers in Washington DC in late 2002. This
as well as other successes led the NSF to ask Chen if he would build another system
similar to CopLink to help fight terrorism. Despite a few setbacks, Dark Web was a
success. Chen says that if Dark Web had been online before the Iraq war, there might
have been a good chance that the supposed links between Al Qaeda and Saddam Hussein
could have been proved fact or fiction. (Kotler, 2007)
There are some that are not convinced that Dark Web is a tool for freedom. Marc
Rotenberg, Executive Director of the Electronic Privacy Information Center says that this
tool could be used to track political opponents. Mike German, ACLUs policy counsel on
national security, immigration and privacy claims that just because people say they are
advocating violence, doesnt mean they will actually do it. He says it is a great waste of
critical resources. (Kotler, 2007)
Chen disagrees, saying that it is the Job of the NSA to track the secret member
communications which are encrypted and moved offline. The goal of Dark Web is to look
into the propagandists of the jihad movement. Despite criticism, Dark Web has shown
results. Access to training manuals to build explosives has been found as well as the
location of where they are downloaded. This has led to countermeasures that are keeping
Military units and civilians alike safer.
NATO, which is the European-US defense force, has a contract that started in 2005 with
Telindus, which is a company that offers ICT solutions. NATOs networks cover their 26
members as well as other operational infrastructures such as Afghanistan and the Balkans.
These networks include coverage for telephone, computer, and video conferencing
communications. Non-military operations such as disaster relief and protection of critical
national infrastructure are also covered.
As of now there are 70 systems that are on the network. In future phases there will be
more countries, more sites, more nodes, and more network upgrades. The main tasks are
prevention, detection, reaction and recovery. Also Grant (2007) said Putting them
together and handing it over on time and on budget took a lot of cross-domain skills."
Since the new project went live, a lot of attacks were found as well as the growing
expertise of hackers. After the September 11th, 2001 attacks and the May 2007 DDos
attack on Estonia, NATO has become more attentive to cyber defense because they
themselves are vulnerable to attack since they are out in the open just like other
organizations that are on the web. Telinduss biggest component is the intrusion detection
system (IDS). This allows attacks to be identified as well as location of their origin and
what attackers will do in response to the defensive or restorative action.
The federal government has taken steps to improve its own computer security and to
encourage the private sector to also adopt stronger computer security policies and
practices to reduce infrastructure vulnerabilities. In 2002, the Federal Information
Security Management Act (FISMA) was enacted, giving the Office of Management and
Budget (OMB) responsibility for coordinating information security standards and
guidelines developed by federal agencies. In 2003, the National Strategy to Secure
Cyberspace was published by the Administration to encourage the private sector to
improve computer security for the U.S. critical infrastructure through having federal
agencies set an example for best security practices.
The National Cyber Security Division (NCSD), within the National Protection and
Programs Directorate of the Department of Homeland Security (DHS) oversees a Cyber
Security Tracking, Analysis and Response Center (CSTARC), tasked with conducting
analysis of cyberspace threats and vulnerabilities, issuing alerts and warnings for
cyberthreats, improving information sharing, responding to major cybersecurity incidents,
and aiding in national-level recovery efforts. In addition, a new Cyber Warning and
Information Network (CWIN) has begun operation in 50 locations, and serves as an early
warning system for cyberattacks. The CWIN is engineered to be reliable and survivable,
has no dependency on the Internet or the public switched network (PSN), and reportedly
will not be affected if either the Internet or PSN suffer disruptions.
In January 2004, the NCSD also created the National Cyber Alert System (NCAS), a
coordinated national cybersecurity system that distributes information to subscribers to
help identify, analyze, and prioritize emerging vulnerabilities and cyberthreats. NCAS is
managed by the United States Computer Emergency Readiness Team (US-CERT), a
partnership between NCSD and the private sector, and subscribers can sign up to receive
notices from this new service by visiting the US-CERT website.
Department of Defense
In August 2005, DOD Directive 3020.40, the Defense Critical Infrastructure Program,
required the DOD to coordinate with public and private sectors to help protect defense
critical infrastructures from terrorist attacks and cyber-attack. DOD also formed the Joint
Functional Component Command for Network Warfare (JFCCNW). Its purpose is to
defend all DOD computer systems. Lasker (2005) said the expertise and tools used in this
mission are for both offensive and defensive operations.
The Idaho National Laboratory is tasked to study and report on technology risks
associated with infrastructure control systems. Past studies have shown that many, if not
most, automated control systems are connected to the Internet, or connected to corporate
administrative systems that are connected to the Internet, and are currently vulnerable to a
cyberattack. And, because many of these infrastructures SCADA systems were not
originally designed with security as a priority, in many cases, new security controls
cannot now be easily implemented to reduce the known security vulnerabilities.
Following past trends, where hackers and cybercriminals have taken advantage of easy
vulnerabilities, some analysts now predict that we may gradually see new instances where
cybercriminals exploit vulnerabilities in critical infrastructure control systems.
A 2004 survey done by the National Cyber Security Alliance and AOL showed that most
home PC users do not have adequate protection against hackers, do not have updated
antivirus software protection, and are confused about the protections they are supposed to
use and how to use them. How can computer security training be made available to all
computer users that will keep them aware of constantly changing computer security
threats, and that will encourage them to follow proper security procedures?
private industry about the number of successful computer intrusions, when companies
resist reporting because they want to avoid publicity and guard their trade secrets? Should
cybercrime information voluntarily shared with the federal government about successful
intrusions be shielded from disclosure through Freedom of Information Act requests?
How can the United States better coordinate security policies and international law to
gain the cooperation of other nations to better protect against a cyberattack? Pursuit of
hackers may involve a trace back through networks requiring the cooperation of many
Internet Service Providers located in several different nations. Pursuit is made
increasingly complex if one or more of the nations involved has a legal policy or political
ideology that conflicts with that of the United States.
Thirty-eight countries, including the United States, participate in the Council of Europes
Convention on Cybercrime, which seeks to combat cybercrime by harmonizing national
laws, improving investigative abilities, and boosting international cooperation. However,
how effective will the Convention without participation of other countries where
cybercriminals now operate freely?
8. Summary
In todays society it is apparent that cyber-crime is a problem especially since it can be
difficult to determine if an attack is from a hacker or from a hacker that is a terrorist or
terrorist group. Looking at the history of cyber-crime it has been shown that there is
definitely a need for more protection. Knowing that cyber terrorism exists is the first step
to a solution. Hsinchun Chen, the creator of Dark Web went from helping out local law
enforcement to helping with terrorism on the internet. NATO has taken steps to protect its
organization with the help of a third party specializing in security solutions. Also the
United States government departments have jointly and separately created programs to
fight terrorism as well as programs to educate others.
9. REFERENCES:
1. http://www.cyberterrorism.com
2. http://eee.wikipidia.com
3. http://www.usatoday.com/tech/news/techpolicy/2005-05-26-cia-wargames_x.htm
4. http://www.cyberterrorism.com/ - official cyberterrorism website
5. http://www.informationweek.com/news/showArticle.jhtml?articleID=199701774