09it049 CYBER-TERRORISM

SEMINAR REPORT
ON

CYBER TERRORISM

Guided By: Dhara Jani Prepared By:09IT049

Department of Information Technology

Charotar Institute of Technology
Charotar University Of Science & Technology
CITC (I-T) Page 1
09it049 CYBER-TERRORISM

CERTIFICATE

This is to certify that the Seminar entitled CYBER TERRORISM is a bonafide report
of the work carried out by Mr. SAURABH PARIKH (09IT049) under the guidance and
supervision for the submission of 3rd semester Department of Information Technology at
Charotar Institute of Technology -Changa. , Gujarat.

To the best of my knowledge and belief, this work embodies the work of candidate
themselves, has duly been completed, fulfills the requirement of the ordinance relating to
the Bachelor degree of the university and is up to the standard in respect of content,
presentation and language for being referred to the examiner.

Guided By: Head of Dept.

Dhara Jani

Assistant Professor,

Department Of Information Technology Department Of Information

Technology

Department of Information technology

Charotar Institute of Technology
Charotar University Of Science & Technology

CITC (I-T) Page 2

09it049 CYBER-TERRORISM

ACKNOWLEDGEMENT

It gives us immense pleasure to present this section as a tribute to those who always stood
by us as a strong and acted torchbearer for us.
Hereby my first and foremost thanking goes to Ms. Dhara Jani for knowledge and
guidance provided to us on the subject. We gratefully thank her for extending to us her
invaluable time and resources.
Now we would like to forward our thanking tribute to , Head of Information Technology
Department, Charotar Institute Of Technology, to whom we own pleasure debt for his
splendid support, inspiration and thought production.
Finally, we would like to thank our faculty members, department and institute for
providing us guidance and resources to make our seminar, a successful story.

PARIKH SAURABH
09IT049

CITC (I-T) Page 3

09it049 CYBER-TERRORISM

Abstract

Cyber terrorism is the wave of the future for terrorists and extremists. Besides physical
attacks such as the bombing of U.S. Embassies and the September 11th, 2001 attacks on
the World Trade Center, Pentagon in Washington D.C. and Shanksville, PA, terrorists
have found a new way to cause destruction.

Connection to the internet has added security risks because anyone can gain access to
anything connected to it, unless there are security measures put in place to help prevent a
breach. Taking a look at cyber terrorism in more detail gives a better idea of how to
lessen these verity of attacks as well as prevent them. It is important to look at the
background of cyberterrorism, what some organizations or individuals are doing to
protect themselves and others, and what the U.S government is doing to help fight cyber
terrorism.

CITC (I-T) Page 4

09it049 CYBER-TERRORISM

INDEX

Sr. No Title Page No

ACKNOWLEDGEMENT ....3

ABSTRACT ..4

1. INTRODUCTION.7

2. CYBER TERRORISM BACKGROUND.9

3. TOOLS USED FOR CYBERCRIME...10

3.1 BOTNETS10

4. CYBER TERRORISM ATTACKS...12

5. WHAT IS BEING DONE TO HELP PREVENT ATTACKS..15

5.1 DARK WEB15

5.2 NORTH ATLANTIC TREATY ORGANIZATION..16

5.3 FEDERAL EFFORTS TO PROTECT COMPUTERS...17

5.4 U.S GOVERNNMENT EFFORTS.18

5.5 FEDERAL BUREAU OF INVESTIGATION (FBI)..19

5.6 NATIONAL SECURITY AGENCY (NSA)...20

5.7 CENTRAL INTELLIGENCE AGENCY....20

5.8 INTER-AGENCY FORUMS..21

6. FUTURE ATTRACTIVE OF CRITICAL INFRASTRUCTURE ...22

SYSTEM

7. EDUCATION AND AWARENESS 23

7.1 IMPROVING SECURITY OF COMMERCIAL SOFTWARE.23

7.2 EDUCATION AND AWARENESS OF CYBERTHREATS....23

7.3 COORDINATION BETWEEN PRIVATE SECTOR AND GOVERNMENT.23

CITC (I-T) Page 5
09it049 CYBER-TERRORISM

8. SUMMARY.25

9. REFERENCES....26

CITC (I-T) Page 6

09it049 CYBER-TERRORISM

1. INTRODUCTION

What is Cyber terrorism?

The premeditated, politically motivated attack against information, computer

Systems, computer programs, and data which result in violence against
Noncombatant targets by sub national groups or clandestine agents.
-Mark M. Pollitt

[The] use of information technology and means by terrorist groups and agents.
-Serge Krasavin

Politically motivated hacking techniques used in an effort to cause grave harm,

included but not limited to loss of life or serious economic damage.
-Larisa Paul

Labeling a cyberattack as cybercrime or cyberterrorism is problematic because of

the difficulty determining with certainty the identity, intent, or the political motivations of
an attacker. Cybercrime can be very broad in scope, and may sometimes involve more
factors than just a computer hack. Cyberterrorism is often equated with the use of
malicious code. However, a cyberterrorism event
may also sometimes depend on the presence of other factors beyond just a
cyberattack.

CITC (I-T) Page 7

09it049 CYBER-TERRORISM

This is what it actually is

Cyberterrorism can be defined in different ways viz. it can be politically

motivated hacking operations intended to cause grave harm such as loss of life or severe
economic damage OR It can be unlawful attacks and threats of attack against computers,
networks, and the information stored therein when done to intimidate or coerce a
government or its people in furtherance of political or social objectives OR It can be a
physical attack that destroys computerized nodes for critical infrastructures, such as the
Internet, telecommunications, or the electric power grid, without ever touching a
keyboard.

Thus, it is possible that if a computer facility were deliberately attacked for political
purposes, all three methods described above (physical attack, cyberattack) might
contribute to, or be labeled as cyberterrorism.

CITC (I-T) Page 8

09it049 CYBER-TERRORISM

2. Cyber Terrorism Background

The terrorist groups are using computers and the Internet to further goals associated with
spreading terrorism. This can be seen in the way that extremists are creating and using
numerous Internet websites for recruitment and fund raising activities, and for Jihad
training purposes. Several criminals who have recently been convicted of cybercrimes
used their technical skills to acquire stolen credit card information in order to finance
other conventional terrorist activities. It is possible that as criminals and terrorist groups
explore more ways to work together, a new type of threat may emerge where extremists
gain access to the powerful network tools now used by cybercriminals to steal personal
information, or to disrupt computer systems that support services through the Internet.

CITC (I-T) Page 9

09it049 CYBER-TERRORISM

3. TOOLS USED FOR CYBERCRIME

3.1 Botnets

Botnets are becoming a major tool for cybercrime, partly because they can be
designed to very effectively disrupt targeted computer systems in different ways, and
because a malicious user, without possessing strong technical skills, can initiate these
disruptive effects in cyberspace by simply renting botnet services from a cybercriminal.
Botnets, or Bot Networks, are made up of vast numbers of compromised computers that
have been infected with malicious code, and can be remotely-controlled through
commands sent via the Internet. Hundreds or thousands of these infected computers can
operate in concert to disrupt or block Internet traffic for targeted victims, harvest
information, or to distribute spam, viruses, or other malicious code.

Botnets have been described as the Swiss Army knives of the underground
economy because they are so versatile. Botnet code was originally distributed as infected
email attachments, but as users have grown more cautious, cybercriminals have turned to
other methods. When users click to view a spam message, botnet code can be secretly
installed on the users PC. A website may be unknowingly infected with malicious code
in the form of an ordinary-looking advertisement banner, or may include a link to an
infected website. Clicking on any of these may install botnet code. Or, botnet code can be
silently uploaded, even if the user takes no action while viewing the website, merely
through some un-patched vulnerability that may exist in the browser. Firewalls and
antivirus software do not necessarily inspect all data that is downloaded through
browsers. Some bot software can even disable antivirus security before infecting the PC.
Once a PC has been infected, the malicious software establishes a secret communications
link to a remote botmaster in preparation to receive new commands to attack a specific
target. Meanwhile, the malicious code may also automatically probe the infected PC for
personal data, or may log keystrokes, and transmit the information to the botmaster.
The Shadow server Foundation is an organization that monitors the number of command
and control servers on the Internet, which indicates the number of bot through May 2007,
approximately 1,400 command and control servers were found to be active on the
Internet. The number of individual infected drones that are controlled by these 1,400
CITC (I-T) Page 10
09it049 CYBER-TERRORISM

servers reportedly grew from half a million to more than 3 million from March to May
2007. Symantec, another security organization, reported that it detected 6 million bot-
infected computers in the second half of 2006. Some botnet owners reportedly rent their
huge networks for US$200 to $300 an hour, and botnets are becoming the weapon of
choice for fraud and extortion.

Newer methods are evolving for distributing bot software that may make it even
more difficult in the future for law enforcement to identify and locate the originating
botmaster. Some studies show that authors of software for botnets are increasingly
using modern, open-source techniques for software development, including the
collaboration of multiple authors for the initial design, new releases to fix bugs in the
malicious code, and development of software modules that make portions of the code
reusable for newer versions of malicious software designed for different purposes. This
increase in collaboration among hackers mirrors the professional code development
techniques now used to create commercial software products, and is expected to make
future botnets even more robust and reliable. This, in turn, is expected to help increase the
demand for malware services in future years.

Traditionally, botnets organize themselves in an hierarchical manner, with a

Central command and control location (sometimes dynamic) for the botmaster. This
central command location is useful to security professionals because it offers a possible
central point of failure for the botnet. However, in the near future, security experts believe
that attackers may use new botnet architectures that are more sophisticated, and more
difficult to detect and trace. One class of botnet architecture that is beginning to emerge
uses peer-to-peer protocol22, which, because of its decentralized control design, is
expected to be more resistant to strategies for countering its disruptive effects. For
example, some experts reportedly argue that a well-designed peer-to-peer botnet may be
nearly impossible to shut down as a whole because it may provide anonymity to the
controller, who can appear as just another node in the bot network.

CITC (I-T) Page 11

09it049 CYBER-TERRORISM

4. CYBERTERRORISM ATTACKS

Cyber-attacks can happen in different ways but, in general, we can categorize them as
attacks against data and attacks against services. In attacks against data, the attacker tries
to access or compromise the data. In an attack against services, the attacker tries to
disrupt services to prevent legitimate users from using those services.

In 1998, a terrorist guerrilla organization flooded Sri Lankan embassies' e-mail

accounts all around the world with 800 e-mails per day for two weeks. The
messages simply read, We are the Internet Black Tigers and were doing this to
interrupt your communications. US Intelligence departments characterized this as
the first known terrorist attack against a countrys computer systems.3 During the
Kosovo conflict, Belgrade hackers were credited with denial of service (DoS)
attacks against NATO's servers. They bombarded NATOs web server with ICMP
packets and "Ping" commands, which test the connectivity of the host and servers.

Similar attacks took place in 2000 during the Palestinian-Israeli cyber war. Pro-
Palestinian hackers used DoS tools to attack Net vision, Israels largest ISP.
Although the initial attacks crippled the ISP, Net vision succeeded in fending off
later assaults by strengthening its security.4 In October 2007, hackers attacked
Ukrainian president Viktor Yushchenko's website. A radical Russian nationalist
youth group, the Eurasian Youth Movement, claimed responsibility (Radio Free
Europe, 2007). Even more recently, in November 2008, the Pentagon suffered
from a cyberattack by a computer virus so alarming that the DOD took the
unprecedented step of banning the use of external hardware devices, such as flash
drives and DVDs (FOX News, 2008).

CITC (I-T) Page 12

09it049 CYBER-TERRORISM

Estonia, 2007

In the Spring of 2007, government computer systems in Estonia experienced a

sustained cyberattack that has been labeled by various observers as cyber warfare,
or cyber terror, or cybercrime. On April 27, officials in Estonia moved a Soviet-
era war memorial commemorating an unknown Russian who died fighting the
Nazis. The move stirred emotions, and led to rioting by ethnic Russians, and the
blockading of the Estonian Embassy in Moscow. The event also marked the
beginning of a series of large and sustained Distributed Denial-Of-Service
(DDOS) attacks launched against several Estonian national websites, including
government ministries and the prime ministers Reform Party.

Jeanson Ancheta, a 21-year-old hacker and member of a group called the

Botmaster Underground, reportedly made more than $100,000 from different
Internet Advertising companies who paid him to download specially-designed
malicious adware code onto more than 400,000 vulnerable PCs he had secretly
infected and taken over. He also made tens of thousands more dollars renting his
400,000-unit botnet herd to other companies that used them to send out spam,
viruses, and other malicious code on the Internet. In 2006, Ancheta was sentenced
to five years in prison.

When crackers in Romania illegally gained access to the computers controlling

the life support systems at an Antarctica research station, endangering the 58
scientists involved. However, the culprits were stopped before damage actually
occurred. Mostly non-political acts of sabotage have caused financial and other
damage, as in a case where a disgruntled employee caused the release of untreated
sewage into water in Maroochy Shire, Australia. Computer viruses have degraded
or shut down some non-essential systems in nuclear power plants, but this is not
believed to have been a deliberate attack. (Note: it is also argued that this is
actually not a case of cyberterrorism, but rather a case of cybercrime, as

CITC (I-T) Page 13

09it049 CYBER-TERRORISM

cyberterrorism requires a political motive and not a primary focus on monetary

gain)

In October 2007, the website of Ukrainian president Viktor Yushchenko was

attacked by hackers. A radical Russian nationalist youth group, the Eurasian
Youth Movement, claimed responsibility.

In 1999 hackers attacked NATO computers. The computers flooded them with
email and hit them with a denial of service (DoS). The hackers were protesting
against the NATO bombings in Kosovo. Businesses, public organizations and
academic institutions were bombarded with highly politicized emails containing
viruses from other European countries.

CITC (I-T) Page 14

09it049 CYBER-TERRORISM

5. What is being done to Help Prevent Attacks

5.1 Dark Web

As of October 2007, there are over a billion internet users, some of which are not friends.
Since September 11th, 2001 there has been a tenfold increase in the number of terrorists
online. There were 70-80 terrorist sites and now there are around 7,000-8,000. What these
websites are doing is spreading militant propaganda to give advice so that others might
join. This is one of the most effective ways of spreading violence around the world.

A man by the name of Hsinchun Chen has created Dark Web, a database, which holds
names of extremists around the world. This database is posted in many languages, can
host as many as 20,000 members and half a million postings. Before Dark Web, Chan
began his first project in 1997. It was a website used for tracking social change such as
crime and terrorism being the main focus. He had the help of the Tucson, Arizona Police
department as well as the National Science Foundation to help develop CopLink. This
was a way that Law enforcement officials could link files and consolidate data. CopLink
is responsible for helping catch the Beltway Snipers in Washington DC in late 2002. This
as well as other successes led the NSF to ask Chen if he would build another system
similar to CopLink to help fight terrorism. Despite a few setbacks, Dark Web was a
success. Chen says that if Dark Web had been online before the Iraq war, there might
have been a good chance that the supposed links between Al Qaeda and Saddam Hussein
could have been proved fact or fiction. (Kotler, 2007)

There are some that are not convinced that Dark Web is a tool for freedom. Marc
Rotenberg, Executive Director of the Electronic Privacy Information Center says that this
tool could be used to track political opponents. Mike German, ACLUs policy counsel on
national security, immigration and privacy claims that just because people say they are
advocating violence, doesnt mean they will actually do it. He says it is a great waste of
critical resources. (Kotler, 2007)

CITC (I-T) Page 15

09it049 CYBER-TERRORISM

Kotler (2007) Also says,

I know this from my time spent undercover, infiltrating exactly these kinds of
organizations:
Every terrorist training manual makes it clear that a huge separation should be kept
between the bomb-makers and the propagandists; between the action wing and the
political wing. This means, by design, Dark Web is chasing the wrong people.

Chen disagrees, saying that it is the Job of the NSA to track the secret member
communications which are encrypted and moved offline. The goal of Dark Web is to look
into the propagandists of the jihad movement. Despite criticism, Dark Web has shown
results. Access to training manuals to build explosives has been found as well as the
location of where they are downloaded. This has led to countermeasures that are keeping
Military units and civilians alike safer.

5.2 North Atlantic Treaty Organization

NATO, which is the European-US defense force, has a contract that started in 2005 with
Telindus, which is a company that offers ICT solutions. NATOs networks cover their 26
members as well as other operational infrastructures such as Afghanistan and the Balkans.
These networks include coverage for telephone, computer, and video conferencing
communications. Non-military operations such as disaster relief and protection of critical
national infrastructure are also covered.

Grant (2007) reported that,

Luc Hellebooge, Telindus's defence unit director and leader on the Nato project, said the
initial contract from Nato's Consultation, Command and Control Agency included
engineering and design, implementation, logistics and quality, proof of concept and roll-
out, testing, acceptance, training and equipment sourcing.

CITC (I-T) Page 16

09it049 CYBER-TERRORISM

As of now there are 70 systems that are on the network. In future phases there will be
more countries, more sites, more nodes, and more network upgrades. The main tasks are
prevention, detection, reaction and recovery. Also Grant (2007) said Putting them
together and handing it over on time and on budget took a lot of cross-domain skills."

Since the new project went live, a lot of attacks were found as well as the growing
expertise of hackers. After the September 11th, 2001 attacks and the May 2007 DDos
attack on Estonia, NATO has become more attentive to cyber defense because they
themselves are vulnerable to attack since they are out in the open just like other
organizations that are on the web. Telinduss biggest component is the intrusion detection
system (IDS). This allows attacks to be identified as well as location of their origin and
what attackers will do in response to the defensive or restorative action.

5.3 Federal Efforts to Protect Computers

The federal government has taken steps to improve its own computer security and to
encourage the private sector to also adopt stronger computer security policies and
practices to reduce infrastructure vulnerabilities. In 2002, the Federal Information
Security Management Act (FISMA) was enacted, giving the Office of Management and
Budget (OMB) responsibility for coordinating information security standards and
guidelines developed by federal agencies. In 2003, the National Strategy to Secure
Cyberspace was published by the Administration to encourage the private sector to
improve computer security for the U.S. critical infrastructure through having federal
agencies set an example for best security practices.

The National Cyber Security Division (NCSD), within the National Protection and
Programs Directorate of the Department of Homeland Security (DHS) oversees a Cyber
Security Tracking, Analysis and Response Center (CSTARC), tasked with conducting
analysis of cyberspace threats and vulnerabilities, issuing alerts and warnings for
cyberthreats, improving information sharing, responding to major cybersecurity incidents,
and aiding in national-level recovery efforts. In addition, a new Cyber Warning and

CITC (I-T) Page 17

09it049 CYBER-TERRORISM

Information Network (CWIN) has begun operation in 50 locations, and serves as an early
warning system for cyberattacks. The CWIN is engineered to be reliable and survivable,
has no dependency on the Internet or the public switched network (PSN), and reportedly
will not be affected if either the Internet or PSN suffer disruptions.

In January 2004, the NCSD also created the National Cyber Alert System (NCAS), a
coordinated national cybersecurity system that distributes information to subscribers to
help identify, analyze, and prioritize emerging vulnerabilities and cyberthreats. NCAS is
managed by the United States Computer Emergency Readiness Team (US-CERT), a
partnership between NCSD and the private sector, and subscribers can sign up to receive
notices from this new service by visiting the US-CERT website.

5.4 U.S. Government Efforts

Congressional Research Services Report

The CRS report for congress talks about the capabilities for cyber-attack by terrorists.
Many of the departments and agencies of the U.S. government have programs that
address cyber security. Some view that the level of federal effort makes cyber-security a
national priority while others see it as unnecessarily redundant. It is seen as the nation
lacking a strategy for cyber terrorism.
Despite criticism, there are many programs that are promising.

Department of Homeland Security (DHS)

Some DHS experts are concerned with the cyber security efforts. While terrorists are
gaining more expertise and experience, the DHS has not progressed in their efforts to
fight cyber terrorism. Others cite that the lack of progress is due to the difficulty in
discovering the intentions, origination, and groups behind cyber intrusions and attacks. In
February 2006, the DHS participated in an exercise called Cyber Storm which tested the
U.S. government, international partners, and the private sectors ability to respond to a
large scale cyber-attack.

CITC (I-T) Page 18

09it049 CYBER-TERRORISM

According to Homeland Security (2006),

Analysis of the exercise produced eight major findings to better position the
United States to enhance the nations cyber preparedness and response
capabilities. The eight cyber-security enhancement findings addressed:
Interagency Coordination, Contingency Planning, Risk Assessment and Roles and
Responsibilities, Correlation of Multiple Incidents between Public and Private
Sectors, Exercise Program, Coordination between Entities of Cyber Incidents,
Common Framework for Response to Information Access, Strategic
Communications and Public Relations, and Improvement of Process, Tools and
Technology.

Department of Defense
In August 2005, DOD Directive 3020.40, the Defense Critical Infrastructure Program,
required the DOD to coordinate with public and private sectors to help protect defense
critical infrastructures from terrorist attacks and cyber-attack. DOD also formed the Joint
Functional Component Command for Network Warfare (JFCCNW). Its purpose is to
defend all DOD computer systems. Lasker (2005) said the expertise and tools used in this
mission are for both offensive and defensive operations.

5.5 Federal Bureau of Investigation (FBI)

The FBI Computer Intrusion program was developed to provide administrative,
operational support and guidance to those investigating computer intrusions. According to
Lourdeau (2004), A Special Technologies and Applications program supports FBI
counterterrorism computer intrusion investigations, and the FBI Cyber International
Investigative program conducts international investigations through coordination with
FBI Headquarters Office of International Operations and foreign law enforcement
agencies.

CITC (I-T) Page 19

09it049 CYBER-TERRORISM

5.6 National Security Agency (NSA)

To reduce vulnerability of national information infrastructure, the NSA has promoted

higher education by creating the National Centers of Academic Excellence in Information
Assurance Education (CAEIAE). The program is intended to create more professionals
with information assurance (IA) experience. To support the Presidents National Strategy
to Secure Cyberspace which was established in 2003, the NSA and DHS joined to
sponsor the program. This program allows four-year colleges and graduate-level
universities to apply to be designated as National Center of Academic Excellence in
Information Assurance Education. According to sources, students attending CAEIAE
schools are eligible to apply for scholarships and grants through the Department of
Defense Information Assurance Scholarship Program and the Federal Cyber Service
Scholarship for Service Program (SFS).

5.7 Central Intelligence Agency (CIA)

The CIA Information Operations Center evaluates threats to U.S. computer systems from
foreign governments, criminal organizations and hackers. In 2005 a cyber-security test
was conducted called Silent Horizon. Its goal was to see how government and industry
could react to Internet based attacks. One of the problems the CIA wanted to figure out
was who was in charge of dealing with a major cyber-attack? The government is in
charge but in practice the defenses are controlled by numerous civilian
telecommunications firms. According to sources, the simulated cyber-attacks were set
five years into the future. The stated premise of the exercise was that cyberspace would
see the same level of devastation as the 9/11 hijackings.
Livewire was an earlier exercise performed similar to Silent Horizon that had
concerns for the governments role during a cyber-attack. What happens if the identified
culprit is a terrorist, foreign government, or a bored teenager? It also questioned whether
or not the government would be able to detect the early stages of an attack without the
help of third party technology companies.

CITC (I-T) Page 20

09it049 CYBER-TERRORISM

5.8 Inter-Agency Forums

The Office of Management and Budget (OMB) created a taskforce to investigate how
agencies can better training, incident response, disaster recovery, and contingency
planning. Also reports said The U.S. Department of Homeland Security has also created a
new National Cyber Security Division that will focus on reducing vulnerabilities in the
governments computing networks, and in the private sector to help protect the critical
infrastructure.

CITC (I-T) Page 21

09it049 CYBER-TERRORISM

6. Future Attractiveness of Critical

Infrastructure Systems
There has yet been no published evidence showing a widespread focus by
Cybercriminals on attacking the control systems that operate the U.S. civilian critical
infrastructure. Disabling infrastructure controls for communications, electrical
distribution or other infrastructure systems, is often described as a likely scenario to
amplify the effects of a simultaneous conventional terrorist attack involving explosives.

However, in 2006, at a security discussion in Williamsburg, Virginia, a government

analyst reportedly stated that criminal extortion schemes may have already occurred,
where cyber attackers have exploited control system vulnerabilities for economic gain.
And, in December 2006, malicious software that automatically scans for control system
vulnerabilities reportedly was made available on the Internet for use by cybercriminals.
This scanner software reportedly can enable individuals with little knowledge about
infrastructure control systems to locate a SCADA computer connected to the Internet, and
quickly identify its security vulnerabilities.

The Idaho National Laboratory is tasked to study and report on technology risks
associated with infrastructure control systems. Past studies have shown that many, if not
most, automated control systems are connected to the Internet, or connected to corporate
administrative systems that are connected to the Internet, and are currently vulnerable to a
cyberattack. And, because many of these infrastructures SCADA systems were not
originally designed with security as a priority, in many cases, new security controls
cannot now be easily implemented to reduce the known security vulnerabilities.
Following past trends, where hackers and cybercriminals have taken advantage of easy
vulnerabilities, some analysts now predict that we may gradually see new instances where
cybercriminals exploit vulnerabilities in critical infrastructure control systems.

CITC (I-T) Page 22

09it049 CYBER-TERRORISM

7. EDUCATION AND AWARENESS

7.1 Improving Security of Commercial Software - Some security experts

emphasize that if systems administrators received the necessary training for keeping their
computer configurations secure, then computer security would greatly improve for the
U.S. critical infrastructure. However, should software product vendors be required to
create higher quality software products that are more secure and that need fewer patches?
Could software vendors possibly increase the level of security for their products by
rethinking the design, or by adding more test procedures during product development?

7.2 Education and Awareness of Cyberthreats - Ultimately, reducing the threat

to national security from cybercrime depends on a strong commitment by government and
the private sector to follow best management practices that help improve computer
security. Numerous government reports already exist that describe the threat of
cybercrime and make recommendations for management practices to improve
cybersecurity.

A 2004 survey done by the National Cyber Security Alliance and AOL showed that most
home PC users do not have adequate protection against hackers, do not have updated
antivirus software protection, and are confused about the protections they are supposed to
use and how to use them. How can computer security training be made available to all
computer users that will keep them aware of constantly changing computer security
threats, and that will encourage them to follow proper security procedures?

7.3 Coordination Between Private Sector and Government - What can be

done to improve sharing of information between federal government, local governments,
and the private sector to improve computer security? Effective cyber security requires
sharing of relevant information about threats, vulnerabilities, and exploits. How can the
private sector obtain information from the government on specific threats which the
government now considers classified, but which may help the private sector protect
against cyberattack? And, how can the government obtain specific information from

CITC (I-T) Page 23

09it049 CYBER-TERRORISM

private industry about the number of successful computer intrusions, when companies
resist reporting because they want to avoid publicity and guard their trade secrets? Should
cybercrime information voluntarily shared with the federal government about successful
intrusions be shielded from disclosure through Freedom of Information Act requests?

How can the United States better coordinate security policies and international law to
gain the cooperation of other nations to better protect against a cyberattack? Pursuit of
hackers may involve a trace back through networks requiring the cooperation of many
Internet Service Providers located in several different nations. Pursuit is made
increasingly complex if one or more of the nations involved has a legal policy or political
ideology that conflicts with that of the United States.

Thirty-eight countries, including the United States, participate in the Council of Europes
Convention on Cybercrime, which seeks to combat cybercrime by harmonizing national
laws, improving investigative abilities, and boosting international cooperation. However,
how effective will the Convention without participation of other countries where
cybercriminals now operate freely?

Intents behind Cyber Terrorrism:

Political protestors may have rented the services of cybercriminals, possibly a
large network of infected PCs, called a botnet, to help disrupt the computer
systems of the Estonian government.
cyber-attacks from individuals and countries targeting economic, political, and
military organizations
Cybercriminals have reportedly made alliances with drug traffickers in
Afghanistan, the Middle East, and elsewhere where profitable illegal activities are
used to support terrorist groups
Trends in cybercrime are described, showing how malicious Internet websites,
and other cybercrimes such as identity theft are linked to conventional terrorist
activity.

CITC (I-T) Page 24

09it049 CYBER-TERRORISM

8. Summary
In todays society it is apparent that cyber-crime is a problem especially since it can be
difficult to determine if an attack is from a hacker or from a hacker that is a terrorist or
terrorist group. Looking at the history of cyber-crime it has been shown that there is
definitely a need for more protection. Knowing that cyber terrorism exists is the first step
to a solution. Hsinchun Chen, the creator of Dark Web went from helping out local law
enforcement to helping with terrorism on the internet. NATO has taken steps to protect its
organization with the help of a third party specializing in security solutions. Also the
United States government departments have jointly and separately created programs to
fight terrorism as well as programs to educate others.

CITC (I-T) Page 25

09it049 CYBER-TERRORISM

9. REFERENCES:

1. http://www.cyberterrorism.com
2. http://eee.wikipidia.com
3. http://www.usatoday.com/tech/news/techpolicy/2005-05-26-cia-wargames_x.htm
4. http://www.cyberterrorism.com/ - official cyberterrorism website
5. http://www.informationweek.com/news/showArticle.jhtml?articleID=199701774

CITC (I-T) Page 26