Introduction - TIS Eagles · 2018-09-29 · TIANMUN 2018 Advisory Panel – 6 2016 when North Korean hackers allegedly broke into Korea’s governmental (military) database to steal

TIANMUN 2018 Advisory Panel –

1

This image shows the all the words on the Wikipedia “Cyberterrorism” page with a frequency of being mentioned

for over 10 times.

FORUM: Advisory Panel

ISSUE: Measures to Combat Cyber Terrorism on

Government Database

STUDENT OFFICER: Jessica Wang

POSITION: President of Advisory Panel

Introduction

North Korean hacking groups have

accused to have constantly conducting cyber-

attack to other nations, such as the 2013 South

Korea Cyber-attack. The 2013 South Korea

Cyber-attack started when the network system

of the three main banks and two major

broadcasters were paralyzed. South Korean

residents were unable to withdraw money at

that time due to this attack. Officials from the

Korea Communications Commission informed

the public that this origin of this disruption was

located to a Chinese Internet provider address. However, an official working at the South Korean

science ministry, Lee SeungWon, stated that the malignant codes used by the attackers during this

cyber-attack were similar to the codes that were used by the North previously. This has caused the

responsibility to stay unclear. Imagine these attacks being conducted on government databases,

databases that contain hundreds and thousands of confidential documents. Cyberterrorism on

government database can cause devastating effects and is slightly harder to trace after. This is one

reason why the Deputy Attorney General of Iran, Abdul-Samad Khorramabadi, stressed to

representatives from world to help fight against cyber terrorism used to recruit and finance various

terrorist groups in 2017.

The definition of cyberterrorism is quite controversial. The FBI has a very narrow

explanation of cyberterrorism, whereas many other specialists and organizations believe in a broader

definition, including attacks with relatively less damage (such as cybercrimes). Some believe that the

attack must directly or indirectly cause deaths of victims to be classified as a cyberterrorist attack,


2

This image shows what would be displayed on the device if an individual or company was targeted by the WannaCry ransomware

attack

and others believe that death is not a crucial factor of determining whether or not the attack is a

cyberterrorist attack. The effects of cyberterrorism can be seen through various examples, such as the

cyberterrorist attack that struck Atlanta, Georgia, in March 2018. This ransomware attack will

require the government to spend approximately 2.6 million US dollars to recover.

Background With the term being

coined by Barry C. Collin in the

1980s, the significance of this

issue exponentially increased as

2000 approached with the Year

2000 problem (also known as the

Millennium bug). Cyberterrorism

gained attention again after the

September 11 attacks conducted

by terrorists, bringing fear to the

Western World about the potential

threats of cyberterrorism. Some

examples of cyberterrorism include

when hackers interrupt networks

that cause public inconveniences or prevent access to certain websites with information that the

hackers oppose; acquire, deactivate, or alter signals in charge of military technology; or disrupting

infrastructure systems. By disrupting infrastructure systems like water treatment plant or a pipeline,

major cities can be thrown into chaos that could endanger public health and public safety. Methods

to cause cyberterrorism can be separated into two main categories: un-targeted attacks and targeted

attacks. An example of un-targeted attacks includes ransomware; target attacks can be in many forms

such as distributed denial of service and phishing attacks. For example, the WannaCry ransomware

includes an application that both encrypts and decrypts data, demanding $300-$600 worth of bitcoin

from the user in order to decrypt the files. The effects of ransomware attacks cannot be ignored; in a

short duration of four days, the WannaCry ransomware attack was able to affect more than 300,000

computers in 150 different countries. The United States and the United Kingdom believe that North

Korea was behind the WannaCry ransomware attack. Thomas Bossert, the former Homeland


3

This image from Crowd shows how ransomware attacks are conducted.

Security Advisor to U.S. President Donald Trump, later added that Australia, Canada, and New

Zealand agree with the conclusion that the WannaCry ransomware attack was under control of North

Korea. Europol, the European Union’s law enforcement agency, is an organization that aims for a

safer Europe to benefit all European Union citizens. “Ransomware has widened the range of

potential malware victims, impacting victims indiscriminately across multiple industries in both the

private and public sectors,” Europol warns the public about the development of ransomware attacks.

Problems Raised Losing Important Confidential Documents Some hackers attack with an economic purpose and some hack for a political purpose, like

the ones who participated in the 2016 incident in which 235 gigabits of confidential documents were

stolen by North Korean hackers. Some documents that were hacked address issues such as “how to

identify movements of members of the North Korean leadership” and “how to seal off their hiding

locations.” A member of the South Korean National Assembly’s committee for national defense, Mr.

Rhee, claims even though 80 percent of the hacked data reminds unclear, it is impossible for North

Korea to have hacked and gotten information about the operation plans with the United States since

it was not fully uploaded yet. However, Moon Sang-gyun, a Defense Ministry spokesman, declined

to make any comment on the claims made by Mr. Rhee. Moon Sang-gyun simply stated that “It is

assumed that this was the work of North Korea” about this cyberterrorism attack. Since the South

Korean ministry believes that releasing more information about this incident would benefit North

Korea, this attack mainly remains ambiguous with minimum officially confirmed information.

Ransomware Fines (Blackmail) Often times, after a group of hackers, or

one hacker, successfully causes damage, the

ones causing the ransomware attack will

demand a fine to be paid before everything can

go back to normal. For instance, this is exactly

what happened during the cyberterrorist attack

that struck Atlanta, Georgia, in March 2018.

The city publicly claimed this attack as a


4

This is how the FIDO alliance provides stronger security.

ransomware cyberattack which affected various applications and client devices, which caused public

inconveniences. This attack caused many city services to be inaccessible, including online-bill

paying services. This inaccessibility for more than six days for a technology-dependent society

caused many employees of different fields, such as police officers, to write reports by hand until the

computer systems start to function properly again. There is no official verification of a ransom

amount; however, Mayor Keisha Lance Bottoms stated that the hackers demanded for $51,000 with

an estimation of $2.6 million to fully recover from the attack.

International Actions National Protections Against Cyberterrorism Most, if not all, nations have realized the importance of having a department or departments

focusing on protection against cyberterrorism. For instance, in May 2011, the Chinese Defense

Ministry has confirmed the existence of an online defense unit called the “Cyber Blue Team,” or

“Blue Army.” Sometimes, emergency groupings of people are formed right after a region faces

cyberterrorism. For example, after the 2018 Atlanta Ransomware Cyberattack, a multi-functional

team was created in response to the attack with representatives from both the public and private

division, which includes those from “city officials, […] law enforcement, the FBI, Department of

Homeland Security, the Secret Service and independent forensic experts.” This response team was

established not only to investigate what has happened during the 2018 Atlanta Ransomware

Cyberattack, but also to improve the protection against cyberterrorism for the whole country.

The FIDO (“Fast IDentity Online”) Alliance The main focus of this organization is to

“address the lack of interoperability among strong

authentication devices and the problems users face

creating and remembering multiple usernames and

passwords.” Although this was implemented by

many top companies such as Google, Alibaba,

American Express, and Bank of America, this

alliance does not have cooperation with governments

to enhance the government’s cybersecurity. By encouraging individual members states to collaborate

with the FIDO alliance could possibly help combat cyberterrorism on government data.


5

This is an article written on the newspaper in December 2016 about Russia’s influence on the 2016 U.S.

Presidential Election.

Key Players Russia In 2013, Barack Obama, Vladimir

Putin, and Xi Jinping have joined together to

discuss about the ways to improve

cybersecurity to combat cyberterrorism. The

FBI and Department of Homeland Security

have joined together in 2018 March and

released a report about cyberterrorism

conducted by Russian hacker that has

continued from at least March 2016. The FBI

and the Department of Homeland Security say

that the Russian government has “targeted U.S. government entities and multiple U.S. critical

infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and

critical manufacturing sectors.” It is said that often times, Russian hackers would start by hacking

groups with less secure networks than their main targets and then get to their ultimate target after

collecting important information. The United States Treasury Department has announced sanctions

on various Russian groups and individuals who have participated in altering the results of the United

States Presidential Election 2016.

North Korea North Korea has been conducting numerous cyberattacks, some attacks were counted as

cyberterrorism. For example, during the 2016 Korean Ministry of Defense cyber-attack incident,

North Korean hackers stole 235 gigabytes of confidential documents from the military database of

the Republic of Korea; rumors spread that the documents include ones about United States-South

Korean military plans. North Korea actually denies responsibility for this cyber-attack and declares

that South Korea is behind this, forging claims about cyber-attacks.

Republic of Korea Based on the 2016 Deloitte Asia-Pacific Defense Outlook, South Korea is the most

vulnerable Asia-Pacific country to cyber-attacks. One of the most notable recent issues was during


6

2016 when North Korean hackers allegedly broke into Korea’s governmental (military) database to

steal United States-South Korean military plan and the hackers were successful. They were able to

steal numerous confidential documents, including a ‘decapitation’ plan, through a spam of a year.

This ‘decapitation’ plan was a plan to remove the North Korean leader, Kim Jong-un, in response to

North Korea conducting its sixth nuclear test that month. The Republic of Korea recognizes North

Korean hacks have stolen three-hundred lower-classification confidential documents beyond any

doubt; however, they still have eighty percent of the total 235 gigabytes of stolen data unidentified.

Korea was able to develop contemporary technology, but Korea’s cybersecurity was not developed

as impregnable as its trendiness.

United States The United States, like all other nations, recognizes the importance of cybersecurity.

According to Government Computing, the US Department of Homeland Security (DHS) has

revealed their new cybersecurity strategy for the government. The DHS has set one of their focus of

this strategy on “increasing security and resilience across government networks and critical

infrastructure.” The five fundamental aspects of this new strategy include risk identification,

vulnerability reduction, threat reduction, consequence mitigation, and enable cybersecurity outcomes.

The two aspects that are focused on cybersecurity for the government includes vulnerability

reduction and threat reduction. Vulnerability reduction specifically targets to “protect federal

government information systems by reducing the vulnerabilities of federal agencies to ensure they

achieve an adequate level of cybersecurity”; threat reduction, on the other hand, reduces national

cyber threats by countering transnational criminal organizations and sophisticated cyber criminals.

Possible Solutions Multi-Factor Authentication Multi-factor authentication adds a second level of authentication to an account log-in; it is

like adding an extra lock to the door. Many websites like LinkedIn, Twitter, Microsoft, Apple, and

Google have implemented the two-factor authentication. The government databases can do the same:

set up multi-factor authentications for the limited privileged ones who can access confidential

documents on the government’s database.

International Cooperation


7

This image shows Europol’s attempt to combat ransomware attacks.

Europol’s call for more coordination between

law enforcement agencies to combat cyberterrorism

and cyberattacks together is not a coincidence. By

promoting information exchange between countries

about cyberterrorism, such as practices and lessons

learned from previous cyberterrorism attacks, the

defence level against cyberterrorism can improve on a

global scale.

Glossary Cyberterrorism “The FBI definesterrorism as a premeditated,

politically motivated attack against information,

computer systems, computer programs and data which

results in violence against non-combatant targets by

subnational groups or clandestine agents.” A NATO

(2008) document defined cyberterrorism as “a cyber-

attack using or exploiting computer or communication

networks to cause sufficient destruction to generate

fear or intimidate a society into an ideological goal.” The Center for Strategic and International

Studies (CSIS) defines cyberterrorism as “the use of computer network tools to shut down critical

national infrastructures (e.g., energy, transportation, government operations) or to coerce or

intimidate a government or civilian population.” The term cyberterrorism is quite controversial,

additional definitions are added for reference.

Ransomware Attacks Ransomware attacks are defined as “infecting a system by encrypting files and/or locking the

users’ access to said system; then requiring the target to give a ‘ransom’ in order to gain normal

access again.


8

Sources “Atlanta, GA.” Atlanta, GA: History, www.atlantaga.gov/government/ransomware-cyberattack-

information.

Bicknell, David. “US Department of Homeland Security Reveals New Cybersecurity

Strategy.” Government Computing Network, 16 May 2018,

www.governmentcomputing.com/security/news/us-department-homeland-security-reveals-

new-cybersecurity-strategy.

“Cyber Terror.” FBI, FBI, 1 Nov. 2011, leb.fbi.gov/articles/featured-articles/cyber-terror.

“Cyber-Attack: US and UK Blame North Korea for WannaCry.” BBC News, BBC, 19 Dec. 2017,

www.bbc.com/news/world-us-canada-42407488.

Deere, Stephen. “CONFIDENTIAL REPORT: Atlanta's Cyber Attack Could Cost Taxpayers $17

Million.” Ajc, The Atlanta Journal-Constitution, 2 Aug. 2018,

www.ajc.com/news/confidential-report-atlanta-cyber-attack-could-hit-

million/GAljmndAF3EQdVWlMcXS0K/.

Hutcherson, Kimberly. “Six Days after a Ransomware Cyberattack, Atlanta Officials Are Filling out

Forms by Hand.” CNN, Cable News Network, 28 Mar. 2018,

edition.cnn.com/2018/03/27/us/atlanta-ransomware-computers/index.html.

“Iran Calls for International Cooperation against Cyber Terrorism.” IFP News, 22 Sept. 2018,

ifpnews.com/exclusive/iran-calls-for-international-cooperation-against-cyber-terrorism/.

Kim, Christine. “North Korea Hackers Stole South Korea-U.S. Military Plans to

Wipe...” Reuters, Thomson Reuters, 11 Oct. 2017, www.reuters.com/article/us-

northkorea-cybercrime-southkorea/north-korea-hackers-stole-south-korea-u-s-military-

plans-to-wipe-out-north-korea-leadership-lawmaker-idUSKBN1CF1WT.

Locklear, Mallory. “DHS and FBI Warn Russia Is behind Cyberattacks on US

Infrastructure.” Engadget, 15 Mar. 2018, www.engadget.com/2018/03/15/dhs-fbi-warn-russia-

behind-infrastructure-cyberattacks/.

“Members: Bringing Together an Ecosystem.” FIDO Alliance,

fidoalliance.org/participate/members-bringing-together-ecosystem/.

Pototsky, Dan. “US, Russia, China Meet to Tackle Cyberterrorism.” Russia Beyond, Russia Beyond,

8 June 2013,


9

www.rbth.com/international/2013/06/07/us_russia_china_meet_to_tackle_cyberterrorism_268

67.html.

SANG-HUN, CHOE. “Cyberattack Hits South Korean Banking Networks.” The New York Times,

The New York Times, 20 Mar. 2013, www.nytimes.com/2013/03/21/world/asia/south-korea-

computer-network-crashes.html.

Sang-hun, Choe. “North Korean Hackers Stole U.S.-South Korean Military Plans, Lawmaker

Says.” The New York Times, The New York Times, 10 Oct. 2017,

www.nytimes.com/2017/10/10/world/asia/north-korea-hack-war-plans.html.

“Significant Cyber Incidents.” Nuclear Stability in a Post-Arms Control World | Center for

Strategic and International Studies, www.csis.org/programs/cybersecurity-and-

governance/technology-policy-program/other-projects-cybersecurity.

“What Is Cyberterrorism? - Definition from WhatIs.com.” SearchSecurity,

searchsecurity.techtarget.com/definition/cyberterrorism.