18

SHOCKWAVEWRITER

Some, looking for sensationalism think ofevery attack against a computer as a ter-rorist act. When one hears of such talk,reads it in some newspaper column, thefirst thing we must do is consider thesource and what motives they may havefor saying such things. Let’s begin withthe reporters. They of course are not somuch interested in factual reporting asgetting their column accepted by theirboss (who is only interested in sellingnewspapers) and a little publicity forthemselves. After all, they have careergoals like the rest of us. The only thingthey know about terrorism is what some-one tells them. So, who’s doing the talk-ing? Consultants, so-called experts interrorism, information systems security,law enforcement and criminal investiga-tors. Are they giving us advanced warningfor our own safety, making a pitch formore budget, or trying to get a little pub-licity by hyping the threats, and of course,maybe a lucrative consulting contract.

Let’s look at one of these articles, whichhas banner headlines that begin with thewords, ‘Web of fear’. We won’t furtheridentify the reporter or the newspaper asno sense in embarrassing them (if that isat all possible) as they have plenty of com-pany out there in selling sensationalismthat sells newspapers.

The article listed three example of‘cyber-terrorism’:

IRA sympathizers at the University ofTexas disclosing sensitive details of British

army bases in Northern Ireland on theInternet. So, because they transmit theinformation via the Internet, it is a direwarning of cyber-terrorism? Now, I askyou, is an IRA sympathizer now a terror-ist?

A ‘DENIAL of service’ attack by TamilTigers, who bombarded Sri Lankanembassies with E-mail, causing their Internetsystems to crash. Tamil Tigers are consideredterrorists by those in power and ‘freedomfighters’ by those that support them — aswith any so-called terrorist group. Now, isthis really a cyber-terrorist attack? If so,then I hope all terrorist come online anduse this technique. Imagine the number oflives it would save!

DURING the recent bombing campaignin Yugoslavia, NATO found itself underattack by a flood of 2000 virus-laden E-mailsa day. Was NATO, during its bombingcampaign in Yugoslavia, attacked by acyber-terrorist? Why stop there? Was thelastest global ‘attack’ by the ‘love virus’ aterrorist act? Some may want you to thinkso as they sit waiting for some real terroristattack to take place in cyberspace. Thatwas war. Is warfare terrorism? Remember,anyone can call anyone or any incident aterrorist act.

The article went on to talk about virus-es and hackers, not terrorism as definedby most knowledgeable people.

An American television show,‘America’s Most Wanted’ aired an episodeabout ‘cyber- terrorism’. TV Guide

magazine said it was about, “ExaminingUS government efforts to stop criminalcomputer hackers, who can disrupt vitalcity services”. It included an overview of‘cyber terrorism’ to include ‘easy targets;wide-ranging effects; and a profile of adangerous hacker’. Now hackers are ter-rorists. We seem to see all kinds of dan-gers in ‘hackers’.

Well, before the sensationalists, ‘terroristexperts’, and others begin to increase theircampaign of fear mongering and hype, let’stake a look at this entire matter of terror-ism and what I like to call techno-terrorism.

In order to do that, let’s start with somebasic definitions. After all, the under-standing of what is meant by the term‘terrorists’ and ‘terrorism’ will help keepus focused on the issue. I am usingUnited States definitions quite franklybecause they were the easiest to find.

The United States FBI defines terror-ism as follows: Terrorism is the unlawfuluse of force or violence against persons orproperty to intimidate or coerce a govern-ment, the civilian population or any seg-ment thereof, in furtherance of political orsocial objectives. So, when those in powerdo it, it is lawful. It is defending thenation-state and its citizens. When some-one or some group doesn’t like the gov-ernment in power, it would of course becalled unlawful by the government inpower. This is an important point becauseit depends on what side of the govern-ment you are on. Often, that is all thatseparates one from being a terrorist and agovernment employee!

The United States Central IntelligenceAgency says: International terrorism is ter-rorism conducted with the support of foreigngovernments or organizations and/or direct-ed against foreign nations, institutions orgovernments. A little different twist as theylook at it from the standpoint of terrorismagainst the United States by outsiders.

The United States Departments ofState and Defense define it this way:Terrorism is premeditated, politically moti-vated violence perpetrated against a non-combatant target by sub-national groups orclandestine state agents, usually intended to

Is it Cyber-Terrorism,Techno-Terrorism, orNone of the Above?

There has been a lot of talk over the last couple of years about ‘cyber-terrorism’ —the use of cyberspace by terrorists. All the so-called terrorists experts and consul-tants are just waiting for any indication of such attacks so they can say, “I toldyou so. I told you it was coming.” Ah, many of them can hear their cash registersring as they ply their trade to corporations and government agencies. But alas, theonly publicly documented announcement of the use of cyberspace, the Internet,for such an attack really wasn’t — massive E-mails for a denial-of-service attack.

july.qxd 9/5/00 12:52 PM Page 18

shockwavewriter

influence an audience. International terror-ism is terrorism involving the citizens or ter-ritory of more than one country. Interestingpoint here. So, Tamil Tigers’ E-mailflooding was not violent so not terrorismby this definition.

What is a terrorist anyway? As I have said before, it is whoever thepeople in power say they are. Don’t con-fuse terrorists with the ‘normal’ criminals.Criminals are those that violate the lawsof society usually for personal gain. A ter-rorist is one who causes intense fear; onewho controls, dominates, or coercesthrough the use of terror. The same canbe said for a child abuser. Shall we beginto call them terrorists also? Actually,although not politically motivated, theyare more of a true terrorist than thosefolks hacking the Net.

Why use terrorist methods? Why do people resort to fighting againstthe massive powers of a nation-state?Most do so for one or more of the follow-ing reasons:• When those in power do not listen.• When there is no redress of grievances.• When individuals or groups oppose

current policy.• When no other recourse is available.• When a government wants to expand

its territory (yes, a nation-state can beconsidered a terrorist).

• When a government wants to influenceanother country’s government.

What is a terrorist act? As stated earlier, it is what those in powersays it is. Anything and anyone can beclassified as a terrorist since those inpower make the rules. Some questions toponder: What is the difference betweenterrorist and freedom fighter?

Does ‘moral rightness’ excuse violentacts? Does the cause justify the means?

Results of terrorist actions When there are so-called terrorist acts, itoften plays right into the hands of thosein power. In fact, those in power maycommit terrorist acts and blame it ontheir opposition. Why? Because it willcall for increases in security — usuallydemanded by the people; usually death,damage and destruction causes govern-ments to decrease freedoms in the inter-est of security. On the other hand, it maycause awareness of grievances by thepopulation; may cause governments tolisten; may lead to social and politicalchanges

Terrorists’ technology threatenvironment So are there cyber-terrorist threats orpotential threats. Yes, of course. Becauseof the following reasons: • More reliability on information to run

businesses and governments.• Larger concentration on information

which can be accessed.• Security is add-on to technology —

more weaknesses.• Destruction of automated information

can cripple a government, business andthe economy.

• Information can be stolen and theft isnot known.

• Computers operate at low frequencies.• Electronic circuits are vulnerable to

interference.• A gun which transmits a high energy

beam, e.g. radio wave, microwave, candisable computer systems.

Techno-terrorists It is easy to see threats everywhere, fromanyone at any time. However, potentialthreats don’t mean there are cyber-terror-ists at work today. However, there arethose who use technology for terroristactivities — what we like to call techno-terrorists. These folks use technology tosupport or commit terrorist acts. The use

of encrypted E-mails by terrorist groups,the use of their own Web sites to get theirmessages across to others; the use of hack-ing techniques, theft and fraud to raisemoney for their cause; are all examples ofthe use of technology to further theircause.

Why techno-terrorism? Techno-terrorism is easier; causing moredisruptions; promotes their cause withless negative public image; and can beused by more terrorists with less funding.

Techno-terrorist possibilities Some examples of techno-terrorism activ-ities include:• Using a computer, they could penetrate a

control tower computer system and sendfalse signals to aircraft, causing them tocrash in mid-air, or into the ground.

• Use fraudulent credit cards to financetheir operations.

• Penetrate a financial computer systemand divert millions of dollars to financetheir activities.

• Bleach US $1 bills and using a colourcopier, reproduce them as $100 billsand flood the market with them todestabilize the dollar.

• Use cloned cellular phones and com-puters over the Internet to communi-cate using encryption to protect theirtransmissions.

• Use virus and worm programs to shutdown vital government computer systems.

• Change hospital records causingpatients to die because of an overdose ofmedicine or the wrong medicine.

• Penetrate a government computer, e.g.IRS, which begins issuing cheques to allits citizens.

• Destroy critical government computersystems processing tax returns.

• Penetrate computerized train routing sys-tems, causing passenger trains to collide.

• Take over telecommunications links orshut them down.

19

july.qxd 9/5/00 12:52 PM Page 19

20

shockwavewriter/calender

INFOWARCON 200011-14 September 2000. Location: Washington, DC, USA. Contact: Betty O’Hearn;Tel: +1 727 393 6000; E-mail: betty@infowar.com; Web site: www.misti.com.

iSEC UK 200026-28 September 2000. Location: London, UK. Contact: John Pozoglou, iSEC UK 2000, AiCWorldwide Limited, 2nd Floor, 100 Hatton Garden, London, EC1N 8NX;Tel: +44 (0)171 242 1548; Fax: +44 (0)171 242 1508; Web site: www.aic-uk.com.

LEGAL REVOLUTION BY THE INTERNET14 October 2000. Location: London, UK. Contact: Claire Wylie, BCM Events, 117 Regents ParkRd, London, NW1 8UR, UK; Tel: +44 (0)20 7722 9732; Fax: +44 (0)20 7586 0639;E-mail: info@bcmevents.com; Web site: www.bcmevents.com.

COMPSEC 20001-3 November 2000. Location: London, UK. Contact: Tracy Collier, Compsec 2000, ElsevierAdvanced Technology, The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1 GB, UK;Fax: +44 (0)1865 843958; E-mail: t.collier@elsevier.co.uk;Web site: www.elsevier.nl/locate/compsec2000.

BIOMETRICS 20006-8 November 2000. Location: London, UK. Contact: Phillipa Orme, Biometrics 2000, 12 ChurchStreet, West Hanney, Nr. Wantage, Oxon, OX12 0LN, UK; Tel: +44 (0)1235 868811; E-mail:p.orme@dial.pipex.com.

Events Calendar

PRIORITY ORDER FORM SPEED FAX: +44 (0)1865 843971

PLEASE ENTER MY ORDER FOR■■ ..... copies of Computer Fraud & Security ISSN 1361 3723

12 issues US$617 £375* NLG1215 �551.34 [PCS70+B1]

EC Resident Customers (not UK) please add VAT at your national rate or stateyour VAT registration number......Plus VAT @ .....% US$..... £..... NLG.... �....

TOTAL PAYABLE US$..... £..... NLG..... �....

IMPORTANT: Price is inclusive of postage and handling for all orders paid by credit card orcheque. Invoices for orders without pre-payment will additionally be charged for postage and handlingcosts. *£ Sterling rate may be subject to exchange rate fluctuations. Please note: Prices are subject tochange without prior notice.

PAYMENT (postage free of charge for orders with pre-payment)

■■ Payment enclosed (please make cheques/Eurocheques payable to Elsevier)POSTAGE FREE OF CHARGE

■■ Please charge myMasterCard/Visa/AMEX/Barclaycard/Eurocard (delete as applicable) POSTAGE FREE OF CHARGE

Card Number

Cardholder Name

Expiry Date Today’s Date

Signature

■■ Please invoice me. Company purchase order

DELIVERY ADDRESS(please print clearly)

Name

Position

Approving Manager

Organization

Address

Town State

Post/Zip Code Country

Tel number

Fax Number

E-mail

Nature of Business

4 EASY WAYS TO ORDER:1) FAX PRIORITY ORDERS DEPARTMENT: +44 (0)1865 8439712) E-MAIL YOUR ORDER TO eatsales@elsevier.co.uk 3) TELEPHONE PRIORITY ORDERS DEPARTMENT: +44 (0)1865 8436874) POST YOUR ORDER TO: Priority Orders Department, Elsevier

Advanced Technology, PO Box 150, Kidlington, Oxford OX5 1AS, UK

For US ORDERSElsevier Science, Regional Sales Office, Customer Support Department,655 Ave of the Americas, New York, NY 10010, USATel: +1 (212) 633 3730 Fax+1 (212) 633 3680Toll free: 1-888-437-4636 or 1-888-4ES-INFOE-mail: usinfo-f@elsevier.com

When ordering please quote your customer KEYCODE - †K10F9■■ If you do not wish to receive product related information from Elsevier

Advanced Technology please tick this box

• Take over satellite links to broadcast theirmessages over televisions and radios.Yes, all these things are possible and some

may have occurred somewhere, some time.However, most are examples of using tech-nology for terrorist support or acts and notcyber-terrorism — the use of the Internet orother ‘cyberspace’ for terrorism.

So, why aren’t we seeing actual cases ofpure cyber-terrorism? No one reallyknows for sure, but one can speculate:physical acts of violence have more impactthan knocking out a government or cor-porate computer system. Such attacks willnot currently help the terrorist groupsreach their goals. Those of us living in aninformation-based society and surround-ed by technology tend to lose sight of thefact that most of the world is not systemsdependent — nor are their governments.Until that days arises, brutal violence willcontinue to be the vehicle of choice for aterrorist group — however they aredefined and by whom.

july.qxd 9/5/00 12:52 PM Page 20