Upload
abzetdin-adamov
View
107
Download
0
Embed Size (px)
DESCRIPTION
Technical, Legal and Political Issues of Combating Terrorism on the Internet.
Citation preview
Technical, Legal and Political
Issues of Combating Terrorism
on the Internet.
http://ce.qu.edu.az/~aadamov
Assoc. Prof. Abzetdin ADAMOV
Chair of Computer Engineering Department
Director of Center for Data Analytics and Web Insights
Baku, Azerbaijan
Astana, 25.11.2014
INTERNATIONAL CONFERENCE
«TERRORISM AND THE INTERNET»
Digital Universe
• 2008 – 480.000 petabytes (PB)
• 2009 – 800.000 PB
• 2010 – 1200 000 PB or 1.2 zettabyte (ZB)
• 2011 – 1.8 ZB
• 2012 – 2.7 ZB
• 2013 – 4.4 ZB
• 2014 ~ 7.0 ZB
• Expected to reach 44 ZB by 2020
Daily now we create as much information as from the dawn of
civilization up until 2003
Much More Data than We Can
Consume
We produce much more data than we are able to process.
It is cheaper to Store than to Filter and Delete.
Data
Consumer
Technical Issues of
Cyberterrorism
What is Terrorism in Internet or
Cyberterrorism?
Adding prefix "cyber" to "terrorism"
could be used in 2 ways:
• A terrorist attack that uses cyber weapons
– Akin to "bioterrorism" and "nuclear terrorism"
– Then what is violence in cyberspace?
• Use of cyberspace to support terrorism
– Akin to "narcoterrorism"
Conduct of Cyberterrorism
Attacks
• Objectives
– Cause disruption or severe harm
– Make money or support organization
• Targets
– Critical infrastructures or control systems vs public
websites
• Sophistication of attacks
– Tools, methods, coordination
• Results and impact
Technologies Used to Conduct
Purposed Cyberterrorism
• eMail, Chat, IM, Beb, Blogs, Forums, Groups
• Network security: encryption, steganography, web
security
• Distribution of News, Documents, Videos, etc
• Communications, Coordination, Command and
Control
• Intelligence Collection
• Recruitment
• Training
• Fund raising
Technology Literacy of Terrorist
Organizations
• Widely use social media
• Use high impact phrases on Twitter to generate
traffic
• Use Tor, as anonymous web browser
• Open source powerful encryption systems
• Switching from Twitter they to Diaspora
• Encryption soft for mobile phones in 2007
• Own encryption programme called Asrar al-
Ghurabaa in November 2013
• 4096 bit public key encryption in June 2014
DeedWeb, DeepNet, DarkNet,
FreeNet, TOR
• DarkNet (P2P) - use different protocols not
transparent for Search Engines (SE)
• DeepNet/DeepWeb - content that not indexed by
SE
• FreeNet - private distributed architecture
• Tor - prevents monitoring of websites that users
visit
The DeepWeb is currently 800 – 1000 times
larger than Surface Web. Just 0.03% … of
the DeepWeb is indexed
Methods and Technologies Used
for DeepNet
• Dynamic content
• Unlinked content
• Private Web
• Limited access content (CAPTCHAs, Robots
Exclusion Standard)
• Scripted content (JavaScript, AJAX, Flash)
• Non-HTML/text content
• Special software (TOR - The Onion Router)
Surface Web
Deep Web
FreeNet –
Network Without Control
• High redundancy of content
• Huge distributed cache
• No central servers
• No control of any one individual or
organization
• No hierarchy of nodes is intended
• Strong encryption
www.freenetproject.org
intermediate computers which pass on requests for content and sending them
back without knowing the contents of the full file, similar to how routers on the
Internet route packets without knowing anything about files
Technical Solutions against
Cyberterrorism
• Email Authentication
– SPF, DKIM, Secure Internet Letterhead
• Web Authentication
– Extended Validation, Secure Internet Letterhead
• Secure Identity
– SAML, WS-*, OpenID, OATH, Identity 3.0
• Data Level Security
– CRM Infrastructure, Open CRM
• Network Security
– Reverse Firewalls, DNSSEC, BGP Security
– Domain Centric Administration, Default Deny Infrastructure
Legal Issues of Cyberterrorism
Legal Response to
Cyberterrorism
• Applying cybercrime legislation to
cyberterrorism;
• Applying existing cyberterrorism legislation
to cybercrime;
• Enacting specific legislation on terrorist
use of the Internet.
Three approaches of legal responses:
Legal Challenges
• Illegal content - balance between preventing and
right to freedom of expression;
• Communication - concern about services
availability, traceability, interception of
communications and encryption;
• Terrorist financing - no consensus if main
resource for terrorism financing is electronic
payment or cash.
Legal Challenges in Combating Cyberterrorism :
Political Issues of
Cyberterrorism
SUN SUN
1
2
3
4
5
6
7
8
Foundations of the WEB
DNS DNS
DNS
DNS
- Countries
SUN SUN
Where Attack Came From?
State A
Compromised
Computers
Attacker
State C
State B
- According to the State C the
attack came from the Sate B
- Is the State B guilty or not?
SUN
Location of Illegal Content
Authority of State A
Victim
Owner of content is
citizen of State C
State B
Website with suspicious
content against the State A
hosted on the server located
in the State B
Case Study:
• State A – the content violate the law
on cyberterrorism;
• State B – the specific content is not
crime;
• State C – even the content is
cybercrime, it was not conducted on
the territory of State C
SUN
Distributed Internet Services
whom talk to about
banning of content?
Computer with terrorist
content
www.terror.xx / 120.1.1.1
State A: owner of ccTDL “xx”
State B: Domain Name Registrar (DNR)
State C: Domain Name Service (DNS)
State D: Regional Internet Registry (RIR)
State E: Internet Service Provider (ISP)
State F: Hosting Service Provider (HSP)
State H: Physical Location of Server
International Organizations
• IISRC – International Information Security Research Consortia
• CTITF – United Nations Counter-Terrorism Implementation Task Force
• GCTF – Global Counter-Terrorism Forum
• OSCE – Organization for Security and Cooperation in Europe
• UNODC – United Nations Office on Drugs and Crime
• CTED – Counter-Terrorism Executive Directorate
Conclusion
• Until recently it was obvious – Availability;
• Now some balance must be figured out, which
should transparent for general user and
impenetrable for crime;
• International Cooperation is the Key Condition for
Success
Talking about the use of Internet for terrorism purpose
we inevitably get a question: which is more important
Availability or Security?
http://ce.qu.edu.az/~aadamov
Questions…