Scroll Down

Cyber Terrorism

Introduction

Terrorism is on the rise and our country must defend itself using all means possible. Armies world wide have operational experience and proven techniques and protocols to combat terrorism, but there is a new battle space and it is the cyber arena!

Cyber-terrorism: The word consists of “cyber” which is defined as the “electronic” or computer-related counterparts i.e anything related to a digital tool of trade. In order to draw a clear line between cyber-terrorism and cyber crime we will define cyber- terrorism as the use of information technology and means by terrorist groups and agents. All other activities should be defined as cyber crime.

Examples of cyber terrorist activity includes the use of information technology to organize and execute attacks, support groups and campaigns. Terrorist groups such as Al Qaeda and the Islamic militant group Hamas have adopted new information technology as a means to conduct operations.

While the world media has hyped the myth of skilled elite hackers in today’s increasingly digital world, the truth remains that terrorism as we know it uses less resources, simple tools not high end cryptography and digital cracking and intensive information hacking. Most hacking exploits take extended efforts and involve repeated efforts not to mention low rates of success. And even in the advent of success, the cause is often attributed to a system failure denying the terrorist his goal of causing hysteria and widespread panic. What we ought to be aware of is the terrorist’s use of ubiquitous everyday technology in reaching his goal. The very tools that we have come to depend upon such as email, social networking, instant messaging, location based services, GPS maps, satellite imagery and VoIP communication, etc are all part of the modern terrorist’s toolkit. They offer logistic and administrative support to their primary modes of terror attacks.

The Internet

The internet is used by everybody in many different ways; for communication, creation, sharing, media management, application usage and data sharing. Today 1 out of 4 people in the world have Internet access. It is one of the things we use everyday yet seldom understand its basic functioning.

• Language: As a basic primer the internet is a network of computers communicating with each other using a language or a set of common protocols called TCP/IP (Transfer Control Protocol/ Internet Protocol)

• Location: For clear communication every connected computer must have an identifiable name or unique address such as 123.456.789.691 which is called an IP address. These IP addresses are assigned by the ISP (Internet Service Provider) either dynamically (changes every time you connect) or are static (permanent).

• Route: Data from your IP is sent to the ISP which then is forwarded to a NAP (Network Access Protection) Server which in turn forwards it to the destination ISP and then onto the intended IP that you are trying to reach. And vice versa.

• How it works: Information in the form of text, imagery or video is converted into binary code (ones and zeros) and which gets converted into electric signals which travel over various medium like wires, radio waves and fibre optic cables to reach the intended destination where they are converted back in text, images or video as originally created.

Email

Every email that is sent or received contains the following information stored in an email header:

• originating IP (Internet Protocol) address

• routing of the message (the route the message travelled to reach its destination)

After viewing the email header, the next step to trace an email address is to find the first IP listed in the header. This is most likely the IP initiating point trace information, the initiating IP can be looked up to determine from where the message was sent. It is important to note that IP address location information does not contain street name, house number or phone number. The trace will most likely determine the city and the ISP the sender used.

Hacking

Hacking is a term that has several related meanings in the technology and computer science fields. However the term “hacking” is most often used to refer to more nefarious criminal uses such as identity theft, credit card fraud or other actions categorized as computer crime. Originally, a hacker was anybody who tinkered with any kind of system, mechanical or electrical, in order to better understand how it worked. Today mainstream usage of “hacker” mostly refers to computer criminals which includes script kiddies, people breaking into computers using programs written by others, with very little knowledge about the way they work.

Case Study: Source: Inside Cyber Warfare by Jeffrey Carr Technology Used: Hacking tools, social networks for planning and coordination Synopsis: A group of hackers calling themselves the ‘Whackerz Pakistan Cr3w’ defaced India’s Eastern Railway website declared cyber war in December, 2008. They claimed to have hacked the site in response to aa alleged Indian violation of Pakistani airspace and that they would continue to attack more military, government and Indian financial institutions’ websites.

Investigation led to personal information about the group surfacing from social networks like Facebook, YouTube, Digg, Live.com and Zone-h. One Facebook entry even contained the real name of the leader and his order to a subordinate to perform the attack against the Indian Eastern Railway website.

This case study highlights the amount of information sharing that is prevalent on social networks. Even the otherwise cautious leader of the hacker group who had observed good OPSEC protocols, dropped his guard on Facebook; the world’s largest public social network.

Social Networking

Modern day terrorist organizations form intricate networks of cells. Unlike social networks, these are very few, with isolated cells working without direct supervision of terrorist group leaders. As we use networks like Facebook and LinkedIn to connect with old friends, family and people from across the globe who share common interests, terrorists can use it to figure out who is connected to whom. Such information can be used to profiles of intended targets and considering the amount of information being shared on these networks, many personal details can be obtained.

Location Based Services

Location Based Services such as Foursquare, Facebook Places & Gowalla can even pinpoint a user’s exact location on a map at that very moment. Such information can be used to profile a target or even used by terrorists themselves to share information and data, plan and control operatives in the field from a secure online location.

Video

Video Conferencing is conducted over the Internet to avoid tapping by Government and Security agencies. Instant Messaging Services like Google Talk, Yahoo Chat, Microsoft Live Messenger and Skype offer simple yet robust video conferencing capabilities with the added option of public key encryption allowing for secure communication between two or more parties across the globe. Terrorists are able to communicate securely and simply with minimal training and technological resources.

YouTube videos have been used to broadcast terrorist propaganda to a wide audience without the need to hijack a TV network or broadcasting station. Over 100 million people watch YouTube videos in the US alone. Terrorists use this medium to propagate fundamentalist doctrines & ideologies in an attempt to indoctrine susceptible youth. They can even share training methodologies and instruction videos amongst individual cells of a common terror network besides showcasing their acts of terror in an attempt to create mass hysteria at a viral pace using the size and prevalence of this popular network in daily life.

Document Tracking

Documents shared via email or on the Internet allows easy access to information. Documents found can be tracked to their source of point of origin using very simple techniques such as checking the file properties. For eg. On MS Windows machines, the file properties (right-click a file and left-click ‘Properties’) shows the date of creation, modification and last accessed date. Advanced properties can even display the title, subject, author, company and associated hyperlinks.

Therefore it is important to remember that while sharing sensitive documents, they be protected with encryption and watermarks. The documents settings can also restrict recipients’ ability to copy, print, and forward.

Encryption

Most popular forms of security all rely on encryption, which is the process of encoding information in such a way that only the person (or computer) with the key can decode it.

Computer encryption is based on the science of cryptography, which has been used as long as humans have wanted to keep information secret. The Advanced Encryption Standard (AES), which uses 128, 192 or 256-bit keys. Most people believe that AES will be a sufficient encryption standard for a long time coming: A 128-bit key, for instance, can have more than 300,000,000,00 0,000,000,000,000,000,000,000,000 key combinations.

Popular public-key encryption programs such as Pretty Good Privacy allow easy encryption. The sending computer encrypts the document with a symmetric key, then encrypts the symmetric key with the public key of the receiving computer. The receiving computer uses its private key to decode the symmetric key. It then uses the symmetric key to decode the document.

There are several ways to authenticate a person or information on a computer:

• Password – The use of a user name and password provides the most common form of authentication.

• Pass Cards – These cards can range from a simple card with a magnetic strip, similar to a credit card, to sophisticated smart cards that have an embedded computer chip.

• Digital Signatures – A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file) is authentic.

• Biometrics uses biological information to verify identity. Fingerprint scan. Retina scan. Face scan. Voice identification

Mobile Phone Detonation

Bombs triggered by mobile phones have become ubiquitous in the terrorist’s arsenal today. Many remote bombs aimed at U.S. troops in Iraq have been triggered by cell phones. Typically, the ringer of the phone is wired to two detonating caps, an operation that experts say is delicate and requires training, but can be accomplished with common tools available in most electronics stores. The detonators, in turn can set off the explosives. More sophisticated phone bombs also incorporate timers, but in general, all a bomber needs do is dial or e-mail the number and let it ring.

Major Events

A cell phone was used in the July 2002 bombing at a cafeteria at Hebrew University in Jerusalem that killed seven people, including five Americans. In the Bali bombings in October 2002 that killed 202 people, Jemaah Islamiyah terrorists triggered a bomb in a mini-bus outside the Sari Club with a cell-phone detonator.

A car bomb detonated by mobile phone killed 12 people at Jakarta’s Marriott hotel in August 2003.

Cell Phone Jammers

Within a 150-yard range, cell phone jammers prevent the phones from ringing and thus stop the detonation; in rare cases, they may accidentally ring the phone and detonate the device prematurely. Some gadgets detect cell phones near a convoy, then rings the number, detonating any potential bomb before the convoy gets too close.

Satellite Technology

1. Imagery

Using tools like Google Earth, terrorist shave been known to get access to aerial views of airport facilities. Such detailed imagery can be used to virtually recce target areas and better plan terror operations from a safe house without risk of exposure or arrest. It is important to know that all this technology is easily available and accessible to anyone with basic computer operating skills.

2. GPS

Handheld GPS (Global Positioning Satellite) receivers uses satellites to pinpoint locations, which provides the following information to the user:

  • places the user on a map at any particular location
  • ‘bread crumb’ trail showing traveled path on the map distance traveled (odometer) time traveling current speed (speedometer)
  • average speed ETA (Estimated Time of Arrival) at destination

3. Telephony (Satellite and VoIP) Satellite telephones connect to orbiting satellites to maintain communication over regions not covered by terrestrial networks. Their signals will usually bypass local telecoms systems, hindering censorship and wiretapping attempts. They can also route call over the internet that is VoIP networks which provide communications services (voice and messaging) transported via the Internet, rather than the standard telephone networks.

Case Study

1. Mumbai Taj Terror Attack

Technology Used: GPS handheld devices,Blackberrys,Hi-Resolution Satellite Imagery obtained from Google Earth, Satellite phones and VoIP phone numbers. Synopsis: The 10 member terrorist team navigated from Karachi to Mumbai using handheld GPS devices, and had earlier planned and rehearsed the Op using hi-res satellite imagery that showed details such as recognizable buildings and landmarks. They stayed in constant communication with their handlers in Pakistan using satellite phones that connected with Vo-IP numbers that are much harder to trace and locate. They even used the live news feed that was being broadcast by news channels to their advantage and monitored the progress of security forces.

3. Ahmedabad Blasts: Email Tracing

Technology Used: Email, Proxy Servers Synopsis: Soon after the Ahmedabad bomb blast, an email was sent to IndiaTV news channel giving some information on the blasts. The IP address of the email was traced to an ISP. The company in turn traced the IP address to Waghodia Dental Institute in Vadodara. A device was installed at the institute to determine the exact computer from where the mail was sent. Data was colected as to which websites were surfed at the time when the mail was sent.Using this information, IP addresses of the same range were matched thus identifying the website: abdultaiyeb. com. The terrorists had used a a web based proxy service. Using these reports, the computer belonging to one of the internal labs was seized and investigation proceeded accordingly.

Hi-Tech Cyber Crimes

Hi-tech cyber crime while not common, are used to steal resources that will aid the long term cause of terror groups. Such efforts require skilled programmers with knowledge in cryptography, OS (Operating System) internals, code obfuscation and code packing and must closely monitor attempts by Security Forces to discover them.

Terrorists can even resort to wrecking havoc by destabilizing wrecking established systems like the telecommunication industry, essential facilities such as power grids, government agencies like the Police, the Security Forces and Fortune 500 companies. Even financial institutions like banks and credit card companies face the threat of stolen records and finances to the tune of billions.

Electronic jammers and disrupters installed in Air Traffic Control towers can cause collisions of commercial jetliners, transport and surveillance aircrafts, satellites and communication systems.

Schmitt’s Six Criteria

Source: Computer Network Attack & the Use of Force in International Law: Thoughts on a Normative Framework

Michael N. Schmitt in his book ‘Computer Network Attack & the Use of Force in International Law: Thoughts on a Normative Framework’ lays out six criteria for evaluating cyber attacks as armed attacks. These criteria are severity, immediacy, directness, invasiveness, measurability, and presumptive legitimacy.

1. Severity looks at the scope and intensity of an attack. Analysis under this criterion examines the number of people killed, size of the area attacked, and amount of property damage done. The greater the damage, the more powerful the argument becomes for treating the cyber attack as an armed attack.

2. Immediacy looks at the duration of a cyber attack, as well as other timing factors. Analysis under this criterion examines the amount of time the cyber attack lasted and the duration of time that the effects were felt. The longer the duration and effects of an attack, the stronger the argument that it was an armed attack.

3. Directness looks at the harm caused. If the attack was the proximate cause of the harm, it strengthens the argument that the cyber attack was an armed attack. If the harm was caused in full or in part by other parallel attacks, the weaker the argument that the cyber attack was an armed attack.

4. Invasiveness looks at the locus of the attack. An invasive attack is one that physically crosses state borders, or electronically crosses borders and causes harm within the victim- state. The more invasive the cyber attack, the more it looks like an armed attack.

5. Measurability tries to quantify the damage done by the cyber attack. Quantifiable harm is generally treated more seriously in the international community. The more a state can quantify the harm done to it, the more the cyber attack looks like an armed attack. Speculative harm generally makes a weak case that a cyber attack was an armed attack.

6. Presumptive legitimacy focuses on state practice and the accepted norms of behavior in the international community. Actions may gain legitimacy under the law when the international community accepts certain behavior as legitimate. The less a cyber attack looks like accepted state practice, the stronger the argument that it is an illegal use of force or an armed attack.

Conclusion

Tools like viruses, logic bombs, trap doors, trojan horses, worms and chips that can detonate to destroy data are dangers that lie dormant untill the last moment. For eg. the Conficker Worm claims sustained worldwide infiltration of multiple millions of infected drones. They can be used as a sustained profit raking platform for Internet fraud and theft and in the worst case be turned into an offensive weapon executing concerted information warfare attacks that could disrupt the Internet itself.

Simpler day to day tools are equally potent tools of destruction as they aid the modern day terrorist in his agenda for terror and destruction.