CYBER-TERRORISM
SEMINAR REPORT ON
CYBER TERRORISM
Prepared By:09IT049
Department of Information Technology Charotar Institute of Technology Charotar University Of Science & Technology
CITC (I-T) Page 1
09it049
CYBER-TERRORISM
CERTIFICATE
This is to certify that the Seminar entitled CYBER TERRORISM is a bonafide report of the work carried out by Mr. SAURABH PARIKH (09IT049) under the guidance and supervision for the submission of 3rd semester Department of Information Technology at Charotar Institute of Technology -Changa. , Gujarat.
To the best of my knowledge and belief, this work embodies the work of candidate themselves, has duly been completed, fulfills the requirement of the ordinance relating to the Bachelor degree of the university and is up to the standard in respect of content, presentation and language for being referred to the examiner.
Head of Dept.
Department of Information technology Charotar Institute of Technology Charotar University Of Science & Technology
CITC (I-T) Page 2
09it049
CYBER-TERRORISM
ACKNOWLEDGEMENT
It gives us immense pleasure to present this section as a tribute to those who always stood by us as a strong and acted torchbearer for us. Hereby my first and foremost thanking goes to Ms. Dhara Jani for knowledge and guidance provided to us on the subject. We gratefully thank her for extending to us her invaluable time and resources. Now we would like to forward our thanking tribute to , Head of Information Technology Department, Charotar Institute Of Technology, to whom we own pleasure debt for his splendid support, inspiration and thought production. Finally, we would like to thank our faculty members, department and institute for providing us guidance and resources to make our seminar, a successful story.
CITC (I-T)
Page 3
09it049
CYBER-TERRORISM
Abstract
Cyber terrorism is the wave of the future for terrorists and extremists. Besides physical attacks such as the bombing of U.S. Embassies and the September 11th, 2001 attacks on the World Trade Center, Pentagon in Washington D.C. and Shanksville, PA, terrorists have found a new way to cause destruction. Connection to the internet has added security risks because anyone can gain access to anything connected to it, unless there are security measures put in place to help prevent a breach. Taking a look at cyber terrorism in more detail gives a better idea of how to lessen these verity of attacks as well as prevent them. It is important to look at the background of cyberterrorism, what some organizations or individuals are doing to protect themselves and others, and what the U.S government is doing to help fight cyber terrorism.
CITC (I-T)
Page 4
09it049
CYBER-TERRORISM
INDEX
Sr. No
Title
Page No
ACKNOWLEDGEMENT ....3 ABSTRACT ..4 1. INTRODUCTION.7 2. CYBER TERRORISM BACKGROUND.9 3. TOOLS USED FOR CYBERCRIME...10 3.1 BOTNETS10 4. CYBER TERRORISM ATTACKS...12 5. WHAT IS BEING DONE TO HELP PREVENT ATTACKS..15 5.1 DARK WEB15 5.2 NORTH ATLANTIC TREATY ORGANIZATION..16 5.3 FEDERAL EFFORTS TO PROTECT COMPUTERS...17 5.4 U.S GOVERNNMENT EFFORTS.18 5.5 FEDERAL BUREAU OF INVESTIGATION (FBI)..19 5.6 NATIONAL SECURITY AGENCY (NSA)...20 5.7 CENTRAL INTELLIGENCE AGENCY....20 5.8 INTER-AGENCY FORUMS..21 6. FUTURE ATTRACTIVE OF CRITICAL INFRASTRUCTURE ...22 SYSTEM 7. EDUCATION AND AWARENESS 23 7.1 IMPROVING SECURITY OF COMMERCIAL SOFTWARE.23 7.2 EDUCATION AND AWARENESS OF CYBERTHREATS....23 7.3 COORDINATION BETWEEN PRIVATE SECTOR AND GOVERNMENT.23
CITC (I-T) Page 5
09it049
CYBER-TERRORISM
8. SUMMARY.25 9. REFERENCES....26
CITC (I-T)
Page 6
09it049
CYBER-TERRORISM
1. INTRODUCTION
CITC (I-T)
Page 7
09it049
CYBER-TERRORISM
Thus, it is possible that if a computer facility were deliberately attacked for political purposes, all three methods described above (physical attack, cyberattack) might contribute to, or be labeled as cyberterrorism.
CITC (I-T)
Page 8
09it049
CYBER-TERRORISM
CITC (I-T)
Page 9
09it049
CYBER-TERRORISM
09it049
CYBER-TERRORISM
servers reportedly grew from half a million to more than 3 million from March to May 2007. Symantec, another security organization, reported that it detected 6 million botinfected computers in the second half of 2006. Some botnet owners reportedly rent their huge networks for US$200 to $300 an hour, and botnets are becoming the weapon of choice for fraud and extortion. Newer methods are evolving for distributing bot software that may make it even more difficult in the future for law enforcement to identify and locate the originating botmaster. Some studies show that authors of software for botnets are increasingly using modern, open-source techniques for software development, including the collaboration of multiple authors for the initial design, new releases to fix bugs in the malicious code, and development of software modules that make portions of the code reusable for newer versions of malicious software designed for different purposes. This increase in collaboration among hackers mirrors the professional code development techniques now used to create commercial software products, and is expected to make future botnets even more robust and reliable. This, in turn, is expected to help increase the demand for malware services in future years.
Traditionally, botnets organize themselves in an hierarchical manner, with a Central command and control location (sometimes dynamic) for the botmaster. This central command location is useful to security professionals because it offers a possible central point of failure for the botnet. However, in the near future, security experts believe that attackers may use new botnet architectures that are more sophisticated, and more difficult to detect and trace. One class of botnet architecture that is beginning to emerge uses peer-to-peer protocol22, which, because of its decentralized control design, is expected to be more resistant to strategies for countering its disruptive effects. For example, some experts reportedly argue that a well-designed peer-to-peer botnet may be nearly impossible to shut down as a whole because it may provide anonymity to the controller, who can appear as just another node in the bot network.
CITC (I-T)
Page 11
09it049
CYBER-TERRORISM
4. CYBERTERRORISM ATTACKS
Cyber-attacks can happen in different ways but, in general, we can categorize them as attacks against data and attacks against services. In attacks against data, the attacker tries to access or compromise the data. In an attack against services, the attacker tries to disrupt services to prevent legitimate users from using those services.
In 1998, a terrorist guerrilla organization flooded Sri Lankan embassies' e-mail accounts all around the world with 800 e-mails per day for two weeks. The messages simply read, We are the Internet Black Tigers and were doing this to interrupt your communications. US Intelligence departments characterized this as the first known terrorist attack against a countrys computer systems.3 During the Kosovo conflict, Belgrade hackers were credited with denial of service (DoS) attacks against NATO's servers. They bombarded NATOs web server with ICMP packets and "Ping" commands, which test the connectivity of the host and servers.
Similar attacks took place in 2000 during the Palestinian-Israeli cyber war. ProPalestinian hackers used DoS tools to attack Net vision, Israels largest ISP. Although the initial attacks crippled the ISP, Net vision succeeded in fending off later assaults by strengthening its security.4 In October 2007, hackers attacked Ukrainian president Viktor Yushchenko's website. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility (Radio Free Europe, 2007). Even more recently, in November 2008, the Pentagon suffered from a cyberattack by a computer virus so alarming that the DOD took the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs (FOX News, 2008).
CITC (I-T)
Page 12
09it049
CYBER-TERRORISM
Estonia, 2007
In the Spring of 2007, government computer systems in Estonia experienced a sustained cyberattack that has been labeled by various observers as cyber warfare, or cyber terror, or cybercrime. On April 27, officials in Estonia moved a Sovietera war memorial commemorating an unknown Russian who died fighting the Nazis. The move stirred emotions, and led to rioting by ethnic Russians, and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a series of large and sustained Distributed Denial-Of-Service (DDOS) attacks launched against several Estonian national websites, including government ministries and the prime ministers Reform Party.
Jeanson Ancheta, a 21-year-old hacker and member of a group called the Botmaster Underground, reportedly made more than $100,000 from different Internet Advertising companies who paid him to download specially-designed malicious adware code onto more than 400,000 vulnerable PCs he had secretly infected and taken over. He also made tens of thousands more dollars renting his 400,000-unit botnet herd to other companies that used them to send out spam, viruses, and other malicious code on the Internet. In 2006, Ancheta was sentenced to five years in prison.
When crackers in Romania illegally gained access to the computers controlling the life support systems at an Antarctica research station, endangering the 58 scientists involved. However, the culprits were stopped before damage actually occurred. Mostly non-political acts of sabotage have caused financial and other damage, as in a case where a disgruntled employee caused the release of untreated sewage into water in Maroochy Shire, Australia. Computer viruses have degraded or shut down some non-essential systems in nuclear power plants, but this is not believed to have been a deliberate attack. (Note: it is also argued that this is actually not a case of cyberterrorism, but rather a case of cybercrime, as
CITC (I-T)
Page 13
09it049
CYBER-TERRORISM
cyberterrorism requires a political motive and not a primary focus on monetary gain)
In October 2007, the website of Ukrainian president Viktor Yushchenko was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility.
In 1999 hackers attacked NATO computers. The computers flooded them with email and hit them with a denial of service (DoS). The hackers were protesting against the NATO bombings in Kosovo. Businesses, public organizations and academic institutions were bombarded with highly politicized emails containing viruses from other European countries.
CITC (I-T)
Page 14
09it049
CYBER-TERRORISM
A man by the name of Hsinchun Chen has created Dark Web, a database, which holds names of extremists around the world. This database is posted in many languages, can host as many as 20,000 members and half a million postings. Before Dark Web, Chan began his first project in 1997. It was a website used for tracking social change such as crime and terrorism being the main focus. He had the help of the Tucson, Arizona Police department as well as the National Science Foundation to help develop CopLink. This was a way that Law enforcement officials could link files and consolidate data. CopLink is responsible for helping catch the Beltway Snipers in Washington DC in late 2002. This as well as other successes led the NSF to ask Chen if he would build another system similar to CopLink to help fight terrorism. Despite a few setbacks, Dark Web was a success. Chen says that if Dark Web had been online before the Iraq war, there might have been a good chance that the supposed links between Al Qaeda and Saddam Hussein could have been proved fact or fiction. (Kotler, 2007)
There are some that are not convinced that Dark Web is a tool for freedom. Marc Rotenberg, Executive Director of the Electronic Privacy Information Center says that this tool could be used to track political opponents. Mike German, ACLUs policy counsel on national security, immigration and privacy claims that just because people say they are advocating violence, doesnt mean they will actually do it. He says it is a great waste of critical resources. (Kotler, 2007)
CITC (I-T) Page 15
09it049
CYBER-TERRORISM
Kotler (2007) Also says, I know this from my time spent undercover, infiltrating exactly these kinds of organizations: Every terrorist training manual makes it clear that a huge separation should be kept between the bomb-makers and the propagandists; between the action wing and the political wing. This means, by design, Dark Web is chasing the wrong people.
Chen disagrees, saying that it is the Job of the NSA to track the secret member communications which are encrypted and moved offline. The goal of Dark Web is to look into the propagandists of the jihad movement. Despite criticism, Dark Web has shown results. Access to training manuals to build explosives has been found as well as the location of where they are downloaded. This has led to countermeasures that are keeping Military units and civilians alike safer.
Grant (2007) reported that, Luc Hellebooge, Telindus's defence unit director and leader on the Nato project, said the initial contract from Nato's Consultation, Command and Control Agency included engineering and design, implementation, logistics and quality, proof of concept and rollout, testing, acceptance, training and equipment sourcing.
CITC (I-T) Page 16
09it049
CYBER-TERRORISM
As of now there are 70 systems that are on the network. In future phases there will be more countries, more sites, more nodes, and more network upgrades. The main tasks are prevention, detection, reaction and recovery. Also Grant (2007) said Putting them together and handing it over on time and on budget took a lot of cross-domain skills."
Since the new project went live, a lot of attacks were found as well as the growing expertise of hackers. After the September 11th, 2001 attacks and the May 2007 DDos attack on Estonia, NATO has become more attentive to cyber defense because they themselves are vulnerable to attack since they are out in the open just like other organizations that are on the web. Telinduss biggest component is the intrusion detection system (IDS). This allows attacks to be identified as well as location of their origin and what attackers will do in response to the defensive or restorative action.
The National Cyber Security Division (NCSD), within the National Protection and Programs Directorate of the Department of Homeland Security (DHS) oversees a Cyber Security Tracking, Analysis and Response Center (CSTARC), tasked with conducting analysis of cyberspace threats and vulnerabilities, issuing alerts and warnings for cyberthreats, improving information sharing, responding to major cybersecurity incidents, and aiding in national-level recovery efforts. In addition, a new Cyber Warning and
CITC (I-T) Page 17
09it049
CYBER-TERRORISM
Information Network (CWIN) has begun operation in 50 locations, and serves as an early warning system for cyberattacks. The CWIN is engineered to be reliable and survivable, has no dependency on the Internet or the public switched network (PSN), and reportedly will not be affected if either the Internet or PSN suffer disruptions.
In January 2004, the NCSD also created the National Cyber Alert System (NCAS), a coordinated national cybersecurity system that distributes information to subscribers to help identify, analyze, and prioritize emerging vulnerabilities and cyberthreats. NCAS is managed by the United States Computer Emergency Readiness Team (US-CERT), a partnership between NCSD and the private sector, and subscribers can sign up to receive notices from this new service by visiting the US-CERT website.
CITC (I-T)
Page 18
09it049
CYBER-TERRORISM
According to Homeland Security (2006), Analysis of the exercise produced eight major findings to better position the United States to enhance the nations cyber preparedness and response capabilities. The eight cyber-security enhancement findings addressed: Interagency Coordination, Contingency Planning, Risk Assessment and Roles and Responsibilities, Correlation of Multiple Incidents between Public and Private Sectors, Exercise Program, Coordination between Entities of Cyber Incidents, Common Framework for Response to Information Access, Strategic
Communications and Public Relations, and Improvement of Process, Tools and Technology.
Department of Defense
In August 2005, DOD Directive 3020.40, the Defense Critical Infrastructure Program, required the DOD to coordinate with public and private sectors to help protect defense critical infrastructures from terrorist attacks and cyber-attack. DOD also formed the Joint Functional Component Command for Network Warfare (JFCCNW). Its purpose is to defend all DOD computer systems. Lasker (2005) said the expertise and tools used in this mission are for both offensive and defensive operations.
CITC (I-T)
Page 19
09it049
CYBER-TERRORISM
telecommunications firms. According to sources, the simulated cyber-attacks were set five years into the future. The stated premise of the exercise was that cyberspace would see the same level of devastation as the 9/11 hijackings. Livewire was an earlier exercise performed similar to Silent Horizon that had concerns for the governments role during a cyber-attack. What happens if the identified culprit is a terrorist, foreign government, or a bored teenager? It also questioned whether or not the government would be able to detect the early stages of an attack without the help of third party technology companies.
CITC (I-T)
Page 20
09it049
CYBER-TERRORISM
CITC (I-T)
Page 21
09it049
CYBER-TERRORISM
distribution or other infrastructure systems, is often described as a likely scenario to amplify the effects of a simultaneous conventional terrorist attack involving explosives.
However, in 2006, at a security discussion in Williamsburg, Virginia, a government analyst reportedly stated that criminal extortion schemes may have already occurred, where cyber attackers have exploited control system vulnerabilities for economic gain. And, in December 2006, malicious software that automatically scans for control system vulnerabilities reportedly was made available on the Internet for use by cybercriminals. This scanner software reportedly can enable individuals with little knowledge about infrastructure control systems to locate a SCADA computer connected to the Internet, and quickly identify its security vulnerabilities.
The Idaho National Laboratory is tasked to study and report on technology risks associated with infrastructure control systems. Past studies have shown that many, if not most, automated control systems are connected to the Internet, or connected to corporate administrative systems that are connected to the Internet, and are currently vulnerable to a cyberattack. And, because many of these infrastructures SCADA systems were not originally designed with security as a priority, in many cases, new security controls cannot now be easily implemented to reduce the known security vulnerabilities. Following past trends, where hackers and cybercriminals have taken advantage of easy vulnerabilities, some analysts now predict that we may gradually see new instances where cybercriminals exploit vulnerabilities in critical infrastructure control systems.
CITC (I-T)
Page 22
09it049
CYBER-TERRORISM
A 2004 survey done by the National Cyber Security Alliance and AOL showed that most home PC users do not have adequate protection against hackers, do not have updated antivirus software protection, and are confused about the protections they are supposed to use and how to use them. How can computer security training be made available to all computer users that will keep them aware of constantly changing computer security threats, and that will encourage them to follow proper security procedures?
09it049
CYBER-TERRORISM
private industry about the number of successful computer intrusions, when companies resist reporting because they want to avoid publicity and guard their trade secrets? Should cybercrime information voluntarily shared with the federal government about successful intrusions be shielded from disclosure through Freedom of Information Act requests?
How can the United States better coordinate security policies and international law to gain the cooperation of other nations to better protect against a cyberattack? Pursuit of hackers may involve a trace back through networks requiring the cooperation of many Internet Service Providers located in several different nations. Pursuit is made increasingly complex if one or more of the nations involved has a legal policy or political ideology that conflicts with that of the United States. Thirty-eight countries, including the United States, participate in the Council of Europes Convention on Cybercrime, which seeks to combat cybercrime by harmonizing national laws, improving investigative abilities, and boosting international cooperation. However, how effective will the Convention without participation of other countries where cybercriminals now operate freely?
Intents behind Cyber Terrorrism: Political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a botnet, to help disrupt the computer systems of the Estonian government. cyber-attacks from individuals and countries targeting economic, political, and military organizations Cybercriminals have reportedly made alliances with drug traffickers in Afghanistan, the Middle East, and elsewhere where profitable illegal activities are used to support terrorist groups Trends in cybercrime are described, showing how malicious Internet websites, and other cybercrimes such as identity theft are linked to conventional terrorist activity.
CITC (I-T)
Page 24
09it049
CYBER-TERRORISM
8. Summary
In todays society it is apparent that cyber-crime is a problem especially since it can be difficult to determine if an attack is from a hacker or from a hacker that is a terrorist or terrorist group. Looking at the history of cyber-crime it has been shown that there is definitely a need for more protection. Knowing that cyber terrorism exists is the first step to a solution. Hsinchun Chen, the creator of Dark Web went from helping out local law enforcement to helping with terrorism on the internet. NATO has taken steps to protect its organization with the help of a third party specializing in security solutions. Also the United States government departments have jointly and separately created programs to fight terrorism as well as programs to educate others.
CITC (I-T)
Page 25
09it049
CYBER-TERRORISM
9. REFERENCES:
1. http://www.cyberterrorism.com 2. http://eee.wikipidia.com 3. http://www.usatoday.com/tech/news/techpolicy/2005-05-26-cia-wargames_x.htm 4. http://www.cyberterrorism.com/ - official cyberterrorism website 5. http://www.informationweek.com/news/showArticle.jhtml?articleID=199701774
CITC (I-T)
Page 26