09it049

CYBER-TERRORISM

SEMINAR REPORT ON

CYBER TERRORISM

Guided By: Dhara Jani

Prepared By:09IT049

Department of Information Technology Charotar Institute of Technology Charotar University Of Science & Technology
CITC (I-T) Page 1

09it049

CYBER-TERRORISM

CERTIFICATE

This is to certify that the Seminar entitled CYBER TERRORISM is a bonafide report of the work carried out by Mr. SAURABH PARIKH (09IT049) under the guidance and supervision for the submission of 3rd semester Department of Information Technology at Charotar Institute of Technology -Changa. , Gujarat.

To the best of my knowledge and belief, this work embodies the work of candidate themselves, has duly been completed, fulfills the requirement of the ordinance relating to the Bachelor degree of the university and is up to the standard in respect of content, presentation and language for being referred to the examiner.

Guided By: Dhara Jani Assistant Professor, Department Of Information Technology

Head of Dept.

Department Of Information Technology

Department of Information technology Charotar Institute of Technology Charotar University Of Science & Technology
CITC (I-T) Page 2

09it049

CYBER-TERRORISM

ACKNOWLEDGEMENT
It gives us immense pleasure to present this section as a tribute to those who always stood by us as a strong and acted torchbearer for us. Hereby my first and foremost thanking goes to Ms. Dhara Jani for knowledge and guidance provided to us on the subject. We gratefully thank her for extending to us her invaluable time and resources. Now we would like to forward our thanking tribute to , Head of Information Technology Department, Charotar Institute Of Technology, to whom we own pleasure debt for his splendid support, inspiration and thought production. Finally, we would like to thank our faculty members, department and institute for providing us guidance and resources to make our seminar, a successful story.

PARIKH SAURABH 09IT049

CITC (I-T)

Page 3

09it049

CYBER-TERRORISM

Abstract

Cyber terrorism is the wave of the future for terrorists and extremists. Besides physical attacks such as the bombing of U.S. Embassies and the September 11th, 2001 attacks on the World Trade Center, Pentagon in Washington D.C. and Shanksville, PA, terrorists have found a new way to cause destruction. Connection to the internet has added security risks because anyone can gain access to anything connected to it, unless there are security measures put in place to help prevent a breach. Taking a look at cyber terrorism in more detail gives a better idea of how to lessen these verity of attacks as well as prevent them. It is important to look at the background of cyberterrorism, what some organizations or individuals are doing to protect themselves and others, and what the U.S government is doing to help fight cyber terrorism.

CITC (I-T)

Page 4

09it049

CYBER-TERRORISM

INDEX

Sr. No

Title

Page No

ACKNOWLEDGEMENT ....3 ABSTRACT ..4 1. INTRODUCTION.7 2. CYBER TERRORISM BACKGROUND.9 3. TOOLS USED FOR CYBERCRIME...10 3.1 BOTNETS10 4. CYBER TERRORISM ATTACKS...12 5. WHAT IS BEING DONE TO HELP PREVENT ATTACKS..15 5.1 DARK WEB15 5.2 NORTH ATLANTIC TREATY ORGANIZATION..16 5.3 FEDERAL EFFORTS TO PROTECT COMPUTERS...17 5.4 U.S GOVERNNMENT EFFORTS.18 5.5 FEDERAL BUREAU OF INVESTIGATION (FBI)..19 5.6 NATIONAL SECURITY AGENCY (NSA)...20 5.7 CENTRAL INTELLIGENCE AGENCY....20 5.8 INTER-AGENCY FORUMS..21 6. FUTURE ATTRACTIVE OF CRITICAL INFRASTRUCTURE ...22 SYSTEM 7. EDUCATION AND AWARENESS 23 7.1 IMPROVING SECURITY OF COMMERCIAL SOFTWARE.23 7.2 EDUCATION AND AWARENESS OF CYBERTHREATS....23 7.3 COORDINATION BETWEEN PRIVATE SECTOR AND GOVERNMENT.23
CITC (I-T) Page 5

09it049

CYBER-TERRORISM

8. SUMMARY.25 9. REFERENCES....26

CITC (I-T)

Page 6

09it049

CYBER-TERRORISM

1. INTRODUCTION

What is Cyber terrorism?

The premeditated, politically motivated attack against information, computer Systems, computer programs, and data which result in violence against Noncombatant targets by sub national groups or clandestine agents. -Mark M. Pollitt [The] use of information technology and means by terrorist groups and agents. -Serge Krasavin Politically motivated hacking techniques used in an effort to cause grave harm, included but not limited to loss of life or serious economic damage. -Larisa Paul Labeling a cyberattack as cybercrime or cyberterrorism is problematic because of the difficulty determining with certainty the identity, intent, or the political motivations of an attacker. Cybercrime can be very broad in scope, and may sometimes involve more factors than just a computer hack. Cyberterrorism is often equated with the use of malicious code. However, a cyberterrorism event may also sometimes depend on the presence of other factors beyond just a cyberattack.

CITC (I-T)

Page 7

09it049

CYBER-TERRORISM

This is what it actually is

Cyberterrorism can be defined in different ways viz. it can be politically motivated hacking operations intended to cause grave harm such as loss of life or severe economic damage OR It can be unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives OR It can be a physical attack that destroys computerized nodes for critical infrastructures, such as the Internet, telecommunications, or the electric power grid, without ever touching a keyboard.

Thus, it is possible that if a computer facility were deliberately attacked for political purposes, all three methods described above (physical attack, cyberattack) might contribute to, or be labeled as cyberterrorism.

CITC (I-T)

Page 8

09it049

CYBER-TERRORISM

2. Cyber Terrorism Background

The terrorist groups are using computers and the Internet to further goals associated with spreading terrorism. This can be seen in the way that extremists are creating and using numerous Internet websites for recruitment and fund raising activities, and for Jihad training purposes. Several criminals who have recently been convicted of cybercrimes used their technical skills to acquire stolen credit card information in order to finance other conventional terrorist activities. It is possible that as criminals and terrorist groups explore more ways to work together, a new type of threat may emerge where extremists gain access to the powerful network tools now used by cybercriminals to steal personal information, or to disrupt computer systems that support services through the Internet.

CITC (I-T)

Page 9

09it049

CYBER-TERRORISM

3. TOOLS USED FOR CYBERCRIME

3.1 Botnets
Botnets are becoming a major tool for cybercrime, partly because they can be designed to very effectively disrupt targeted computer systems in different ways, and because a malicious user, without possessing strong technical skills, can initiate these disruptive effects in cyberspace by simply renting botnet services from a cybercriminal. Botnets, or Bot Networks, are made up of vast numbers of compromised computers that have been infected with malicious code, and can be remotely-controlled through commands sent via the Internet. Hundreds or thousands of these infected computers can operate in concert to disrupt or block Internet traffic for targeted victims, harvest information, or to distribute spam, viruses, or other malicious code. Botnets have been described as the Swiss Army knives of the underground economy because they are so versatile. Botnet code was originally distributed as infected email attachments, but as users have grown more cautious, cybercriminals have turned to other methods. When users click to view a spam message, botnet code can be secretly installed on the users PC. A website may be unknowingly infected with malicious code in the form of an ordinary-looking advertisement banner, or may include a link to an infected website. Clicking on any of these may install botnet code. Or, botnet code can be silently uploaded, even if the user takes no action while viewing the website, merely through some un-patched vulnerability that may exist in the browser. Firewalls and antivirus software do not necessarily inspect all data that is downloaded through browsers. Some bot software can even disable antivirus security before infecting the PC. Once a PC has been infected, the malicious software establishes a secret communications link to a remote botmaster in preparation to receive new commands to attack a specific target. Meanwhile, the malicious code may also automatically probe the infected PC for personal data, or may log keystrokes, and transmit the information to the botmaster. The Shadow server Foundation is an organization that monitors the number of command and control servers on the Internet, which indicates the number of bot through May 2007, approximately 1,400 command and control servers were found to be active on the Internet. The number of individual infected drones that are controlled by these 1,400
CITC (I-T) Page 10

09it049

CYBER-TERRORISM

servers reportedly grew from half a million to more than 3 million from March to May 2007. Symantec, another security organization, reported that it detected 6 million botinfected computers in the second half of 2006. Some botnet owners reportedly rent their huge networks for US$200 to $300 an hour, and botnets are becoming the weapon of choice for fraud and extortion. Newer methods are evolving for distributing bot software that may make it even more difficult in the future for law enforcement to identify and locate the originating botmaster. Some studies show that authors of software for botnets are increasingly using modern, open-source techniques for software development, including the collaboration of multiple authors for the initial design, new releases to fix bugs in the malicious code, and development of software modules that make portions of the code reusable for newer versions of malicious software designed for different purposes. This increase in collaboration among hackers mirrors the professional code development techniques now used to create commercial software products, and is expected to make future botnets even more robust and reliable. This, in turn, is expected to help increase the demand for malware services in future years.

Traditionally, botnets organize themselves in an hierarchical manner, with a Central command and control location (sometimes dynamic) for the botmaster. This central command location is useful to security professionals because it offers a possible central point of failure for the botnet. However, in the near future, security experts believe that attackers may use new botnet architectures that are more sophisticated, and more difficult to detect and trace. One class of botnet architecture that is beginning to emerge uses peer-to-peer protocol22, which, because of its decentralized control design, is expected to be more resistant to strategies for countering its disruptive effects. For example, some experts reportedly argue that a well-designed peer-to-peer botnet may be nearly impossible to shut down as a whole because it may provide anonymity to the controller, who can appear as just another node in the bot network.

CITC (I-T)

Page 11

09it049

CYBER-TERRORISM

4. CYBERTERRORISM ATTACKS
Cyber-attacks can happen in different ways but, in general, we can categorize them as attacks against data and attacks against services. In attacks against data, the attacker tries to access or compromise the data. In an attack against services, the attacker tries to disrupt services to prevent legitimate users from using those services.

In 1998, a terrorist guerrilla organization flooded Sri Lankan embassies' e-mail accounts all around the world with 800 e-mails per day for two weeks. The messages simply read, We are the Internet Black Tigers and were doing this to interrupt your communications. US Intelligence departments characterized this as the first known terrorist attack against a countrys computer systems.3 During the Kosovo conflict, Belgrade hackers were credited with denial of service (DoS) attacks against NATO's servers. They bombarded NATOs web server with ICMP packets and "Ping" commands, which test the connectivity of the host and servers.

Similar attacks took place in 2000 during the Palestinian-Israeli cyber war. ProPalestinian hackers used DoS tools to attack Net vision, Israels largest ISP. Although the initial attacks crippled the ISP, Net vision succeeded in fending off later assaults by strengthening its security.4 In October 2007, hackers attacked Ukrainian president Viktor Yushchenko's website. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility (Radio Free Europe, 2007). Even more recently, in November 2008, the Pentagon suffered from a cyberattack by a computer virus so alarming that the DOD took the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs (FOX News, 2008).

CITC (I-T)

Page 12

09it049

CYBER-TERRORISM

Estonia, 2007

In the Spring of 2007, government computer systems in Estonia experienced a sustained cyberattack that has been labeled by various observers as cyber warfare, or cyber terror, or cybercrime. On April 27, officials in Estonia moved a Sovietera war memorial commemorating an unknown Russian who died fighting the Nazis. The move stirred emotions, and led to rioting by ethnic Russians, and the blockading of the Estonian Embassy in Moscow. The event also marked the beginning of a series of large and sustained Distributed Denial-Of-Service (DDOS) attacks launched against several Estonian national websites, including government ministries and the prime ministers Reform Party.

Jeanson Ancheta, a 21-year-old hacker and member of a group called the Botmaster Underground, reportedly made more than $100,000 from different Internet Advertising companies who paid him to download specially-designed malicious adware code onto more than 400,000 vulnerable PCs he had secretly infected and taken over. He also made tens of thousands more dollars renting his 400,000-unit botnet herd to other companies that used them to send out spam, viruses, and other malicious code on the Internet. In 2006, Ancheta was sentenced to five years in prison.

When crackers in Romania illegally gained access to the computers controlling the life support systems at an Antarctica research station, endangering the 58 scientists involved. However, the culprits were stopped before damage actually occurred. Mostly non-political acts of sabotage have caused financial and other damage, as in a case where a disgruntled employee caused the release of untreated sewage into water in Maroochy Shire, Australia. Computer viruses have degraded or shut down some non-essential systems in nuclear power plants, but this is not believed to have been a deliberate attack. (Note: it is also argued that this is actually not a case of cyberterrorism, but rather a case of cybercrime, as

CITC (I-T)

Page 13

09it049

CYBER-TERRORISM

cyberterrorism requires a political motive and not a primary focus on monetary gain)

In October 2007, the website of Ukrainian president Viktor Yushchenko was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility.

In 1999 hackers attacked NATO computers. The computers flooded them with email and hit them with a denial of service (DoS). The hackers were protesting against the NATO bombings in Kosovo. Businesses, public organizations and academic institutions were bombarded with highly politicized emails containing viruses from other European countries.

CITC (I-T)

Page 14

09it049

CYBER-TERRORISM

5. What is being done to Help Prevent Attacks

5.1 Dark Web
As of October 2007, there are over a billion internet users, some of which are not friends. Since September 11th, 2001 there has been a tenfold increase in the number of terrorists online. There were 70-80 terrorist sites and now there are around 7,000-8,000. What these websites are doing is spreading militant propaganda to give advice so that others might join. This is one of the most effective ways of spreading violence around the world.

A man by the name of Hsinchun Chen has created Dark Web, a database, which holds names of extremists around the world. This database is posted in many languages, can host as many as 20,000 members and half a million postings. Before Dark Web, Chan began his first project in 1997. It was a website used for tracking social change such as crime and terrorism being the main focus. He had the help of the Tucson, Arizona Police department as well as the National Science Foundation to help develop CopLink. This was a way that Law enforcement officials could link files and consolidate data. CopLink is responsible for helping catch the Beltway Snipers in Washington DC in late 2002. This as well as other successes led the NSF to ask Chen if he would build another system similar to CopLink to help fight terrorism. Despite a few setbacks, Dark Web was a success. Chen says that if Dark Web had been online before the Iraq war, there might have been a good chance that the supposed links between Al Qaeda and Saddam Hussein could have been proved fact or fiction. (Kotler, 2007)

There are some that are not convinced that Dark Web is a tool for freedom. Marc Rotenberg, Executive Director of the Electronic Privacy Information Center says that this tool could be used to track political opponents. Mike German, ACLUs policy counsel on national security, immigration and privacy claims that just because people say they are advocating violence, doesnt mean they will actually do it. He says it is a great waste of critical resources. (Kotler, 2007)
CITC (I-T) Page 15

09it049

CYBER-TERRORISM

Kotler (2007) Also says, I know this from my time spent undercover, infiltrating exactly these kinds of organizations: Every terrorist training manual makes it clear that a huge separation should be kept between the bomb-makers and the propagandists; between the action wing and the political wing. This means, by design, Dark Web is chasing the wrong people.

Chen disagrees, saying that it is the Job of the NSA to track the secret member communications which are encrypted and moved offline. The goal of Dark Web is to look into the propagandists of the jihad movement. Despite criticism, Dark Web has shown results. Access to training manuals to build explosives has been found as well as the location of where they are downloaded. This has led to countermeasures that are keeping Military units and civilians alike safer.

5.2 North Atlantic Treaty Organization

NATO, which is the European-US defense force, has a contract that started in 2005 with Telindus, which is a company that offers ICT solutions. NATOs networks cover their 26 members as well as other operational infrastructures such as Afghanistan and the Balkans. These networks include coverage for telephone, computer, and video conferencing communications. Non-military operations such as disaster relief and protection of critical national infrastructure are also covered.

Grant (2007) reported that, Luc Hellebooge, Telindus's defence unit director and leader on the Nato project, said the initial contract from Nato's Consultation, Command and Control Agency included engineering and design, implementation, logistics and quality, proof of concept and rollout, testing, acceptance, training and equipment sourcing.
CITC (I-T) Page 16

09it049

CYBER-TERRORISM

As of now there are 70 systems that are on the network. In future phases there will be more countries, more sites, more nodes, and more network upgrades. The main tasks are prevention, detection, reaction and recovery. Also Grant (2007) said Putting them together and handing it over on time and on budget took a lot of cross-domain skills."

Since the new project went live, a lot of attacks were found as well as the growing expertise of hackers. After the September 11th, 2001 attacks and the May 2007 DDos attack on Estonia, NATO has become more attentive to cyber defense because they themselves are vulnerable to attack since they are out in the open just like other organizations that are on the web. Telinduss biggest component is the intrusion detection system (IDS). This allows attacks to be identified as well as location of their origin and what attackers will do in response to the defensive or restorative action.

5.3 Federal Efforts to Protect Computers

The federal government has taken steps to improve its own computer security and to encourage the private sector to also adopt stronger computer security policies and practices to reduce infrastructure vulnerabilities. In 2002, the Federal Information Security Management Act (FISMA) was enacted, giving the Office of Management and Budget (OMB) responsibility for coordinating information security standards and guidelines developed by federal agencies. In 2003, the National Strategy to Secure Cyberspace was published by the Administration to encourage the private sector to improve computer security for the U.S. critical infrastructure through having federal agencies set an example for best security practices.

The National Cyber Security Division (NCSD), within the National Protection and Programs Directorate of the Department of Homeland Security (DHS) oversees a Cyber Security Tracking, Analysis and Response Center (CSTARC), tasked with conducting analysis of cyberspace threats and vulnerabilities, issuing alerts and warnings for cyberthreats, improving information sharing, responding to major cybersecurity incidents, and aiding in national-level recovery efforts. In addition, a new Cyber Warning and
CITC (I-T) Page 17

09it049

CYBER-TERRORISM

Information Network (CWIN) has begun operation in 50 locations, and serves as an early warning system for cyberattacks. The CWIN is engineered to be reliable and survivable, has no dependency on the Internet or the public switched network (PSN), and reportedly will not be affected if either the Internet or PSN suffer disruptions.

In January 2004, the NCSD also created the National Cyber Alert System (NCAS), a coordinated national cybersecurity system that distributes information to subscribers to help identify, analyze, and prioritize emerging vulnerabilities and cyberthreats. NCAS is managed by the United States Computer Emergency Readiness Team (US-CERT), a partnership between NCSD and the private sector, and subscribers can sign up to receive notices from this new service by visiting the US-CERT website.

5.4 U.S. Government Efforts

Congressional Research Services Report
The CRS report for congress talks about the capabilities for cyber-attack by terrorists. Many of the departments and agencies of the U.S. government have programs that address cyber security. Some view that the level of federal effort makes cyber-security a national priority while others see it as unnecessarily redundant. It is seen as the nation lacking a strategy for cyber terrorism. Despite criticism, there are many programs that are promising.

Department of Homeland Security (DHS)

Some DHS experts are concerned with the cyber security efforts. While terrorists are gaining more expertise and experience, the DHS has not progressed in their efforts to fight cyber terrorism. Others cite that the lack of progress is due to the difficulty in discovering the intentions, origination, and groups behind cyber intrusions and attacks. In February 2006, the DHS participated in an exercise called Cyber Storm which tested the U.S. government, international partners, and the private sectors ability to respond to a large scale cyber-attack.

CITC (I-T)

Page 18

09it049

CYBER-TERRORISM

According to Homeland Security (2006), Analysis of the exercise produced eight major findings to better position the United States to enhance the nations cyber preparedness and response capabilities. The eight cyber-security enhancement findings addressed: Interagency Coordination, Contingency Planning, Risk Assessment and Roles and Responsibilities, Correlation of Multiple Incidents between Public and Private Sectors, Exercise Program, Coordination between Entities of Cyber Incidents, Common Framework for Response to Information Access, Strategic

Communications and Public Relations, and Improvement of Process, Tools and Technology.

Department of Defense
In August 2005, DOD Directive 3020.40, the Defense Critical Infrastructure Program, required the DOD to coordinate with public and private sectors to help protect defense critical infrastructures from terrorist attacks and cyber-attack. DOD also formed the Joint Functional Component Command for Network Warfare (JFCCNW). Its purpose is to defend all DOD computer systems. Lasker (2005) said the expertise and tools used in this mission are for both offensive and defensive operations.

5.5 Federal Bureau of Investigation (FBI)

The FBI Computer Intrusion program was developed to provide administrative, operational support and guidance to those investigating computer intrusions. According to Lourdeau (2004), A Special Technologies and Applications program supports FBI counterterrorism computer intrusion investigations, and the FBI Cyber International Investigative program conducts international investigations through coordination with FBI Headquarters Office of International Operations and foreign law enforcement agencies.

CITC (I-T)

Page 19

09it049

CYBER-TERRORISM

5.6 National Security Agency (NSA)

To reduce vulnerability of national information infrastructure, the NSA has promoted higher education by creating the National Centers of Academic Excellence in Information Assurance Education (CAEIAE). The program is intended to create more professionals with information assurance (IA) experience. To support the Presidents National Strategy to Secure Cyberspace which was established in 2003, the NSA and DHS joined to sponsor the program. This program allows four-year colleges and graduate-level universities to apply to be designated as National Center of Academic Excellence in Information Assurance Education. According to sources, students attending CAEIAE schools are eligible to apply for scholarships and grants through the Department of Defense Information Assurance Scholarship Program and the Federal Cyber Service Scholarship for Service Program (SFS).

5.7 Central Intelligence Agency (CIA)

The CIA Information Operations Center evaluates threats to U.S. computer systems from foreign governments, criminal organizations and hackers. In 2005 a cyber-security test was conducted called Silent Horizon. Its goal was to see how government and industry could react to Internet based attacks. One of the problems the CIA wanted to figure out was who was in charge of dealing with a major cyber-attack? The government is in charge but in practice the defenses are controlled by numerous civilian

telecommunications firms. According to sources, the simulated cyber-attacks were set five years into the future. The stated premise of the exercise was that cyberspace would see the same level of devastation as the 9/11 hijackings. Livewire was an earlier exercise performed similar to Silent Horizon that had concerns for the governments role during a cyber-attack. What happens if the identified culprit is a terrorist, foreign government, or a bored teenager? It also questioned whether or not the government would be able to detect the early stages of an attack without the help of third party technology companies.

CITC (I-T)

Page 20

09it049

CYBER-TERRORISM

5.8 Inter-Agency Forums

The Office of Management and Budget (OMB) created a taskforce to investigate how agencies can better training, incident response, disaster recovery, and contingency planning. Also reports said The U.S. Department of Homeland Security has also created a new National Cyber Security Division that will focus on reducing vulnerabilities in the governments computing networks, and in the private sector to help protect the critical infrastructure.

CITC (I-T)

Page 21

09it049

CYBER-TERRORISM

6. Future Attractiveness of Critical Infrastructure Systems

There has yet been no published evidence showing a widespread focus by Cybercriminals on attacking the control systems that operate the U.S. civilian critical infrastructure. Disabling infrastructure controls for communications, electrical

distribution or other infrastructure systems, is often described as a likely scenario to amplify the effects of a simultaneous conventional terrorist attack involving explosives.

However, in 2006, at a security discussion in Williamsburg, Virginia, a government analyst reportedly stated that criminal extortion schemes may have already occurred, where cyber attackers have exploited control system vulnerabilities for economic gain. And, in December 2006, malicious software that automatically scans for control system vulnerabilities reportedly was made available on the Internet for use by cybercriminals. This scanner software reportedly can enable individuals with little knowledge about infrastructure control systems to locate a SCADA computer connected to the Internet, and quickly identify its security vulnerabilities.

The Idaho National Laboratory is tasked to study and report on technology risks associated with infrastructure control systems. Past studies have shown that many, if not most, automated control systems are connected to the Internet, or connected to corporate administrative systems that are connected to the Internet, and are currently vulnerable to a cyberattack. And, because many of these infrastructures SCADA systems were not originally designed with security as a priority, in many cases, new security controls cannot now be easily implemented to reduce the known security vulnerabilities. Following past trends, where hackers and cybercriminals have taken advantage of easy vulnerabilities, some analysts now predict that we may gradually see new instances where cybercriminals exploit vulnerabilities in critical infrastructure control systems.

CITC (I-T)

Page 22

09it049

CYBER-TERRORISM

7. EDUCATION AND AWARENESS

7.1 Improving Security of Commercial Software - Some security experts
emphasize that if systems administrators received the necessary training for keeping their computer configurations secure, then computer security would greatly improve for the U.S. critical infrastructure. However, should software product vendors be required to create higher quality software products that are more secure and that need fewer patches? Could software vendors possibly increase the level of security for their products by rethinking the design, or by adding more test procedures during product development?

7.2 Education and Awareness of Cyberthreats - Ultimately, reducing the threat

to national security from cybercrime depends on a strong commitment by government and the private sector to follow best management practices that help improve computer security. Numerous government reports already exist that describe the threat of cybercrime and make recommendations for management practices to improve cybersecurity.

A 2004 survey done by the National Cyber Security Alliance and AOL showed that most home PC users do not have adequate protection against hackers, do not have updated antivirus software protection, and are confused about the protections they are supposed to use and how to use them. How can computer security training be made available to all computer users that will keep them aware of constantly changing computer security threats, and that will encourage them to follow proper security procedures?

7.3 Coordination Between Private Sector and Government - What can be

done to improve sharing of information between federal government, local governments, and the private sector to improve computer security? Effective cyber security requires sharing of relevant information about threats, vulnerabilities, and exploits. How can the private sector obtain information from the government on specific threats which the government now considers classified, but which may help the private sector protect against cyberattack? And, how can the government obtain specific information from
CITC (I-T) Page 23

09it049

CYBER-TERRORISM

private industry about the number of successful computer intrusions, when companies resist reporting because they want to avoid publicity and guard their trade secrets? Should cybercrime information voluntarily shared with the federal government about successful intrusions be shielded from disclosure through Freedom of Information Act requests?

How can the United States better coordinate security policies and international law to gain the cooperation of other nations to better protect against a cyberattack? Pursuit of hackers may involve a trace back through networks requiring the cooperation of many Internet Service Providers located in several different nations. Pursuit is made increasingly complex if one or more of the nations involved has a legal policy or political ideology that conflicts with that of the United States. Thirty-eight countries, including the United States, participate in the Council of Europes Convention on Cybercrime, which seeks to combat cybercrime by harmonizing national laws, improving investigative abilities, and boosting international cooperation. However, how effective will the Convention without participation of other countries where cybercriminals now operate freely?

Intents behind Cyber Terrorrism: Political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a botnet, to help disrupt the computer systems of the Estonian government. cyber-attacks from individuals and countries targeting economic, political, and military organizations Cybercriminals have reportedly made alliances with drug traffickers in Afghanistan, the Middle East, and elsewhere where profitable illegal activities are used to support terrorist groups Trends in cybercrime are described, showing how malicious Internet websites, and other cybercrimes such as identity theft are linked to conventional terrorist activity.

CITC (I-T)

Page 24

09it049

CYBER-TERRORISM

8. Summary
In todays society it is apparent that cyber-crime is a problem especially since it can be difficult to determine if an attack is from a hacker or from a hacker that is a terrorist or terrorist group. Looking at the history of cyber-crime it has been shown that there is definitely a need for more protection. Knowing that cyber terrorism exists is the first step to a solution. Hsinchun Chen, the creator of Dark Web went from helping out local law enforcement to helping with terrorism on the internet. NATO has taken steps to protect its organization with the help of a third party specializing in security solutions. Also the United States government departments have jointly and separately created programs to fight terrorism as well as programs to educate others.

CITC (I-T)

Page 25

09it049

CYBER-TERRORISM

9. REFERENCES:
1. http://www.cyberterrorism.com 2. http://eee.wikipidia.com 3. http://www.usatoday.com/tech/news/techpolicy/2005-05-26-cia-wargames_x.htm 4. http://www.cyberterrorism.com/ - official cyberterrorism website 5. http://www.informationweek.com/news/showArticle.jhtml?articleID=199701774

CITC (I-T)

Page 26