Seminar Report on Cyber Terrorism

2012-2013

INTRODUCTION
Cyberterrorism isanewterroristtacticthatmakesuseof information
systemsordigitaltechnology,especiallytheInternet,aseitheraninstrumentor
atarget.AstheInternetbecomesmoreawayoflifewithus,itisbecoming
easierforitsuserstobecometargetsofthecyberterrorists.Thenumberofareas
in which cyberterrorists could strike is frightening, to say the least. The
differencebetweentheconventionalapproachesofterrorismandnewmethods
is primarily that it is possible to affect a large multitude of people with
minimumresourcesontheterrorist'sside,withnodangertohimatall.Wealso
glimpseintothereasonsthatcausedterroriststolooktowardstheWeb,and
why the Internet is such an attractive alternative to them. The growth of
InformationTechnologyhasledtothedevelopmentofthisdangerouswebof
terror, for cyberterrorists could wreak maximum havoc within a small time
span.Varioussituationsthatcanbeviewedasactsofcyberterrorismhavealso
beencovered.Banksarethemostlikelyplaces
toreceivethreats,butitcannotbesaidthatanyestablishmentisbeyondattack.
Tipsbywhichwecanprotectourselvesfromcyberterrorismhavealsobeen
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013
coveredwhichcanreduceproblemscreatedbythecyberterrorist.We,asthe
InformationTechnologypeopleoftomorrowneedtostudyandunderstandthe
weaknessesofexistingsystems,andfigureoutwaysofensuringtheworld's
safetyfromcyberterrorists.Anumberofissueshereareethical,inthesensethat
computingtechnologyisnowavailabletothewholeworld,butifthisgiftis
used
wrongly, the consequences could be disastrous. It is important that we
understandandmitigatecyberterrorismforthebenefitofsociety,trytocurtail
itsgrowth,sothatwecanhealthepresent,andlivethefuture

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013

CYBERTERRORISM
Andrey, Frederick, and Phillip (the Week Three team) aim to help
promoteawarenessaboutthedangersofCyberTerrorismandCyberWarfare.
Many individuals may not even be aware that Cyber Terrorism and Cyber
Warfareexistandassuchareunawareofthedamageitcancause.TheWeek
ThreeteamspurposeinanalyzingCyberTerrorismandCyberWarfareisto
educatecitizensonhowtheseattacksimpactanation,techniquesusedinthe
perpetrationoftheseattacks,andsecuritymeasuresthatcanbetakentoguard
againsttheseattacks.
Purpose
ToanalyzeCyberTerrorismandCyberWarfareandunderstandhowit
affectsallofusasanationaswellasrecommendbestpracticestohelpprotect
ourselves. Itisourpurposetoraiseawarenessofthisissuethataffectsmany
livestoday.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013

Scope

Initial analysis of what Cyber Terrorism andCyber Warfareis. This

reportgivesacomprehensivereviewonthesetwotermsare,howitaffectsusin
ourdailylives,andpracticestoprotectourselves.
MethodsandProcedures
Researchwasconductedusingavarietyofsecondarysources.Eachteam
memberwasresponsibleforonemajorcategory.Afteraggregatingtheresearch,
theteamreviewedtheinformationtoreachitsfinalrecommendation.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013

OVERVIEW
AstheInternetbecomesmorepervasiveinallareasofhumanendeavor,
individualsorgroupscanusetheanonymityaffordedbycyberspacetothreaten
citizens,specificgroups(i.e.withmembershipbasedonethnicityorbelief),
communitiesandentirecountries,withouttheinherentthreatofcapture,injury,
ordeathtotheattackerthatbeingphysicallypresentwouldbring.
AstheInternetcontinuestoexpand,andcomputersystemscontinuetobe
assigned more responsibility while becoming more and more complex and
interdependent, sabotage or terrorism via cyberspace may become a more
seriousthreat.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013

BASICDEFINITION
Cyberterrorismistheleveragingofatarget'scomputersandinformation,
particularly via the Internet, to cause physical, realworld harm or severe
disruptionofinfrastructure.CyberterrorismisdefinedasThepremeditateduse
ofdisruptive
activities,orthethreatthereof,againstcomputersand/ornetworks,withthe
intention to cause harm or further social, ideological, religious, political or
similar objectives. Or to intimidate any person in furtherance of such
objectives. This definition was created by Kevin G. Coleman of the
Technolytics Institute ...subsumed over time to encompass such things as
simplydefacingawebsiteorserver,orattackingnoncriticalsystems,resulting
inthetermbecominglessuseful...
Thereare somethat say cyberterrorismdoes notexistandis reallya
matter of hacking or information warfare. They disagree with labeling it
terrorismbecauseoftheunlikelihoodofthecreationoffear,significantphysical
harm, or death in a population using electronic means, considering current
attackandprotectivetechnologies.
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013

BACKGROUNDINFORMATION

Publicinterest incyberterrorismbegan inthe late1980s.As theyear

2000approached,thefearanduncertaintyaboutthemillenniumbugheightened
andinterestinpotentialcyberterroristattacksalsoincreased.However,although
themillenniumbugwasbynomeansaterroristattackorplotagainsttheworld
ortheUnitedStates,itdidactasacatalystinsparkingthefearsofapossibly
largescaledevastatingcyberattack.Commentatorsnotedthatmanyofthefacts
ofsuchincidentsseemedtochange,oftenwithexaggeratedmediareports.The
highprofileterroristattacksintheUnitedStatesonSeptember11,2001leadto
furthermediacoverageofthepotentialthreatsofcyberterrorismintheyears
following.Mainstreammediacoverageoftendiscussesthepossibilityofalarge
attackmakinguseofcomputernetworkstosabotagecriticalinfrastructureswith
theaimofputtinghumanlivesinjeopardyorcausingdisruptiononanational
scaleeither
directlyorbydisruptionofthenationaleconomy.
AuthorssuchasWinnSchwartauandJohnArquillaarereportedtohave
hadconsiderablefinancialsuccesssellingbookswhichdescribedwhatwere
purportedtobeplausiblescenariosofmayhemcausedbycyberterrorism.Many
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013
criticsclaimthatthesebookswereunrealisticintheirassessmentsofwhether
the attacks described (such as nuclear meltdowns and chemical plant
explosions)werepossible.Acommonthreadthroughoutwhatcriticsperceive
as cyberterrorhype is that of nonfalsifiability; that is, when the predicted
disastersfailtooccur,itonlygoestoshowhowluckywe'vebeensofar,rather
thanimpugningthetheory.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

EFFECTS

2012-2013

Cyberterrorism can have a serious largescale influence on significant

numbersofpeople.Itcanweakencountries'economygreatly,therebystripping
itofitsresourcesandmakingitmorevulnerabletomilitaryattack.Cyberterror
canalsoaffectinternetbasedbusinesses.Likebrickandmortarretailersand
serviceproviders,mostwebsitesthatproduceincome(whetherbyadvertising,
monetaryexchangeforgoodsorpaidservices)couldstandtolosemoneyinthe
eventofdowntimecreatedby
CYBERCRIMINALS.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

Seminar Report on Cyber Terrorism

2012-2013
Asinternetbusinesseshaveincreasingeconomicimportancetocountries,
what is normally cybercrime becomes more political and therefore "terror"
related.CYBER

TERRORISM VS. CYBER

WARFARE
CyberTerrorism
ThereexistmultipleexpertdefinitionsofwhatCyberTerrorismis.The
definitionofCyberTerrorismwewillemployreferstotheactofpolitically
motivatedviolenceagainstinformation,computersystems,computerprograms,
anddatawhichmayresultindamage(Pollitt,n.d.).Weliveintheinformation
agewherecomputershavebecomeanintegralaspectofourdailyexistence.We
useitatschool,work,andathometocommunicatewithfriendsandfamilyor
todowork.Asweknow,computerprogramsarealwaysatriskofcompromise
whichresultsincompaniesfranticallyupdatingtheirsystemsinanattemptto
securetheirprograms.AnexampleactofCyberTerrorismwouldbeifagroup
of foreign militants were to attack government networks with the goal of
spreadingpropaganda.ThisservesasanexampleofCyberTerrorismbecauseit
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

10

Seminar Report on Cyber Terrorism

2012-2013
isapoliticallymotivatedattackagainstcomputersystemswiththeintentof
causingharm.
CyberWarfare
Some may consider that Cyber Terrorism to be the same as Cyber
Warfare.Althoughbotharesimilar,CyberWarfareisnotpoliticalmotivated.
ThedefinitionofCyberWarfarereferstotheuseofcomputersandtheinternet
toconductwarfareincyberspace.Informationtechnologyisemerginginmany
societiesandhasbecomemorereadilyavailabletohostilenations.Nationsthat
may decide to use their newfound technology to strike at their opponents
communications. A serious form of Cyber Warfare would be to attack an
electrical power grid. Attackers would penetrate and interrupt an electrical
powergridsystemcausingblackouts.Dependingonthesizeofthisattackand
itslocation,thismayknockoutpowertohospitalsorothercriticalsystemsofa
city.
Implication
AnimplicationofCyberWarfareandCyberTerrorismistocauseharm
toanation.Agoaloftheseattacksistocreatealarmandpanicamongcitizens.
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

11

Seminar Report on Cyber Terrorism

2012-2013
Attackerswanttoshowhowbadlytheycandamagetheirvictimnationsby
hackingintogovernmentcomputersandtakingcontrolofcriticalsystems.This
can affect citizens psychologically causing them to wonder how their
governmentcouldletthishappenandwhattheycandotoprotectthemselves
andtheirfamilies.Byachievingthesegoals,hackerssucceededinleadinga
nationintoastateofchaosandconfusion.

METHODSANDTECHNIQUES
CyberAttacksIncreasing
Computerattackshavebeenraisingthecyberwarfarebartoanewlevel.
Eachyeartherearemoreandmorecyberattacksrecordedthroughtheworld
(Germain,TheWindsofCyberWar,2008).In2007,theU.S.Departmentof
Homeland Security published statistics showing 37,000 reported attempted
breachesofgovernmentandprivatecomputersystems.Theprioryearsreport
showed24,000attempts;asignificant158%increasein2007(Germain,The
ArtofCyberWarfare,Part1:TheDigitalBattlefield,2008).

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

12

Seminar Report on Cyber Terrorism

2012-2013
Duetotheincreaseofcyberattacks,theUSGovernmentistryingtheir
besttofortifynetworksecurity.Inthepast12months,75percentofbusinesses
worldwidehaveexperiencedacyberattack(U.S.UrgedToCurbHackersas
CyberAttacksIncrease,2010).Itsbecomingsuchabigissuethat42percentof
businessesratedcybercrimeasthebiggestthreattothem,thatsmorethan
terrorism, traditional crime, and natural disasters combined. Due to the
increasingthreat,inMay2009,theU.S.PresidentacceptedaCyberspacePolicy
Review (The Comprehensive National Cybersecurity Initiative, 2010). This
policywastoassessU.S.structuresandpoliciesforcybersecurityandisan
efforttoworktowardsareliableandtrustworthydigitalinfrastructure.
TheCommonAttackMethods
Thereareseveralpopularcyberattackmethods.Thesepopularmethods
include denial of service, distributed denial of service, and botnets (Cyber
AttackTechniques,2009).Denialofserviceworksbyoverwhelmingthetarget
computerwithuselessnetworktraffic,resultingintheblockingoflegitimate
networktraffictotheuser.Distributeddenialofserviceissimilarinthatit
overwhelmsthetargetcomputerwithnetworktraffic,butinsteadthisattackis
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

13

Seminar Report on Cyber Terrorism

2012-2013
launchedfrommanycomputers.Theotherpopularmethodofattackistheuse
ofbotnets.Abotnetisanetworkofremotelycontrolledsystemsusedtoattack
anddistributemalware,spam,andphishingscams.Thewordbotisshortfor
robots,becausetheyareprogramsthatareunknowinglyinstalledonatarget
computer.Thisprogramallowsanunauthorizedusertoremotelycontrolthe
systemformaliciouspurposes(CyberAttackTechniques,2009).
PopularTargets
Financialinstitutionsandutilitygridsarenowtheprimetargetsofcyber
warfareandcyberespionage.Afterareportwasreleasedstatingthatelectric
power grid has been infiltrated by foreign spies, the U.S. government has
admitted that it is susceptible to cyber attacks (LaMonica, 2009). Janet
Napolitano from the US homeland Security claimed The vulnerability is
something [we] haveknow aboutfor years.WorldBank hasalso reported
beinginfiltratedatleastsixtimesinjustoneyear(Behar,2008).Manyother
banks,likeBankofAmerica,havealsobeenthevictimsofcyberattack.For
instance,onJanuary29th,2010,theirwebsitewasdownforagoodpartofthe
day(Carney,2010).
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

14

Seminar Report on Cyber Terrorism

CyberSecurity

2012-2013

InagovernmentpapertitledDefiningandDeterringCyberWar,the
purposeofCyberSecurityisdescribedas[to]increaseastatesresistanceto
attacksandreducetheconsequencesofattacks.(Beidleman,2009)Whilethis
paper was written in regards to governments, the concept holds true for
businessesaswell.CyberSecuritycanbeseenastwoparts:resistanceand
mitigationofdamage.
ResistancetoCyberTerrorismisprimarilyimplementedthroughsecurity
technologies.Themostprevalentsecuritytechnologyforlargeorganizationsis
thefirewall.Thefirewallisliterallythefirstlineofdefensewhenitcomestoa
computernetwork.Thefirewallsitsbetweentheinternalnetworkofacompany
andtheoutsideworld.Itanalyzesallincomingandoutgoingtransmissionsand
provides multiple security services. Incoming packets are all screened for
maliciousdatabeforebeingrebroadcastintothenetwork.Outgoingpacketsare
alsoallscreened.Mostfirewallscomewithfeaturesthatallowforstatistical
analysisofanetworksbaseline.Fluxuationsinthebaselinebeyondacertain
range may indicate an issue and prompt the firewall to notify a systems
administratorforfurtherinvestigation.
Dept. Of Electrical & Electronics Engg.
G.P.T.C, Muttom

15

Seminar Report on Cyber Terrorism

2012-2013
Themajorformsofattackdescribedinthelastsection(packetflooding
andbotnets)arebothaddressedbyfirewalls.ToreiterateDenialofService
(DoS) attacks, distributed or otherwise, attempt to flood a network with so
muchtrafficthatnolegitimateformsofdatacanbeacceptedintothesystem.
FirewallsblockDoSattacksbyidentifyingthesendingsourceandblacklisting
all data from that location(s). Botnets or socalled zombie computers
(Strickland,2007)canalsobedealtwithbyfirewalls.Asmentioned,ifbotnets
are employed in a DoS attacks, the firewall blocks all traffic from that
originatingsource.Moreover,firewallscandetectbotnetcomputersfromwithin
aninternalnetworkbasedonoutgoingtrafficandcantakestepstodisinfect
them.Thisinvolvesautomaticallyisolatingtheinfectednodesandinforminga
systemsadministratorwhotakesfurtherstepstofixthedevice.
Beyond the firewall, security software should also be installed on all
workstations in the network. The rationale behind this procedure is that
individualworkstationsmaybeinfectedbycodethatslipspastthefirewall.
Security software such as antivirus and antispyware programs should be
implementedandkeptuptodatewiththelatestvirusdefinitions.Inaddition,

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

16

Seminar Report on Cyber Terrorism

2012-2013
alldevicesonthenetworkshouldbekeptuptodatewiththelatestupdatesto
sealpotentialsecurityvulnerabilities.
On the user side, there are several bestpractices that can be used to
preventormitigatedamagefromcyberterroristattacks.Firstlyistheissueof
accesscontrolusersshouldonlyhaveaccesstoresourcesthattheyrequire.
The rationale behind this statement is that, should a user account be
compromisedbyattackers,theirlevelofaccessinthesystemislimited.To
preventtheaccountsfrombeingcompromisedinthefirstplace,policiesshould
beinplacethatenforcestrongpasswords.TheUniversityofTexasrecommends
thefollowingforconditionsinastrongpassword(Uni.ofTX,2009):

Usebothupperandlowercaseletters.
Placenumbersandpunctuationmarksrandomlyinyourpassword.
Makeyourpasswordlongandcomplex,soitishardtocrack.Between8
to20characterslongisrecommended.
Useoneormoreofthesespecialcharacters:!@#$%*()+=,<>::

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

17

Seminar Report on Cyber Terrorism

2012-2013
Moreover,thepasswordpolicyshouldrequirethatpasswordsbereset
everymonthandthatidenticalpasswordsorpasswordcharactersmaynotbe
reused for a set period of time. This is so that cyber terrorists cannot run
automatedprogramsthattryeverypossiblecombinationofcharacterstoguessa
password.
Thefinalsteptodeterringcyberattackiscontinualpenetrationtesting
and security audits of an organizations own system. By attacking its own
securitysystem,vulnerabilitiesmaybeidentifiedandfixedbeforetheycanbe
takenadvantageofbyattackers.Tohelpmitigatethedamagefromattacks,
organizationsshouldkeepbackupsoftheirdatainaneasilyretrievableformat.
Thisway,shouldacyberattacksucceedindestroyingdata,filescanberestored
fromthetimeofthelastbackup.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

18

Seminar Report on Cyber Terrorism

2012-2013

CONCLUSION
AfterathoroughanalysisonwhyCyberTerrorismandCyberWarfare
occur,thedeterminationwasthattheseeventsforthereasonofbringingfearto
thepublic.Eventhoughtheseactscanbepoliticallymotivated,thegoalisstill
thesame.Therearemanydifferentmethodsforsuchattacks,likeusingbotnets
ordenialofservicetobringdownpopulartargets;institutionsandpowergrids.
Evenwiththesemethodsofattack,theuseofnetworksecurityproducts,suchas
firewallsandantivirus,cangreatlyreducetheriskofbeingavictimofcyber
attacks.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

19

Seminar Report on Cyber Terrorism

2012-2013

REFERENCES
Behar, R. (2008, October 10). World Bank Under Cyber Siege in
'Unprecedented Crisis'. Retrieved May 7, 2010, from
http://www.foxnews.com/story/0,2933,435681,00.html
Beidleman, S. (2009). Defining and deterring cyber war. Strategy Research
Project,Retrieved from

http://www.dtic.mil/srch/doc?
collection=t3&id=ADA500795
Carney,J.(2010,January29).BankofAmerica'sWebsiteHasBeenDownAll
Morning. Retrieved May 10, 2010, from
http://www.businessinsider.com/bankofamericaswebsitehasbeen
downallmorning20101
Cyber Attack Techniques. (2009, May 28). Retrieved April 28, 2010, from
http://www.cybersecuritymarket.com/2009/05/28/cyberattack
techniques/
Germain,J.M.(2008,April29).TheArtofCyberWarfare,Part1:TheDigital
Battlefield. Retrieved April 20, 2010, from
http://www.ecommercetimes.com/story/62779.html
Germain,J.M.(2008,September16).TheWindsofCyberWar.RetrievedApril
10, 2010, from http://www.technewsworld.com/story/TheWindsof
CyberWar64494.html
LaMonica,M.(2009,April8).Report:SpieshackedintoU.S.electricitygrid.
Retrieved May 3, 2010, from http://news.cnet.com/830111128_3
1021489854.html
Lewis,J.(2002).AssessingtheRisksofCyberTerrorism,CyberWarandOther
Cyber Threats:.
Retrieved April 30, 2010, from
http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

20

Seminar Report on Cyber Terrorism

2012-2013
Contents
INTRODUCTION...........................................................................................................................
Purpose........................................................................................................................................
Scope............................................................................................................................................
MethodsandProcedures..............................................................................................................
CyberTerrorism...........................................................................................................................
CyberWarfare.............................................................................................................................
Implication.....................................................................................................................................
METHODSANDTECHNIQUES................................................................................................
CyberAttacksIncreasing...........................................................................................................
TheCommonAttackMethods...................................................................................................
PopularTargets..........................................................................................................................
CyberSecurity................................................................................................................................
CONCLUSION..............................................................................................................................
REFERENCES..............................................................................................................................

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

21

Seminar Report on Cyber Terrorism

2012-2013

ABSTRACT
CyberTerrorismandCyberWarfareareconsideredaprioritythreatfor
nations includingtheUnitedStates,China, andtheUnitedKingdom.These
attackscanhavedevastatingconsequencesonthewelfareanationandofits
citizens. A research team consisting of Andrey Lavochin, Frederick Le and
PhillipTrancollaboratedtoanalyzethethreatofCyberTerrorismandCyber
Warfare.Theteamsgoalwastoidentifythethreatsandtechniquesusedin
suchtacticsaswellasidentifypotentialsolutions.Theresearchteamconcluded
thatthereisnotabeallendallremedytoCyberTerrorismandCyberWarfare
butthatthereareproactivemeasuresthatmaybetakentoreducethefrequency
ofattacksandmitigatethedamagetheycause.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

22

Seminar Report on Cyber Terrorism

2012-2013
Theproblemofcyberterrorismismultilateralhavingvariedfacetsand
dimensions.Itssolutionrequiresrigorousapplicationofenergyandresources.It
mustbenotedthatlawisalwayssevenstepsbehindthetechnology.Thisisso
becausewehaveatendencytomakelawswhentheproblemreachesatits
zenith. We do not appreciate the need of the hour till the problem takes a
precariousdimension.Atthatstageitisalwaysverydifficult,ifnotimpossible,
todealwiththatproblem.Thisismoresoincaseofoffencesandviolations
involving information technology. One of the argument, which is always
advancedtojustify
thisstandofnonenactmentisthatthemeasuressuggestedarenotadequateto
dealwiththeproblem.Itmustbeappreciatedthatsomethingisbetterthen
nothing.Theultimatesolutiontoanyproblemisnottoenactaplethoraof
statutesbuttheirrigorousanddedicatedenforcement.Thecourtsmayapplythe
existing laws in a progressive, updating and purposive manner. It must be
appreciatedthatitisnottheenactmentofalawbutthedesire,willandefforts
toacceptandenforceitinitstrueletterandspirit,whichcanconferthemost
strongest,secure

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

23

Seminar Report on Cyber Terrorism

2012-2013
andsafestprotectionforanypurpose.Theenforcementoftheserightsrequiresa
qualitative effort and not a quantitative effort. Thus, till a law dealing
expresslywithcyberterrorismisenacted,wemustnotfeelshyandhesitantto
usetheexistingprovisions.

Dept. Of Electrical & Electronics Engg.

G.P.T.C, Muttom

24