In the example of the Iraqi War during 2003 you had a situation that included hackers, viruses, and online propaganda. What makes this different to the previous
cyber wars for example, the Serbian-NATO cyber war, is the fact that more than two parties are involved and the motivation is based upon ideologies—religious and political. What also makes this cyber war of in- terest are the three parties involved. These included (Warren, 2003):
• U.S. based hackers who are inspired by patrio- tism and wish to attack anything that can be considered as an Iraqi target
• Islamic-based hackers who are trying to carry out an online Jihad against perceived allied targets
Figure 4. Current Hezbollah site (2006)
Terrorism and the Internet
• Peace activists who are trying to use the Web to promote a peaceful message via Web sites—but what would have been the next step for the radi- cal peace activists if the war had continued? The situation was very confusing as you had the U.S. government NIPC releasing an advisory on February 11, 2003, trying to restrain “patriotic hack- ing” on behalf of the U.S. government (NIPC, 2003). They defined that attacks may have one of several motivations (NIPC, 2003):
• Political activism targeting Iraq or those sym- pathetic to Iraq by self-described “patriot hack- ers”
• Political activism or disruptive attacks targeting United States systems by those opposed to any potential conflict with Iraq
• Criminal activity masquerading or using the current crisis to further personal goals
During this period there were active pro-Islamic hacking groups such as the Unix Security Guard
Figure 6. Cyber terrorism at work
(USG), their strategy was trying to deface sites with their pro-Iraqi political messages (Warren, 2003). A typical antiwar successful hack is illustrated in Figure 6.
Following the defeat of Iraqi forces and the resto- ration of a democratic government, Iraqi resistance groups formed to fight new government and occupy- ing military forces. These new resistance groups turned to the Internet (see Figure 7) for the reasons described previously, but with some differences, these are (Warren, 2005):
• Recruitment of volunteers
• Focus on Arabic rather than English Web sites and content
• Mirroring information around the world, making it harder to remove
• Spreading information on making explosives, how to use captured foreign firearms, and so forth
A final point to note is that cyber terrorist activ- ity could also be used in conjunction with or to sup-
Figure 7. Iraqi resistance groups at work
port more traditional attacks. For example, hacking techniques could be employed to obtain intelligence information from systems, which could then be used as the basis for a physical attack.
conclusIon
Another observation is that cyber attacks offer the capability for terrorist activities with wider-reaching impacts. With traditional terrorist activities, such as bombings, the impacts are isolated within specific physical locations and communities. In this context, the wider populous act only as observers and are not directly affected by the actions. Furthermore, acts of violence are not necessarily the most effective way of making a political or ideological point–the media and public attention is more likely to focus upon the destruction of property and/or loss of life than whatever “cause” the activity was intended to promote. The ability of cyber terrorism activities to affect a wider population may give the groups involved greater lever- age in terms of achieving their objectives, whilst at the same time ensuring that no immediate long-term damage is caused which could cloud the issue. For
example, in a denial of service scenario, if the threat- ened party was to accede to the terrorist demands, then the situation could (ostensibly at least) be returned to that which existed prior to the attack (i.e. with service resumed). This is not the case in a “physical” incident when death or destruction has occurred.
Cyber terrorists operate with a political agenda. This motivation (which could often be more accurately described as fanaticism) will mean these types of at- tacks will be more specifically targeted and aimed at more critical systems. This collective action would do more harm than the action of a single hacker. There is also the issue of funding, since terrorist groups could have substantial funds available, they could easily employ hackers to act on their behalf.
Whether we like it or not, we have developed a significant (and increasing) dependence upon infor- mation technology. The Internet is available 24 hours a day and cyber terrorist groups that view developed countries as a target will be able to attack 24 hours a day. This means that all organisations could feel the impact as their sites are attacked just because they happen to be in Australian, Japan, USA, and so forth. Only the future will show the risks that we face from the threat of cyber terrorism
Terrorism and the Internet
reFerences
Hutchinson, W., & Warren, M. J. (2001). Information Warfare: Corporate attack and defence in a digital world. London: Butterworth-Heinemann.
Meikle, G. (2002). Future active: Media activism and the internet. Routledge.
NIPC. (2003).Encourages heightened cyber security as Iraq—US tensions increase (Advisory 03-002). Washington, DC.
Verton, D. (2003). Black ice: The invisible threat of cyber terrorism. McGraw Hill.
Warren, M. J. (2003). The impact of hackers. Presented at the Second European Information Warfare Confer- ence, Reading, UK.
Warren, M. J. (2005). Cyber terrorism. Presented at the Annual Police Summit, Melbourne, Australia. Warren, M. J., & Hutchinson, W. (2002). Will new laws be effective in reducing web sponsorship of terrorist groups. Presented at the Third Australian Information Warfare and Security Conference, Perth, Australia. Wilkinson, P. (1976). Political terrorism. MacMillan Press Ltd.
terms and deFInItIons
Note: Definitions from Dictionary.Com (http://diction- ary.reference.com/browse)
Cyber Terrorism: Terrorism conducted in cyber space, where criminals attempt to disrupt computer or telecommunications service.
Hacker: One who uses programming skills to gain illegal access to a computer network or file.
Internet: An interconnected system of networks that connects computers around the world via the TCP/IP protocol.
Risk: The possibility of suffering harm or loss; danger.
Security: Something that gives or assures safety, as: (a) Measures adopted by a government to prevent espionage, sabotage, or attack; (b) Measures adopted, as by a business or homeowner, to prevent a crime.
Terrorist: One that engages in acts or an act of terrorism.
Terrorism: The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons.