Russia: all to fight cyber terrorism!

ZAPOROZHYE (CCRC) - Nowadays, cyberterrorism may cause significantly more damage than any usual explosive device, Dmitri Frolov, representative of the Information Security Center of FSB (Federal Security Service) said on the parliamentary session "Actual Problems of Legislative Provision of Fight Against Terrorism" in the State Duma of the Russian Federation.

Now cyberterrorism can cause significantly more damage than any usual explosive device. But it is hard to distinguish cyber terrorism from information warfare", he said. For example, a breakdown of computer control systems of armed forces and arms may lead to unpredictable cosequences, he noted.

The most unprotected systems in view of cyber attacks are information systems of state and military management. The first cyberterrorists' attacks on computer systems were fixed late in 90-s, Frolov said.

He also marked out that now almost all radical organizations have websites on the Internet. In particular, these sites give recipes of explosive materials in details.

"At present, international terrorists, including Chechen separatists, actively use existing information sources to put into practice terrorist sabotage. Especially they solve informational and financial problems, provide communication, plan acts of terrorism and also exercise control of their units", he emphasized.

Taking into account all these threats and also after large-scale terrorist acts in the USA, in most countries projects are created or are being realized at present. These programs are destined to confer emergency powers to national special services in order to control information systems.

There is a complex of legal problems in this field in Russia now. All these issues demand new federal laws and legal acts directed to fight against cyber terrorism, the FSB representative said.

He also noted that FSB has already developed and passed to the State Duma propositions to improve law in field of fighting cyber terrorism.[1]



Reference:
[1]http://www.crime-research.org/news/14.04.2004/208/

Cyber terrorism 'overhyped'

The threat posed by cyber-terrorism has been overhyped and the net is unlikely to become a launch pad for terror attacks.

That was the conclusion of a panel of security and technology experts brought together at the CeBIT technology fair to consider the threat posed by net attacks on businesses and consumers.
Panel members said companies faced far more serious threats from ordinary criminals, fraudsters and pranksters than they did from technology-literate terrorists.
Combating these real threats would take work by almost everyone involved in the running and use of the net.
 
Selling newspapers
 
Respected security expert Bruce Schneier said the threat posed by so-called cyber-terrorism had been over-estimated.
"The hype is coming from the US Government and I don't know why," he said.
Fellow panel member Art Coviello, head of security firm RSA, said some of the warnings about cyber-terrorism had come about in reaction to the attacks on 11 September.
But, he added, sections of the media were also responsible for hyping the threat.
"Some of these stories are very entertaining and sell a lot of newspapers," he said. "Some media organisations are fanning the flames of this."
Mr Schneier said any terror group that wanted to sow panic and attack its ideological enemies was unlikely to turn to net technology to make their point.
 
Real threat more mundane
 
"If they want to attack they will do it with bombs like they always have," he said.
By contrast, he said, disrupting the running of the net and other communications networks would cause more annoyance than fear.
"Breaking pager networks and stopping e-mail is not an act of terror," he said,

Mr Schneier said companies and consumers should concentrate on real threats from common criminals, viruses and other malicious programs.
"Criminals tend to lag behind in technology by a few years," he said. "But once they find a technology they tend to use it and there is a lot of value on the internet."
Defending against criminals was difficult, said Mr Schneier, because they were often mixed in with the barrage of attacks companies suffered everyday.
Tackling these threats would take a lot of work by many of the organisations using and developing net technologies, said Mr Schneier.
One of the key tasks was to start creating a lawful society on the Internet, which educated people about the rights and wrongs of online life and that caught and prosecuted criminals. [1]




Reference:
http://news.bbc.co.uk/2/hi/technology/2850541.stm

Terrorism on the Internet: another Border to Protect one Country’s Sovereignty

"The Internet is a weapon in the hands of our extremist enemies," Senator Joe Lieberman, (I-Conn.) chairman of the Senate Homeland Security Committee, said after the Senate's review of a recent report on how terrorists are using the Internet to spread their radicalism. 

 At the beginning of May this year, the Senate Homeland Security Committee engaged in a deep analysis of how the Internet is being used by terrorist organizations to express their prejudice against the United States. This analysis included reviewing a recent report prepared on this subject, listening to the testimony of several Internet experts and the drafting the United States' response to this practice.

The recent report on terrorism on the Internet reviewed by the Homeland Security Committee of the US Senate revealed that Al-Qaeda and other terrorist organizations like "Jihadi" are using the Internet to recruit militants and raise funds for their organizations.  Additionally, these organizations use flashy websites, video games, videos, and music to express their radical ideology, the report showed.  Terrorists are hacking websites and posting training manuals in inner directories where people may not notice them (this practice is called ‘parasiting'); developing violent video games spreading the message that Islam is under attack and inviting to fight in its defense; and making hip-hop and rap music with melodies that call for violence, this report informed. 

One of the Internet experts called to testify on the Senate session was Frank Cilluffo, Director of George Washington University's Homeland Security Policy Institute ("the Institute").  Mr. Ciffuffo testified on the Institute's Internet-Facilitated Radicalization study and said, "we have created this global village -the Internet- without a police department."  In presenting the Institute's study, Mr. Cilluffo revealed that terrorists use, among others, hard-to-intercept communications like ‘dead drop.'  ‘Dead Drop' communications are drafted e-mails stored in accounts where adepts access them and read their rebel message.  No e-mail is sent, thus, no interception may be accomplished.         

The Institute's study also proposed some counter-measures to the problem of terrorism on the Internet and presented examples of other countries' current measures on this issue.  For instance, UK implemented a program called the ‘Radical Middle Way" which aims to undermine the extremist's message of violence as expression of their Islam religion.  The program also encourages dialogue with these extremists groups to encourage communication and lessen violence.   Egypt also implemented a program to counter-attack Jihadists activities in that country.  Likewise, Indonesia first democratic president has implemented programs favoring religion freedom and tolerance.  Jordan Muslim clerics issued fatwa in 2005, a program denouncing all kind of terrorism on the name of the Islam. 

Among the counter measures against Internet terrorism in US proposed by the Institute's study are, (i) developing a compelling counter-narrative with world-wide distribution.  The narrative, the study suggests, should not be confused by the goal of improving the US image.  Instead, it should focus on hope and ‘realistically attainable alternative future' to those that may be seduced by the extremist ideology; (ii) fostering intra -and - cross- cultural dialogue to tie local, national and international communities; (iii) recognizing the need for additional research on behavioral conduct on online radicalization; (iv) denying or disrupting extremists access to the Internet through legal and technical means; and (v ) remedying resource capabilities in the US government.  This means, the government should be capable of speaking, understanding and translating Arabic to foster prevention and response efforts.[1]

Reference:

[1]http://www.ibls.com/internet_law_news_portal_view.aspx?id=1765&s=latestnews

Malaysia: Fighting cyber terrorism

Malaysia’s Prime Minister Abdullah Badawi has approved a US$13 million grant to lay the foundation of IMPACT, a not-for-profit global organisation, to rally efforts from governments, the private sector, and academia worldwide, against the growing threat of cyber terrorism. IMPACT, or International Multilateral Partnership Against Cyber Terrorism, is the first global public-private initiative against cyber terrorism. It drives collaboration among governments, industry leaders and cyber security experts to enhance the global community’s capacity to prevent and respond to cyber threats.

The start-up grant will be used to construct the IMPACT building in Cyberjaya, Malaysia, and operations are expected to start in December.

The fund will also finance the infrastructure for the four centres of IMPACT: the Centre for Training & Skills Development; the Centre for Security Certification, Research & Development; the Centre for Global Response; and, the Centre for Policy, Regulatory Framework & International Co-operation.

Currently chaired by the Malaysian PM, the leadership of the International Advisory Board of IMPACT will be handed over to other member countries after the initial three-year term. “From the standpoint of the Malaysian government, their contribution is a gift to the global community. Someone has to start. They feel they’re just giving the seed,” said Mohd Noor Amin, Chairman, Management Board, IMPACT.

Warning System
IMPACT is currently building two systems for its member countries. One is an early warning system. which will aggregate ‘feeds’ from IMPACT’s security partners and member countries, which will be redistributed across the world to member countries.

Another is a collaboration system that, according to Amin, is a secure electronic platform enabling experts from member countries to collaborate with one another based on their specialty and niche areas.

Al-Ihsal Ishak, Acting COO and Head of the IMPACT Centre for Training and Skills Development, shared his expectations of IMPACT’s new systems and its network of partnerships across the globe.. “We actually are looking at first-hand interaction with the Cyber Crime Convention where we believe 14 countries have signed, or will sign,” said Ishak, adding that INTERPOL was represented at the first IMPACT World Cyber Security Summit, held in Malaysia, May 20-22. At press time, 30 countries had confirmed participation and representation at ministry-level of the summit, including the secretary-general of the International Telecommunication Union, a member of IMPACT’s International Advisory Board.

Worldwide Attention
Amin said that IMPACT is more concerned more about the consequences of cyber terrorism than whether the threats are initiated by individuals or organised groups. “We are talking about threats that are far more serious, for instance, the ability to bring down the airport traffic control systems, the stock market systems, or to tamper with medical records,” he said. [1]



Reference:
[1]http://www.mis-asia.com/technology_centre/security/cio-article-2799

Iran denies cyberattack hurt nuclear program -- but expert isn't sure

Iran denied Wednesday that its nuclear systems had been infected with a virus, after days of reports that a new kind of malware had struck the Bushehr nuclear plant.
But the head of its nuclear program admitted that a virus had been found on the personal laptops of some staff at the reactor, the Iranian Students News Agency reported.

"We succeeded in preventing the enemy from achieving its objectives," IRNA quoted Ali Akbar Salehi as saying on Wednesday. But a top computer security expert who analyzed a new kind of virus called Stuxnet says Iran is the most probable target of the malware, which he says could only have been designed by "the best of the best.
"We have never seen anything like this before," said Ralph Langner. "It's the most complex piece of malware in the history of computing. "What the thing does, is actually it's designed to blow something up, it's as simple as that," he said. "The virus is a cyberwar weapon."

Langner, who was among the first to study the virus, presented his findings at a cyber security conference in Maryland last week.The virus is designed to attack only a specific machine at a specific time, Langner told CNN Wednesday.
Langner has detected "the highest number of infections" in Iran, suggesting that Tehran's controversial nuclear program is the target. "If you look at all the sophistication that went into Stuxnet, if you look at the fact that it's about sabotage, about destroying a specific piece of machinery, then the only target that makes sense given the target region... would be the Iranian nuclear power program," he said.
A government is almost certainly behind it, he said."You can take for granted that a hacker group is not able to create anything like Stuxnet, because the development requires much more resources than any such hacker group could afford," he said. To use it as a weapon would require insider information, he said. "You need to have very detailed and specific knowledge about the targeted application and process," he said.
"You will need to build up a lab model to test all that and if you take all that together into account, the only background that makes any sense is to assume that a nation-state is behind it."

It was probably delivered via infected USB sticks, he said, speculating that a Russian engineering firm that worked on the Iranian nuclear program had been infiltrated.
That would explain the pattern of infections around the world, he said -- anywhere the company worked would end up with the virus. But only one specific target would be affected by it.

It's as if a virus were designed not only to target a computer running Microsoft Word, he said, but to search for a specific document created with Word.
And it's designed to hit industrial control systems, he said, activating itself only once its target reaches a certain state, like a designated temperature or pressure.
"When it finds a specific match, let's say in specific temperatures or pressures to reach certain thresholds, then the attack routine is executed," he said.
Stuxnet itself is no longer a cause for concern, he said.
"Don't worry about Stuxnet any longer," he said. "Obviously it hit its target. It is so specific it won't attack anything else."

But now that it's out there, other people will try to replicate it, he warned.
"Everybody will be able to study exactly what Stuxnet does and how it is done," he said. "So we must assume that Stuxnet will now act as a template for any kind of hackers, organized crime, terrorists in order to study how it can be done.

"Stuxnet is history," he said. "We need to work on what will come next."[1]

Reference:

[1]http://edition.cnn.com/2010/WORLD/meast/09/29/iran.cyberattack/index.html?iref=allsearch

The cyber raiders hitting Estonia

As Estonia appeals to its Nato and EU partners for help against cyber-attacks it links to Russia, the BBC News website's Patrick Jackson investigates who may be responsible.

Estonia, one of the most internet-savvy states in the European Union, has been under sustained attack from hackers since the ethnic Russian riots sparked in late April by its removal of a Soviet war memorial from Tallinn city centre.
Websites of the tiny Baltic state's government, political parties, media and business community have had to shut down temporarily after being hit by denial-of-service attacks, which swamp them with external requests.
Some sites were defaced to redirect users to images of Soviet soldiers and quotations from Martin Luther King about resisting "evil".
And hackers who hit the ruling Reform Party's website at the height of the tension on 29 April left a spurious message that the Estonian prime minister and his government were asking forgiveness of Russians and promising to return the statue to its original site.
 
Getting hit hard
 
The government's response has been to close down sites under attack to external internet servers while trying to keep them open to users inside Estonia, but the attacks are taking a toll and have been likened by the defence ministry to "terrorist activities".

"Of course [sites] can be put up again, but they can be attacked also again," Mihkel Tammet, head of IT security at the Estonian defence ministry, told BBC World Service's Newshour programme.
Estonia, he said, depended largely on the internet because of the country's "paperless government" and web-based banking. "If these services are made slower, we of course lose economically," he added.
While the government in Tallinn has not blamed the Russian authorities directly for the attacks, its foreign ministry has published a list of IP addresses "where the attacks were made from".
 
The alleged offenders include addresses in the Russian government and presidential administration.
Dmitry Peskov, the Kremlin's chief spokesman, told the BBC's Russian Service there was "no way the [Russian] state [could] be involved in cyber terrorism".
 
"When you look at the IP addresses showing where the attacks are coming from, then there's a wide selection of states from around the world," he added. "But it does not mean that foreign governments are behind these attacks. Moreover, as you probably know, IP addresses can be fake." Russia's own presidential website, he said, came under attack itself "hundreds" of times daily.
 
'Private attacks'
 
David Emm, senior technical consultant at Moscow-based antivirus software company Kaspersky Lab, believes the hackers are likely to be "younger types who, in other days, would have been writing and spreading viruses".
"I would not be surprised if switched-on people were using technical means of expressing themselves," he told the BBC News website's technology correspondent, Mark Ward.
 
Anton Nossik, one of the pioneers of the Russian internet, sees no reason to believe in Russian state involvement in the hacking, beyond the fanning of anti-Estonian sentiment.
"Unlike a nuclear or conventional military attack, you do not need a government for such attacks," he told the BBC News website. "There were anti-Estonian sentiments, fuelled by Russian state propaganda, and the sentiments were voiced in articles, blogs, forums and the press, so it's natural that hackers were part of the sentiment and acted accordingly."
 
Hackers, he points out, need very little money and can hire servers with high bandwidth in countries as diverse as the US and South Korea.

The expertise is "basic", he says, with virus scripts and source codes available online and there are "hundreds of thousands of groups who have the resources to launch a massive virus attack".
"The principle is very simple - you just send a shed load of requests simultaneously," he says.
Estonia's blocking of external servers is in his opinion a smart response but can only work for a country of "1.4 million with a non-international language". In Russia, for instance, foreign servers account for 60% of the net, he says. For Mr Nossik, of more concern is how the global net can protect itself against the big virus attacks like the Backbone Denial-of-Service attack in February which hit three key servers making up part of the internet's backbone. "Compared to the scale of the problem in general, Estonia is small," he says.[1]



Reference:
[1]http://news.bbc.co.uk/2/hi/europe/6665195.stm

Hackers warn high street chains

High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned.

 

They claim it is only a "matter of time" before the likes of Tesco and Marks & Spencer are targeted.
Criminals could use the kind of tactics which crippled Estonia's government and some firms last year, they warned.
The experts were members of the infamous "Hackers Panel" which convened in London this week at the InfoSecurity Europe conference.
The panel includes penetration testers and so-called "white hat" hackers, who help companies tighten up their digital security by searching for flaws in their defences.
Previous panellists include Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.
The "hackers" usually remain anonymous, "for security reasons", but this year's panellists agreed to break cover.
 
Common cause
 
First up was Roberto Preatoni, the founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi, a trading site for security researchers.
His appearance came just a few months after he was arrested by Italian authorities on charges of hacking and wiretapping, as part of the ongoing investigation into the Telecom Italia scandal.
Mr Preatoni told the audience that the attacks in Estonia were a harbinger for a new era of cyber warfare.

"I'm afraid we will have to get used to this," said Mr Preatoni, also known as SyS64738. "We had all been waiting for this kind of attack to happen.
"Estonia was just unfortunate to be the first country to experience it. But very soon, our own [western] companies and countries will be getting attacked for political and religious reasons.
"This kind of attack can happen at any time. And it will happen."
During the two week "cyber war" against Estonia, hackers shut down the websites of banks, governments and political parties using "denial-of-service" (DoS) attacks, which knock websites offline by swamping servers with page requests.
As many of the attacks originated from Russia, the Estonian government pointed the finger at the Kremlin. But Mr Preatoni said that, having spoken to contacts in the hacking community, he was clear that "Putin was not involved".
"In my opinion, this was a collection of private individuals who spontaneously gathered under the same flag.
"Even though Estonia is one of the world's most advanced countries in IT technology, the whole economy was brought to its knees.
"That's the beauty of asymmetric warfare. You don't need a lot of money, or an army of people. You can do it from the comfort of your living room, with a beer in your hand.
 
Gate control
 
His warning was echoed by Steve Armstrong, who teaches seminars in hacking techniques, at the SANS Institute for information security training.
"If someone wants to have a pop at the UK, they are unlikely to go for the government web servers. They will go for the lower hanging fruit - companies which are seen as good representatives of the country.

"The likes of Tesco, Marks & Spencer and B&Q can be seen as legitimate targets.
"We have to get the message across to companies [to invest in information security].
"At the moment Chief Executives are only interested in the bottom line. But remember - if tesco.com goes down, that's a lot of shopping."
Mr Preatoni said that the Estonian government's repeated failure to thwart the attacks was proof that we still have "no good solutions" for denial of service attacks.
The panellists then argued over whether Internet Service Providers should do more to tighten security, by helping customers' protect their computers from being "zombified" by hackers for use in distributed DoS attacks.
"Actually, I don't think the ISPs should have any role in security," said Preatoni.
"In my opinion, that's like asking the Royal Mail to be responsible for the quality of your post."
But his view was immediately challenged by the third panellist, Jason Creasey, head of research at the independent Information Security Forum.
"I believe ISPs can play a phenomenal role in security, with a little bit of legal pressure," he claimed.
 
Net weakness
 
He was backed by an audience member, Angus Pinkerton, of Lynks Security Consulting. "The only way to defend against a distributed attack is with a distributed defence," he argued.
"I think it's unacceptable that ISPs are content to let their customers be part of bot-nets."
He challenged Steve Armstrong's view that asking ISPs to perform security duties was "fundamentally, censorship."
"This is not about free speech," said Mr Pinkerton. "Free speech does not entitle you to shout fire in a crowded theatre."
In the meantime, Mr Preatoni warned the audience it is "only going to get easier" to carry out a DoS attack, because he claimed the latest net address system, known as Internet Protocol Version 6 (IPv6), is actually more amenable to DoS.
Later, he told the BBC that the rise in cyber attacks originating in China was a convenient cloak for western countries to disguise their own cyber espionage activities.
"It's too easy to blame China," he said. "In fact, legitimate countries are bouncing their attacks through China. It's very easy to do, so why not?
"My evil opinion is that some western governments are already doing this." [1]


Reference:
[1]http://news.bbc.co.uk/2/hi/technology/7366995.stm

Singapore tackles 'cyber terror'

      

 Singapore has passed strict new legislation to protect the country's computer systems from attack.

The government has said the legislation was necessary because of the damage that computer hacking can cause. The laws allow the monitoring of all computer activity and "pre-emptive" action, though an official said they would be used "sparingly". Some members of parliament said the measures could be open to abuse, with threats to individual liberty.


Singapore's Senior Minister of State for Law and Home Affairs, Ho Peng Ke, said the law aimed to fight "cyber terrorism." He said it would be used mainly against threats to national security and essential services like banking and finance. "Instead of a backpack of explosives, a terrorist can create just as much devastation by sending a carefully engineered packet of data into the computer systems which control the network for essential services, for example the power stations," Mr Ho said.
 
Hacking
 
The new law allows police to take "pre-emptive action" to protect computer networks from unauthorised entry by hackers. Those found guilty of hacking or defacing a web site could get up to three years in jail, or be fined up to $5,800. The government has said the measures are necessary because of rising cases of successful hacking - there were just 10 in 2000, but that had risen to 41 last year.
Singapore has been tightening security since last year's Bali bomb attacks in neighbouring Indonesia.
But some MPs said the new law was another aspect of the city state's authoritarian side.
Chin Tet Yung, chairman of the Government Parliamentary Committee for Home Affairs and Law, said that it could become, "an instrument of oppression itself." [1]

Reference:
[1] http://news.bbc.co.uk/2/hi/asia-pacific/3259601.stm

EU Amendment of the Framework Decision on Combating Internet Terrorism, 18 April 2008

The EU formally agreed on April 18th in Brussels to an Amendment establishing for all 27 EU member states a standardized criminal definition for the crime of incitement of terrorism on the Internet.
Legislation fighting terrorism is already in place, but did not specifically focus on the Internet. The amendment, in keeping with already existent legislation covering acts of terrorism have further outlined what the acts are sanctioned.

Some committee members were concerned about civil liberties aspects, while others demanded a strong and robust defense of democracy and the rights of freedom of speech. The Commission was looking to revise existing EU counter-terrorist policies and to provide a common legal framework and a common definition of terrorist offenses. The Commission claims the change s were needed due to the "multiple and changing faces of terrorism".

The EU's official statement describes the intent of the framer's of the Amendment as "to harmonize national provisions on public provocation to commit a terrorist offence, recruitment for terrorism and training for terrorism, so that these forms of behavior are punishable, also when committed through the Internet, throughout the EU, and ensure that existing provisions on penalties, liability of legal persons, jurisdiction and prosecution applicable to terrorist offences, apply also to such forms of behavior."

The law describes what the punishment will be for, "Individuals disseminating terrorist propaganda and bomb-making expertise through the Internet- can therefore be prosecuted and sentenced to prison insofar as such dissemination amounts to public provocation to commit terrorist offences, recruiting for terrorism or training for terrorism and is committed intentionally."

The Amendment also empowers courts or administrative authorities to request internet service providers to collect and remove this information according to rules from the Directive on electronic commerce. The framers worked to make the wording as close as possible to the wording of the Council of Europe Convention on the Prevention of terrorism as possible. They suggest they have dealt with the problem of balancing fighting Internet usage for terrorist purposes with respect for the freedom of speech.

In putting together the Amendment, one of the key issues was how to frame the definition of "public provocation to commit terrorist offences"? For "public provocation", the Commission proposed adding "three new crimes aimed at covering "traditional" and modern terrorist methods - recruiting terrorists, training for acts of terrorism and "public provocation" to commit terrorist offences."

MEP French Socialist Roselyne Lefrançois told the framers the term public provocation "needs definition" and stressed civil liberties implications, asking "where does freedom of expression stop?" Lefrançois added, "we need a clear formulation, a safeguard clause and provisions guaranteeing respect for fundamental rights."

Spanish MEP Luis de Grandes Pascual said, "I am worried that the debate is oriented towards an artificial dichotomy between fighting terrorism and freedom of expression". He added, "democracy is a "public opinion regime", but the defence of democracy calls for a particular strength - in order not for us to fall into weakness."

According to the EU, in 2007 there were 583 failed, foiled or executed terrorist attacks. Most were attempted by separatist terrorist groups in Spain and France. Also, there were 4 failed "Islamist" attacks. In association with the investigation of these crimes, 1,044 people in Europe were arrested.

Anti-terrorist coordinator Gilles de Kerchove claims there is "a real threat on our borders" and that "EU nationals are at risk" both in and outside the Union and when traveling outside it. Last year, Europeans traveling in Yemen were attacked. He added that, "Al-Qaeda will remain an international threat for years to come". The Commission stated that "virtual training camps" have been setup on the Internet, as Mr de Kerchove claims "around 5000 websites are helping to radicalise our young people in Europe". Ms Lefrançois states "the internet offers (terrorism) a global stage"[1].

Reference:

http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2040

Brazilian man charged in cyber-terrorism case

A Brazilian man was charged by a federal grand jury in New Orleans for his role in a conspiracy to sell a network of computers infected with malicious software, Acting Assistant Attorney General Matthew Friedrich of the Criminal Division and Jim Letten, US Attorney for the Eastern District of Louisiana, announced on Friday.

Leni de Abreu Neto, 35, of Taubate, Brazil, is charged with one count of conspiracy to cause damage to computers worldwide. The indictment alleges that more than 100,000 computers worldwide were damaged. If convicted, Neto faces a maximum penalty of five years in prison and up to three years of supervised release. Neto also faces the greater of a $250,000 fine or the gross amount of any pecuniary gain or the gross amount of any pecuniary loss suffered by the victims.

According to the indictment, Neto participated in a conspiracy along with others, including an unindicted coconspirator, Nordin Nasiri, 19, of Sneek, Netherlands, to use, maintain, lease and sell an illegal botnet. As defined in the indictment, a botnet is a network of computers that have been infected by malicious software, commonly referred to as "bot code."

Bot code is typically designed to permit an operator or controller to instruct infected computers to perform various functions, without the authorization and knowledge of their owners, such as launching denial of service attacks to disable targeted computer systems or sending spam e-mail. Installation of bot code is typically accomplished by "hacking" computers with particular security vulnerabilities. Bot code typically contains commands for infected computers to search local networks or the Internet for other computers to infect, thereby increasing the botnet's size and power.

The indictment alleges that prior to May 2008, Nasiri was responsible for creating a botnet consisting of more than 100,000 computers worldwide, and that Neto used the botnet and paid for the servers on which the botnet was hosted. According to the indictment, between May and July 2008, Neto agreed initially with Nasiri to broker a deal to lease the botnet to a third party. The indictment alleges Neto expected the botnet to be used to send spam through the infected computers. Subsequently, Neto agreed with Nasiri to broker the sale of the botnet and underlying bot code to the third party for 25,000 euros.

Neto was apprehended by Dutch authorities on July 29, 2008, in the Netherlands and is currently in confinement in the Netherlands pending resolution of extradition proceedings. Nasiri was also apprehended by Dutch authorities and is being prosecuted by Dutch authorities in the Netherlands.

The case is being prosecuted by Trial Attorney Jaikumar Ramaswamy of the Criminal Division's Computer Crime and Intellectual Property Section, with extensive assistance from Senior Counsel Judith Friedman of the Criminal Division's Office of International Affairs. The case is being investigated by the Cyber Squad of the FBI's New Orleans field office, with assistance from the Dutch Hi-Tech Crimes Unit and the Cyber Section of the Brazilian Federal Police[1].



Reference:
[1]http://www.renewamerica.com/columns/kouri/080825

Threats and Implications of Cyber Terrorism

The potential for mass destruction as a result of cyber terrorism is a serious concern in the modern world. Cyber terrorists have at their disposal a wide variety of tactics they can use to injure their targets. Computers are an integral part of modern life in the world. However, with this technology has come a threat of its use as a weapon of terrorism. Cyber terrorists use a variety of tactics to cause fear and panic in others. Their motives are often to simply create terror, although money also motivates cyber terrorists to attack.



Cyber terrorists use many different methods ranging in complexity. Each terrorist group has a different agenda and can tailor the tool they use to fit their goals. The effects of a cyber terrorism attack could be widespread and very detrimental to life as we know it. Cyber terrorism ranges from hacking into a computer and destroying it to spreading viruses in order to obtain information. Cyber terrorists can infect many computers with viruses that can destroy a computer or just damage certain components. They also can plant Trojan horses, which a executable that can allow a remote user to control the computer, collect personal information and passwords, or destroy a hard drive. Another common method is placing worms, a program which can spread itself, on a machine or a network. Often these tactics are accomplished through email or other network vulnerabilities.


One of the worst aspects of cyber terrorism is the amount of potential economic impact to the target in proportion to the low cost to the terrorist of initiating an attack. The financial costs to the economy include the loss of intellectual property and trade secrets, fraud, productivity losses. This is not including intangible losses such as damage to reputation and lost opportunity costs. A single virus can cause widespread injury and huge financial losses. The Love Bug Virus was estimated to have caused losses of between three and fifteen billion dollars. In comparison, hurricane Andrew, the most expensive natural disaster in history, cost around eleven billion dollars.

Forms of cyber terrorism

(I) Privacy Violation:

The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a constitutional status, the violation of which attracts both civil as well as criminal consequences under the respective laws.


The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual.
Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. To meet this challenge recourse of Information Technology Act, 2000 can be taken.




The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens.


(II) Secret information appropriation and data theft:


The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to moveables or immoveables alone.


In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property" is used in the I.P.C in a much wider sense than the expression "movable property". There is no good reason to restrict the meaning of the word "property" to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word "property" but on the fact whether that particular kind of property can be subject to the acts covered by that section.


(III) Demolition of e-governance base:


The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.


(IV) Distributed denial of services attack:


The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies.


It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate citizens and end users. The law in this regard is crystal clear.


(V) Network damage and disruptions:


The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc[1].




Reference:
[1]http://www.legalserviceindia.com/article/l169-Cyber-Terrorism.html

Internet as a Tool for Terrorists

Based on the recently researchs which published in FBI official website, The use of the Internet by terrorists has increased in the past nine years and the number of websites operated by terrorist organizations has increased from 12 in 1998 to more than 4,800 today.

After a search on the Internet and reading articles about cyber terrorism, I find that terrorists use the Internet in some areas like data mining, networking with a wrong purpose, mobilization, the distribution of  online manuals and instructions, planning for their target and try to have a corporation with other terrorists. They draw information from personal and government sites and communicate with others through e-mail and chat rooms. Based on some reports one of the major way which terrorists most of the time relies on that is the process of hiding data inside other data, for instance, hiding the map of  a targeted building in a digital song file.




Now the question is that what is the solution?
Based on all of these assumption, government organizations find a way for hyper computers to remain safe,reliable and trustable. They isolated defense and intelligence computers and physically not connected them to the Internet. In the other hand, businesses and individuals protect their computers through firewalls

What is Cyber-terrorism?

In the wake of the recent computer attacks, many have been quick to jump to conclusions that a new breed of terrorism is on the rise and our country must defend itself with all possible means. As a society we have a vast operational and legal experience and proved techniques to combat terrorism, but are we ready to fight terrorism in the new arena – cyber space?

A strategic plan of a combat operation includes characterization of the enemy’s goals, operational techniques, resources, and agents. Prior to taking combative actions on the legislative and operational front, one has to precisely define the enemy. That is, it is imperative to expand the definition of terrorism to include cyber-terrorism.

As a society that prides itself on impartiality of justice, we must provide clear and definitive legislative guidelines for dealing with new breed of terrorism. As things stand now, justice cannot be served as we have yet to provide a clear definition of the term. In this light, I propose to re-examine our understanding of cyber-terrorism.

There is a lot of misinterpretation in the definition cyber-terrorism, the word consisting of familiar "cyber" and less familiar "terrorism". While "cyber" is anything related to our tool of trade, terrorism by nature is difficult to define. Even the U.S. government cannot agree on one single definition. The old maxim, "One man's terrorist is another man's freedom fighter" is still alive and well.

The ambiguity in the definition brings indistinctness in action, as D. Denning pointed in her work Activism, Hactivism and Cyberterrorism, "an e-mail bomb may be considered hacktivism by some and cyber-terrorism by others"

It follows that there is a degree of "understanding" of the meanings of cyber-terrorism, either from the popular media, other secondary sources, or personal experience; however, the specialists’ use different definitions of the meaning. Cyber-terrorism as well as other contemporary "terrorisms" (bioterrorism, chemical terrorism, etc.) appeared as a mixture of words terrorism and a meaning of an area of application. Barry Collin, a senior research fellow at the Institute for Security and Intelligence in California, who in 1997 was attributed for creation of the term "Cyberterrorism", defined cyber-terrorism as the convergence of cybernetics and terrorism. In the same year Mark Pollitt, special agent for the FBI, offers a working definition: "Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agents."


Since that time the word cyber-terrorism has entered into the lexicon of IT security specialists and terrorist experts and the word list of mass media "professionals". One of the experts, a police chief, offers his version of definition: "Cyber-terrorism – attacking sabotage-prone targets by computer – poses potentially disastrous consequences for our incredibly computer-dependent society."

 The media often use cyber-terrorism term quite deliberately: "Canadian boy admits cyberterrorism of his family: "Emeryville, Ontario (Reuter) - A 15-year-old Canadian boy has admitted he was responsible for months of notorious high-tech pranks that terrorized his own family, police said Monday"

A renowned expert Dorothy Denning defined cyber-terrorism as "unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives". R. Stark from the SMS University defines cyber-terrorism as " any attack against an information function, regardless of the means"

Under the above-mentioned definitions of cyber-terrorism one can only point to the fact that any telecommunications infrastructure attack, including site defacing and other computer pranks, constitute terrorism. It means that cyber-terrorism has already occurred and we "live " in the epoch of cyber terror.

However, another expert, James Christy the law enforcement and counterintelligence coordinator for the DIAP (Defense-wide Information Assurance Program), which is steered by the office of the assistant secretary of defense for command, control, communications and intelligence, states that cyber-terrorism has never been waged against the United States. "Rather, recent hacking events – including a 1998 web page set up by a supporter of the Mexican Zapatistas rebel group, which led to attacks on the U.S. military from 1,500 locations in 50 different countries – constitute computer crime. William Church, a former U.S. Army Intelligence officer, who founded the Center for Infrastructural Warfare Studies (CIWARS) agrees that the United States has not seen a cyber terrorist threat from terrorists using information warfare techniques. "None of the groups that are conventionally defined as terrorist groups have used information weapons against the infrastructure" Richard Clarke, national co-ordinator for security, infrastructure protection and counterterrorism at the National Security Council offered to stop using "cyberterrorism" and use "information warfare " instead
 The above-mentioned observations drive a clear line between cyber-terrorism and cyber crime and allow us to define cyber-terrorism as: Use of information technology and means by terrorist groups and agents.


In defining the cyber terrorist activity it is necessary to segment of action and motivation. There is no doubt that acts of hacking can have the same consequences as acts of terrorism but in the legal sense the intentional abuse of the information cyberspace must be a part of the terrorist campaign or an action.


Examples of cyber terrorist activity may include use of information technology to organize and carry out attacks, support groups activities and perception-management campaigns. Experts agree that many terrorist groups such as Osama bin Ladenn organization and the Islamic militant group Hamas have adopted new information technology as a means to conduct operations without being detected by counter terrorist officials.


Thus, use of information technology and means by terrorist groups and agents constitute cyber-terrorism. Other activities, so richly glamorized by the media, should be defined as cyber crime[1].


Reference:

[1]http://www.crime-research.org/library/Cyber-terrorism.htm