Russia: all to fight cyber terrorism!
Monday, November 8, 2010
Now cyberterrorism can cause significantly more damage than any usual explosive device. But it is hard to distinguish cyber terrorism from information warfare", he said. For example, a breakdown of computer control systems of armed forces and arms may lead to unpredictable cosequences, he noted.
The most unprotected systems in view of cyber attacks are information systems of state and military management. The first cyberterrorists' attacks on computer systems were fixed late in 90-s, Frolov said.
He also marked out that now almost all radical organizations have websites on the Internet. In particular, these sites give recipes of explosive materials in details.
"At present, international terrorists, including Chechen separatists, actively use existing information sources to put into practice terrorist sabotage. Especially they solve informational and financial problems, provide communication, plan acts of terrorism and also exercise control of their units", he emphasized.
Taking into account all these threats and also after large-scale terrorist acts in the USA, in most countries projects are created or are being realized at present. These programs are destined to confer emergency powers to national special services in order to control information systems.
There is a complex of legal problems in this field in Russia now. All these issues demand new federal laws and legal acts directed to fight against cyber terrorism, the FSB representative said.
He also noted that FSB has already developed and passed to the State Duma propositions to improve law in field of fighting cyber terrorism.[1]
Reference:
[1]http://www.crime-research.org/news/14.04.2004/208/
Posted by
Saeed Heydari
at
4:15 AM
1 comments
Cyber terrorism 'overhyped'
Tuesday, November 2, 2010
That was the conclusion of a panel of security and technology experts brought together at the CeBIT technology fair to consider the threat posed by net attacks on businesses and consumers.
Panel members said companies faced far more serious threats from ordinary criminals, fraudsters and pranksters than they did from technology-literate terrorists.
Combating these real threats would take work by almost everyone involved in the running and use of the net.
Selling newspapers
Respected security expert Bruce Schneier said the threat posed by so-called cyber-terrorism had been over-estimated.
"The hype is coming from the US Government and I don't know why," he said.
Fellow panel member Art Coviello, head of security firm RSA, said some of the warnings about cyber-terrorism had come about in reaction to the attacks on 11 September.
But, he added, sections of the media were also responsible for hyping the threat.
"Some of these stories are very entertaining and sell a lot of newspapers," he said. "Some media organisations are fanning the flames of this."
Mr Schneier said any terror group that wanted to sow panic and attack its ideological enemies was unlikely to turn to net technology to make their point.
Real threat more mundane
"If they want to attack they will do it with bombs like they always have," he said.
By contrast, he said, disrupting the running of the net and other communications networks would cause more annoyance than fear.
"Breaking pager networks and stopping e-mail is not an act of terror," he said,
Mr Schneier said companies and consumers should concentrate on real threats from common criminals, viruses and other malicious programs.
"Criminals tend to lag behind in technology by a few years," he said. "But once they find a technology they tend to use it and there is a lot of value on the internet."
Defending against criminals was difficult, said Mr Schneier, because they were often mixed in with the barrage of attacks companies suffered everyday.
Tackling these threats would take a lot of work by many of the organisations using and developing net technologies, said Mr Schneier.
One of the key tasks was to start creating a lawful society on the Internet, which educated people about the rights and wrongs of online life and that caught and prosecuted criminals. [1]
Reference:
http://news.bbc.co.uk/2/hi/technology/2850541.stm
Posted by
Saeed Heydari
at
4:22 AM
1 comments
Terrorism on the Internet: another Border to Protect one Country’s Sovereignty
Tuesday, October 19, 2010
At the beginning of May this year, the Senate Homeland Security Committee engaged in a deep analysis of how the Internet is being used by terrorist organizations to express their prejudice against the United States. This analysis included reviewing a recent report prepared on this subject, listening to the testimony of several Internet experts and the drafting the United States' response to this practice.
Posted by
Saeed Heydari
at
3:09 AM
1 comments
Malaysia: Fighting cyber terrorism
Wednesday, October 6, 2010
The start-up grant will be used to construct the IMPACT building in Cyberjaya, Malaysia, and operations are expected to start in December.
The fund will also finance the infrastructure for the four centres of IMPACT: the Centre for Training & Skills Development; the Centre for Security Certification, Research & Development; the Centre for Global Response; and, the Centre for Policy, Regulatory Framework & International Co-operation.
Currently chaired by the Malaysian PM, the leadership of the International Advisory Board of IMPACT will be handed over to other member countries after the initial three-year term. “From the standpoint of the Malaysian government, their contribution is a gift to the global community. Someone has to start. They feel they’re just giving the seed,” said Mohd Noor Amin, Chairman, Management Board, IMPACT.
Warning System
IMPACT is currently building two systems for its member countries. One is an early warning system. which will aggregate ‘feeds’ from IMPACT’s security partners and member countries, which will be redistributed across the world to member countries.
Another is a collaboration system that, according to Amin, is a secure electronic platform enabling experts from member countries to collaborate with one another based on their specialty and niche areas.
Al-Ihsal Ishak, Acting COO and Head of the IMPACT Centre for Training and Skills Development, shared his expectations of IMPACT’s new systems and its network of partnerships across the globe.. “We actually are looking at first-hand interaction with the Cyber Crime Convention where we believe 14 countries have signed, or will sign,” said Ishak, adding that INTERPOL was represented at the first IMPACT World Cyber Security Summit, held in Malaysia, May 20-22. At press time, 30 countries had confirmed participation and representation at ministry-level of the summit, including the secretary-general of the International Telecommunication Union, a member of IMPACT’s International Advisory Board.
Worldwide Attention
Amin said that IMPACT is more concerned more about the consequences of cyber terrorism than whether the threats are initiated by individuals or organised groups. “We are talking about threats that are far more serious, for instance, the ability to bring down the airport traffic control systems, the stock market systems, or to tamper with medical records,” he said. [1]
Reference:
[1]http://www.mis-asia.com/technology_centre/security/cio-article-2799
Posted by
Saeed Heydari
at
1:42 AM
0
comments
Iran denies cyberattack hurt nuclear program -- but expert isn't sure
Thursday, September 30, 2010
But the head of its nuclear program admitted that a virus had been found on the personal laptops of some staff at the reactor, the Iranian Students News Agency reported.
"We succeeded in preventing the enemy from achieving its objectives," IRNA quoted Ali Akbar Salehi as saying on Wednesday. But a top computer security expert who analyzed a new kind of virus called Stuxnet says Iran is the most probable target of the malware, which he says could only have been designed by "the best of the best.
"We have never seen anything like this before," said Ralph Langner. "It's the most complex piece of malware in the history of computing. "What the thing does, is actually it's designed to blow something up, it's as simple as that," he said. "The virus is a cyberwar weapon."
Langner, who was among the first to study the virus, presented his findings at a cyber security conference in Maryland last week.The virus is designed to attack only a specific machine at a specific time, Langner told CNN Wednesday.
Langner has detected "the highest number of infections" in Iran, suggesting that Tehran's controversial nuclear program is the target. "If you look at all the sophistication that went into Stuxnet, if you look at the fact that it's about sabotage, about destroying a specific piece of machinery, then the only target that makes sense given the target region... would be the Iranian nuclear power program," he said.
A government is almost certainly behind it, he said."You can take for granted that a hacker group is not able to create anything like Stuxnet, because the development requires much more resources than any such hacker group could afford," he said. To use it as a weapon would require insider information, he said. "You need to have very detailed and specific knowledge about the targeted application and process," he said.
"You will need to build up a lab model to test all that and if you take all that together into account, the only background that makes any sense is to assume that a nation-state is behind it."
It was probably delivered via infected USB sticks, he said, speculating that a Russian engineering firm that worked on the Iranian nuclear program had been infiltrated.
That would explain the pattern of infections around the world, he said -- anywhere the company worked would end up with the virus. But only one specific target would be affected by it.
It's as if a virus were designed not only to target a computer running Microsoft Word, he said, but to search for a specific document created with Word.
And it's designed to hit industrial control systems, he said, activating itself only once its target reaches a certain state, like a designated temperature or pressure.
"When it finds a specific match, let's say in specific temperatures or pressures to reach certain thresholds, then the attack routine is executed," he said.
Stuxnet itself is no longer a cause for concern, he said.
"Don't worry about Stuxnet any longer," he said. "Obviously it hit its target. It is so specific it won't attack anything else."
But now that it's out there, other people will try to replicate it, he warned.
"Everybody will be able to study exactly what Stuxnet does and how it is done," he said. "So we must assume that Stuxnet will now act as a template for any kind of hackers, organized crime, terrorists in order to study how it can be done.
Posted by
Saeed Heydari
at
12:53 AM
0
comments
The cyber raiders hitting Estonia
Tuesday, September 28, 2010
Estonia, one of the most internet-savvy states in the European Union, has been under sustained attack from hackers since the ethnic Russian riots sparked in late April by its removal of a Soviet war memorial from Tallinn city centre.
Websites of the tiny Baltic state's government, political parties, media and business community have had to shut down temporarily after being hit by denial-of-service attacks, which swamp them with external requests.
Some sites were defaced to redirect users to images of Soviet soldiers and quotations from Martin Luther King about resisting "evil".
And hackers who hit the ruling Reform Party's website at the height of the tension on 29 April left a spurious message that the Estonian prime minister and his government were asking forgiveness of Russians and promising to return the statue to its original site.
Getting hit hard
The government's response has been to close down sites under attack to external internet servers while trying to keep them open to users inside Estonia, but the attacks are taking a toll and have been likened by the defence ministry to "terrorist activities".
"Of course [sites] can be put up again, but they can be attacked also again," Mihkel Tammet, head of IT security at the Estonian defence ministry, told BBC World Service's Newshour programme.
Estonia, he said, depended largely on the internet because of the country's "paperless government" and web-based banking. "If these services are made slower, we of course lose economically," he added.
While the government in Tallinn has not blamed the Russian authorities directly for the attacks, its foreign ministry has published a list of IP addresses "where the attacks were made from".
The alleged offenders include addresses in the Russian government and presidential administration.
Dmitry Peskov, the Kremlin's chief spokesman, told the BBC's Russian Service there was "no way the [Russian] state [could] be involved in cyber terrorism".
"When you look at the IP addresses showing where the attacks are coming from, then there's a wide selection of states from around the world," he added. "But it does not mean that foreign governments are behind these attacks. Moreover, as you probably know, IP addresses can be fake." Russia's own presidential website, he said, came under attack itself "hundreds" of times daily.
'Private attacks'
David Emm, senior technical consultant at Moscow-based antivirus software company Kaspersky Lab, believes the hackers are likely to be "younger types who, in other days, would have been writing and spreading viruses".
"I would not be surprised if switched-on people were using technical means of expressing themselves," he told the BBC News website's technology correspondent, Mark Ward.
Anton Nossik, one of the pioneers of the Russian internet, sees no reason to believe in Russian state involvement in the hacking, beyond the fanning of anti-Estonian sentiment.
"Unlike a nuclear or conventional military attack, you do not need a government for such attacks," he told the BBC News website. "There were anti-Estonian sentiments, fuelled by Russian state propaganda, and the sentiments were voiced in articles, blogs, forums and the press, so it's natural that hackers were part of the sentiment and acted accordingly."
Hackers, he points out, need very little money and can hire servers with high bandwidth in countries as diverse as the US and South Korea.
The expertise is "basic", he says, with virus scripts and source codes available online and there are "hundreds of thousands of groups who have the resources to launch a massive virus attack".
"The principle is very simple - you just send a shed load of requests simultaneously," he says.
Estonia's blocking of external servers is in his opinion a smart response but can only work for a country of "1.4 million with a non-international language". In Russia, for instance, foreign servers account for 60% of the net, he says. For Mr Nossik, of more concern is how the global net can protect itself against the big virus attacks like the Backbone Denial-of-Service attack in February which hit three key servers making up part of the internet's backbone. "Compared to the scale of the problem in general, Estonia is small," he says.[1]
Reference:
[1]http://news.bbc.co.uk/2/hi/europe/6665195.stm
Posted by
Saeed Heydari
at
12:15 AM
1 comments
Hackers warn high street chains
Thursday, September 23, 2010
Criminals could use the kind of tactics which crippled Estonia's government and some firms last year, they warned.
The experts were members of the infamous "Hackers Panel" which convened in London this week at the InfoSecurity Europe conference.
The panel includes penetration testers and so-called "white hat" hackers, who help companies tighten up their digital security by searching for flaws in their defences.
Previous panellists include Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.
The "hackers" usually remain anonymous, "for security reasons", but this year's panellists agreed to break cover.
Common cause
First up was Roberto Preatoni, the founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi, a trading site for security researchers.
His appearance came just a few months after he was arrested by Italian authorities on charges of hacking and wiretapping, as part of the ongoing investigation into the Telecom Italia scandal.
Mr Preatoni told the audience that the attacks in Estonia were a harbinger for a new era of cyber warfare.
"I'm afraid we will have to get used to this," said Mr Preatoni, also known as SyS64738. "We had all been waiting for this kind of attack to happen.
"Estonia was just unfortunate to be the first country to experience it. But very soon, our own [western] companies and countries will be getting attacked for political and religious reasons.
"This kind of attack can happen at any time. And it will happen."
During the two week "cyber war" against Estonia, hackers shut down the websites of banks, governments and political parties using "denial-of-service" (DoS) attacks, which knock websites offline by swamping servers with page requests.
As many of the attacks originated from Russia, the Estonian government pointed the finger at the Kremlin. But Mr Preatoni said that, having spoken to contacts in the hacking community, he was clear that "Putin was not involved".
"In my opinion, this was a collection of private individuals who spontaneously gathered under the same flag.
"Even though Estonia is one of the world's most advanced countries in IT technology, the whole economy was brought to its knees.
"That's the beauty of asymmetric warfare. You don't need a lot of money, or an army of people. You can do it from the comfort of your living room, with a beer in your hand.
Gate control
His warning was echoed by Steve Armstrong, who teaches seminars in hacking techniques, at the SANS Institute for information security training.
"If someone wants to have a pop at the UK, they are unlikely to go for the government web servers. They will go for the lower hanging fruit - companies which are seen as good representatives of the country.
"The likes of Tesco, Marks & Spencer and B&Q can be seen as legitimate targets.
"We have to get the message across to companies [to invest in information security].
"At the moment Chief Executives are only interested in the bottom line. But remember - if tesco.com goes down, that's a lot of shopping."
Mr Preatoni said that the Estonian government's repeated failure to thwart the attacks was proof that we still have "no good solutions" for denial of service attacks.
The panellists then argued over whether Internet Service Providers should do more to tighten security, by helping customers' protect their computers from being "zombified" by hackers for use in distributed DoS attacks.
"Actually, I don't think the ISPs should have any role in security," said Preatoni.
"In my opinion, that's like asking the Royal Mail to be responsible for the quality of your post."
But his view was immediately challenged by the third panellist, Jason Creasey, head of research at the independent Information Security Forum.
"I believe ISPs can play a phenomenal role in security, with a little bit of legal pressure," he claimed.
Net weakness
He was backed by an audience member, Angus Pinkerton, of Lynks Security Consulting. "The only way to defend against a distributed attack is with a distributed defence," he argued.
"I think it's unacceptable that ISPs are content to let their customers be part of bot-nets."
He challenged Steve Armstrong's view that asking ISPs to perform security duties was "fundamentally, censorship."
"This is not about free speech," said Mr Pinkerton. "Free speech does not entitle you to shout fire in a crowded theatre."
In the meantime, Mr Preatoni warned the audience it is "only going to get easier" to carry out a DoS attack, because he claimed the latest net address system, known as Internet Protocol Version 6 (IPv6), is actually more amenable to DoS.
Later, he told the BBC that the rise in cyber attacks originating in China was a convenient cloak for western countries to disguise their own cyber espionage activities.
"It's too easy to blame China," he said. "In fact, legitimate countries are bouncing their attacks through China. It's very easy to do, so why not?
"My evil opinion is that some western governments are already doing this." [1]
Reference:
[1]http://news.bbc.co.uk/2/hi/technology/7366995.stm
Posted by
Saeed Heydari
at
11:47 PM
1 comments
Singapore tackles 'cyber terror'
Friday, September 17, 2010
Singapore has passed strict new legislation to protect the country's computer systems from attack.
The government has said the legislation was necessary because of the damage that computer hacking can cause. The laws allow the monitoring of all computer activity and "pre-emptive" action, though an official said they would be used "sparingly". Some members of parliament said the measures could be open to abuse, with threats to individual liberty.
Singapore's Senior Minister of State for Law and Home Affairs, Ho Peng Ke, said the law aimed to fight "cyber terrorism." He said it would be used mainly against threats to national security and essential services like banking and finance. "Instead of a backpack of explosives, a terrorist can create just as much devastation by sending a carefully engineered packet of data into the computer systems which control the network for essential services, for example the power stations," Mr Ho said.
Hacking
The new law allows police to take "pre-emptive action" to protect computer networks from unauthorised entry by hackers. Those found guilty of hacking or defacing a web site could get up to three years in jail, or be fined up to $5,800. The government has said the measures are necessary because of rising cases of successful hacking - there were just 10 in 2000, but that had risen to 41 last year.
Singapore has been tightening security since last year's Bali bomb attacks in neighbouring Indonesia.
But some MPs said the new law was another aspect of the city state's authoritarian side.
Chin Tet Yung, chairman of the Government Parliamentary Committee for Home Affairs and Law, said that it could become, "an instrument of oppression itself." [1]
Reference:
[1] http://news.bbc.co.uk/2/hi/asia-pacific/3259601.stm
Posted by
Saeed Heydari
at
11:23 PM
0
comments
EU Amendment of the Framework Decision on Combating Internet Terrorism, 18 April 2008
Saturday, September 11, 2010
Legislation fighting terrorism is already in place, but did not specifically focus on the Internet. The amendment, in keeping with already existent legislation covering acts of terrorism have further outlined what the acts are sanctioned.
Posted by
Saeed Heydari
at
7:12 AM
1 comments
Brazilian man charged in cyber-terrorism case
Saturday, September 4, 2010
Leni de Abreu Neto, 35, of Taubate, Brazil, is charged with one count of conspiracy to cause damage to computers worldwide. The indictment alleges that more than 100,000 computers worldwide were damaged. If convicted, Neto faces a maximum penalty of five years in prison and up to three years of supervised release. Neto also faces the greater of a $250,000 fine or the gross amount of any pecuniary gain or the gross amount of any pecuniary loss suffered by the victims.
According to the indictment, Neto participated in a conspiracy along with others, including an unindicted coconspirator, Nordin Nasiri, 19, of Sneek, Netherlands, to use, maintain, lease and sell an illegal botnet. As defined in the indictment, a botnet is a network of computers that have been infected by malicious software, commonly referred to as "bot code."
Bot code is typically designed to permit an operator or controller to instruct infected computers to perform various functions, without the authorization and knowledge of their owners, such as launching denial of service attacks to disable targeted computer systems or sending spam e-mail. Installation of bot code is typically accomplished by "hacking" computers with particular security vulnerabilities. Bot code typically contains commands for infected computers to search local networks or the Internet for other computers to infect, thereby increasing the botnet's size and power.
The indictment alleges that prior to May 2008, Nasiri was responsible for creating a botnet consisting of more than 100,000 computers worldwide, and that Neto used the botnet and paid for the servers on which the botnet was hosted. According to the indictment, between May and July 2008, Neto agreed initially with Nasiri to broker a deal to lease the botnet to a third party. The indictment alleges Neto expected the botnet to be used to send spam through the infected computers. Subsequently, Neto agreed with Nasiri to broker the sale of the botnet and underlying bot code to the third party for 25,000 euros.
Neto was apprehended by Dutch authorities on July 29, 2008, in the Netherlands and is currently in confinement in the Netherlands pending resolution of extradition proceedings. Nasiri was also apprehended by Dutch authorities and is being prosecuted by Dutch authorities in the Netherlands.
The case is being prosecuted by Trial Attorney Jaikumar Ramaswamy of the Criminal Division's Computer Crime and Intellectual Property Section, with extensive assistance from Senior Counsel Judith Friedman of the Criminal Division's Office of International Affairs. The case is being investigated by the Cyber Squad of the FBI's New Orleans field office, with assistance from the Dutch Hi-Tech Crimes Unit and the Cyber Section of the Brazilian Federal Police[1].
Reference:
[1]http://www.renewamerica.com/columns/kouri/080825
Posted by
Saeed Heydari
at
6:51 AM
0
comments
Threats and Implications of Cyber Terrorism
Sunday, August 29, 2010
Cyber terrorists use many different methods ranging in complexity. Each terrorist group has a different agenda and can tailor the tool they use to fit their goals. The effects of a cyber terrorism attack could be widespread and very detrimental to life as we know it. Cyber terrorism ranges from hacking into a computer and destroying it to spreading viruses in order to obtain information. Cyber terrorists can infect many computers with viruses that can destroy a computer or just damage certain components. They also can plant Trojan horses, which a executable that can allow a remote user to control the computer, collect personal information and passwords, or destroy a hard drive. Another common method is placing worms, a program which can spread itself, on a machine or a network. Often these tactics are accomplished through email or other network vulnerabilities.
One of the worst aspects of cyber terrorism is the amount of potential economic impact to the target in proportion to the low cost to the terrorist of initiating an attack. The financial costs to the economy include the loss of intellectual property and trade secrets, fraud, productivity losses. This is not including intangible losses such as damage to reputation and lost opportunity costs. A single virus can cause widespread injury and huge financial losses. The Love Bug Virus was estimated to have caused losses of between three and fifteen billion dollars. In comparison, hurricane Andrew, the most expensive natural disaster in history, cost around eleven billion dollars.
Posted by
Saeed Heydari
at
10:26 AM
1 comments
Forms of cyber terrorism
Monday, August 23, 2010
The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognized. In recent times, however, this right has acquired a constitutional status, the violation of which attracts both civil as well as criminal consequences under the respective laws.
The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual.
Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. Right to privacy is a part of the right to life and personal liberty enshrined under Article 21 of the Constitution of India. With the advent of information technology the traditional concept of right to privacy has taken new dimensions, which require a different legal outlook. To meet this challenge recourse of Information Technology Act, 2000 can be taken.
The various provisions of the Act aptly protect the online privacy rights of the citizens. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens.
(II) Secret information appropriation and data theft:
The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. It must be noted that the definition of property is not restricted to moveables or immoveables alone.
In R.K. Dalmia v Delhi Administration the Supreme Court held that the word "property" is used in the I.P.C in a much wider sense than the expression "movable property". There is no good reason to restrict the meaning of the word "property" to moveable property only, when it is used without any qualification. Whether the offence defined in a particular section of IPC can be committed in respect of any particular kind of property, will depend not on the interpretation of the word "property" but on the fact whether that particular kind of property can be subject to the acts covered by that section.
(III) Demolition of e-governance base:
The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues. Right to receive and impart information is implicit in free speech. This, right to receive information is, however, not absolute but is subject to reasonable restrictions which may be imposed by the Government in public interest.
(IV) Distributed denial of services attack:
The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies.
It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate citizens and end users. The law in this regard is crystal clear.
(V) Network damage and disruptions:
The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc[1].
Reference:
[1]http://www.legalserviceindia.com/article/l169-Cyber-Terrorism.html
Posted by
Saeed Heydari
at
5:12 AM
1 comments
Internet as a Tool for Terrorists
Wednesday, August 18, 2010
Based on the recently researchs which published in FBI official website, The use of the Internet by terrorists has increased in the past nine years and the number of websites operated by terrorist organizations has increased from 12 in 1998 to more than 4,800 today.
After a search on the Internet and reading articles about cyber terrorism, I find that terrorists use the Internet in some areas like data mining, networking with a wrong purpose, mobilization, the distribution of online manuals and instructions, planning for their target and try to have a corporation with other terrorists. They draw information from personal and government sites and communicate with others through e-mail and chat rooms. Based on some reports one of the major way which terrorists most of the time relies on that is the process of hiding data inside other data, for instance, hiding the map of a targeted building in a digital song file.
Now the question is that what is the solution?
Based on all of these assumption, government organizations find a way for hyper computers to remain safe,reliable and trustable. They isolated defense and intelligence computers and physically not connected them to the Internet. In the other hand, businesses and individuals protect their computers through firewalls
Posted by
Saeed Heydari
at
8:24 AM
0
comments
What is Cyber-terrorism?
Saturday, August 14, 2010
In the wake of the recent computer attacks, many have been quick to jump to conclusions that a new breed of terrorism is on the rise and our country must defend itself with all possible means. As a society we have a vast operational and legal experience and proved techniques to combat terrorism, but are we ready to fight terrorism in the new arena – cyber space?
A strategic plan of a combat operation includes characterization of the enemy’s goals, operational techniques, resources, and agents. Prior to taking combative actions on the legislative and operational front, one has to precisely define the enemy. That is, it is imperative to expand the definition of terrorism to include cyber-terrorism.
As a society that prides itself on impartiality of justice, we must provide clear and definitive legislative guidelines for dealing with new breed of terrorism. As things stand now, justice cannot be served as we have yet to provide a clear definition of the term. In this light, I propose to re-examine our understanding of cyber-terrorism.
There is a lot of misinterpretation in the definition cyber-terrorism, the word consisting of familiar "cyber" and less familiar "terrorism". While "cyber" is anything related to our tool of trade, terrorism by nature is difficult to define. Even the U.S. government cannot agree on one single definition. The old maxim, "One man's terrorist is another man's freedom fighter" is still alive and well.
The ambiguity in the definition brings indistinctness in action, as D. Denning pointed in her work Activism, Hactivism and Cyberterrorism, "an e-mail bomb may be considered hacktivism by some and cyber-terrorism by others"
It follows that there is a degree of "understanding" of the meanings of cyber-terrorism, either from the popular media, other secondary sources, or personal experience; however, the specialists’ use different definitions of the meaning. Cyber-terrorism as well as other contemporary "terrorisms" (bioterrorism, chemical terrorism, etc.) appeared as a mixture of words terrorism and a meaning of an area of application. Barry Collin, a senior research fellow at the Institute for Security and Intelligence in California, who in 1997 was attributed for creation of the term "Cyberterrorism", defined cyber-terrorism as the convergence of cybernetics and terrorism. In the same year Mark Pollitt, special agent for the FBI, offers a working definition: "Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against noncombatant targets by sub national groups or clandestine agents."
Since that time the word cyber-terrorism has entered into the lexicon of IT security specialists and terrorist experts and the word list of mass media "professionals". One of the experts, a police chief, offers his version of definition: "Cyber-terrorism – attacking sabotage-prone targets by computer – poses potentially disastrous consequences for our incredibly computer-dependent society."
The media often use cyber-terrorism term quite deliberately: "Canadian boy admits cyberterrorism of his family: "Emeryville, Ontario (Reuter) - A 15-year-old Canadian boy has admitted he was responsible for months of notorious high-tech pranks that terrorized his own family, police said Monday"
A renowned expert Dorothy Denning defined cyber-terrorism as "unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives". R. Stark from the SMS University defines cyber-terrorism as " any attack against an information function, regardless of the means"
Under the above-mentioned definitions of cyber-terrorism one can only point to the fact that any telecommunications infrastructure attack, including site defacing and other computer pranks, constitute terrorism. It means that cyber-terrorism has already occurred and we "live " in the epoch of cyber terror.
However, another expert, James Christy the law enforcement and counterintelligence coordinator for the DIAP (Defense-wide Information Assurance Program), which is steered by the office of the assistant secretary of defense for command, control, communications and intelligence, states that cyber-terrorism has never been waged against the United States. "Rather, recent hacking events – including a 1998 web page set up by a supporter of the Mexican Zapatistas rebel group, which led to attacks on the U.S. military from 1,500 locations in 50 different countries – constitute computer crime. William Church, a former U.S. Army Intelligence officer, who founded the Center for Infrastructural Warfare Studies (CIWARS) agrees that the United States has not seen a cyber terrorist threat from terrorists using information warfare techniques. "None of the groups that are conventionally defined as terrorist groups have used information weapons against the infrastructure" Richard Clarke, national co-ordinator for security, infrastructure protection and counterterrorism at the National Security Council offered to stop using "cyberterrorism" and use "information warfare " instead
The above-mentioned observations drive a clear line between cyber-terrorism and cyber crime and allow us to define cyber-terrorism as: Use of information technology and means by terrorist groups and agents.
In defining the cyber terrorist activity it is necessary to segment of action and motivation. There is no doubt that acts of hacking can have the same consequences as acts of terrorism but in the legal sense the intentional abuse of the information cyberspace must be a part of the terrorist campaign or an action.
Examples of cyber terrorist activity may include use of information technology to organize and carry out attacks, support groups activities and perception-management campaigns. Experts agree that many terrorist groups such as Osama bin Ladenn organization and the Islamic militant group Hamas have adopted new information technology as a means to conduct operations without being detected by counter terrorist officials.
Thus, use of information technology and means by terrorist groups and agents constitute cyber-terrorism. Other activities, so richly glamorized by the media, should be defined as cyber crime[1].
Reference:
[1]http://www.crime-research.org/library/Cyber-terrorism.htm
Posted by
Saeed Heydari
at
12:09 PM
2
comments