Académique Documents
Professionnel Documents
Culture Documents
2012-2013
INTRODUCTION
Cyberterrorism is a new terrorist tactic that makes use of information systems or digital technology, especially the Internet, as either an instrument or a target. As the Internet becomes more a way of life with us,it is becoming easier for its users to become targets of the cyberterrorists. The number of areas in which cyberterrorists could strike is frightening, to say the least. The difference between the conventional approaches of terrorism and new methods is primarily that it is possible to affect a large multitude of people with minimum resources on the terrorist's side, with no danger to him at all. We also glimpse into the reasons that caused terrorists to look towards the Web, and why the Internet is such an attractive alternative to them. The growth of Information Technology has led to the development of this dangerous web of terror, for cyberterrorists could wreak maximum havoc within a small time span. Various situations that can be viewed as acts of cyberterrorism have also been covered. Banks are the most likely places to receive threats, but it cannot be said that any establishment is beyond attack. Tips by which we can protect ourselves from cyberterrorism have also been covered which can reduce problems created by the cyberterrorist.We, as the Information Technology people of tomorrow need to study and understand the weaknesses of existing systems, and figure out ways of ensuring the world's safety Dept. Of Electrical & Electronics Engg. 1 G.P.T.C, Muttom
2012-2013
from cyberterrorists. A number of issues here are ethical, in the sense that computing technology is now available to the whole world, but if this gift is used wrongly, the consequences could be disastrous. It is important that we understand and mitigate cyberterrorism for the benefit of society, try to curtail its growth, so that we can heal the present, and live the future
G.P.T.C, Muttom
2012-2013
CYBER TERRORISM
Andrey, Frederick, and Phillip (the Week Three team) aim to help promote awareness about the dangers of Cyber Terrorism and Cyber Warfare. Many individuals may not even be aware that Cyber Terrorism and Cyber Warfare exist and as such are unaware of the damage it can cause. The Week Three teams purpose in analyzing Cyber Terrorism and Cyber Warfare is to educate citizens on how these attacks impact a nation, techniques used in the perpetration of these attacks, and security measures that can be taken to guard against these attacks. Purpose To analyze Cyber Terrorism and Cyber Warfare and understand how it affects all of us as a nation as well as recommend best practices to help protect ourselves. It is our purpose to raise awareness of this issue that affects many lives today. Scope Initial analysis of what Cyber Terrorism and Cyber Warfare is. This report gives a comprehensive review on these two terms are, how it affects us in our daily lives, and practices to protect ourselves.
G.P.T.C, Muttom
2012-2013
Research was conducted using a variety of secondary sources. Each team member was responsible for one major category. After aggregating the research, the team reviewed the information to reach its final recommendation.
G.P.T.C, Muttom
2012-2013
OVERVIEW
As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring. As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.
G.P.T.C, Muttom
2012-2013
BASIC DEFINITION
Cyberterrorism is the leveraging of a target's computers and information , particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure. Cyberterrorism is defined as The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives. This definition was created by Kevin G. Coleman of the Technolytics Institute ...subsumed over time to encompass such things as simply defacing a web site or server, or attacking non-critical systems, resulting in the term becoming less useful... There are some that say cyberterrorism does not exist and is really a matter of hacking or information warfare. They disagree with labeling it terrorism because of the unlikelihood of the creation of fear, significant physical harm, or death in a population using electronic means, considering current attack and protective technologies. BACKGROUND INFORMATION Public interest in cyberterrorism began in the late 1980s. As the year 2000 approached, the fear and uncertainty about the millennium bug heightened and interest in potential cyberterrorist attacks also increased. However, although the Dept. Of Electrical & Electronics Engg. 6 G.P.T.C, Muttom
2012-2013
millennium bug was by no means a terrorist attack or plot against the world or the United States, it did act as a catalyst in sparking the fears of a possibly large-scale devastating cyberattack. Commentators noted that many of the facts of such incidents seemed to change, often with exaggerated media reports. The high profile terrorist attacks in the United States on September 11, 2001 lead to further media coverage of the potential threats of cyberterrorism in the years following. Mainstream media coverage often discusses the possibility of a large attack making use of computer networks to sabotage critical infrastructures with the aim of putting human lives in jeopardy or causing disruption on a national scale either directly or by disruption of the national economy. Authors such as Winn Schwartau and John Arquilla are reported to have had considerable financial success selling books which described what were purported to be plausible scenarios of mayhem caused by cyberterrorism. Many critics claim that these books were unrealistic in their assessments of whether the attacks described (such as nuclear meltdowns and chemical plant explosions) were possible. A common thread throughout what critics perceive as cyberterror-hype is that of non-falsifiability; that is, when the predicted disasters fail to occur, it only goes to show how lucky we've been so far, rather than impugning the theory.
G.P.T.C, Muttom
2012-2013
Cyberterrorism can have a serious large-scale influence on significant numbers of people. It can weaken countries' economy greatly, thereby stripping it of its resources and making it more vulnerable to military attack. Cyberterror can also affect internet-based businesses. Like brick and mortar retailers and service providers, most websites that produce income (whether by advertising, monetary exchange for goods or paid services) could stand to lose money in the event of downtime created by CYBER CRIMINALS. As internet-businesses have increasing economic importance to countries, what is normally cybercrime becomes more political and therefore "terror" related.
G.P.T.C, Muttom
2012-2013
2012-2013
in cyberspace. Information technology is emerging in many societies and has become more readily available to hostile nations. Nations that may decide to use their newfound technology to strike at their opponents communications. A
serious form of Cyber Warfare would be to attack an electrical power grid. Attackers would penetrate and interrupt an electrical power grid system causing blackouts. Depending on the size of this attack and its location, this may knock out power to hospitals or other critical systems of a city. Implication An implication of Cyber Warfare and Cyber Terrorism is to cause harm to a nation. A goal of these attacks is to create alarm and panic among citizens. Attackers want to show how badly they can damage their victim nations by hacking into government computers and taking control of critical systems. This can affect citizens psychologically causing them to wonder how their government could let this happen and what they can do to protect themselves and their families. By achieving these goals, hackers succeeded in leading a nation into a state of chaos and confusion.
10
G.P.T.C, Muttom
2012-2013
2012-2013
There are several popular cyber attack methods. These popular methods include denial of service, distributed denial of service, and botnets (Cyber Attack Techniques, 2009). Denial of service works by overwhelming the target computer with useless network traffic, resulting in the blocking of legitimate network traffic to the user. Distributed denial of service is similar in that it overwhelms the target computer with network traffic, but instead this attack is launched from many computers. The other popular method of attack is the use of botnets. A botnet is a network of remotely controlled systems used to attack and distribute malware, spam, and phishing scams. The word bot is short for robots, because they are programs that are unknowingly installed on a target computer. This program allows an unauthorized user to remotely control the system for malicious purposes (Cyber Attack Techniques, 2009). Popular Targets Financial institutions and utility grids are now the prime targets of cyber warfare and cyber espionage. After a report was released stating that electric power grid has been infiltrated by foreign spies, the U.S. government has admitted that it is susceptible to cyber attacks (LaMonica, 2009). Janet Napolitano from the US homeland Security claimed The vulnerability is something [we] have know about for years. World Bank has also reported being infiltrated at least six times in just Dept. Of Electrical & Electronics Engg. 12 G.P.T.C, Muttom
2012-2013
one year (Behar, 2008). Many other banks, like Bank of America, have also been the victims of cyber attack. For instance, on January 29 th, 2010, their website was down for a good part of the day (Carney, 2010). CyberSecurity In a government paper titled Defining and Deterring Cyber War, the purpose of Cyber Security is described as [to] increase a states resistance to attacks and reduce the consequences of attacks. (Beidleman, 2009) While this paper was written in regards to governments, the concept holds true for businesses as well. Cyber Security can be seen as two parts: resistance and mitigation of damage. Resistance to Cyber Terrorism is primarily implemented through security technologies. The most prevalent security technology for large organizations is the firewall. The firewall is literally the first line of defense when it comes to a computer network. The firewall sits between the internal network of a company and the outside world. It analyzes all incoming and outgoing transmissions and provides multiple security services. Incoming packets are all screened for malicious data before being rebroadcast into the network. Outgoing packets are also all screened. Most firewalls come with features that allow for statistical analysis of a networks baseline. Fluxuations in the baseline beyond a certain range
13
G.P.T.C, Muttom
2012-2013
may indicate an issue and prompt the firewall to notify a systems administrator for further investigation. The major forms of attack described in the last section (packet flooding and botnets) are both addressed by firewalls. To reiterate - Denial of Service (DoS) attacks, distributed or otherwise, attempt to flood a network with so much traffic that no legitimate forms of data can be accepted into the system. Firewalls block DoS attacks by identifying the sending source and blacklisting all data from that location(s). Botnets or so-called zombie computers (Strickland, 2007) can also be dealt with by firewalls. As mentioned, if botnets are employed in a DoS attacks, the firewall blocks all traffic from that originating source. Moreover, firewalls can detect botnet computers from within an internal network based on outgoing traffic and can take steps to disinfect them. This involves automatically isolating the infected nodes and informing a systems administrator who takes further steps to fix the device. Beyond the firewall, security software should also be installed on all workstations in the network. The rationale behind this procedure is that individual workstations may be infected by code that slips past the firewall. Security software such as anti-virus and anti-spyware programs should be implemented and kept upto-date with the latest virus definitions. In addition, all devices on the network
14
G.P.T.C, Muttom
2012-2013
should be kept up-to-date with the latest updates to seal potential security vulnerabilities. On the user side, there are several best-practices that can be used to prevent or mitigate damage from cyber terrorist attacks. Firstly is the issue of access control users should only have access to resources that they require. The rationale behind this statement is that, should a user account be compromised by attackers, their level of access in the system is limited. To prevent the accounts from being compromised in the first place, policies should be in place that enforce strong passwords. The University of Texas recommends the following for conditions in a strong password (Uni. of TX, 2009):
Use both upper- and lower-case letters. Place numbers and punctuation marks randomly in your password. Make your password long and complex, so it is hard to crack. Between 8 to 20 characters long is recommended. Use one or more of these special characters: ! @ # $ % * ( ) - + = , < > : : Moreover, the password policy should require that passwords be reset every month and that identical passwords or password characters may not be reused for a
15
G.P.T.C, Muttom
2012-2013
set period of time. This is so that cyber terrorists cannot run automated programs that try every possible combination of characters to guess a password. The final step to deterring cyber attack is continual penetration testing and security audits of an organizations own system. By attacking its own security system, vulnerabilities may be identified and fixed before they can be taken advantage of by attackers. To help mitigate the damage from attacks, organizations should keep backups of their data in an easily-retrievable format. This way, should a cyber attack succeed in destroying data, files can be restored from the time of the last backup.
16
G.P.T.C, Muttom
2012-2013
CONCLUSION
After a thorough analysis on why Cyber Terrorism and Cyber Warfare occur, the determination was that these events for the reason of bringing fear to the public. Even though these acts can be politically motivated, the goal is still the same. There are many different methods for such attacks, like using botnets or denial of service to bring down popular targets; institutions and power grids. Even with these methods of attack, the use of network security products, such as firewalls and anti-virus, can greatly reduce the risk of being a victim of cyber attacks.
17
G.P.T.C, Muttom
2012-2013
REFERENCES
Behar, R. (2008, October 10). World Bank Under Cyber Siege in 'Unprecedented Crisis'. Retrieved May 7, 2010, from http://www.foxnews.com/story/0,2933,435681,00.html Beidleman, S. (2009). Defining and deterring cyber war. Strategy Research Project, Retrieved from http://www.dtic.mil/srch/doc?collection=t3&id=ADA500795 Carney, J. (2010, January 29). Bank of America's Website Has Been Down All Morning. Retrieved May 10, 2010, from http://www.businessinsider.com/bank-of-americas-website-has-been-downall-morning-2010-1 Cyber Attack Techniques. (2009, May 28). Retrieved April 28, 2010, from http://www.cybersecuritymarket.com/2009/05/28/cyber-attack-techniques/ Germain, J. M. (2008, April 29). The Art of Cyber Warfare, Part 1: The Digital Battlefield. Retrieved April 20, 2010, from http://www.ecommercetimes.com/story/62779.html Germain, J. M. (2008, September 16). The Winds of Cyber War. Retrieved April 10, 2010, from http://www.technewsworld.com/story/The-Winds-of-CyberWar-64494.html LaMonica, M. (2009, April 8). Report: Spies hacked into U.S. electricity grid. Retrieved May 3, 2010, from http://news.cnet.com/8301-11128_310214898-54.html Lewis, J. (2002). Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats:. Retrieved April 30, 2010, from http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf
18
G.P.T.C, Muttom
2012-2013
INTRODUCTION .......................................................................................................................... 1 Purpose........................................................................................................................................ 3 Scope ........................................................................................................................................... 3 Methods and Procedures ............................................................................................................. 4 Cyber Terrorism .......................................................................................................................... 9 Cyber Warfare ............................................................................................................................. 9 Implication .................................................................................................................................... 10 METHODS AND TECHNIQUES ............................................................................................... 11 Cyber Attacks Increasing .......................................................................................................... 11 The Common Attack Methods .................................................................................................. 12 Popular Targets ......................................................................................................................... 12 CyberSecurity ............................................................................................................................... 13 CONCLUSION ............................................................................................................................. 17 REFERENCES ............................................................................................................................. 18
19
G.P.T.C, Muttom
2012-2013
ABSTRACT
Cyber Terrorism and Cyber Warfare are considered a priority threat for nations including the United States, China, and the United Kingdom. These attacks can have devastating consequences on the welfare a nation and of its citizens. A research team consisting of Andrey Lavochin, Frederick Le and Phillip Tran collaborated to analyze the threat of Cyber Terrorism and Cyber Warfare. The teams goal was to identify the threats and techniques used in such tactics as well as identify potential solutions. The research team concluded that there is not a beall-end-all remedy to Cyber Terrorism and Cyber Warfare but that there are proactive measures that may be taken to reduce the frequency of attacks and mitigate the damage they cause.
20
G.P.T.C, Muttom
2012-2013
The problem of cyber terrorism is multilateral having varied facets and dimensions. Its solution requires rigorous application of energy and resources. It must be noted that law is always seven steps behind the technology. This is so because we have a tendency to make laws when the problem reaches at its zenith. We do not appreciate the need of the hour till the problem takes a precarious dimension. At that stage it is always very difficult, if not impossible, to deal with that problem. This is more so in case of offences and violations involving information technology. One of the argument, which is always advanced to justify this stand of non-enactment is that the measures suggested are not adequate to deal with the problem. It must be appreciated that something is better then nothing. The ultimate solution to any problem is not to enact a plethora of statutes but their rigorous and dedicated enforcement. The courts may apply the existing laws in a progressive, updating and purposive manner. It must be appreciated that it is not the enactment of a law but the desire, will and efforts to accept and enforce it in its true letter and spirit, which can confer the most strongest, secure and safest protection for any purpose. The enforcement of these rights requires a qualitative effort and not a quantitative effort. Thus, till a law dealing expressly with cyber terrorism is enacted, we must not feel shy and hesitant to use the existing provisions.
21
G.P.T.C, Muttom