The term terrorism describes a situation, where an individual or a group of individuals employ violence or threaten the use of violence to bring about a certain desired result. As the world evolves and develops, particularly in the field of technology, new and modified modes of cyber crime have been witnessed. Cyber terrorism is among the modifications that have been made, in both cyber crime and terrorism (Wilson, 2008a). Cybercrime is gradually becoming better at organization and establishment. Online skills that utilize high levels of technology are available for use by individuals, including those, who would want to rent such skills for malicious intent. Criminals, who use the cyber space, as their environment, are switching to using automated tools subsequently frustrating efforts to successfully track and measure cyber attack trends (Adams, 2001).
The methodologies, that people have used over the years to track web vulnerabilities and cyber attacks, have been overwhelmed by the changing trends that are witnessed in cyber attacks. Cybercriminals are increasingly forming alliances and renting their services to drug traffickers and other criminals, who have taken advantage of the vast number of opportunities that have brought about, by an increase in the use of the internet. The architectures of some of the botnets that are used in cyber crime have become more sophisticated, and future prospects include a transformation that will make them resistant to countermeasures taken in cyber security (Army, 2005). The fact remains that more sensitive information is being stored and transferred in the web medium highlighting the level of severity, if information infrastructure is to be as vulnerable. In addition, the technology of computer networking has led to the boundaries that exist between cybercrime, cyber ware fare and cyber terrorism, being blurred. This owes to the availability of cyber attack services for hire.
The fear of vulnerability of information infrastructure has long been part of people’s lives, since the conception of the internet. The internet was centralized in 1970, during its conception; this means that there was a single control point for the information that was available over the internet. However, it was later decentralized for fear of its capability of becoming a weapon during the cold war. Come the late 1980s, the internet was open to both public and private users. This opening up meant that anyone could access the internet and gain information from it, as long as they had an internet connection (Arquilla & Ronfeldt, 2001). There are several features that make the internet susceptible for use in cyber terrorism. These features include factors, such as, the fact that the internet has easy access. In addition, there is often little regulation or none at all in the content, in terms of government control or censorship. The internet, also, has a potential and opportunity of having a huge audience that is diverse, in that there are people from all over the world. People have more ease of use, because of the anonymity that is offered by the internet. Information that is in the internet flows faster than in other mediums giving people the feedback that they need to make further plans (Austin & Darby, 2003). Other than that, the cost of transferring information and maintaining the web is relatively lower, as well, as the multimedia environment providing a context for making use of audio, video and texting forms of communication (Rollins, 2007). Also, the internet has given people the capability of shaping the slant of the coverage of the traditional media, since most use the internet, as a major source of information. As a result, people find it easier to communicate their views to traditional media through the internet. These features that are present in the internet make it easier for people to carry out criminal activity, including cyber activity.
The distinctions that exist between terrorism, war and crime, often blur, when they are considered in a computer network attack context. This blur in boundaries makes measuring cyber attack trends a challenge that is complex (Wilson, 2008b). One of the things that can help in developing an appropriate measure for trends is having exact knowledge of what the end result is defined as. Cyber terrorism is described in two frameworks: one of them, being effect-based, and the other, being intent-based. Within the context of effects, cyber terrorism is said to exist, when the attack that has been launched on the computer results in effects that are disruptive, such that they generate fear that is similar or comparable to what is often witnessed with traditional terrorism (Wilson, 2008a). The intent-based context describes cyber terrorism, as an act of cyber attack that is perpetrated, is done so, with the intent of coercing some form of political view or leading to a severe economic injury to a nation or nations. It is important to note, that information is the constant in cyber terrorism and the internet is the major medium through which people deliver cyber terrorism.
For an attack that has been staged to be successful, it is required that the network being used, remains intact, unless the effectiveness of the attack results from the shutting down of the network. When a cyber attack is committed, it is usually so that one side meets certain objectives. Some of the objectives of cyber attack include inducing or enhancing the loss of integrity in that information that is contained in a network is modified improperly. In addition, loss of availability is induced, where information systems that are critical to missions are made unavailable to the authorized users of the network (Bagchi & Udo, 2003). Also, the loss of confidentiality is engendered, such that information, that is critical, is disclosed to users, who are unauthorized. Other than that, some of the information systems that are affected result in the creation of actual and real physical destruction, especially through commands created to result in deliberate malfunction.
Currently, there is no evidence that is significant enough to determine whether terrorists have undertaken a considerable cyber attack. A cyber attack involves making use of some kind of malicious code, as a weapon to cause a particular infection on the targeted computer system, or to exploit a weakness that exists within the system’s configuration or in the software (Bagchi & Udo, 2003). In addition, an individual may use information that has been stolen to gain access to a certain network, or attain clearance to make changes to the information that is contained in the networks remotely. Cyber attacks need for the network to have a preexisting flaw that makes it susceptible to the attack, such as lack of antivirus software, a software error or a faulty system configuration that can then be exploited (Army, 2005). However, technology is evolving and there may come a time, when this distinguishing requirement may fade in importance.
Purpose of the Study
There is no consensus, as to what entails cyber terrorism or what its definition is. Terrorism, like other organizations, is taking advantage of the opportunities and enhancements that have been brought about by availability of the internet. The purpose of this proposal, therefore, is to provide an academic framework, stemming from a discourse of issues that are relevant to cyberterrosrism, which will help identify vulnerability of information infrastructure and trends of cyber terrorism with the aim of knowing how to best approach measuring of cyber attacks. This information will be helpful to people with various interests in cyber security, especially those, who have been charged with ensuring that the information in the internet remains protected.
Importance of the Study
The information that will be attained from this study, will give experts in the area of cyber security a better idea of what to expect from cyber terrorism, thus, arming them with information that will be useful in developing counter measures and preventive mechanisms to protect the internet from cyber terrorism. Security companies dealing in internet security and software security will be in a better position to develop encryptions that are most effective in protecting information in cyberspace. In addition, understanding and acquiring knowledge of the most appropriate and effective way of measuring cyber attack trends will be a major stride in detecting and tracking cybercrime that may be indicative of cyber terrorism.
Statement of the Problem
The number of random cyber attacks in cyber space has been gradually increasing, and more so, over the last decade and a half (Bagchi & Udo, 2003). However, the data that has been collected in attempts to measure the trends in the use of cyber-attacks still cannot be utilized to accurately determine
, if the attacker was a terrorist group , or if they were initiated or sponsored by a terrorist group. The critical nature of this situation is highlighted by the fact that company industry’s that are critical to the infrastructure of the society are increasingly becoming targets of cyber terrorism. Experts have reached a consensus, as to the fact, that coordinated cyber-attacks, could be used to amplify the effect of physical attacks , but, disagree , as to the damaging effects that such attacks will have on the information infrastructure of certain systems of critical sectors. This underlines the fact that information infrastructure should be understood with particular emphasis on cyber terrorism trends , and how they can be measured. Determinant factors, such as, the level of dependence that a particular society has on technology, will also lead to the effects of cyber attacks being different in different systems. How then can one come up with an effective way of measuring the trends of cyber attacks, in the face of the diverse information that is available, in terms of cyber terrorism?
It has been reported that terrorist organizations have been conducting some forms of information warfare. Additionally, there have been increased reports of terrorists, using the internet to carry out their operations, such as, those that involve giving issuing instructions or conducting defacement of an individual or a group of them, over the internet (Bagchi & Udo, 2003). Files are encrypted then sent through e-mail or, steganography can be employed in the sending of malicious e-mail. Even though some of the encryptions that have been used are relatively weak, it still shows that cyber terrorism is becoming a more appealing avenue for terrorist groups and it is only a matter of time, before they acquire an effective expertise or rent it from other people in the internet.
Cyber terrorism has been increasingly taking the shape of steganography. This refers to a practice, where information that is meant to be secret or unknown to some individuals is hidden or contained within other data that is not meant to be hidden. This information is rarely detected, unless someone is looking for it. The information that is meant to be encrypted and hidden is encoded in secret and lower-order bit positions that are within an image file, video file or a sound file. It should, however, be noted that an email that has been encrypted appears in a form that is different from a normal e-mail when it is viewed through an analyzer. Thus, if someone is sniffing, they may identify the encrypted message (Austin & Darby, 2003). Terrorism is also about imposing and spreading ideologies that other people may not necessarily agree with and the internet is the largest and most accessible source and storage location of information in the world. As a result, it is the most effective way that terrorists can use to exploit information infrastructures available and communicate their ideologies and views in an effort to win a war of ideas. The fact that technology makes the dissemination of information faster and simpler has made it appealing and made information on the internet unsafe.
The study that is proposed, will aim to answer the following research questions:
What is the relationship between vulnerability of information infrastructure and the trends of cyber terrorism?
Does perceived vulnerability of information infrastructure and perceived usefulness of the internet have any effect on the trends of cyber terrorism?
To what does the relatively higher level of cyber terrorism and cyber attack being witnessed today owe its nature to?
What is the relationship between vulnerability of information infrastructure in countries with critical industries and cyber terrorism trends?
What is the relevance of information infrastructure vulnerability and cyber terrorism trends to the development of ways to best measure cyber attacks?
Method of Inquiry
The methodology that will be employed in the study will be a non-experimental approach. The nature of the non-experimental approach will be ex post facto and it will involve looking at information from events that have already occurred. The major methods of gathering data will be through reviewing various relevant literatures, with specific emphasis on reports from the Congressional Research Service (CRS) reports to congress, over the last fifteen years. In addition, security reports from certain companies will be viewed to see the types of cyber terrorism that they have dealt with and how they handled the situation from both a reactive and proactive point of view.
The assumptions of this study are that the workers in the critical industries will be knowledgeable on the issue of cyber terrorism, and will have been affected by some form of cyber attack. Another assumption is that the damages that may have been caused by the cyber attack will have a relationship to the vulnerability of the information infrastructure within the industry; a vulnerability that those, within the industry are aware of. In addition, it will also be assumed that there is a relationship between cyber terrorism trends and the methods of measuring trends in cyber attacks.
One of the limitations is that the companies that are involved in critical industries that have been chosen for the research may refuse to give up the reports that pertain to their security threats or give little information. On addition, some of the companies that we hope to use as a source of information may be faced with some legal action as a consequence of giving information to parties like us.
The limitations of the study will be that the geographical location will be restricted to the United States, owing to its relatively vast development and use of the internet. The reports and literature that will be reviewed, will give one side of the story, meaning that the results obtained and subsequently the methods of measuring cyber attacks will be based in the context of American users of the internet. Another limitation is that the reports from individual companies will not be representative in terms of presenting the overall picture of all companies that deal with cyber terrorism.
This proposal will have three chapters, chapter one will contain information that will introduce the study and offer a contextual background, before stating the purpose and importance of carrying out the study. Following this, there will be a problem statement and a description of the conceptual model, the assumptions, limitations and delimitations of the project. Chapter two includes a detailed discussion of the relevant literature addressing the problem. Each section discusses the evidence available that provides insight into the problem and sub-problems. Chapter three is a detailed description of the research methodology, employed in the study. It includes a discussion of the method of inquiry, population and sample, instrument, used to gather the data, and the hypotheses and associated analysis techniques, to be employed in the data analysis.
REVIEW OF RELATED LITERATURE
Purpose of the Chapter
Reviewing literature about the vulnerability of information and trends of cyber terrorism in addition to reviewing available literature on how to best measure trends in cyber attacks is important, because cyber terrorism trends is a topic that requires a historical perspective, as well, as the perspective of other writers. In addition, a trend can only be recognized, if there is a body of evidence and information that is related to the research topic. Reviewing literature is, also, important, as it will help answer part of some of the research questions that have been posed majorly the questions that need for the nature of relationships, to be established.
The chapter will begin by looking at literature that is available on different trends of cyber terrorism and analyzing them. A case study will be included to further elaborate the trends in cyber terrorism. In addition, the connection between terrorist groups and hackers will be explored and botnets to be expounded on. Persistent vulnerabilities will be mentioned followed by a summary, to conclude the chapter.
Cyber attacks are coming into the internet world rapidly
, and, in most cases, without warning. This trend is quite disconcerting for organizations that have been affected and those that may be affected (Arquilla & Ronfeldt, 2001). The situation is made worse by the lack of timely and transparent disclosure that most organizations are affected. Cyber attacks were often considered a nuisance, but the reality of cyber terrorism has become a problem for organizations and to general public with critical industries, standing to experience the most damaging effects (Cashell, Jackson, Jickling & Webel, 2004). The trends of cyberterrorism have been gradually moving towards causing serious financial consequences for government and business institutions. According to a study carried out by Ponemon (2010), over $3.8 million is lost to cyber crime every year. Out of the 45 organizations that were studies, the average was having 50 successful attacks in a week.
Wilson (2008a), reports that attacks, that have been directed
to computer systems have three ends that result from their means. One is that, the equipment that steers a computer system could be disrupted faulting the reliability of the hardware available (Cronin, 2002a). In addition, the processing logic that is , usually , followed in a system can be altered and , finally, the data that is contained within a computer system can be stolen or corrupted. Another trend that is becoming common in cyber terrorism is collaboration in that the perpetrators of cyber terrorism are collaborating to reduce the chances, of either being pinpointed and to make tracking of the origin of a message, or malicious code harder (Austin & Darby, 2003).
A case in point of cyber terrorism that ended in dire results, was in Estonia when, in the spring of 2007, the government system experienced a cyber attack that has often been labeled, as cyber terror. On April 27th of the same year, certain officials in Estonia moved a memorial that was meant to celebrate unknown Russians, who had died in combat during the
nazi regime (Wilson, 2008a). Ethnic Russians rioted at this and a series of distributed denial of service attacks were, also, launched. Servers and computers were flooded, while legitimate users were blocked from accessing websites. This crippled Estonia owing to the fact that the country relied heavily on information technology, and there were limited on the part of managing resources. The problem that persisted in the aftermath of the attack was identifying the perpetrators. The system was already vulnerable, because of the inadequate management and, thus, the denial of service attacks were more effective (Wilson, 2008a).
Cyber crime is often conducted through an internet connection. Before, hacking as a cybercrime was done for the main purpose of gaining a reputation among peers, but this trend is changing to one that involves getting profits and monetary gain from these hackings (Cronin, 2002a). As a result of this situation, there are more people with the ability to carry out cyber terrorism for hire. The motives that drive cybercriminals are often different from that of their customers, though, the result is similar (Army, 2005). New forms of technologies are gradually and more often out spacing policy for those, involved in law enforcement. In addition, agencies involved with cyber security and conflicting policies in different countries that govern cyberspace policies, also hinder efforts that are made towards identifying and developing ways to measure cyber attacks (Bagchi & Udo, 2003). Thus, another trend of cyber terrorism is that some of those, who have initiated it, have chosen to work in countries, where the laws and policies that govern cybercrime do not restrict them from carrying out their activities. In addition that the internet is not restricted by geographical boundaries, contributes to the trend of taking cyber terrorism to countries that do not yet have penalties for cybercrime (Cronin, 2002b).
Other than that, some of the high end cybercrime organizations and groups that are available for hire are using techniques that are similar to those of business development, to keep their features up to date with the latest and, most often, the best anti security features (Friman, 2001). The designs of cyber attacks have changed too, to include those that secretly and gradually steal information without leaving any traces behind. Most of the critical industries around the world have a security system that would notice, if information is taken and electronic fingerprints are left behind (British North American committee, n.d.) As a result of this, most cyber terrorists are choosing and modifying their attacks to be undetected.
Widespread and fast dissemination of scripts that are assistive in new exploits, have made it possible for programmers, who are unsophisticated to take advantage and use complex techniques that they would normally be incapable of developing (Garg, Curtis & Halper, 2003). DDoS (distributed denial of service) attacks have been evolving over the years and they are especially popular in high profile attacks that have gained significant publicity (Bolt & Brenner, 2004). Perpetrators of DDoS attacks are taking advantage of the lax security that is often in home computers to plant programs that are malicious that the individual may then take to work with them.
Unauthorized intrusions are becoming a great nuisance for governments and businesses. The loss or sharing of sensitive or proprietary information can have very devastating effects (Knapp & Boulton, 2006). In the beginning, intrusions were limited to curious and experimental hackers. However, organized crime and terrorist organizations have recognized and acknowledged the benefits of having access to this information (Lawson, 2002).
Connection Between Terrorist Groups and Hackers
It is difficult to tell the number or nature of terrorist organizations that are directly linked to cybercrime. However, there are connections that exist between criminals and terrorist organizations in that the criminals allow terror networks to expand to other areas of the world through leveraging them transit routes, computer resources and money laundering activities that the criminals operate or are connected to (Lewis, 2002). Major narcotics market regions, like North America, have in their possession optimal technological infrastructure that can open up newer markets and serve transnational needs of terrorist groups (Pladna, 2008).
The connection between hackers and terrorism groups is a difficult one to determine, identify and evaluate. Most of the high end hacker groups and very exclusive and only for very high skilled individuals, who are ready to maintain the confidentiality of the group since it enhances their functioning (Rollins, 2005). As a result, they rarely seek publicity or attention making it harder to identify them. It is most likely that terrorist groups will seek the assistance of hackers, who are exclusive and meticulous about confidentiality and secrecy (Rodriguez, 2006). In addition, hackers being available for sale and rent, vulnerabilities that are in different computer systems are, also, available for sale over the internet from special black markets that have been developed by hackers and are supplied and updated on a regular basis (Rollins, 2007). The characteristic mode of operation of hackers, where they take time to meticulously plan for an attack, has also been witnessed in terrorist attacks, especially bombings that have been planned and launched by groups such as Al Qaeda.
Botnets are increasingly gaining popularity in cybercrime becoming a major tool in the field. This is partly because the botnets, can be customized or configured for particular attacks on certain targets, in that they can be utilized in the effective disruption of computer systems that have been targeted, and this happens in different ways (Wilson, 2008a). This means that the attack can be directed to the most vulnerable areas of information infrastructure of different systems. In addition, it is also preferred, because it can be initiated by a malicious user, who does not have adequate skills to go through another avenue, like hacking a complex system (Devost, 2001). The makeup of a botnet or a bot network consists of a number of computers that are infected that have been infected by malicious code, and these codes can be controlled remotely over the internet and directed to certain other networks. The controls that are given remotely are transmitted through commands that have been issued over the internet (Wilson, 2003). Hundreds of the computers that are part of the botnet can work together to distribute a malicious code, harvest information, and disrupt or block internet traffic for the targeted systems. They are among the most versatile trends of cyber terrorism within the underground economy.
According to Wilson (2008a), in the 2008 CRS report to the congress, designers of botnets make money by marketing their skills and technical services to those interested. As a result, even terrorist cells that may not have someone with the skills they need can rent her services at a fee. Cyber terrorism is possible following other forms of transactions over the internet, like trading services for a fee. The original mode of sending botnet codes was through sending them in e-mails, but users have grown more weary and cautious, and the designs have, also, changed. Clicking on a spam message or an advertisement banner can secretly install a botnet code on your PC (Erbschloe, 2001). Un-patched vulnerabilities that may be in a browser may permit the installation of a botnet code into a website or a PC (Vatis- M, 2001). There are newer ways being developed to distribute bot software that will make it harder for law enforcement, to identify and track botnet designers.
Persistent information infrastructure vulnerabilities
Routers are charged with the function of forwarding information to desired destinations. The vulnerability of routers has been persistent, allowing attackers to disrupt certain selected portions of the internet and target particular power stations (Rollins, 2007). Other than that, router vulnerability is a major vulnerability that can allow an attacker to steal an individual’s identity (DeMarrais, 2003). This identity could be used to authorize actions that will benefit terrorism. Industries that are critical provide economic targets that are ample and the damages that follow could cause major and crippling effects (Giacomell, 2004). Some of the critical industries that are often attacked deal with power, finance, manufacturing and government (Adams, 2001).
There have been various trends witnessed in cyber terrorism, and they include the increase of using hired assistance from experts and causing financial damages. Also, perpetrators of cyber terrorism are working together and moving to regions, where the laws and policies that govern cybercrime will not punish or restrict them. In addition, most cyber terrorists are choosing and modifying their attacks, to be undetected and establishing connections criminal organizations that can allow them to expand faster and wider. The vulnerabilities that are in different computer systems are also available for sale and botnets are increasingly becoming a major tool in the field of cyber terrorism.
Purpose of the Chapter
This chapter will describe the methodology that will be used in gathering data and information that is relevant to the study. It is important, that the methodology should be described, because it will guide the study that has been proposed. The chapter contains, step by step, specific and detailed information about the processes that the study will employ and the instrumentation that will be employed in gathering data.
The chapter will contain the method of Inquiry, a detailed description of the population and Sample, the instrumentation that will be used and the procedures.
Method of Inquiry
Learning about trends requires that information about the past be acquired. Therefore, a literature survey will be carried, and specific attention will be given to reports by CRS and reports from critical industry companies that have experiences cyber attack or cyber terrorism, over the last fifteen years. It is not enough to get information from reports, but also from those, who deal with the problems from a more tangible perspective. Thus, the reports from different critical industries will help in the provision of this information.
Population and Sample
The United States has been reported as being the hottest target for cyber terrorism with cyber attacks taking place ten times more than those of the nation that follows in number, China. As a result, the United States will be chosen, as the preferable population for its vast number of users and susceptibility to cyber attacks. In addition, it will be easier to establish a trend from a population that has experienced the problem numerous times. Within the US, three companies will be chosen, each to represent the critical industries, which are the finance industry, the government and communications, which will represent a power industry. The department of defense will be the government industry, Wall Street will be the financial one, and Microsoft will represent communications.
The reports that are contained in the CRS spanning over the past fifteen years and similar ones, within the companies, will be analyzed. Literature surveys have often been used in carrying out studies that require information that is affected, altered or modified by a situation. Trends are an example of such information. The reports will provide information about the organizations, as a whole, while the literature surveys will provide information about the individuals within different companies. The key words that will be looked for in the literature surveys and reports include cyber terrorism, cyber attacks, hacking, computer security and cyber threats. This is because these words are often used in reports to describe a situation where there has been a breach or a threat to cyber security; including situations of cyber terrorism.
The CRS reports will be obtained from the internet and the company reports on internet security, and vulnerability of infrastructure will be gathered from companies. Specific reports with information about cyber attacks that have been experiences and the inquiries that followed will be given priority. This is, because follow up reports will have information on vulnerability issues. The first step will be to get a research team together and inform them about the details of the research including what they need to look for. After this, the researchers will be divided into groups of three and offered and work station with a computer. Working in groups is known to produce better results, especially in literature surveys.
The purpose of this chapter was to explain the details of the methodology that will be used to collect information about the methods that will be used to inquire and attain information for this study, which includes literature survey and vignette results. The population that will be used for the study is the United States, and the sample will be workers and managers from finance, the government and power industries summing up to 45 people.