Cyber Terrorism: Digital Fugitives, Real Threats


Cyber Terrorism Affecting Your Daily Lives

Image courtesy of http://www.infoaut.org
Cyber terrorism, defined by Dorothy E. Denning to a special oversight panel on terrorism, is “the convergence of terrorism and cyberspace; or unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.” (Denning, 2000)  Denning goes on to give other examples of attacks such as “leading to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss”. (Denning, 2000) I watched this movie once where there was a super computer that was terrorizing people and the computer was able to take down power lines or load someone’s apartment with fertilizer to frame them. I left watching that movie thinking that it was stupid because it could never be possible. The funny thing is, it wasn’t too farfetched.  Well, I guess I never thought how real the situation really is, and how real the threat could be to the U.S., or even worse, how many lives could be lost. In this post you will learn about how cyber terrorism works in three separate categories, person, government, and large corporations. The threat is very real.

How can individuals make their computer more secure from cyber terrorism?  There are three primary areas in which you should secure your home computer: be aware your computer security and the data on your computer; obtain a means to protect against viruses and malware; and providing a disaster recovery plan by backing up your computer.

A computer with a strong password and an operating system with up to date patches is usually a good step to having a secure computer.  We use our computers for tracking our finances, storing and editing photos, and editing, storing important personal documents, and tracking your neighbors. Ok, well hopefully not tracking your neighbors, but you get the point. Make sure no matter where you store your documents and files, make sure they’re in the secure portion of your computer.  Using public drives and share drives that do not have any security on them can lead to data being compromised or even worse, corruption/deletion.  Take advantage of your operating system’s security functions and always make time to get the latest updates for the computer.


Image courtesy of: http://netdna-cdn.com

Ok, so now you have a super sick computer with the strongest password ever, no worries from now on right? Only two people know this password, you and your dog. And you know he can be trusted, considering he is your best friend. So it’s all good right? Wrong, there are many people who make this mistake all the time, you still need to have the correct software to protect yourself against the evil doers on the internet. You still have the ability to be compromised by a virus or other malware until you do so. Like keeping your computer patched with the latest updates for the operating system you’re using, make sure to take advantage of its internet security software too, like having the firewall up and disable third party cookies for your browser to protect your identity.  While some in the box software security is good for some threats, it’s recommended to use security internet suites from companies like Symantec/Norton, Kaspersky, TrendMicro, etc.  Again, with any operating system patches, be sure to keep security software patched as well.

In addition to having security software, having good internet habits is important to maintaining a secure system.  Verify the authenticity of requests from companies and individuals if they seem suspicious.  Never open attachments or links from a person you do not know, or in my case, open up every email from your grandfather who forwards almost everything to you.  If you know the person, it’s important to scan those files before acting upon them.  Pay attention to links being sent to you to ensure you’re not being social engineered to go to a malicious web site.  Just take a moment to see if the link looks to go to a reputable location.  Some users will send short links for mobile devices.  Take the time to either double check with the sender or ask for the full URL if you want to take the most steps of staying safe online.  Lastly, when downloading software from the internet, know what it does (and what it’s not supposed to do).  Using security software to scan it is a given, but make sure to pay attention activity on your computer or if its performance seems to be slowing down.  Chances are you’ll have a safe program if you got it from a reputable site.

Cyber Terrorism Against Our Government

Image courtesy of http://www.pearltrees.com
So now you’re thinking, “Well all of that isn’t too hard, I bet the government and other businesses do the same thing.” The answer is yes, but on a much larger and in a more complex manner. The United States government takes cyber terrorism very seriously as they too have dedicated a lot of their resources to stopping it from happening. While individuals try to protect themselves against cyber terrorism attack, what more does the government, who serves the people, need to do to protect themselves.  In addition to being diligent to having secure computers, protection against virus and malware activity, and having a solid disaster recovery plan, the government needs to go a step further and be proactive against cyber terrorists.  Utilizing the FBI and CIA to conduct counterterrorism, counter intelligence and domestic investigations against these threats is necessary to look out for the government’s best interests as well as the interests of the country that they serve. 

Believe it or not, Cyber terrorism is now the FBI’s number one priority. They have even started their own Cyber Division way back in 2002 as they realized how real the threat is. Could you image some hacker group that has the capabilities to shut down power to a city, region, or worse an entire country? A crime like this could have an extremely tragic consequence that very well could end up in many of fatalities. 

In addition to having secure systems is key, it’s also important to have redundant systems for communication considered critical.  Once thought to be a cyber terrorist, well known computer hacker Kevin Mitnick says “computer hacking really results in financial losses and hassles.  The objectives of terrorist groups are more serious.  That is not to say that cyber groups can’t access a telephone switch in Manhattan on a day like 9/11, shut it down, and therefore cause more casualties.”

Although most governments utilize the ARPANET, and even further, the military using a subsection of that network called the MILNET, private and corporate networks are also used to communicate with each other, contractors, and the outside world.  With this handoff to corporations, these private/corporate networks can be seen as a weak link in overall security.  How do corporations protect themselves against cyber terrorism as well?  Moreover, corporations make up a majority of this country’s economic lifeblood, how do they protect themselves against cyber terrorism to avoid an economic disaster?



Cyber Terrorism Against Corporations

Corporations utilize the same technological countermeasures as individuals and the government uses. They make sure their computers are secure, their networks are protected and their data backed up and safe.  More and more employees are accessing their corporate email and calendars from their devices like smart phones, tablets, etc.   Corporations need to impose policies to not only protect their own data assets against criminal mischief, but also in the event that an individuals smart device with access to their network gets compromised or lost, that device can be remotely wiped to protect against further unintended intrusion.

Corporations like telecommunication companies serve the government as well as consumers with network access.  Special security measures are needed to be put in place to have these networks up to government security specifications and ensure access is limited and monitored.  Like the Government, corporations are interconnected themselves and could be prone to social engineering type attacks.  This could be just one of many exploits a cyber terrorist could leverage to gain access to the corporate network and even tunnel into government and consumer networks with malicious intent.  Corporations like this will partner with the government and leverage their counterintelligence and counterterrorism ability to see how they can further protect themselves.

Below is a graph from June 2012 identifying the distribution of targets of Cyber Terrorism courtesy of Hackmageddon.com that are "discovered" attacks and are considered just the tip of the ice burg.

Image courtesy of Hackmageddon.com

One example from our team of a corporation and government working together to thwart cyber terrorism was when his company was approached by the FBI to set up a web page to capture the attention of would be hackers and cyber terrorists in order to track their activity.  This example of activity is called creating “honey pots”.   At the time, our group teammate wasn’t sure what the reasoning was about and even after being asked to take it down, no reasons were provided.  But about a week or two later, there were reports to catching Chinese hackers attacking corporate internets and using their networks to gain leverage to government networks.  Putting one and one together was pretty easy after the fact, but it goes to show just how well this type of partnership is necessary to protect the interests of our country, economic system and ultimately the people in that country.

Like consumers, companies also need to back up and protect their data.  In addition to having secure back ups on site, its important to encrypt backups and store them offsite with the ability to recover and decrypt the backups for use at a future time.   Cite examples of how corporations back up needs are different than consumers and individuals.


Video courtesy of YouTube: 
Clear and Present Danger: Cyber-Crime; Cyber-Espionage; Cyber-Terror; and Cyber-War


Conclusion

Governments, corporations and individuals need to improve their own understanding about the overall security of our homeland’s networks and computers.  Attacks can be as large as overtaking governments and shutting down power grids down to manipulating even our own personal devices like home computers and cell phones.  It’s obvious that the most effective deterrent to cyber terrorist activities is to make their job a lot more difficult and be diligent against their activities instead of just whistling through the graveyard and having a Pollyanna attitude about it. Neglecting to know how our devices work on the networks and even the networks themselves is setting people up for being an easy mark.

As an interconnected society, we must recognize and react to flaws in our own computers as well as network administrators / security teams needing to constantly be aware of the potential of these attacks and patching security holes in our own systems and networks.  In addition to knowledge of our infrastructure, we need to be mindful of the intentions of what these attacks are intended for.  Being aware of domestic and world events can help in discerning what cyber terrorist’s motivations are.  By understanding these motivations along with protecting known security holes in our devices and networks, we can better defend ourselves against cyber terrorism as individuals, corporations and governments.


More Social Media Resources

A great podcast our team found is found at oneplace.com where John Nieder and Ron Rhodes talk about Cyber Terrorism".

If you prefer using twitter to learn more about current events regarding cyber terrorism and projects dedicated to cyber terrorism please follow: @CTP_Swansea

In addition to CTP_Swansea's twitter account, they have a companion cyber terrorism blog site that has some great videos and current event articles.

BakerHostetler and Kroll Advisory Solutions presented a webinar discussing the President's cyber-security executive order and its anticipated impact on US businesses.  It covers: threats analysis, key features of the cybersecurity executive order, potential impact on industry security standards and dealing with regulatory aspects of the cybersecurity executive order.

Two ebooks we recommend to learn more about Cyber Warfare and Cyber Terrorism include:



References

William L. Tafoya, Ph.D., “Cyber Terror”, November 2011, http://www.fbi.gov/stats-services/publications/law-enforcement-bulletin/november-2011/cyber-terror

FBI, “How To Protect Your Computer, http://www.fbi.gov/scams-safety/computer_protect

Homeland Security, “Protect Myself From Cyber Attacks”, http://www.dhs.gov/how-do-i/protect-myself-cyber-attacks

Sarah Gordon, “Cyberterrorism and the Home User”,  http://www.symantec.com/avcenter/reference/cyberterrorism.and.home.user.pdf

BrainyQuote, “Cyber Quotes”, http://www.brainyquote.com/quotes/keywords/cyber.html

DataSavers Inc, “Computer and Internet Security”, http://www.datasaversinc.com/computer-and-internet-security

Denning, Dorothy, “Cyberterrorism”, Testimony before the Special Oversight Panel of Terrorism Committee on Armed Services, US House of Representatives, 23 May 2000. (http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html)
Michael Riley, “Secret Intelligence Fuels U.S. Hacking Fight With China”, June 6, 2013, http://www.bloomberg.com/news/2013-06-07/secret-intelligence-fuels-u-s-hacking-fight-with-china.html

"Hackmageddon 2012 Cyber Attack Statistics"
http://hackmageddon.com/2012-cyber-attacks-statistics-master-index/


Video: "Clear and Present Danger: Cyber-Crime; Cyber-Espionage; Cyber-Terror; and Cyber-War"
http://www.youtube.com/watch?v=fawN4OZEt-Y&feature=share

Podcast: http://www.oneplace.com/ministries/songtime/listen/cyber-terrorism-327320.html  - John Nieder and Ron Rhodes talk about Cyber Terrorism" located on oneplace.com

Twitter: "The Cyber Terrorism Project" https://twitter.com/CTP_Swansea

Blog: "The Cyber Terrorism Project" http://www.cyberterrorism-project.org/blog/

EBook: "Black Ice: The Invisible Threat of Cyberterrorism" http://www.amazon.com/Black-Ice-Invisible-Threat-Cyberterrorism-ebook/dp/B000SBBI34

EBook: O'Reilly "Inside Cyber Warfare" http://www.amazon.com/Inside-Cyber-Warfare-Mapping-Underworld-ebook/dp/B006LM62W6/ref=pd_sim_kstore_1

Webinar: "New Cybersecurity Executive Order" http://www.bakerlaw.com/events/webinar-new-cybersecurity-executive-order-2-14-2013/

No comments: