Cyberspace, Cyberterrorism and
Information Warfare:
A Perfect Recipe for Confusion
By
Ali Jahangiri
Abstract:
The terms "cyberspace," "cyberterrorism" and
"information warfare" are becoming common in the
dialog of information security and media
professionals. However, it is hard to find solid
definitions of these terms.
The author discusses these terms from
different viewpoints by giving examples and
different definitions from diverse sources, both
academic and professional.
Keywords:
Cyberspace, cyberterrorism, information warfare,
hack, hacking, attack, information operations,
cryptography, steganography, cyber security
1.1
Cyberspace
William Gibson, an American–Canadian
writer, first used the term "cyberspace" in his short
story “Burning Chrome”; he popularized this concept in
another novel, “Neuromancer,” in 1984. This now
ubiquitous term has become a conventional means to
describe anything associated with computers, information
technology, the Internet and the diverse Internet
culture.
1.2
Cyberspace
Security
Issues
related to cyberspace security have become crucial for
most of the world's governments. Cyberspace security's
importance has reached the point at which governments
have developed instructions and guidelines for securing
cyberspace. For instance,
on
December 12th, 2008
the
Center for Strategic and International Studies (CSIS)
released a report for America's 44th
president about the security of cyberspace in the US.
This 96-page report contains information about the
current situation of US cyberspace and recommendations
to increase its security.
The report tries to emphasize the
importance of cyberspace security by real examples:
“The damage from cyber attack is real. In
2007, The Department of Defense, State, Homeland
Security, and Commerce; NASA; and National Defense
University all suffered major intrusions by unknown
foreign entities. The unclassified e-mail of the
secretary of defense was hacked and DOD officials told
us that the department’s computers are probed hundreds
of thousands times each day. A senior official at the
Department of State told us the department had lost
“terabytes” of information. Homeland Security suffered
break-ins in several of its divisions, including
Transportation Security Agency, The Department of
Commerce was forced to take the Bureau of Industry and
Security off-line for several months, NASA has had to
impose e-mail restrictions before shuttle lunches and
allegedly has seen designs for new launches
compromised.”
1.3
Cyberterrorism
Cyberterrorism has different definitions
because each security expert has his own definition.
This term can be defined as the use of information
technology by terrorist groups and individuals to
achieve their targets. This can include the use of
information technology to organize and execute attacks
against networks, computer systems and
telecommunications infrastructures; or for exchanging
information or making threats electronically. It is
possible to present different examples such as hacking
into computer systems, programming viruses and worms,
defacing websites, launching denial-of-service attacks,
or making terrorist threats via electronic
communication.
At the
Technolytics Institute, Kevin G. Coleman uses this
definition of cyberterrorism:
“The
premeditated use of disruptive activities, or the threat
thereof, against computers and/or networks, with the
intention to cause harm or further social, ideological,
religious, political or similar objectives. Or to
intimidate any person in furtherance of such
objectives.”
Some
say that cyberterrorism does not exist and is really a
matter of hacking or malicious activities. They disagree
with labeling it "terrorism" because of the unlikelihood
of creating fear, significant physical harm or death in
a population using electronic means, considering current
attack prevention and protective technologies.
The US
Federal Bureau of Investigation (FBI) defines terrorism
as “the unlawful use of force or violence, committed
by a group(s) of two or more individuals, against
persons or property, to intimidate or coerce a
government, the civilian population, or any segment
thereof, in furtherance of political or social
objectives” (FBI, 2002).
The US
Department of Defense (DOD) defines terrorism using a
slightly broader brush, calling it “the unlawful use
of, or threatened use, of force or violence against
individuals or property, to coerce and intimidate
governments or societies, often to achieve political,
religious or ideological objectives” (DOD, 2002).
Interactions between human
motives and information technology for terrorist
activities within cyberspace or the virtual world can be
addressed as cyberterrorism. However, this is the
definition that Sara Gordon and Richard Ford from
Symantec use in their paper about cyberterrorism to
define “Pure Cyberterrorism.”
2.1
Cyberterrorism Attacks
Cyberattacks can happen in different ways but, in
general, we can categorize them as attacks against data
and attacks against services. In attacks against data,
the attacker tries to access or compromise the data. In
an attack against services, the attacker tries to
disrupt services to prevent legitimate users from using
those services.
In 1998, a terrorist
guerrilla organization flooded Sri Lankan embassies'
e-mail accounts all around the world with 800 e-mails
per day for two weeks. The messages simply read, “We are
the Internet Black Tigers and we’re doing this to
interrupt your communications.” US Intelligence
departments characterized this as the first known
terrorist attack against a country’s computer systems.
During
the Kosovo conflict, Belgrade hackers were credited with
denial of service (DoS) attacks against NATO's servers.
They bombarded NATO’s web server with ICMP packets and
"Ping" commands, which test the connectivity of the host
and servers.
Similar attacks took place
in 2000 during the Palestinian-Israeli cyberwar.
Pro-Palestinian hackers used DoS tools to attack
Netvision, Israel’s largest ISP. Although the initial
attacks crippled the ISP, Netvision succeeded in fending
off later assaults by strengthening its security.
In
October 2007, hackers attacked Ukrainian president
Viktor Yushchenko's website. A radical Russian
nationalist youth group, the Eurasian Youth Movement,
claimed responsibility (Radio Free Europe, 2007).
Even
more recently, in November 2008, the Pentagon suffered
from a cyberattack by a computer virus so alarming that
the DOD took the unprecedented step of banning the use
of external hardware devices, such as flash drives and
DVDs (FOX News, 2008).
2.2
Cyberterrorism: Beyond Attacks
Terrorists can use the Internet and cyberspace to
communicate or transfer information covertly. A famous
covert communication technique is Steganography, in
which the sender of a hidden message or data uses a file
as a carrier. These carrier files usually are pictures,
video or audio files. The hidden message is embedded by
encryption techniques into the carrier file without
changing the file's nature. For instant, if a digital
picture will be used as a carrier, the file will look
the same as it otherwise would to the picture viewer
software after the hidden data or secret message is
embedded.
The National Coordination
Office for Networking and Information Technology
Research and Development
published a report in April 2006 that made the following
statements:
-
"…immediate concerns also include the use of
cyberspace for covert communications, particularly
by terrorists but also by foreign intelligence
services; espionage against sensitive but poorly
defended data in government and industry systems;
subversion by insiders, including vendors and
contractors; criminal activity, primarily involving
fraud and theft of financial or identity
information, by hackers and organized crime groups…"
(pp. 9–10)
-
"International interest in R&D for Steganography
technologies and their commercialization and
application has exploded in recent years. These
technologies pose a potential threat to national
security. Because Steganography secretly embeds
additional, and nearly undetectable, information
content in digital products, the potential for
covert dissemination of malicious software, mobile
code, or information is great." (pp. 41–42)
-
"The threat posed by Steganography has been
documented in numerous intelligence reports." (p.
42)
Rumors
about terrorists using Steganography first appeared in
the daily newspaper USA Today on February 5, 2001
in two articles titled "Terrorist instructions hidden
online" and "Terror groups hide behind Web encryption."
In July of that year, the information looked even more
precise: "Militants wire Web with links to jihad."
In
October 2001, The New York Times published an
article claiming that al-Qaeda had used steganographic
techniques to encrypt and embed messages into images,
and then transferred these via e-mail and possibly via
USENET to prepare and execute the September 11, 2001
terrorist attack.
With reference to the
Jamestown Foundation's
[6]
research, a captured terrorist training manual, the
"Technical Mujahid, a Training Manual for Jihadis,"
contains a section entitled "Covert Communications and
Hiding Secrets Inside Images."
The Steganography Analysis
and Research Center
currently has identified more than 725 digital
Steganography applications.
3.1
Information
Warfare
Information warfare has several definitions because of
its nature. Information warfare can take many forms,
such as:
-
Television and radio
transmission(s) can be jammed.
-
Television and radio
transmission(s) can be hijacked for a disinformation
campaign.
-
Logistics networks can
be disabled.
-
Enemy communications
networks can be disabled or spoofed.
-
Stock exchange
transactions can be sabotaged, either with
electronic intervention, or by leaking sensitive
information or spreading disinformation.
In
information warfare the attacker targets the command,
control, communications & intelligence (C3I) within
countries or regions; and it has no front line. As a
result, information warfare goes beyond a single
traditional regional theater to many countries; and can
be launched at targets miles away from the real targets.
In addition, the expansion of information technology to
all layer of business and governmental operations
creates a perfect platform from which to launch attacks.
Information warfare may involve
collecting tactical information, giving assurance(s)
that information is valid, spreading propaganda or
disinformation to demoralize the enemy and the public,
undermining the quality of the opposing force's
information or denying information-collection
opportunities to opposing forces.
The US
Air Force has had Information Warfare Squadrons since
the 1980s. In fact, the US Air Force's official mission
is now "To provide sovereign options for the defense of
the United States and its global interests. To fly and
fight in Air, Space and Cyberspace," with the latter
referring to its Information Warfare role.
Information warfare squadrons launch attacks
electronically or by software against strategic
enemy communication targets. In addition,
disabling such networks electronically instead of
explosively allows them to be quickly re-enabled after
the enemy territory is occupied. Similarly, counter
information warfare units are employed to deny such
capabilities to the enemy. These techniques were first
used against Iraqi communications networks during the
first Persian Gulf War.
In 1991 during the first
Persian Gulf War, Dutch hackers stole information about
US troop movements from US Defense Department computers
and tried to sell it to the Iraqis, who thought it was a
hoax and turned it down.
In January 1999, US Air Intelligence computers were hit
by a coordinated attack, part of which appeared to come
from Russian hacking.
4.1
Information Operations
Information Operations, or “Info Ops,” is an evolving
discipline within the military. It emerged from earlier
concepts such as "Command & Control Warfare" and
"Information Warfare" - mainly US-dominated, originating
in the 1990s and considering lessons learned from the
Persian Gulf War(s).
The US
Department of Defense uses this definition of
Information Operations in the DOD Information Operations
Roadmap:
The integrated employment of the core
capabilities of electronic warfare, computer network
operations (CNO), psychological operations (PSYOP),
military deception, and operations security (OPSEC),
with
specified
supporting and related capabilities to influence,
disrupt, corrupt, or usurp adversarial human and
automated decision-making while protecting our own.
(October 2003)
Germany
leads a multinational effort to develop Info Ops as an
integrating function or joint mission area within the
military, called the "Multinational Information
Operations Experiment" (MNIOE). The 20 current MNIOE
partners define Info Ops as:
"The
advice to and co-ordination of military activities
affecting information and information systems –
including system behavior and capabilities – in order to
create desired effects."
This
definition and its related context differ from extant
national views (e.g., those of the USA or the UK) and
provides an advanced approach to multinational and
interagency information activities in support of crisis
management and effects-based operations.
References
1.
web.tamu.edu/security/SECGUIDE/Spystory/Hacking.htm
2.
news.zdnet.com/2100-9595_22-101740.html
3.
www.theregister.co.uk/2000/10/27/cyberwar_in_the_middle_east/
4.
www.igi-global.com/downloads/excerpts/reference/IGR4726_WbOBBAVgQ2.pdf
5.
en.wikipedia.org/wiki/Cyber-terrorism
6.
www.sarc-wv.com/safdb.aspx
7.
www.washingtonpost.com/wp-dyn/content/discussion/2005/08/05/DI2005080501262.html
8.
www.gwu.edu/%7Ensarchiv/index.html