Part of a series on |
Terrorism |
---|
Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, [1] cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. [2] Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. [3] By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime. [4]
Cyberterrorism can be also defined as the intentional use of computers, networks, and public internet to cause destruction and harm for personal objectives. Experienced cyberterrorists, who are very skilled in terms of hacking can cause massive damage to government systems and might leave a country in fear of further attacks. [5] The objectives of such terrorists may be political or ideological since this can be considered a form of terror. [6]
There is much concern from government and media sources about potential damage that could be caused by cyberterrorism, and this has prompted efforts by government agencies such as the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and the Central Intelligence Agency (CIA) to put an end to cyber attacks and cyberterrorism. [5]
There have been several major and minor instances of cyberterrorism. Al-Qaeda utilized the internet to communicate with supporters and even to recruit new members. [7] Estonia, a Baltic country which is constantly evolving in terms of technology, became a battleground for cyberterrorism in April 2007 after disputes regarding the relocation of a WWII soviet statue located in Estonia's capital Tallinn. [4]
There is debate over the basic definition of the scope of cyberterrorism. These definitions can be narrow such as the use of Internet to attack other systems in the Internet that result to violence against persons or property. [8] They can also be broad, those that include any form of Internet usage by terrorists to conventional attacks on information technology infrastructures. [8] There is variation in qualification by motivation, targets, methods, and centrality of computer use in the act. U.S. government agencies also use varying definitions and that none of these have so far attempted to introduce a standard that is binding outside of their sphere of influence. [9]
Depending on context, cyberterrorism may overlap considerably with cybercrime, cyberwar or ordinary terrorism. [10] Eugene Kaspersky, founder of Kaspersky Lab, now feels that "cyberterrorism" is a more accurate term than "cyberwar". He states that "with today's attacks, you are clueless about who did it or when they will strike again. It's not cyber-war, but cyberterrorism." [11] He also equates large-scale cyber weapons, such as the Flame Virus and NetTraveler Virus which his company discovered, to biological weapons, claiming that in an interconnected world, they have the potential to be equally destructive. [11] [12]
If cyberterrorism is treated similarly to traditional terrorism, then it only includes attacks that threaten property or lives, and can be defined as the leveraging of a target's computers and information, particularly via the Internet, to cause physical, real-world harm or severe disruption of infrastructure.
Many academics and researchers who specialize in terrorism studies suggest that cyberterrorism does not exist and is really a matter of hacking or information warfare. [13] They disagree with labeling it as terrorism because of the unlikelihood of the creation of fear, significant physical harm, or death in a population using electronic means, considering current attack and protective technologies.
If death or physical damage that could cause human harm is considered a necessary part of the cyberterrorism definition, then there have been few identifiable incidents of cyberterrorism, although there has been much policy research and public concern. Modern terrorism and political violence is not easily defined, however, and some scholars assert that it is now "unbounded" and not exclusively concerned with physical damage. [14]
There is an old saying that death or loss of property are the side products of terrorism, the main purpose of such incidents is to create terror in peoples' minds and harm bystanders. If any incident in cyberspace can create terror, it may be rightly called cyberterrorism. For those affected by such acts, the fears of cyberterrorism are quite real. [15]
As with cybercrime in general, the threshold of required knowledge and skills to perpetrate acts of cyberterrorism has been steadily diminishing thanks to freely available hacking suites and online courses. [16] Additionally, the physical and virtual worlds are merging at an accelerated rate, making for many more targets of opportunity which is evidenced by such notable cyber attacks as Stuxnet, the Saudi petrochemical sabotage attempt in 2018 and others. [17]
Assigning a concrete definition to cyberterrorism can be hard, due to the difficulty of defining the term terrorism itself. Multiple organizations have created their own definitions, most of which are overly[ quantify ] broad. There is also controversy concerning overuse of the term, hyperbole in the media and by security vendors trying to sell "solutions". [18]
One way of understanding cyberterrorism involves the idea that terrorists could cause massive loss of life, worldwide economic chaos and environmental damage by hacking into critical infrastructure systems. [19] The nature of cyberterrorism covers conduct involving computer or Internet technology that: [20]
The term "cyberterrorism" can be used in a variety of different ways, but there are limits to its use. An attack on an Internet business can be labeled cyberterrorism, however when it is done for economic motivations rather than ideological it is typically regarded as cybercrime. [20] Convention also limits the label "cyberterrorism" to actions by individuals, independent groups, or organizations. Any form of cyberwarfare conducted by governments and states would be regulated and punishable under international law. [20]
The Technolytics Institute defines cyberterrorism as
[t]he premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives. [21]
The term appears first in defense literature, surfacing (as "cyber-terrorism") in reports by the U.S. Army War College as early as 1998. [22]
The National Conference of State Legislatures, an organization of legislators created to help policymakers in the United States with issues such as economy and homeland security defines cyberterrorism as:
[T]he use of information technology by terrorist groups and individuals to further their agenda. This can include use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures, or for exchanging information or making threats electronically. Examples are hacking into computer systems, introducing viruses to vulnerable networks, web site defacing, Denial-of-service attacks, or terroristic threats made via electronic communication. [23]
The American Federal Emergency Management agency defines cyberterrorism as:
[T]he illegal threat and the attack against computers, networks, and information stored, where it is carried out to frighten and force the government or its people ti achieve political or social objectives. [24]
NATO defines cyberterrorism as "[a] cyberattack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal". [25]
The United States National Infrastructure Protection Center defined cyberterrorism as:
A criminal act perpetrated by the use of computers and telecommunications capabilities resulting in violence, destruction, and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a political, social, or ideological agenda. [26]
The FBI, another United States agency, defines "cyber terrorism" as "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by subnational groups or clandestine agents". [27]
These definitions tend to share the view of cyberterrorism as politically and/or ideologically inclined. One area of debate is the difference between cyberterrorism and hacktivism. Hacktivism is "the marriage of hacking with political activism". [28] Both actions are politically driven and involve using computers, however cyberterrorism is primarily used to cause harm. It becomes an issue because acts of violence on the computer can be labeled[ by whom? ] either[ citation needed ] cyberterrorism or hacktivism.
In 1999 the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California, defined three levels of cyberterror capability: [29]
Cyberterrorism is becoming more and more prominent on social media today. [30] [ need quotation to verify ] As the Internet becomes more pervasive, individuals or groups can use the anonymity afforded by cyberspace to threaten other individuals, specific groups (with membership based, for example, on ethnicity or belief), communities and entire countries, without the inherent threat of identification, capture, injury, or death of the attacker that being physically present would bring. Many[ quantify ] groups such as Anonymous, use tools such as denial-of-service attacks to attack and censor groups which oppose them, creating many concerns for freedom and respect for differences of thought.
Many believe that cyberterrorism is an extreme threat to countries' economies,[ citation needed ] and fear an attack could potentially lead to another Great Depression.[ citation needed ] Several leaders agree that cyberterrorism has the highest percentage of threat over other possible attacks on U.S. territory. Although natural disasters are considered[ by whom? ] a top threat and have proven to be devastating to people and land, there is ultimately little that can be done to prevent such events from happening. Thus, the expectation is to focus more on preventative measures that will make Internet attacks impossible for execution.[ citation needed ]
As the Internet continues to expand, and computer systems continue to be assigned increased responsibility while becoming more complex and interdependent, sabotage or terrorism via the Internet may become a more serious threat and is possibly one of the top 10 events to "end the human race." [31] [ better source needed ] People have much easier access to illegal involvement within cyberspace by the ability to access a part of the internet known as the Dark Web. [32] (registration required) The Internet of Things promises to further merge the virtual and physical worlds, which some[ quantify ] experts[ which? ] see as a powerful incentive for states to use terrorist proxies in furtherance of objectives. [33]
Dependence on the Internet is rapidly increasing on a worldwide scale, creating a platform for international cyber-terror plots to be formulated and executed as a direct threat to national security. [20] [ need quotation to verify ] For terrorists, cyber-based attacks have distinct advantages over physical attacks. They can be conducted remotely, anonymously, and relatively cheaply, and they do not require significant investment in weapons, explosives or personnel. [34] The effects can be widespread and profound. Incidents of cyberterrorism are likely to increase. They can be expected to take place through denial-of-service attacks, malware, and other methods that are difficult to envision today. [35] [ need quotation to verify ] One example involves the deaths involving the Islamic State and the online social networks Twitter, Google, and Facebook – leading to legal action being taken against them, that ultimately resulted in them being sued. [36] [ need quotation to verify ]
In an article about cyber attacks by Iran and North Korea, The New York Times observes:
The appeal of digital weapons is similar to that of nuclear capability: it is a way for an outgunned, outfinanced nation to even the playing field. "These countries are pursuing cyberweapons the same way they are pursuing nuclear weapons," said James A. Lewis, a computer security expert at the Center for Strategic and International Studies in Washington. "It's primitive; it's not top of the line, but it's good enough and they are committed to getting it." [37]
In addition, Cyberterrorism has also been documented to arouse negative emotions. Recent studies have suggested that Cyberterrorism produces heightened levels of anger and stress, which do not differ drastically from the effects of conventional terrorism. [38] Researchers also noted that Cyberterrorism produced higher levels of stress than anger, and the responses are not dependent on the lethality of the attack. [38]
Public interest in cyberterrorism began in the late 1990s, when the term was coined by Barry C. Collin. [39] As 2000 approached, the fear and uncertainty about the millennium bug heightened, as did the potential for attacks by cyber terrorists. Although the millennium bug was by no means a terrorist attack or plot against the world or the United States, it did act as a catalyst in sparking the fears of a possibly large-scale devastating cyber-attack. Commentators noted that many of the facts of such incidents seemed to change, often with exaggerated media reports.
The high-profile terrorist attacks in the United States on 11 September 2001, and the ensuing War on Terror by the US led to further media coverage of the potential threats of cyberterrorism in the years following. Mainstream media coverage often discusses the possibility of a large attack making use of computer networks to sabotage critical infrastructures with the aim of putting human lives in jeopardy or causing disruption on a national scale either directly or by disruption of the national economy. [40]
Authors such as Winn Schwartau and John Arquilla are reported to have had considerable financial success selling books which described what were purported to be plausible scenarios of mayhem caused by cyberterrorism. Many critics claim that these books were unrealistic in their assessments of whether the attacks described (such as nuclear meltdowns and chemical plant explosions) were possible. A common thread throughout what critics perceive as cyberterror-hype is that of non-falsifiability; that is, when the predicted disasters fail to occur, it only goes to show how lucky we've been so far, rather than impugning the theory.
In 2016, for the first time ever, the Department of Justice charged Ardit Ferizi with cyberterrorism. He is accused of allegedly hacking into a military website and stealing the names, addresses, and other personal information of government and military personnel and selling it to ISIS. [41]
On the other hand, it is also argued that, despite substantial studies on cyberterrorism, the body of literature is still unable to present a realistic estimate of the actual threat. [42] For instance, in the case of a cyberterrorist attack on a public infrastructure such as a power plant or air traffic control through hacking, there is uncertainty as to its success because data concerning such phenomena are limited. [42]
Cyberterrorism ranks among the highest potential security threats in the world. It has become more critical than the development of nuclear weapons or the current conflicts between nations. Due to the pervasiveness of the internet and the amount of responsibility assigned to this technology, digital weapons pose a threat to entire economic or social systems. Some of the most critical international security concerns include:
DDoS Attacks – Millions of Denial of Service attacks occur every year and the service disruption can cost hundreds of thousands of dollars each hour they are down. It is important to keep critical systems secured and redundant to remain online during these attacks.
Social Engineering – In 1997 an experiment conducted by the NSA concluded that thirty five-hackers were able to access critical pentagon computer systems and could easily edit accounts, reformat data and even shut down entire systems. Often they used phishing tactics such as calling offices and pretending to be technicians to gain passwords.
Third Party Software – The top retailers are connected with thousands of separate third-party recourses and at least 23% of those assets have at least one critical vulnerability. These companies need to manage and reevaluate their network security in order to keep personal data safe.
As technology becomes more and more integrated into society, new vulnerabilities and security threats are opened up on these complex networks that we have set up. If an intruder was to gain access to these networks they have the potential to threaten entire communities or economic systems. There is no certainty for what events will take place in the future, which is why it is important that there are systems build to adapt to the changing environment.
The most apparent cyberterrorism threat in our near future will involve the state of remote work during the COVID-19 pandemic. Companies cannot expect that every home office is up to date and secure so they must adopt a zero-trust policy from home devices. This means that they must assume corporate resources and unsecured devices are sharing the same space and they must act accordingly.
The rise of cryptocurrency has also sparked some additional threats in the realm of security. Cyber Criminals are now hijacking home computers and company networks in order to mine certain cryptocurrencies such as bitcoin. This mining process requires an immense amount of computer processing power which can cripple a business’ network and lead to severe downtime if the issue is not resolved.
As of 2016 there have been eighteen conventions and major legal instruments that specifically deal with terrorist activities and cyber terrorism.
There are many different motives for cyberattacks, with the majority being for financial reasons. However, there is increasing evidence that hackers are becoming more politically motivated. Cyberterrorists are aware that governments are reliant on the internet and have exploited this as a result. For example, Mohammad Bin Ahmad As-Sālim's piece "39 Ways to Serve and Participate in Jihad" discusses how an electronic jihad could disrupt the West through targeted hacks of American websites, and other resources seen as anti-Jihad, modernist, or secular in orientation (Denning, 2010; Leyden, 2007). [44]
Many of the cyberattacks are not conducted for money, rather the cyberattacks are conducted due to different ideological beliefs and due to wanting to get personal revenge and outrage towards company or individual, the cybercriminal is attacking. [45] An employee might want to get revenge on a company if they were mistreated or wrongfully terminated.[ citation needed ]
Other motivations for cybercriminals include:
Political goals motivate cyber-attackers because they are not happy with candidates and they might want certain candidates to win the election, therefore, they might alter the election voting to help their preferred candidate win.
Competition between two companies can also stir up a cyberattack, as one company can hire a hacker to conduct the attack on a company as they might want to test the rival company's security. This will also benefit a company because it will force their competitor's customers to think that the company is not secure due to them getting cyber attacked effortlessly and they don't want any of their personal credentials getting leaked.
Cyberwarfare is motivation for countries that are fighting each other. This is mainly used to weaken the opposing country by compromising its core systems and the countries data and other vulnerable information.
Money is motivating for cyber attacks for ransomware, phishing, and data theft as the cyber criminals can differently contact the victims and ask for money and in return the data stays safe. [46]
The United Nations has several agencies that seek to address in cyberterrorism, including, the United Nations Office of Counter-Terrorism, the United Nations Office on Drugs and Crime, the United Nations Office for Disarmament Affairs, the United Nations Institute for Disarmament Research, the United Nations Interregional Crime and Justice Research Institute, and the International Telecommunication Union. Both EUROPOL and INTERPOL also notably specialize on the subject.
Both Europol and Interpol specialize in operations against cyberterrorism as they both collaborate on different operations together and host a yearly joint cybercrime conference. While they both fight against cybercrime, both institutions operate differently. Europol sets up and coordinates cross-border operations against cybercriminals in the EU, while Interpol helps law enforcement and coordinates operations against cyber criminals globally. [47]
The Baltic state of Estonia was the target of a massive denial-of-service attack that ultimately rendered the country offline and shut out from services dependent on Internet connectivity in April 2007. The infrastructure of Estonia including everything from online banking and mobile phone networks to government services and access to health care information was disabled for a time. The tech-dependent state experienced severe turmoil and there was a great deal of concern over the nature and intent of the attack.
The cyber attack was a result of an Estonian-Russian dispute over the removal of a bronze statue depicting a World War II-era Soviet soldier from the center of the capital, Tallinn. [4] In the midst of the armed conflict with Russia, Georgia likewise was subject to sustained and coordinated attacks on its electronic infrastructure in August 2008. In both of these cases, circumstantial evidence point to coordinated Russian attacks, but attribution of the attacks is difficult; though both the countries blame Moscow for contributing to the cyber attacks, proof establishing legal culpability is lacking.
Estonia joined NATO in 2004, which prompted NATO to carefully monitor its member states' response to the attack. NATO also feared escalation and the possibility of cascading effects beyond Estonia's border to other NATO members. In 2008, directly as a result of the attacks, NATO opened a new center of excellence on cyberdefense to conduct research and training on cyber warfare in Tallinn. [48]
The chaos resulting from the attacks in Estonia illustrated to the world the dependence countries had on information technology. This dependence then makes countries vulnerable to future cyber attacks and terrorism. [4]
Quick information on the cyber attack on Estonia and its effects on the country. [49]
As cyberattacks continue to increase around the world, countries still look at the attacks on Estonia in the 2007 as an example of how countries can fight future cyberattacks and terrorism. As a result of the attacks, Estonia is now currently one of the top countries in cyber defence and online safety and its capital city of Tallinn is home to NATO's cyber defense hub. The government of Estonia continues to update there cyber defence protocols and national cybersecurity strategies. NATO's Cooperative Cyber Defence Centre in Tallinn also conducts research and training on cyber security to not just help Estonia but other countries that are in the alliance. [50]
The Chinese Defense Ministry confirmed the existence of an online defense unit in May 2011. Composed of about thirty elite internet specialists, the so-called "Cyber Blue Team", or "Blue Army", is officially claimed to be engaged in cyber-defense operations, though there are fears the unit has been used to penetrate secure online systems of foreign governments. [51] [52] China's leaders have invested in its foundations of cyber defense and quantum computing and artificial intelligence. 39 Chinese soldiers were chosen to strengthen China's cyber defenses. The reason given by Spokesman for the Ministry of National Defense, Geng Yansheng was that their internet protection was currently weak. Geng claimed that the program was only temporary to help improve cyber defenses. [53]
To counter the cyber terrorists, also called "white-collar jihadis", the police in India has registered private citizens as volunteers who patrol the internet and report the suspected cyber terrorists to the government. These volunteers are categorised in three categories, namely "Unlawful Content Flaggers", "Cyber Awareness Promoters" and "Cyber Experts". In August 2021, police arrested five suspected white-collar jihadis who were preparing a hit list of officers, journalists, social activists, lawyers and political functionaries to create fear among people. The white-collar jihadis are considered "worst kind of terrorists" as they remain anonymous and safe in other nations, but inflict "immeasurable" amount of damage and brainwashing. [54]
In India, the demand for cyber security professionals has increased over 100 per cent in 2021 and will rise 200 per cent by 2024. [55]
Eighty two percent of companies in India had a ransomware attack in the year 2020. The cost it takes to recover from a ransomware attack in India has gone from $1.1 million in 2020 to $3.38 million in 2021. [56] India is at the top of the list of 30 countries for ransomware attacks.
A cyber-attack took place on the electricity grid in Maharashtra that resulted in a power outage. This occurred in October 2020 and the authorities believe China was behind it. [57]
Important information like dates of birth and full names were leaked for thousands of patients who were tested for COVID-19. This information was made accessible on Google and was leaked from government websites. The job portal IIMjobs was attacked and the information of 1.4 million people looking for jobs was leaked. The information leaked was quite extensive including the location of users and their names and phone numbers. The information for 500,000 Indian police personal was sold on a forum in February 2021. The information contained much personal information. The data was from a police exam taken in December 2019. [58]
According to 2016 Deloitte Asia-Pacific Defense Outlook, [59] South Korea's 'Cyber Risk Score' was 884 out of 1,000 and South Korea is found to be the most vulnerable country to cyber attacks in the Asia-Pacific region. Considering South Korea's high speed internet and cutting-edge technology, its cyber security infrastructure is relatively weak. [60] The 2013 South Korea cyberattack significantly damaged the Korean economy. This attack wounded the systems of two banks and the computer networks of three TV broadcasters. The incident was a massive blow, and the attacker was never identified. It was theorized to be North Korea. The week before North Korea accused the United States and South Korea of shutting down their internet for two days. [61] In 2017, a ransomware attack harassed private companies and users, who experienced personal information leakage. Additionally, there were North Korea's cyber attacks which risked national security of South Korea. [62]
In response to this, South Korean government's countermeasure is to protect the information security centres the National Intelligence Agency. Currently, 'cyber security' is one of the major goals of NIS Korea. [63] Since 2013, South Korea had established policies related to National cyber security and trying to prevent cyber crises via sophisticated investigation on potential threats. Meanwhile, scholars emphasize on improving the national consciousness towards cyber attacks as South Korea had already entered the so-called 'hyper connected society'.
North Korea's cyberwarfare is incredibly efficient and the best of state-sponsored hackers. Those who are chosen to be hackers are selected when they are young and trained specifically in cyberwarfare. Hackers are trained to steal money from ATMs but not enough to be reported. North Korea is great at zero-day exploits. The country will hack anyone they chose to. They steal secrets from companies and government agencies and steal money from financial systems to fund their hacking operations. [64]
Pakistani Government has also taken steps to curb the menace of cyberterrorism and extremist propaganda. National Counter Terrorism Authority (Nacta) is working on joint programs with different NGOs and other cyber security organizations in Pakistan to combat this problem. Surf Safe Pakistan [65] is one such example. Now people in Pakistan can report extremist and terrorist related content online on Surf Safe Pakistan portal. The National Counter Terrorism Authority (NACTA) provides the Federal Government's leadership for the Surf Safe Campaign.
A series of powerful cyber attacks began 27 June 2017, that swamped websites of Ukrainian organizations, including banks, ministries, newspapers and electricity firms.
The US Department of Defense (DoD) charged the United States Strategic Command with the duty of combating cyberterrorism. This is accomplished through the Joint Task Force-Global Network Operations, which is the operational component supporting USSTRATCOM in defense of the DoD's Global Information Grid. This is done by integrating GNO capabilities into the operations of all DoD computers, networks, and systems used by DoD combatant commands, services and agencies.
On 2 November 2006, the Secretary of the Air Force announced the creation of the Air Force's newest MAJCOM, the Air Force Cyber Command, which would be tasked to monitor and defend American interest in cyberspace. The plan was however replaced by the creation of Twenty-Fourth Air Force which became active in August 2009 and would be a component of the planned United States Cyber Command. [66]
On 22 December 2009, the White House named its head of computer security as Howard Schmidt to coordinate U.S Government, military and intelligence efforts to repel hackers. He left the position in May 2012. [67] Michael Daniel was appointed to the position of White House Coordinator of Cyber Security the same week [68] and continues in the position during the second term of the Obama administration. [69]
Obama signed an executive order to enable the US to impose sanctions on either individuals or entities that are suspected to be participating in cyber related acts. These acts were assessed to be possible threats to US national security, financial issues or foreign policy issues. [70] U.S. authorities indicted a man over 92 cyberterrorism hacks attacks on computers used by the Department of Defense. [71] A Nebraska-based consortium apprehended four million hacking attempts in the course of eight weeks. [72] In 2011 cyberterrorism attacks grew 20%. [73]
In May 2021, President Joe Biden announced an executive order aiming to improve America's cybersecurity. It came about after an increase in cybersecurity attacks aimed at the country's public and private sector. The plan aims to improve the government's cyberdefense by working on its ability to identify, deter, protect against, detect, and respond to attacks. The plan has 10 sections written into the document that include, to name a few, improving sharing of threat information, modernizing the government's cybersecurity, and establishing a Cybersecurity Review Board. [74]
An operation can be done by anyone anywhere in the world, for it can be performed thousands of miles away from a target. An attack can cause serious damage to a critical infrastructure which may result in casualties. [75]
Some attacks are conducted in furtherance of political and social objectives, as the following examples illustrate:
Non-political acts of sabotage have caused financial and other damage. In 2000, disgruntled employee Vitek Boden caused the release of 800,000 litres of untreated sewage into waterways in Maroochy Shire, Australia. [105] [106]
More recently, in May 2007 Estonia was subjected to a mass cyber-attack in the wake of the removal of a Russian World War II war memorial from downtown Tallinn. The attack was a distributed denial-of-service attack in which selected sites were bombarded with traffic to force them offline; nearly all Estonian government ministry networks as well as two major Estonian bank networks were knocked offline; in addition, the political party website of Estonia's Prime Minister Andrus Ansip featured a counterfeit letter of apology from Ansip for removing the memorial statue.[ citation needed ] In January 2008 a man from Estonia was convicted for launching the attacks against the Estonian Reform Party website and fined. [107] [108]
During the Russo-Georgian War, on 5 August 2008, three days before Georgia launched its invasion of South Ossetia, the websites for OSInform News Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its header and logo, but its content was replaced by a feed to the Alania TV website content. Alania TV, a Georgian government-supported television station aimed at audiences in South Ossetia, denied any involvement in the hacking of the websites. Dmitry Medoyev, at the time the South Ossetian envoy to Moscow, claimed that Georgia was attempting to cover up information on events which occurred in the lead-up to the war. [109] One such cyber attack caused the Parliament of Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images comparing Georgian president Mikheil Saakashvili to Adolf Hitler. [110] Other attacks involved denials of service to numerous Georgian and Azerbaijani websites, [111] such as when Russian hackers allegedly disabled the servers of the Azerbaijani Day.Az news agency. [112]
In June 2019, Russia has conceded that it is "possible" its electrical grid is under cyber-attack by the United States. [113] The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid. [114]
Even more recently, in October 2007, the website of Ukrainian president Viktor Yushchenko was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility. [115] [116]
In 1999 hackers attacked NATO computers. The computers flooded them with email and hit them with a denial-of-service attack. The hackers were protesting against the NATO bombings of the Chinese embassy in Belgrade. Businesses, public organizations and academic institutions were bombarded with highly politicized emails containing viruses from other European countries. [117]
In December 2018, Twitter warned of "unusual activity" from China and Saudi Arabia. A bug was detected in November that could have revealed the country code of users' phone numbers. Twitter said the bug could have had ties to "state-sponsored actors". [118] [119]
In May 2021 successive waves of DDOS attacks aimed at Belnet, Belgium's public sector ISP, took down multiple government sites in Belgium. 200 sites were affected leaving public offices, universities, and research centers unable to access the internet fully or partially. [120]
Information warfare (IW) is the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. It is different from cyberwarfare that attacks computers, software, and command control systems. Information warfare is the manipulation of information trusted by a target without the target's awareness so that the target will make decisions against their interest but in the interest of the one conducting information warfare. As a result, it is not clear when information warfare begins, ends, and how strong or destructive it is.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
The Australian High Tech Crime Centre (AHTCC) are hosted by the Australian Federal Police (AFP) at their headquarters in Canberra. Under the auspices of the AFP, the AHTCC is party to the formal Joint Operating Arrangement established between the AFP, the Australian Security Intelligence Organisation and the Computer Network Vulnerability Team of the Australian Signals Directorate.
Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.
Patriotic hacking is a term for computer hacking or system cracking in which citizens or supporters of a country, traditionally industrialized Western countries but increasingly developing countries, attempt to perpetrate attacks on, or block attacks by, perceived enemies of the state.
Beginning on 27 April 2007, a series of cyberattacks targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. Most of the attacks that had any influence on the general public were distributed denial of service type attacks ranging from single individuals using various methods like ping floods to expensive rentals of botnets usually used for spam distribution. Spamming of bigger news portals commentaries and defacements including that of the Estonian Reform Party website also occurred. Research has also shown that large conflicts took place to edit the English-language version of the Bronze Soldier's Wikipedia page.
Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."
The July 2009 cyberattacks were a series of coordinated cyberattacks against major government, news media, and financial websites in South Korea and the United States. The attacks involved the activation of a botnet—a large number of hijacked computers—that maliciously accessed targeted websites with the intention of causing their servers to overload due to the influx of traffic, known as a DDoS attack. Most of the hijacked computers were located in South Korea. The estimated number of the hijacked computers varies widely; around 20,000 according to the South Korean National Intelligence Service, around 50,000 according to Symantec's Security Technology Response group, and more than 166,000 according to a Vietnamese computer security researcher who analyzed the log files of the two servers the attackers controlled. An investigation revealed that at least 39 websites were targets in the attacks based on files stored on compromised systems.
Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and offensive power projection thanks to comparatively advanced technology and a large military budget. Cyberwarfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.
Cyberwarfare by China is the aggregate of cyberattacks attributed to the organs of the People's Republic of China and various related advanced persistent threat (APT) groups.
There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law, and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced.
A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.
Cyberwarfare is a part of the Iranian government's "soft war" military strategy. Being both a victim and wager of cyberwarfare, Iran is considered an emerging military power in the field. Since November 2010, an organization called "The Cyber Defense Command" has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" which is itself a subdivision of the Joint Staff of Iranian Armed Forces.
A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.
The Strengthening State and Local Cyber Crime Fighting Act of 2017 is a bill introduced in the United States House of Representatives by U.S. Representative John Ratcliffe (R-Texas). The bill would amend the Homeland Security Act of 2002 to authorize the National Computer Forensics Institute, with the intent of providing local and state officials with resources to better handle cybercrime threats. Ratcliffe serves as the current chairman of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.
Azerbaijan Computer Emergency Response Team, officially known as Azerbaijan Government CERT, is a computer emergency response team of the Republic of Azerbaijan responsible for cybersecurity and gathering data concerning information technology. It operates under the Special Communication and Information Security State Service of the government of Azerbaijan. It collects data within its framework from relevant sources, including internet users, computer engineering groups, individuals or organizations and software developers. It coordinates with the foreign countries for gathering and analysing data from cybersecurity incidents involving both software and hardware tools designed for the prevention of internet and computer security.
A cyberattack is any unauthorized effort against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.
Once a cyberattack has been initiated, certain targets need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyber attacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. Cyberattacks that have an adverse physical effect are known as cyber-physical attacks.
The difficulty of defining terrorism has led to the cliche that one man's terrorist is another man's freedom fighter
{{cite journal}}
: Cite journal requires |journal=
(help){{cite journal}}
: Cite journal requires |journal=
(help)The current NATO Definition of cyber terrorism is: 'A cyberattack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal.'
The National Infrastructure Protection Center, now part of the US Department of Homeland Security, states as their understanding of cyber terrorism: 'A criminal act perpetrated by the use of computers and telecommunications capabilities resulting in violence, destruction, and/or disruption of services to create fear by causing confusion and uncertainty within a given population, with the goal of influencing a government or population to conform to a political, social, or ideological agenda.'
The Federal Bureau of Investigation has the following definition of cyber terrorism: Any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by subnational groups or clandestine agents.'
States are actively engaged in weaponising code and are all too willing to hide behind the challenges of attribution — many will be apt to share code with proxies in furtherance of their objectives, just as states continue to support terrorism in the 'physical' realm. [...] Reduced technical complexity, lowered costs and most importantly, the continued push to connect the virtual and the physical — think of the growth of the Internet of Things or Machine-to-Machine connectivity — is making for new, enticing physical targets worldwide.
{{cite book}}
: CS1 maint: multiple names: authors list (link)Geng Yansheng, spokesperson for China's Defense Ministry, was quoted to say that the PLA set up the cyberwar unit, or 'cyber blue team', to support its military training and upgrade the army's Internet security defense.
China set up a specialized online 'Blue Army' unit that it claims will protect the People's Liberation Army from outside attacks, prompting fears that the crack team was being used to infiltrate foreign governments' systems.
{{cite web}}
: CS1 maint: numeric names: authors list (link)Washington DC, 2003
Press, New York, 1999