CYBER TERRORISM, MILITANCY IN CYBERSPACE

Cyber terrorism loosely refers to the application of digital technologies in various cyberspace for terrorist activities. Denning defines ‘Cyber terrorism as unlawful attacks against computer systems, software, hardware, networks, and the data stored therein, when done to intimidate or coerce the governments, or its people in furtherance of political, social, ideological and religious objectives.’ So, drawing a concrete definition of cyber terrorism is quite difficult since there are so many variations of it. The definition again mostly depends on the agency that is doing the defining. Cyber terrorism is generally conducted by the non-state actors those who have different motivations than other cybercriminals. They are usually members of an organization that have multiple members. ISIS is an example of a terrorist group using digital technologies for various purposes.

This article intends to address the like-minded technical people those who are concerned about the intense peril of Cyber Terrorism and Information Warfare against the nation-states and its citizens. This article also makes an effort to define an overall understanding of Cyber terrorism and its devastating impacts and possible prevention, risk mitigation strategies.

The objective of this article is to take a step by step approach to discuss the various types of Cyber Terrorism activities, then its importance in overarching global cyber threat analysis and studies. In the final section, we will try to unfold some deeper aspects of these threats and how the modern world is preparing to encounter this challenge to mankind.

VIRTUAL TERRORISM IS NOT SO VIRTUAL

Cyber terrorism does not solely exist online or over the internet rather it can have a real-world presence with the aid of technology and spreading their message to a larger global audience. There are several ways technology can help to facilitate and expand the menace of cyber terrorism.

First could be, intelligence information may be easier to steal by hacking one or a group of adversary’s computer systems. Terrorist groups can able to recruit individuals, who can perform highly technological tasks, which may be completely different from previously used tactics by these groups, which relied on more traditional methods of intelligence gathering.

Second, digital communications become easier with advanced encryption and steganography. The possibility of intercepting messages reduced in the new age of communication over the internet.

Hence, more planning and communication can occur without an increased fear of state intervention.

Third, the internet can be used for propaganda by terrorist groups to incite acts of terrorism. The Internet could provide an abundance of material and opportunities to download, edit and distribute content that may be considered an unlawful glorification of, or provocation to, acts of terrorism (UNODC 2012). Such propaganda can be aimed at the general worldwide audience, or a specialized audience bypassing regulated media and government censorship, and this will help terrorist groups to divide people basis on their religious, ideological or political views. This can cause a damaging social change by influencing thoughts and ideas of a given populous.

Fourth, terrorist organizations may also use the internet and technologies for terror financing, fundraising, and recruitment. The ability to reach hundreds of thousands or even millions of supporters willing to donate or physically or ideologically involve in their fight. Terrorists can execute direct solicitation of funds with the use of websites, chat groups, mass mailings and targeted communications to request donations from supporters (UNODC 2012). There have been calls for companies to not accept funds from certain groups, but there are several ways to conceal a group’s identity.

Fifth, cyber terrorists can make use of psychological warfare to fabricate an impending attack, and distract law enforcement and intelligence services from their true activities and targets.

Sixth, radicalization with the use of the internet. Training potential terrorist recruits by teaching techniques and skills can be accomplished online and, without any travel that may raise flags to the government agencies. In 2013 Boston bombing, the bombers learned the bomb-making technique online. Terrorist groups or organizations can radicalize individuals within their own respective countries. Terrorists can train individuals not only the acts of violence via internet, they can even train tools that facilitate counter-intelligence and hacking activities. They can share instructional materials using available encryption and anonymizing techniques, that can secretly reach millions of their followers all across the globe (UNODC 2012).

Finally, cyber terrorism is prevalent around the world and it is growing every single day as more people reach their websites and read their propaganda. Then they begin to get influenced and eventually support the cause. In the next section, we will try to understand how various terrorist groups use the internet and technologies to recruit, train, fundraise and disseminate their message. And being aware of these concepts are crucial to identify the risks and fight against act of terrorism in cyberspace.

ISIS AND CYBER CALIPHATE

We often hear about ‘Cyber Caliphate’ in various types of media coverage, it actually refers to the ‘Islamic State Hacking Division’ or ‘United Cyber Caliphate’. The cyber caliphate is a loose group of hacktivists that acts as a cyber army for ISIS. The organization is founded by Junaid Hussain, a British national who joined ISIS and later eliminated in an airstrike by the US in Raqqa, Iraq (Dalziel, 2016). This organization was formed to practice ‘Cyber Jihad’, a viable threat to the security of those trying to fight against violent extremism. Cyber jihad refers to the use of modern online tools and techniques in cyberspace in order to promote ‘Jihad’ against those people and countries categorized as enemies of Islam. In search of the history of Cyber Jihad, Al-Qaeda has consistently demonstrated specific interest in making use of the internet for propaganda purposes, starting from its early days. One of the world’s first-ever pro Al-Qaeda website ‘azzam.com’ created nearly 20 years ago. Since then the level of sophistication in the area of digital techniques for jihadist propaganda has extensively grown and still continues to grow significantly.

The pioneer of Cyber Jihad was Anwar al-Awlaki, so called “Bin Laden of the internet”, and he has credited with inventing the term ‘creative terrorism’ (Dalziel, 2016). ISIS, even as a terrorist organization obviously needed money and funding to save their existence. And Cybercrime can considerably be a more reliable source of revenue for the terrorist organizations in contrast to other sources, for example, oil smuggling and human trafficking, which are now on the decline mostly due to continuous military actions. ISIS’s income had started to fall down drastically in the year of 2016 compared to its previous years, hence their need has increased to embark on greater cybercrimes to finance themselves. Cyber terrorists’ resort to the same tactics as other cybercriminals. For instance, conducting online phishing attacks or selling hacked credit card information. A UK born jihadist, Younis Tsouli and his associates had generated over 2.5 million USD using these types of cybercrime. He was also labeled as the most wanted Cyber jihadist in the world (Dalziel, 2016). And he was the first who convicted for committing an act of terrorism through the internet under British law. One of the greatest uses of the internet by cyber jihadist is raising the funds directly through the donations. For instance, Al-Qaeda’s global fundraising network which mostly requests for donations as a charity through social media and various online channels. ISIS also took similar approach to use various social media platforms extensively, like Facebook, Twitter, Instagram, and Tumblr. According to an extensive research done by the Brookings Institution on describing the population of ISIS supporters on Twitter, cyber terrorists and covert ISIS supporters were generated up to 90 thousand pro-ISIS tweets every day during the years 2014 and 2015 (Berger & Morgan, 2015).

They have also estimated the total number of overt ISIS supporter’s Twitter accounts could be 46 thousand. Furthermore, operatives and supporters of ISIS have been using highly sophisticated bot technologies or deceptive spam tactics to generate a large number of Twitter accounts and tweets. On an average cyber jihadist of ISIS post 200 tweets per day per user, that all mostly helping to spread the organization’s propaganda (Dalziel, 2016). Alongside to the extensive use of social media by the cyber terrorist of ISIS, cyber terror also includes offensive use to cyberspace. Cyber Jihadists often term this kind of offensive activity as a ‘ghazwa’ which means raid or attack in Arabic. These attacks are basically various types of hack attacks against popular websites and internet platforms. For example;

2. Hacked Twitter handles of Newsweek and the International Business Times website in 2014

3. Denial-of-service attacks on Over 19000 French websites following the Charlie Hebdo attack

4. Two local US news channels and a non-profit organization being hacked

(Berger & Morgan, 2015)

THE FUTURE OF CYBER TERRORISM

Main focus in this section is, where cyber terrorism and terrorist groups fall in the global cyber threat spectrum in terms of sophistication and degree of capability it is imposed? And also, where are we heading towards the perspective of imposed risk by these terrorist groups, those are seeking to gain some degree of cyber-attack capability. As displayed in the below graph, at the highest end obviously the nation-state level cyber-attacks, and at the lowest end are the individual hackers and small cybercriminals. And cyber terrorists and terrorist groups can be put somewhere at below medium level (Dex, 2019).

(Dex, 2019)

So far it has been discussed, the terrorist groups like ISIS, are very sophisticated in terms of using social media and other types of internet platforms to spread their propaganda, terror funding, and radicalizing. Now, looking ahead at the future of cyberterrorism, we need to be concerned about their capabilities to target financial organization, healthcare, media and critical nation-state infrastructure. There are sophisticated criminal groups already started developing cyber weapons essentially for mass destruction and disruption, like enormous Botnets. And they can share or distribute the use of those botnets to all different terrorist groups around the world.

Finally, some of the threats from the cybersecurity standpoint that we should most concern about are as follows;

· Blended threat of kinetic and cyber attacks

· Jihadist aspirational capabilities to target critical infrastructures of a nation-state

· Asymmetric threat of damaging cyberattacks that doesn’t require significant resources and high skill capabilities

· Upward trajectory to improve competence and strengthen preexisting strategies of attack

· Nation-state actors with incredibly advanced tools to commit criminal acts for profits can ultimately end up supporting a terrorist organization

THE WAY AHEAD

A very serious thought needs to put together to take preventive measures, as it is certain to expect that such cyberattacks by the terrorist will be launched sooner or later. Hence, this is the high time to define our defense strategies against global threats in cyberspace. We need to understand both active and passive forms of defense.

· Active defense could be imposing a serious indictment and penalty to the attackers. However, this defense strategy would be an aftereffect of an attack and mostly dependent on the government

· Passive defense is essentially intensifying the protection mechanism of the potential targets. And this can be achieved majorly by the use of technologies and software systems. For example; network and web application firewalls (WAF), advanced encryption strategies (AES), intrusion and malware detection, etc.

For several legal complications and limitations over jurisdictional boundaries, differing legal definitions, and misaligned national interests, active defense strategies mostly fall onto the governments. Hence, the passive defense is largely the key here with respect to detect and prevent such threats.

To dig more deeper into the actions of counter-terrorism in cyberspace, there are mainly three phases of defense need to be considered;

Prevention

The first stage of defense is, how to prevent an attack at the first place lunched by either individual terrorists or terrorist organizations? How can we harden the protective techniques for the targets such as critical infrastructures, national defense systems?

Majorly all the IT systems and software are built to achieve particular business requirements at the first place, not the best security measures are kept in mind. As a result, during design and development phase of IT systems, when there’s a conflict arise between achieving business objectives and adhering security best practices, then business capability gets the priority over the security. And sometimes additional security features are not only costly to implement, but it may also result in performance degradation. This type of restrictions is causing an enormous legacy of insecure systems in all the sectors of public and private businesses and even in the critical technology establishments.

There could be various approaches that can be taken from the perspective of prevention or precautionary measure as follows;

1. Proactively redesign and reform the IT systems and infrastructures to find and fix the potential vulnerabilities before an attacker can exploit them and succeed to breach the security. This can be achieved in several ways, like redefining and upgrading security standards and policies in regular intervals, simulation of attacks, prototyping, etc.

2. Comprehensive cyber security has to be a team effort between government agencies and private sector tech companies. Security not only against the cyber terrorism rather overall global threat of cyberattacks. The government need to work closely with the private sectors to protect the people and infrastructure. There are lots of expertise in various tech companies and government agencies, this level of expertise needs to be shared between them.

3. Another action that could be taken from a prevention standpoint is, imposing ban or strict law enforcement for domestic and international cybercrimes. As pointed out in the earlier section, provided various technical and evidentiary problems of spotting cybercriminals and prosecuting them, it is obvious that this will not end the crimes in cyberspace. Nevertheless, this may definitely reduce a large number of malicious activities occurs regularly over the internet. And this would help to readily identify more serious activities like cyber terrorism to some extent.

Finally, prevention is the most pertinent form of defense in the context of counter-terrorism in cyberspace. And this has to be taken very seriously in the way forward to protect the people, nation and their livelihood.

Incident Management

The most important aspect of this stage of defense is to detect and raise red flags that an attack is taking place or it will be carried out soon. Mitigation of an attack and damage limitation is directly dependent on the timeliness and accuracy of such warnings. However, threat detection and reporting are quite difficult and prone to false positives during the early stages of an attack, before significant damage has been done (Goodman, 2007). We need to work hard to harden our cyber-defense techniques. This essentially means investing in research and development of technologies particularly in the area of intrusion detection processes, policies and tools, that will eventually help us to achieve necessary protection for our critical infrastructures and networks.

1. First approach to defend penetration of the IT system at risk from the outside is multilayer access control. For example, strong password protection, multi-factor authentication, encrypted token validation and role-based authorization etc.

2. The next important line of defense is hardening the barriers of network accessibility, this can be achieved primarily using firewalls and proxy servers. And on top of it, physical protection is equally important in terms of penetration or attempts to isolate the system. A wide variety of physical protection can be possible, ranging from the deployment of armed security personnel to biometric scans to grant access to the restricted IT infrastructures such as data-centers, secure data vaults, power supply etc.

3. Another approach could be creating containment zones within the critical cyber systems and networks, in order to limit the damage once an attack takes place. This includes creating internal access barriers and cyberbarriers through compartmentalization within the system and role-based access controls (as per the need basis), fault tolerance schemes, introducing decoys, maintaining protected redundancies, and hiding assets (Goodman, 2007).

4. Disaster Recovery (DR) is another vital method of incident management process during or after a natural or human-induced catastrophe. In case of a cyber terrorist attack on a critical technology infrastructure, there should be predefined policies, tools and techniques to recover the system without a major outage. This can be achieved by either, partial or complete failover of the system to another secure infrastructure or isolate the parts of the system that had been compromised. Similarly, another critical step of a disaster recovery plan is data recovery, this can be accomplished by keeping regular data backups and store them in separate data storage. To determine a well-organized disaster recovery plans, government and private sectors, who support major IT systems should often perform thorough Business Impact Analysis (BIA) and Risk Analysis to recover systems to its business as usual (BAU) state.

5. Last but not the least, special attention should be given on collecting information during or following an attack. This will help to divulge the root cause of the vulnerabilities that attackers may have been exploited. And proper root cause analysis (RCA) certainly aid to define additional security policies and plans to defend against similar attacks in the future.

Many of the cyber systems are vulnerable to intrusion by control signals, especially by insiders (Goodman, 2007). Hence, it is important to take proper actions to prevent and counter the insider attacks in addition to the aforementioned approaches of incident management.

Consequence Management

This is another passive form of defense, extremely important for recovery and response to an attack. Fastest recovery of the critical systems as close as to its normal state must be the highest priority, however response to the attack can also continue in parallel with the recovery process. A rapid and effective response to an attack can restricts the impact and may result a better damage control. Though recovery is mostly a passive form of defense, a response is more of an active form of defense.

There are sample tasks that can be are categorized as recovery tasks may include;

1. First quarantine or removal of damaged entities from the unimpacted part of the system, so the damage caused by an attack can be limited

2. Recovery of IT systems from a cyberattack consists of various parts, such as system restore, data recovery, network restore, transaction rollback, etc.

3. ‘Fail back’ is the process of restoring a system to its configuration equivalent to its state prior to the failure that may have caused by an attack.

4. Automated or semiautomated process of infrastructure provisioning, configuration management, system installation and finally rerouting of network traffic.

5. Keep a track of incomplete or failed transactions during the course of the attack, so the critical transactions can be reinstated to minimize cascading impacts, like data corruptions, race conditions.

In addition to the recovery process there are certain activities need to perform in terms of an effective response to the attack;

1. Detection of the source of the attack so attackers and their motive can be understood quickly

2. Then gathering the evidence that will help to identify and punish the culprits

3. Run multiple security scans to ensure all the issues are identified and necessary action has been taken. Nothing is missed out, that can potentially cause further harm to the system

4. Conduct a detailed damage assessment and produce a report that may help to define risk mitigation plans in future.

5. Counterattack and retaliation against the systems or techniques that induvial terrorists or terrorist organizations may have used in the attack.

CONCLUSION

This article briefly touched upon the various aspects of cyber terrorism with respect to global cyber threat analysis. The main focus of this article to build an understanding of the broader gamut of cyber terrorism. While it captures the risks of cyber terrorism in detail also provides a perspective to the future of terrorism in cyberspace. And finally, it illustrates the different angles of prevention techniques those are directly pertinent to real-world cyberattacks.

As explained in this article, terrorist organizations like Al-Qaeda, ISIS have significantly increased their use of the internet and social media platforms in recent years. Primarily they are using the internet for propaganda, hacktivism, terror funding, and radicalization purposes. And up until now, it was not really evident any cyber sabotage of a violent effect by a militant group. For instance, attacks on supervisory control and data acquisition (SCADA) systems. Till date, Stuxnet is the only external attack that achieved the damaging physical effect. Reportedly it caused a substantial damage to the nuclear program of Iran and it was likely a state-sponsored operation (Zetter, 2017). However, nation-states and business organizations need to be fully prepared for the high-impact cyberattacks by individual terrorists or terrorist groups.

Finally, the lessons here for the government and technology companies are, governments have to team up with private sectors to build cybersecurity expertise that can protect the critical infrastructures. Also, our continuous awareness is extremely important about, what terrorist organizations are aspiring to achieve in terms of damaging and disruptive cyberattacks. Moreover, enabling the level of cooperation amongst private sectors, federal agencies and public is required before, during and after the attacks. At last, resiliency is the key theme in any sort of terrorism situation. In an event of a terrorist attack ever occurs in cyberspace, governments need to ensure political resiliency likewise, people, citizens of the nation have to demonstrate their resiliency as a global community.

CREDITS

Berger, J., & Morgan, J. (2015, March 20). The ISIS Twitter Census. Retrieved August 05, 2020, from https://www.brookings.edu/wp-content/uploads/2016/06/isis_twitter_census_berger_morgan.pdf

Dalziel, H. (2016, July 20). ISIS and Cyber Terrorism. Retrieved August 05, 2020, from https://www.slideshare.net/ConciseCourses/isis-and-cyber-terrorism

Dex. (2019, June 12). Lab52 is focusing on geopolitical analysis and cybersecurity. Retrieved August 06, 2020, from https://lab52.io/blog/lab52-is-focusing-on-geopolitical-analysis-and-cybersecurity/

Goodman, S. (2007). Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop. Retrieved August 05, 2020, from https://www.nap.edu/read/11848/chapter/6

UNODC, (2012, September). The use of the Internet for terrorist purposes. Retrieved August 05, 2020, from https://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf

Zetter, K. (2017, June 03). An Unprecedented Look at Stuxnet, the World’s First Digital Weapon. Retrieved August 05, 2020, from https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

Over 13 years, I am a professional programmer. And I love to read and write about latest technology trends, like cybersecurity, cryptocurrency, cloud computing