Cyberterrorism: Know the Enemy and Know Yourself
Terrorism is a word that strikes fear into people the world over, conjuring images of burning buildings and indiscriminate violence targeting civilians such as bombings or drone attacks. Traditional terrorism remains an ever-present scourge, but since gaining popularity and notoriety in the late 1990s, cyberterrorism has become a lethal weapon in the arsenal of clandestine agents, subnational groups as well as sovereign states.
What is Cyberterrorism?
Simply put, cyberterrorism is the confluence of terrorism and cyberspace. Individuals or groups use the internet and computer technology as a tool to attack computer systems and telecommunications infrastructure in order to intimidate targets. The motivation of the cyberterrorist is political, religious or ideological. Definitions of cyberterrorism vary, as regular terrorism, cybercrime, cyberwar and cyberterrorism often converge. Different US organizations have multiple definitions of cyberterrorism. The NATO definition of cyberterrorism is "[a] cyberattack using or exploiting computer or communication networks to cause sufficient destruction or disruption to generate fear or to intimidate a society into an ideological goal.”
Cyberterror attacks can be conducted remotely, thousands of miles away from their targets with minimal financial investment in equipment and minimal risk to personal safety. Such politically motivated cyberterrorist operations may be intended to cause a range of outcomes from disruption to loss of life and economic damage. Examples may include:
- Disruption of critical infrastructure may target power or water supplies, emergency services and air traffic control systems to cause fatalities, panic and terror.
- Cyberespionage is government authorized spying on other countries to obtain intelligence.
- Websites, notably media outlets with opinions at odds with cyberterrorist groups may be attacked.
- Cyber terrorists may attempt to gain unauthorized access to computer systems linked to military defense systems to disable them and compromise security.
It is important to differentiate between the nefarious cyber activities mentioned above, so first let us look at the difference between cyberterrorism and cybercrime. Ignoring the cyber in cyberterrorism for a minute, first we must ask, what is the definition of a terrorist? A terrorist is a person who unlawfully uses violence and intimidation against civilians or government in the pursuit of furthering political, religious or ideological objectives. A cyberterrorist then is simply a terrorist using a computer instead of guns or bombs to harm and intimidate a target.
Cybercrime vs Cyberterrorism
For an overview of the cybercrime, have a read of this informative article. It outlines the nature of cybercrime and suggests practical methods to protect yourself online. At its core, cybercrime covers a broad range of crimes committed using or targeting a computer, ranging from ad-fraud to cyberextortion and other financial crimes.
In most cases, the goal of cybercriminals is solely financial gain unsupported by ideological motive. Cyberterrorism is considered a type of cybercrime, but the essential difference between the two is the motive for the cyber attack. Cyberterrorism attacks are conducted with the belief that the attack will further the cause of the attacker, be that religious, political or other.
Hacktivism vs Cyberterrorism
So, money motivates the common cybercriminal, while belief in a cause motivates the cyberterrorist. This is all very well, but what about those Anonymous “freedom fighters” wearing Guy Fawkes masks that we hear about? Are they terrorists? Hacktivism is different from cyberterrorism in several ways. Firstly, it is the coupling of hacking and activism. A target website might be hacked and altered or temporarily shut down, such as the 2020 hacking of the UN website, when Anonymous added a page for Taiwan. This type of hacktivism might raise a few eyebrows and cause a few smiles, even anger a few sensitive types, but the intent is not to cause long term damage. Hacktivism and cyberterrorism have different intentions, the hacktivist aims to disrupt, while the cyberterrorist aims to damage.
How are Cyberterrorism Attacks Carried Out?
Cyberterrorists employ hacking techniques to gain unauthorized access to computer systems in much the same way as regular hackers. Attack methods include:
- Hacking in order to steal sensitive data from governments, businesses and organizations.
- Malware such as viruses and worms may be used to attack computer control systems, targeting infrastructure, power grids or military systems.
- Advanced persistent threat (APT) employs spear phishing in order to gain access to a computer system. Following this, creating a backdoor with malware gives the cyberterrorist freedom to operate undetected in the system. In this way, attackers are able to observe users and gather confidential information over a prolonged period. This technique is commonly used in cyber espionage, targeting political and military organizations.
- Phishing is commonly used by cyberterrorists to steal confidential information and money from individual system users.
- Ransomware is used to hold computer systems hostage until the ransom is paid.
- Denial-of-Service (DoS) attacks render a computer or system unusable to its rightful users. Attacks flood government and critical infrastructure systems with traffic, blocking user access and causing system faults or crashes. DoS attacks can result in serious consequences to users.
Cyberterrorism: In the News Yesterday, Today and Tomorrow
There are many examples of cyberterrorism in the news. Looking back to 2022, Russian cyberterrorism against Ukraine springs to mind. Decades of Russian disinformation tactics and cyber attacks targeting Ukraine evolved into full fledged war last year. The ongoing conflict has seen constant cyberterrorist attacks wrought upon Ukraine, while hacktivists, like modern day Robin Hoods have waded in to help Ukraine, unleashing attacks on the infrastructure of the invaders.
Elsewhere in the world, the country of Costa Rica was held ransom by cybercrime group Conti. After months of prolonged ransomware attacks targeting government systems and businesses, forcing them offline, the government declared the attacks acts of terrorism.
Protecting Yourself from Cyberterrorism in the United States
How can you fight the cyberterrorist menace single handedly? Well you can’t, but the more businesses and individuals implement cybersecurity and stay vigilant to the threat, the less likely they are to become a successful target of a cyberterrorist attack. Whether you are a business of an individual, follow these tips to stay safe:
- Regularly backup systems, use firewalls, antivirus and antimalware software.
- Limit access to sensitive information, practice strict authentication procedures such as multi-factor authentication.
- Ensure internet of things devices are inaccessible from public networks.
- Do not open suspicious looking emails, never download attachments from unknown senders.
- Never share personally identifiable information with suspicious individuals.
- If you suspect that someone of committing cyberterrorism, report them to the relevant authority in your district or the Internet Crime Complaint Center (IC3).
The fight will continue, and cyberterrorism will continue evolving into a multi-headed hydra wreaking havoc in all corners of the globe. Educate yourself and protect your businesses and personal interests by staying alert online and protecting your computer, networks and personal information.
*The opinions reflected in this article are the sole opinions of the author and do not reflect any official positions or claims by Acer Inc.
About Edmund McGowan: Edmund is an English copywriter based in New Taipei City, Taiwan. He is a widely published writer and translator with two decades of experience in the field of bridging linguistic and cultural gaps between Chinese and English.