CyberterrorismDr Ian Brown, OII

(with thanks to Lilian Edwards)

Outline Definitions - vandalism, crime, terrorism

and war The insecurity of the Internet and how to

fix it The proportionality of state responses to

terrorist Internet use

Cyber graffiti Tipping Point report

found that in 8 years to2007, >100k domainsdefaced

Sometimes politicallymotivated - c.f. UN site12/8/07:

“HACKED BY KEREM125 M0STED ANDGSY

THAT IS CYBERPROTESTHEY ]SRAIL AND USADONT KILL CHILDREN AND OTHER

PEOPLEPEACE FOR EVERNO WAR”

Cyber fraud Phishing (Symantec found 166,248

unique messages 2H 2006) Denial of Service extortion (Symantec

found 6m bots 2H 2006) The organised criminal economy (custom

virus writers, bot herders, mules, dupes);identities for sale $14-$18

Digital Pearl Harbour Exercise conducted by US Naval War

College & Gartner July 2002 3-day simulated attack on CNI with

attackers given $200m, 5 years planning,access to state-level intelligence

Local, temporary attacks could besuccessful; sustained, national attackswould not

Cyber terror “Terrorists get better returns from much simpler

methods such as car bombs. Cyberterror is toolow key: not enough dead bodies result, andattacks are too complex to plan and execute.”(Bird 2006)

Reality is use for communications, research(CBNR info poor - Stenersen 2007),propaganda, recruitment and belonging (Labi2006 and Shahar 2007), tactical intel (US Army2005)

Cyber war Disabling Critical National Infrastructure

(Estonia, May 2007) For political/military/economic espionage

(China, widely publicised 2007)

Estonia May 2007 Attacks on Estonian finance, media and govt

websites by Russian-linked groups. “Complexity and coordination was new… series

of attacks with careful timing using differenttechniques and specific targets” (NATO)

Arbor Networks monitored 128 distinct attacks,with 10 lasting over 10 hours and reaching90Mbps

China TITAN RAIN Incursions into DoD, German chancellory, Whitehall,

NASA, Lockheed Martin… “Chinese attackers are using custom Trojan horse

software targeted at specific government offices, and itis just walking through standard defences. Manygovernment offices don’t even know yet that they areleaking information. 99% of cases are probably still notknown.” (NATO)

“Intrusion detection systems react to obvious signaturessuch as lots of traffic from one IP address – so onionrouting and botnets are used to disguise the origin ofintrusions.” (Sommer)

Fixing Internet insecurity Incentives are key: for more secure

software, networks and banks (House ofLords, 2007)

CNI must be very firmly separated frompublic Internet

Limits to use of COTS software?

Proportionality of stateresponses Lawful access Data retention “Glorification” of terrorism

References Juliette Bird (2006) Terrorist Use of the Internet, The Second International

Scientific Conference on Security and Countering Terrorism Issues, Moscow StateUniversity Institute for Information Security Issues, October 2006.

Nadya Labi (2006) Jihad 2.0, Atlantic Monthly pp.102—107, July/August 2006.

Chief Judge Stein Schjolberg (2007) Terrorism in Cyberspace - Myth or reality?June 2007. Available at http://www.cybercrimelaw.net/1-2007.html

Yael Shahar (2007) The Internet as a Tool for Counter-Terrorism, Patrolling andControlling Cyberspace, Garmisch-Partenkirchen, April 2007.

Anne Stenersen (2007) Chem-bio cyber-class – Assessing jihadist chemical andbiological weapons, Jane’s Intelligence Review, 1 September 2007.

US Army (2005) Army Regulation 530–1, Operations Security (OPSEC), 19 April2007.