Cyber Terrorism as a Major Security Challenge

In the present day growing dependency on the cyber-technology, a new threat begins to emerge on the digital frontier. Our everyday life is being integrated digitally through computers and mobile devices. Our nation’s infrastructure and services to the public are also linked and can be accessed through a computer, making them more vulnerable.

Cyberterrorism is defined as the use of computers and information technology for terrorist purposes. NATO describes cyber terrorism as an attack from hackers that target details from computer networks, while FBI depicts cyber terrorism as an action that is arranged and connected to politics. The aim of cyber-attacks is to incite fear by destruction and to threaten a society, government, organization or individual. A broad explanation of cyber terrorism is the use of IT with the purpose of causing harm to computer networks, servers or databases on political, religious, social and ideological grounds. Cyberterrorism is a big problem and will become worse in future since everything is been done in cyberspace this day.

The purpose of this paper is to educate individuals who do not know what cyber terrorism is, the techniques of cyber terrorism and how it affects internet users and governments. Understanding the threat of cybercrimes is a very pertinent issue because it holds a great impact on our society as a whole. Cyber terrorism is growing every day because since technological advancing in computers makes it very easy for anyone to steal without physically harming anyone because of the lack of knowledge to the general public on how cybercrimes are committed and how they can protect themselves against such threats that cybercrimes pose. This paper will discuss several aspects of cyberterrorism including defining the term, why cybercrimes occur, laws governing them, methods of committing cybercrimes, who is affected and prevention procedures.

In this study, mixed method research involves both collecting and analyzing quantitative and qualitative data in sequential order. The first stage in the analysis cycle is to frame a theory or hypothesis from the literature on cyber terrorism, which can be used as initial guidance for data collection and data analysis. Once the theory or hypothesis has been generated, then questionnaires are developed to get an in-depth understanding of the phenomena under investigation. Data collection is a semi-structured method by using in-depth interviews. Interviews are part of most interpretive studies and as a key way of accessing the interpretations of informants in the field.

Since the first stage is explanatory in nature, data analyses are done by using a grounded theory approach. Qualitative research includes a variety of methodological approaches and one example is grounded theory. As have been mentioned earlier, the phrase grounded theory refers to a theory that is acquired from a collection of data through literature, interviews, and observations. In the next stage, a quantitative approach is applied to corroborate the researcher's initial discovery. A survey with close-ended questions format is used for data collection to determine the views and opinions of the population that represents various groups in the society. In this phase, the researcher's goal is to test the theory or hypothesis, which finding is generalized from a larger representative sampling. Statistical analysis is performed to test the validity of the theory or hypothesis. The numerical findings help to interpret the results, where the clearer interpretation of the statistical results is obtained.

All the relevant methodological issues discussed in this paper provide justification and practical approach to how the research is conducted. The methodology explained in this paper provides the researchers with the right direction and understanding in conducting the research by choosing the right research design. Research design as defined by Cooper and Schindler is a plan and structure of investigation so believed as to obtain answers to research questions. It includes an outline of what the researcher will do from the initiation of the research to the final analysis of the data. In this study, we suggest that a mixed method research approach is appropriate to be applied. The driving factors in applying the mixed method as opposed to a single method, are due to the following reasons.

Firstly, the nature of the research is exploratory and explanatory in nature and is grounded in theory. The goals are to discover and to develop a conceptual framework that describes the phenomena (qualitative method) and to test or verify the conceptual framework that describes the phenomena (quantitative method). As noted by Yauch and Steudel, the mixed method research complements each other, which explains the results of analyses. The qualitative research is interpretive, which allow for the discovery of new ideas and unanticipated occurrences. Qualitative research aims to achieve an in-depth understanding of a situation or a certain phenomenon. The focus of the research is to understand and interpret a situation ora certain phenomenon. On another hand, quantitative research aims to achieve a precise measurement of something such as a participant’s behavior, knowledge or opinion. The focus of the research is to describe and explain the hypothesis about a situation or a certain phenomenon. Therefore, by utilizing a mixed method research, we believed it would bring conclusive findings on the outcome of this study.

Secondly, mixed method approach helps to answer questions that cannot be answered by qualitative or quantitative approaches alone, thus, provide breadth and depth to the study. Researchers who conduct mixed methods research are more likely to select methods and approaches with respect to their underlying research questions in ways that offer the best opportunity for answering important research questions. In this research, a survey questionnaire using qualitative in-depth interviews is conducted as a way to tap into participants' perspectives and insights. During analysis, the qualitative researcher uses content analysis of written or recorded materials drawn from participants'expressions and observations or documents review. Qualitative research study via questionnaires interview and supplement with close-ended survey systematically provide breadth and depth to the research. Quantitative research looks at the frequency or any kind of research that produces findings arrived at by means of statistical procedures. Through this approach, it is believed that the findings are corroborated across different approaches, thus provide greater confidence in the conclusion. Lastly, the research framework of the mixed method is chosen to apply the concept of triangulation.

Although it is known that terrorists already routinely use the Internet for purposes such as spreading propaganda or conducting internal communication, the threat that results from this use is heavily debated. Especially the question of whether a cyber-terrorist attack is imminent or if it is only a purely fictitious scenario is subject to many discussions. Almost agreed definition of cyber-terrorism is the use of computer networks to cause destruction and harm for personal objectives. We are going to delve into what is usually considered as “real” cyberterrorism: attacks that are carried out via the Internet and that are aimed at other IT systems, real-world property, human lives, and governments. Therefore, this analysis is based on cyber crimes and cyber terrorism literature as well as specialized security reports, case studies, and news reports. Only such a broad approach allows the inclusion of occurrences of the past and also gives consideration to possible future threats.

The motivation of Cyberterrorism Acts

1. Location independence: cyber-terrorist do not necessarily have to be physically present at the target location of the attack, they just need to be connected to the internet from anywhere in the world.
2. Speed: attackers hardly depend on their own connection speed for attacks they launch over the internet. Instead, they can use the bandwidth and speed of the third party especially in situations where a distributed denial-of-service (DDoS) attack is launched.
3. Anonymity: there are countless ways that cyber-terrorist can carry out their attacks online without being noticed. This involves the use of proxy servers, virtual private network (VPN) or they can route their traffic over thousands of hacked computers of innocent users.
4. Cost-Benefit Ratio: cyberterrorist choose targets considering cost benefits of their own definitions. Attacks that require minimal initial investments but have a larger benefit or visibility are prioritized.
5. Fear: cyberterrorist aim primarily at the generation of fear.
6. Creation of economic losses: cyber-terrorist who target organizations or governments infrastructure intend to cause losses and also a way of passing out their revenge.
7. Gain fame, monetary income or information: cyber-terrorist may be motivated by the urge to be famous or to gain monetary income from an attack. They may also be motivated to access crucial information that does not belong to them.
8. Political reasons: hackers are becoming politically motivated to carry out their attacks.
9. Governments’ reliance on the internet: cyber-terrorists are aware that governments are reliant on the internet for almost all their services to its citizens and have exploited this as a result.

Types of Cyber-Terrorism Capability

1. Simple-unstructured: the capability to conduct basic hacks against individual systems using tools created by someone else. The organization contains little target analysis, command, and control or learning capability
2. Advanced-structured: the capability to conduct more sophisticated attacks against multiple systems or networks and possibly to create hacking tools. The organization possesses elementary target analysis, command, and control and learning capability.
3. Complex-coordinated: the capability for a coordinated attack capable of causing mass disruption against integrated, heterogeneous defenses. Ability to create sophisticated hacking tools. Highly capable target analysis, command, and control and organization learning capability.

Forms of Cyberterrorism

Illegal Access (Hacking)

This is the illegal access to computer systems and data. In general, a differentiation between illegal access by only technical means and access with human help can be made. An example of purely technical access would be the use of a computer program that uses software flaws that have been identified to gain access to a system (exploit). The second category refers to access with human help. This can be achieved, for example, in the form of so-called social engineering, i.e.deceiving the user to give passwords or other protected information or bribing an existing staff member. Therefore, successful attacks against protected targets often require technical and social skills.

Data Alteration

After a successful hacking attack, a perpetrator has many options on what to do with the system. A comprehensible first reaction would be to delete information or shut down the system. However, this technique would not be successful because administrators would immediately notice the failure and could reconstruct the system from backup files or switch to reserve systems. The amount of damage that would result from such an attack would therefore not be too high. However, in some areas, e.g. certain industrial production facilities or in medical environments, could have disastrous consequences.

Defacements

Alterations that are visible to a large audience are often considered to be better because they can demonstrate the technical capabilities and create fear of what other systems could fall foul of future attacks. In this case, a page on the web server, often the prominent entry page, is altered. Often are put on the page together with hints as to the identity of the perpetrator (e.g. the name of a hacking group).

Data Espionage

Because most of today’s communication structure is computer-based, data espionage is on the rise throughout. This is the clandestine exploration and obtaining of protected digital information, was originally particularly known between states that try to acquire security-relevant information from other states to gain tactical advantages. However, in the meantime, industrial espionage has also become an important factor for many economies.

Denial-of-Service (DOS) Attacks

Denial-of-service(DoS) attacks are targeted at the unavailability of a system or service and have a long tradition in computer crime. Bot-nets with hundreds or even thousands of Trojan horse-infected computers are commanded by individuals to send massive requests to single targets. These computers are often not able to handle the enormous amount of traffic and are no longer able to send answers to either the computers of the bot-net or to other legitimate requests.

Syntactic Attacks

These crimes involve the exploitation of technical vulnerabilities to commit fraud examples of such crimes to include viruses, malware, plastic card skimming and illegal fund transfers.

Semantic Attacks

These crimes involve the exploitation of social vulnerabilities to gain personal information such as scam solicitations, identity-related theft, and auction fraud.

Cyberbullying

Cyberbullying occurs when someone uses the internet to harass, demean, embarrass or intimidate someone else. The bully hides behind a login identity to a social platform making fun of someone else in order to demean another person.

Dissemination of Terrorist Contents

The internet has created the possibility of terrorists disseminate information without costs and largely without any control regarding the content. These terrorist content include:

• Terrorist websites: terrorist organizations communicate their views, ideas and even launch and organize attacks using their websites. They are able to influence the media and the public at large.
• Threats and propaganda: Terrorist may use the internet to threaten their enemies, or to spread propaganda. It shocking that the terrorist records their attacks with an aim of influencing the media.
• Financing: online advertising and other ways of getting money online have become a profitable venture for terrorist organizations. They also use their websites to transfer necessary information such as credit card information in order to fund their terrorist activities.

Examples of Cyberterrorism Attacks In the Past

Google China (2009)Chinese google suffered a series of cyber-attacks in 2009, just 3 years after it was launched. Known as Operation Aurora, the attack stole intellectual property from Google. Other major Chinese companies also suffered as targets of the malware.

About77 million PlayStation Network and Sony Online Entertainment accounts including credit and debit card information users were stolen by an unknown group of hackers

TheCanadian Government revealed that they became victims of cyber-attacks, whereby three departments within its government had their classified information infiltrates and transmitted to China by Chinese hackers.

During the cold war in 1982, the CIA caused the Siberian gas pipeline to explode using a portion of code in the computer system that controls its operation. The effects of the resulting explosion were devastating.

International institutions As of 2016 the United Nations only has one agency that specializes in cyberterrorism, the International Telecommunications Union(ITU).

The Impacts of Cyberterrorism

1. In the case of identity theft, the cyber-terrorist can steal their credit information and destroy their credit ratings.
2. Security costs: companies and governments have to hire experts to protect their systems and also update their software often thereby raising the cost of being secure.
3. Monetary losses: many people are victims of scams that add up to a lot of money. The cyber-terrorism field is overtaking the drug business in the amount of illegal income per year.

The findings indicated that the nature of cyber terrorism should have been formulated from six different perspectives: motivation, a method of attack, type of cyberterrorism capability, examples of cyberterrorism attacks and impact. Motivation is about influencing human beings and the decisions they make. Motivation is forces behind cyber terrorism such as social, political, ideological and economic forces. With the growing interconnectedness of critical infrastructures in ICT, the selection of a target that allows the maximum level of disruption would significantly influence the perpetrator. The perpetrator can exploit vulnerabilities over a targeted system through a vast array of intrusive tools and techniques. The method of attack could be done through network warfare and psychological operation. Cyberspace is the domain in which terrorist-type attack is conducted. The perpetrator employs the unlawful use of force or unlawful attacks to conduct the premeditated attack. The impactor consequence is high as the cyber-attacks that are done to intimidate or coerce a government or people lead to violence against persons or properties. According to the data analysis, most of all the cyber-attacks took place in theUnited States followed by Nigeria, Canada, South Africa, Romania, Spain, Indonesia, Russia and Netherlands, most of the crimes are said to originate fromChina, North Korea, and Russia.

Most internet browsers email service, and Internet providers provide a spam-blocking feature to prevent unwanted messages, such as fraudulent emails and phishing emails, from getting to your inbox. However, every user must ensure to turn them on and do not turn them off whatsoever. Also, users must install and keep up-to-date antivirus programs, firewalls, and spyware checkers. Along with keeping them up to date, users must make sure that they run the scans regularly. Encryption of information that you do not want anyone to have unauthorized access to is a good way to avoid some cybercrimes; information such as password and credit card information for example. Encryption software runs your data through encryption algorithms to make it unintelligible to anyone who tries to hack into your computer.

Try to avoid unknown websites, in particular, those that ask for your name, mailing address, bank account number or social security number. When doing online shopping make sure website is secure, look for URLs that start with “https” and/or have the Trustee or VeriSign seal. If you do not see these anywhere on the site, you run the risk of submitting credit card information and other personal information to a site that may be a fraud.

Another way to avoid being a victim of cyberterrorism to avoid being susceptible to common frauds, such as an inherences letter, letter asking for your help in placing large sums of money in overseas bank accounts, foreign lotteries, and phony sweepstakes.