Threat Level: Exploring the 'Actual' Threat of Cyber Terrorism

Source: The Independent

Political and economic forces have successfully exposed the threat of cyber terrorism to be almost as severe as the physical threat of terrorism. Companies make a large effort to portray the threat of people being hacked in order to keep society afraid and therefore they are more likely to consume the 'solution' products (e.g. anti virus software programs). But when it comes to cyber terrorism, has the government incorporated this tactic to exaggerate the threat, or is it justified?

Unquestionably, there is an alarming fear from ISIS and with technology advancing by the year, one can assume that the two would collide and terrorist organisation would use cyberspace to attack. The definition has been expanded and now includes a higher range of hackers that are considered 'cyber terrorists'. It is important to address statistics on actual cyber terrorists, who fit neatly into the original definition. Scholars (Uradnik, 2011: 143) have pointed out that there have been no instances of terrorist cyber attacks on U.S public facilities (including nuclear power plants, transportation etc.). Though cyber attacks are all too common, they are often amateur hackers (potentially with a political agenda) but do not belong to terrorist groups or organisations. In fact, 90% of the cyber attacks online are led by what scholars refer to as 'cyber joyriders' (see graph below - enter picture).

Source: JFJ

In the UK, cyber attacks exist but attacks that have interfered with public surroundings are not statistically backed up to match the 'fear'. In August this year, an article was published an article explaining the innovative ways in which British terrorists were using to recruit new members. Omar Hussain joined ISIS and is writing a blog in order to promote and entice westerners to join ISIS as well (The Mirror, 2015). The new wave of cyber space enables terrorists all over the globe to connect with others who live thousands of miles away, relating back to Wall's (2007) terminology discussion. Terrorism would still exist without the internet, but it would definitely limit their ability and ways of connecting with people from other countries.

Recently, journalists have been focused on portraying cyber terrorism as a threat. Earlier this year, The Guardian (2015) published an article identifying the potential capability ISIS may have to unleash cyber attacks in Britain.

Junaid Hussain, a teenage boy, was put on trial in 2012 after 'hacking into Tony Blair's personal address book and taking down an anti-terror hotline'. Now is considered to have joined ISIS, despite his lawyer assuring the court his acts were simply a 'childish prank' and not terrorist exploits. The questions that can be raised from this article is, have ISIS recruited members that have the capability to hack into government information? And therefore are they able to plot against the British and US government to inflict major devastation in both an online and physical manner?

Source: Daily Mail

In 2002, US troops analysed al Qaeda laptops and discovered their advanced technological set up, alarming officials as to their capability. Information that was found mostly related that of water systems, power plants, European stadiums etc. However, no evidence pointed towards any actual plans of cyber attacks in the US or UK, instead it was being used as information to execute physical attacks or to aid communication (Green, 2002). To contrast, after the hacking on Tony Blair, ISIS militants have been reported to be bragging about their ability to cause devastation to the western world's infrastructure - "your security information is in our hands" (The Independent, 2015). It is possible to conclude that although the threat and advancements of cyber attacks are greater, there is no hard evidence to suggest it is currently being designed. Amateur hackers only appear to be successfully carrying out attacks through cyberspace, but not necessarily for politically motivated reasons intended to cause destruction. That does not necessarily mean the threat is not an important matter for government to focus on, legitimate terrorists or not, certain government documents are best kept out of the public domain and hacking into certain files could cause greater issues for the UK and the US against terrorist organisation, such as ISIS or al Qaeda.

Word count: 689

References:

The Independent . (2015). Pro-Isis 'hackers' threaten to carry out cyber attacks against Europe, US and Australia in propaganda video. Available: http://www.independent.co.uk/news/world/middle-east/pro-isis-hackers-threaten-to-carry-out-cyber-attacks-against-europe-us-and-australia-in-propaganda-10245161.html. Last accessed 28 September 2015.

Green, J (2002). The Myth of Cyberterrorism. USA: Washington Monthly. 8–13.

The Guardian. (2015). Could Isis’s ‘cyber caliphate’ unleash a deadly attack on key targets?. Available: http://www.theguardian.com/world/2015/apr/12/isis-cyber-caliphate-hacking-technology-arms-race. Last accessed 28 September 2015.

The Mirror. (2015). 'Join ISIS, get a fridge': Bizarre promise from British 'supermarket jihadi' who recruits for terror group. Available: http://www.mirror.co.uk/news/world-news/join-isis-fridge-bizarre-promise-6226404. Last accessed 28 September 2015.

Uradnik, K (2011). Battleground: Government and Politics, Volume 1. USA: ABC-CLIO, LLC. 143.

Government Responses: Security Prevention in the UK and US

Source: The Telegraph

After 9/11, American and British governments enhanced security to prevent further attacks. Though, before this attack security was still posed as an issue with the growing advancements in cyber space. In fact in 2000, Microsoft fell victim to a computer attack which gained access to the company's internal network. Rapidly, this sparked fear of further cyber attacks because if cyber criminals were able to attack Microsoft, the Centre for Strategic and International Studies considered anyone a potential victim open to an attack (Raghavan, 2003: 298). In the years since, this fear did not prove to be mistaken, criminals have managed to cause disruption amongst governments and companies across the globe.

In 2010, the UK government put in place a strategic defence and security review, which dedicated £650 million to a four-year National Cyber Security Programme (NCSP), in respond to cyber threats (2014: 24). Greater spending is being placed to fight cyber terrorism as the issue continues to rise with the population becoming more accustomed to the internet, therefore the same can be said for those threatening the UK. Furthermore, a government report was published in 2011 regarding the 'UK Cyber Security Strategy', the aim of the report was to express the concerns of cyber attacks and terrorism that pose a threat to the UK. The report states the likelihood of further attacks if 'terrorists believe that our national infrastructure may be vulnerable' (2011: 14).

Source: Homeland Security

In 2011, David Cameron also met various large companies from different sectors in the UK economy, where they discussed the cyber threat and how to respond effectively. The government shortly after that built a new approach which involved a joint 'hub' with the public and private sectors. This was designed to identify government and private threat information and then distribute it to 'nodes' in key business sectors, which is then used to provide a framework for identifying the best solution to potential threats (GOV, 2011).

In 2013, it was reported that Scotland Yard expanded its specialist E-Crime unit after multiple MPs warned that cybercrime is now a Tier One threat to the country, along with international terrorism. Terrorists were considered to be increasingly targeting computer systems and the government regarded this as a threat to British security. Scotland Yard first set up their crime team in the early 1980s, over the last few decades it has expanded to meet the latest issues concerning cybercrime. In 2008, the Home Office created a modernised unit in order to focus specifically on investigating more serious attacks and threats that face the UK (The Telegraph, 2013). Since then it has only increased along with the government fear they could be targeted in an attack from terrorist organisation across the globe, however these policies and security advancements are also used to prevent hackers in general (the difference between the two is often misunderstood). Any threat to government security in the form of hacking or cyber terrorism is important to prevent to limit the national security threat that could result if certain information were to be leaked.

According to the Home Office policy paper 2010 - 2015, the UK have collaborated with the US in regards to cyber security and cyber defence matters in order address and manage these threats. The MI5 and GCHQ (UK) are working with the National Security Agency and the FBI (US), who are instituting a joint cyber cell to enable more information regarding these threats to be shared more quickly amongst the agencies in each country (Home Office, 2015).

The UK  have taken necessarily steps to ensure the safety of the country within the realm of cyberspace because without it we can expect to be hit, not just by cyber terrorists, but by anyone. It appears that making our networks and information as secure as possible is a vital step in securing out nation security.

Word count: 638

References:

GOV. (2011). Protecting and promoting the UK in a digital world. Available: https://www.gov.uk/government/news/protecting-and-promoting-the-uk-in-a-digital-world--3. Last accessed 1 November 2015.

Home Office. (2015). 2010 to 2015 government policy: cyber security.Available: https://www.gov.uk/government/publications/2010-to-2015-government-policy-cyber-security/2010-to-2015-government-policy-cyber-security. Last accessed 27 September 2015.

Raghavan, T. (2003). IN FEAR OF CYBERTERRORISM: AN ANALYSIS OF THE CONGRESSIONAL RESPONSE . Journal of Law, Technology and Policy. 2 (1), 297-300.

The Telegraph. (2013). Scotland Yard cyber crime unit to dramatically expand. Available: http://www.telegraph.co.uk/news/uknews/crime/10437237/Scotland-Yard-cyber-crime-unit-to-dramatically-expand.html. Last accessed 27 September 2015.

           

    

Theorising Terrorist Behaviour: Key Perspectives

Source: RAND

Many criminological theories are applied to 'common criminals' (burglaries or youth offending). Social disorganisation theory can help identify key aspects of motivation behind terrorism. The theory (Shaw, 1969) focuses on the neighbourhood structure and how that can effect or influence a criminal's behaviour pattern, it offers an explanation for explaining why crime may look favourable to some. Smith (2012) demonstrates how social disorganisation theory can relate to political terrorists for example. Johnny Adair, a political terrorist, grew up in poor conditions as a child and in a neighbour hood where violence was common (2012: 11). Similar to 'common criminals' who have harsh upbringing and grown up in run down areas, Adair can be argued to have shared similar impacts on how he views crime and violence. In addition, at the time of his childhood, terrorist attacks from the IRA where common, which could have unknowingly caused him to then inflict terror on others. With this example, the theory help identifies the behavioural reasons for some terrorists and can also be applied to cyber terrorism because if one grew up in poor conditions and possibly violence, causing violence through cyber space may just be the 21st century way of causing terror.

Source: Department of Sociology

Strain theory is also applicable to politically based terrorism, the theory argues criminals may be driven towards crime based on the strain of social structures within society (Agnew, 2002: 44). It can be more widely used to explain political terrorists, terrorist organisations often highlight reasons for why what they are doing is the right thing to do. Also, it is often considered to be 'protecting their country or community" and/or "serving God", with that said, this can arguably be warping to young people in particular who feel they need to get involved. However, the previously mentioned publication also highlights Merton's (1938) theory that those who cannot achieve their targets may cave into the strain from society and resort to crime. For example, Adair opposed the IRA and the views of Catholics, but was unable to defeat them peacefully, resulting in one of the five outcomes Merton deems as inevitable - rebellion. Moreover, this theory does have an area for criticism, for example applying it to Islamic terrorists, such as those Britons who have fled the UK to join ISIS. Mohammed Fakhri Al-Khabass was reported to have joined the Islamic state early this year (Daily Mail, 2015), his father was a GP and he himself was also a British medic. Al-Khabass grew up in Middlesbrough, however was studying in Sudan where he was recruited. Strain theory does not necessarily help to explain why Al-Khabass may have joined a terrorist organisation after coming from a good family in a liberal country. However, having moved to a country where politics and religion differs, behaviourists believe that children are easily influenced (Cullen, 2010: 9). While Al-Khabass was 25 years old, in a foreign country away from family, it can be argued that he may have been in a more influential state and easily impressed by the Islamic State.

Both theories help to identify motivation behind terrorists as a whole, applying these to cyber terrorism can also generate similar assumptions. While rational choice theories may argue it is still a rational decision to join an organisation like ISIS, social structure they currently live in and their upbringing also influences those choices and opportunities. For example, if Al-Khabass went to a British university, would he have had the same opportunity to join the Islamic state?

Word count: 579

References:

Agnew, R. (2002). Strain, Personality Traits and Delinquency: Extending General Strain Theroy . Criminology. 40 (1), 44.

Cullen, P (2010). Encyclopaedia of Criminological Theory, Volume 1. UK: SAGE Publications. 9.

Daily Mail. (2015). 'I'm ashamed of my son': Fury of GP father of British medic who recruited young UK students to join ISIS in Syria Read more: http://www.dailymail.co.uk/news/article-3164912/Son-NHS-doctor-Middlesbro. Available: http://www.dailymail.co.uk/news/article-3164912/Son-NHS-doctor-Middlesbrough-helped-recruit-18-fellow-medical-students-join-Isis.html. Last accessed 30 September 2015.

Merton, R. (1938) “Social Structure and Anomie,” American Sociological Review 3: 672-682.

Shaw, C. (1969). Juvenile Delinquency and Urban Areas. Chicago: University of Chicago Press.

Smith, J. (2012). THE CRIMINAL AND THE TERRORIST: A COMPARATIVE CRIMINOLOGICAL ANALYSIS OF PATHWAYS INTO CRIME. Internet Journal of Criminology. 11-13.

Identifying the Distinction and Motives: Government hackers vs. Actual Cyber Terrorists

Source: HNGN

Hacking into government information or computer systems can be broken into two distinct categories. Firstly, 'hackers' - those who use their computer knowledge and ability to crack security codes. And secondly, 'cyber terrorists' who may hack into government systems to either gain information to cause damage in public settings or to affect the system's security ability (which could cause a national security issue). While cyber activity and cyber crime is on the rise, cases do not often fit into the category of 'cyber terrorists', but are usually lone hackers operating from their home. Hackers are motivated in an entirely different way and often are glamorised by the media, which may appeal to a lone boy in his bedroom wanting to share his ability to hack into government "secure" systems.

Social learning theory (Rogers, 2001) can also help understand the behaviour of a cyber hacker. The theory argues that the behaviour is generated through reinforcement from external and internal sources. The theory of reinforcement suggests that successfully hacking may generate praise, there have been cases where high-status companies have hired hackers who were able to break into their systems (Goodell, 1996). Furthermore, many may also lead with the idea they will impress the government after proving their ability and overall cleverness. For example, a young boy in Israel was charged with hacking into US Military networks, not only was granted with a job but the Prime Minister of Israel also voiced his praise for his ability (Wired, 1998). This is where cyber hackers differentiate from cyber terrorists as they are not motivated by the reinforcement benefits or media glamorisation. However, the media's response does also help explain what motivates a cyber terrorist belonging to a terrorist group because the media may exaggerate the threat and spread fear - a constant goal of anti-Western organisations. It is clear that a terrorist such as Osama bin Laden is clearly different from the Israeli youth case because the goals and motivations are not alike Although there is no evidence that suggests bin Laden was planning any cyber attacks, just that government information had been gathered (Awan, 2014: 2).

Source: Manataka American Indian Council

Decision theory identifies the core choice and rationality in the decision making process before committing a crime (Hasnsson, 1994: 5). In the case of cyber terrorism, those who are not motivated by political or religious reasons can be identified by previously mentioned theories. However, those who may be politically or religiously motivated may rationalise the act of hacking or committing cyber terrorism by their beliefs they are doing a good cause. It is also argued by Martin (2010) that a terrorist group rationalise their behaviour with the intention to carry out their group's goal, also 'threatens the psychological well being of its members' (2010: 74). Therefore suggesting that those who engage in either physical or cyber terrorism may not be mentally stable enough to rationalise decisions in the same way as everyone else. Instead, their desire to rise to power over others (e.g. political governments) influences their decision in order to increase their groups' image and even self esteem.

Source: News

The two are not necessarily treated differently by law. Gary McKinnon successfully hacked into US security systems from his home in the UK, causing damage to security computers at the Pentagon. In 2009, McKinnon was charge for the breach of US computer laws and despite an appeal being granted, he was still treated as a cyber terrorist (Awan, 2014: 5).

Word count: 573

References:

Awan, I. (2014). DEBATING THE TERM CYBER-TERRORISM: ISSUES AND PROBLEMS. International Journal of Criminology. 2-6.

Goodell, J. (1996). The cyber thief and the samurai. New York: Dell Publishing.

Hansson, S (1994). Decision Theory: A Brief Introduction. Stockholm: Royal Institute of Technology. 5-8.

Martin, G. (2010). Understanding Terrorism. 3rd ed. USA: SAGE. 74.

Rogers, M. (2001). A social learning theory and moral disengagement analysis of criminal computer behaviour: An exploratory study. Unpublished dissertation.

Wired News. (1998). Analyzer takes notoriety to the bank. Available: HTTP: www.wired.com/news/news/technology/story/11534.html



Background and Context: Exploring the Progression of Cyber Terrorism

Source: American Security Project

Understandably, cyber terrorism does not obtain a vast history as the main threat involved has only really accelerated within the last decade. After the attacks on September 11 in 2001, the threat and fear of physical terrorism became dominant in society, politics and the media. Although, a year prior to that, in February 2000 a distributed denial of service (DDoS) attack was carried out on a range of successful internet sites (e.g. Amazon, Yahoo, CNN). The attack generated issues for millions of users who were unable to access these services, creating further problems for the companies’ sense of security they offered (Biegel, 2003). While this was not the first cyber-attack, it did prove that the issue needed to be addressed and there were potential threats to security. An operation can be implemented from anywhere in the world, which makes the act of cyber-attacks all that harder to discover and stop before disrupting society or causing physical damage. Past examples date back to 1996 that were conducted out of political and social objectives; this became the first documented case of cyber terrorist attacks. A computer attacker in 1996, allegedly associated with the White Supremacist movement had disabled a Massachusetts ISP and damaged part of the ISP’s record keeping system in order to send out worldwide racist messages under the ISP’s name. The hackers signed off with the threat, "you have yet to see true electronic terrorism. This is a promise", not surprisingly attacks have only increased since (Daily News, 2009).

Source: EFF

More recently, the media have addressed potential threats that we may or may not be faced with by cyber terrorists. There is relevance today due to increasing fears of terrorist attacks (mainly physical) and with technology only increasing in capability, both government hacking and cyber terrorism seems inevitable to continue. There is evidence of progression of cyber terrorism throughout the past few decades, particularly with its definition. As previously stated, Collins (1980) introduced it as the connection between cyberspace and terrorism. However, that has since shifted and expanded to include a lot of other cyber crimes, which defined in the same manner (Colarik, 2006). The phrase has become very subjective in its use, Colarik states in his book 'Cyber Terrorism' that the new definitions have lost their connection to terrorism. Further arguing that the term 'terrorism' has even shifted in meaning as well, stating that it has been turned into a form of 'fearism' (2006: 14). Understanding cyber terrorism is very context specific and over the last few years, government agencies' perceptive on this subject has opened it up. For example, the FBI now have three categorisations in which someone can be labelled a 'cyber terrorist' (Baranetsky, 2009):

1. "Terrorism that initiates attacks on information" (1999). 
2. "The use of Cyber tools" (2000).
3. "A criminal act perpetrated by the use of computers" (2004).

The issue presents a risk to national security due to the hidden capabilities of its attacks. Examples of physical acts of terrorism have been present in recent years, attracting vast amounts of attention. Whereas cyber terrorism has the advantages of remaining secretive for a longer period of time, groups or individuals are able to use it to further their goals through the inaccessible location they are operating from and therefore less identifiable (Milone, 2002: 384). Moreover, since the attacks on September 11, over a decade ago, technology dependency has only increased and the advancements are vast. Thus the disruption cyber terrorists can cause to government and national security are larger than ever before, computers lie at the centre of our country and are vital to communication, controlling power, financial services, and personal security (Lichtenbaum, 2002).

Word count: 608

References:

Baranetsky, V. (2009). What is cyberterrorism? Even experts can’t agree. Harvard Law Record. Available: http://www.hlrecord.org/news/what-is-cyberterrorism-even-experts-can-t-agree-1.861186

Biegel, Stuart. Beyond Our Control? Controlling the Limits of Our Legal System inthe Age of Cyberspace. New York: The MIT Press, 2003.

Colarik, A (2006). Cyber Terrorism: Political and Economic Implications. London: Idea Group Publishing. 14-17.

Daily News. (2009). Countering cyber-terrorism. Available: http://archives.dailynews.lk/2009/07/28/fea03.asp. Last accessed 27 September 2015.

Lichtenbaum, P. (2002). The Response to Cyberattacks: Balancing Security and Cost. Journal of International Law. 36 (39).

Milone, M. (2002). Hacktivism: Securing the National Infrastructure. Business Law. 58. 383.

A New Look into Cyber Terrorism: An Introduction

Source: IPreditor Inc.

For those who have merely stumbled upon this blog, over the course of the next several weeks I will be discussing and analysing the aspect of cyber crime - cyber terrorism.

The number of global web users has been documented as 1.7 billion – an increase of over 100% since 1995 (UK Government, 2010). Despite continuous opportunities it brings, there are down falls which pose a great threat to society and our national security, causing a range of critical challenges that need to be governed and secured. One major sub category within cybercrime is cyber terrorism, which has been views as a political threat in recent years in both the United Kingdom and the rest of the globe.

Establishing a specific definition for cyber terrorism proved to be complex, however when Collin (1982) first coined the term ‘cyber terrorism’, he argued that it can be defined as 'merging the physical and cyber world together' (Denning, 2010). Further stating that future cyber warfare would include terrorists conducting attacks through the cyber network, his fears where that of civilian aircrafts crashes being caused by cyber hacking at the click of a mouse. There are actually numerous definitions that have been put forward to define cyber terrorism; a simplified understanding is expressed in the International Scientific Defence Journal:

“The unlawful use or threatening use of force or violence by a person or an organized group against people or property with the intention of intimidating or forcing societies or governments, often for ideological or political reasons.”

                                                                                                  (Bogdanoski, 2013:59)

Source: Wired

Terrorism as a whole has always been of interest and certainly still poses a threat to the Western World, involving both homeland and foreign terrorism. Yet, cyber terrorism is rarely addressed in the same way, leading my desire to investigate it in more detail to gain a better understand of the history and damage it can cause. Furthermore, the reasoning behind choosing this topic is the debate (which will be addressed in later blogs) as to whether the threat of cyber terrorism is real. Weimann’s (2004) report addressed these concerns and finalised my choice as a category to explore throughout these upcoming blogs.

Evidently, crime dates back to biblical times, but as technology improves there are only more advanced ways one can commit crime. Cyber crime has been labelled a '21st century phenomenon' (KCS Group, 2011). Wall (2007) argues that the criminal behaviours that fit into this category of crime can be classified into either 'traditional', 'hybrid' or 'true' (Wall, 2007: 54).

1. 'Traditional' - originally were crimes categorised as 'discrete' (e.g. bank fraud). However, now this term has expanded to crimes that use computers in order to collect information, which can then be used to organise or commit a crime (such as murder).

2. 'Hybrid' - distinguished from traditional because they are committed across global networks, but would still continue without the internet by other means, just not on a scale as large.

3. 'True' - cybercrimes that are sole products of the internet and not possible without it.

Word count: 503

References:

Bogdanoski, M. (2013). CYBER TERRORISM– GLOBAL SECURITY THREAT. INTERNATIONAL SCIENTIFIC DEFENCE, SECURITY AND PEACE JOURNAL. 13 (24), 59 - 75.

CISCO. (2013). What Is the Difference: Viruses, Worms, Trojans, and Bots?. Available: http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html. Last accessed 27 September 2015.

Denning, D. (2010). ‘Terror’s web: how the Internet is transforming terrorism.’ In Yar, M and Jewekes, Y. (2009) Handbook of Internet Crime, Willan Publishers: 194-212.

KCS Group (2011). Cyber Crime — a 21st century phenomenon which won’t go away. London: Strategic Intelligence & Corporate Security. 2.

United Kingdom Government. (2010). A Strong Britain in an Age of Uncertainty: The National Security Strategy. Cm 7953. Norwich: The Stationery Office.

Wall, D (2007). Cybercrime: The transformation of crime in the information age. Cambridge: Polity. 54.