OVERVIEW Terms Cyber-terrorists Why cyber-terrorism Forms of cyber-terrorism Impact Effects Danger Examples How can we protect ourselves

Indian Laws Conclusion

TERMS Cyber terrorism The use of the Net for terrorism. Cyber crime The use of the Net for criminal actions. Cyber Attacks Email bombs, viruses, intentional actions. Information Warfare Formalized governmental warfare Netwar Conducting warfare via Networks & the Net Techno Terrorism Use of technology by terrorist groups

Contains two elements:Cyber-Space Terrorism Premeditated Politically motivated Attack against information, computer systems, computer programs and data Result in violence

CYBER-TERRORISTS Terrorist: ..one who causes intense fear; one who controls, dominates, or coerces through the use of terror in furtherance of political or social objectives. Cyber-Terrorist: An individual that uses computer\network technology (i.e., networks, computers, Internet) to cause intense fear; one who uses computer\network technology to control, dominate, or coerce through the use of terror in furtherance of political or social objectives.

WHY TERRORIST USE CYBER WORLD

Cheaper Action is difficult to track

Personalities and Location can be hidden No Security to go through Remotely Vast Destruction can be done Big targets can be attacked

Forms of CYBER-TERRORISM Privacy Violation: The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The violation of this attracts both civil as well as criminal consequences under the respective laws. Man has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Certain acts have been categorized as offences and contraventions, which have tendency to intrude with the privacy rights of the citizens

Secret information appropriation and data theft: The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property. NOTE: The definition of property is not restricted to moveable's or immoveable

Demolition of E-governance Base: The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. In a democracy, people govern themselves and they cannot govern themselves properly unless they are aware of social, political, economic and other issues confronting them. To enable them to make a proper judgment on those issues, they must have the benefit of a range of opinions on those issues

Distributed denial of Service Attack The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses.

Network packet sniffers A packet sniffer is a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a local-area network and send that to an application for processing IP spoofing An IP spoofing attack occurs when an attacker outside your network pretends to be a trusted computer wish to access to specified resources on your network

What would the Impact be? The intention of a cyber terrorism attack could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response Direct Cost Implications: Loss of sales during the disruption Staff time, network delays, intermittent access for business users Increased insurance costs due to litigation Loss of intellectual property - research, pricing, etc. Costs of forensics for recovery and litigation Loss of critical communications in time of emergency Indirect Cost Implications Loss of confidence and credibility in our financial systems Tarnished relationships & public image globally Strained business partner relationships - domestic and internationally Loss of future customer revenues for an individual or group of companies Loss of trust in the government and computer industry Terrorists Groups are generally defined in 3 ways: Simple unstructured: Conduct basic hacks against individuals using tools created by someone else. Little command and control. Advanced structured: Conduct more sophisticated attacks against multiple systems or networks and possibly the ability to create or modify tools. Elementary command and control.

Complex coordinated: Capability for coordinated attacks causing mass disruption, integrated defenses including cryptography, Ability to create sophisticated hacking tools. Highly capable command and control

Effects Cyber terrorism can have a serious large-scale influence on significant number of people. It can weaken countries' economy greatly, thereby stripping it of its resources and making it more vulnerable to military attack. Cyber terror can also affect internet-based businesses. Like brick and mortar retailers and service providers, most websites that produce income (whether by advertising, monetary exchange for goods or paid services) could stand to lose money in the event of downtime created by cyber criminals.

Danger Cyber terrorists can destroy the economy of the country by attacking the critical infrastructure in the big towns such as electric power and water supply, still the blackout of the North Western states in the US in Aug. 15, 2003 is unknown whether it was a terrorist act or not, or by attacking the banks and financial institutions and play with their computer systems. Cyber terrorists can endanger the security of the nation by targeting the sensitive and secret information (by stealing, disclosing, or destroying). With the Internet they target, plan, coordinate and execute attacks.

Examples Terrorists in Romania gained access to the computers controlling the life support systems at an Antarctic research station, endangering the 58 scientists involved Fluffi Bunni defaced web sites numbering in the thousands by redirecting the sites to a page created by himself. The message was Fluffi Bunni Goes Jihad. The Internet is used as a propaganda tool by Hizbullah, which manages three World Wide Web sites its central press office, another to describe its attacks on Israeli targets, and the last for news and information The official web site of the Presidential Palace of How can we protect ourselves? All accounts should have passwords and the passwords should be unusual, difficult to guess Change the network configuration when defects become visible Check with venders for upgrades and patches Audit systems and check logs to help in detecting and tracing an intruder If you are ever unsure about the safety of a site, or receive suspicious email from an unknown address, don't access it Risk Management Periodically conduct an information security risk evaluation that identifies critical information assets

Security Architecture & Design User Accountability and Training Adequate Expertise System & Network Management Software Integrity Backups Authentication & Authorization

Indian Laws In India there is no law, which is specifically dealing with prevention of malware through aggressive defense. Thus, the analogous provisions have to be applied in a purposive manner. The protection against malware attacks can be claimed under the following categories: Protection available under the Constitution of India Protection available under other statutes 1.Protection under the Indian Penal Code (I.P.C), 1860 2.Protection under the Information Technology Act (ITA), 2000

Conclusion Solution requires rigorous application of energy and resources. It must be noted that law is always seven steps behind the technology. This is so because we have a tendency to make laws when the problem reaches at its zenith. We do not appreciate the need of the hour till the problem takes a precarious dimension. At that stage it is always very difficult, if not impossible, to deal with that problem. This is more so in case of offences and violations involving information technology. One of the argument, which is always advanced to justify this stand of non-enactment is that the measures suggested are not adequate to deal with the problem.

The nation is vulnerable

to new forms of terrorism ranging from cyber attacks to attacks on military bases abroad to ballistic missile attacks on U.S. cities.

Wars in the 21st century will increasingly require all elements of national power not just the military. They will require that economic, diplomatic, financial, law enforcement and intelligence capabilities work together.

Discussion
Critical Infrastructures Terrorist Internet Exploits Tactics and Strategy

Critical

Infrastruc tures
Where the Crown Jewels Are

Using Our Systems Against Us

Aircraft Pentagon/Twin Towers Mail distribution network Anthrax

 Computers next step ?

Real World Example Australia 2000

Maroochy Shire Waste Water Plant Sunshine

Coast Insider 46 intrusions over 2 month period Release of sewage into parks, rivers Environmental damage

Real World Example USA 2001

San Francisco FBI Field Office Investigation

Internet probes from Saudi Arabia, Indonesia, Pakistan Casings of web sites regarding emergency telephone systems, electrical generation and transmissions, water storage and distribution, nuclear power plants and gas facilities Exploring digital systems used to manage these systems

Why Cyber

Attack on Critical Infrastructures?

National Security Reduce the U.S.s ability to protect its interests Public Psyche Erode confidence in critical services and the government Economic impact Damage economic systems Enhancement of Physical Attacks Physical damage/distraction efforts Asymmetric Warfare Lack of attribution, low cost/high potential impact

 Globalization of infrastructures = vulnerability Anonymous access to infrastructures via the Internet and SCADA Interdependencies of systems make attack consequences harder to predict and more severe Malicious software is widely available and does not require a high degree of technical skill to use More individuals with malicious intent on

Internet New cyber threats outpace defensive measures

Vulnerability Types
Computer based Poor passwords Lack of appropriate protection/or improperly configured protection Network based Unprotected or unnecessary open entry points

 Personnel based Temporary/staff firings Disgruntled personnel Lack of training Facility based Servers in unprotected areas Inadequate security policies

Al-Qaeda
Al-Qaeda laptop found in Afghanistan contained: Hits on web sites that contained Sabotage Handbook

Handbook Internet tools, planning a hit, anti-surveillance methods, cracking tools Al-Qaeda actively researched publicly available information concerning critical infrastructures posted on web sites

Terrorist

Internet Exploits What are we up against?

Terrorists
Attention must be paid to studying the terrorists: Ideology History Motivation Capabilities

Terrorism is carried out

by disrupting activities, undermining confidence, and creating fear In the future, cyber terrorism may become a viable option to traditional physical acts of violence due to: Perceived anonymity Diverse targets Low risk of detection Low risk of personnel injury Low investment Operate from nearly any location Few resources are needed

Terrorist Use of the Internet

Hacktivism Cyber Facilitated Terrorism

Cyber terrorism

Cyber Arsenal for Terrorists

Internet newsgroups, web home pages, and IRC channels include: Automated attack tools (Software Tools) Sniffers (capture information i.e. password/log-on) Rootkits (facilitate/mask intrusion) Network Vulnerability Analyzers

DoS

(SATAN/Nessus) Spoofing Trojan Horses Worms

Cyber Attack Methodology

Resource Denial Virus/malicious code Legitimate traffic overwhelms site (unauthorized highvolume links) DoS

DDoS WWW Defacement Defacement to embarrass Content modification to convey message Content modification as component of disinformation campaign

Computer System Compromises

System Compromise Data destruction

Data modification Information gathering Compromised platform : Launch pad for attacks Jump off point for other compromises Target Research and Acquisition Internet makes significant amounts of data instantly and anonymously accessible

Hacktivism

Hacktivism is hacking with a cause and is concerned with influencing opinions on a specific issue. Example: ELF hacks into the web page of a local ski resort and defaces the web page. This is done to reflect the groups

objections to environmental issues.

Cyber Facilitated Terrorism

Terrorists utilize web sites to actively recruit members and publicize propaganda as well as to raise funds Web sites also contain

information necessary to construct weapons, obtain false identification Use Internet as a communications tool via chat rooms, BBS, email Hijackers utilized cyber cafs to communicate via Internet and order airline tickets

Kamel Daoudi Believed to be Al-Qaeda Cyber Terrorist. Arrested

for alleged involvement in plot to bomb American Embassy in Paris

Cyberterrorism
Cyberterrorism is a criminal act perpetrated by the use of computers and telecommunications capabilities, resulting in violence, destruction and/or disruption of services to create fear by causing confusion and uncertainty within a

given population, with the goal of influencing a government or population to conform to a particular political, social, or ideological agenda.

The Cyberterrorist Threat

Assessing the threat

Technical Feasibility

Tactics and Strategy

Prevention and cooperatio n

FBI Cyber Transformation
Terrorism and Cyber

Crime top priorities FBI recruitment of engineers and computer scientists critical skills Increasing agents dedicated to cyber crime Creation of Cyber Task Forces in field offices

USA Patriot Act

Felony to hack into computer used in furtherance of national security or national defense

2702 Emergency Requests Legal Subpoena expanded Sentencing increased

USA Patriot Act contd

Share with DOJ for criminal prosecution Permits roving surveillance FISA orders for intelligence allowed if there is a significant reason for application rather than the reason Authorizes pen

register and trap and trace orders for email as well as telephone conversations

International Investigation s

Cyber Evidence in USA MLAT Request Joint FBIForeign Police Investigation Legal Subpoena Cyber Terrorism

Prevention Old Methods for New Problem

Liaison Critical Infrastructure Companies, i.e. FBI InfraGard Internet Service Providers Universities Internet Cafes Hacker clubs IT companies, developers International, local law

enforcement Look on the Internet Coordinate - national security, terrorist personnel

Conclusion
Our national security, databases, and economy are extremely dependent upon automation Therefore, there exists a target rich environment for

those who would do harm via the Internet Our critical infrastructures require joint private/public efforts to protect them

Cyberterrorism: The Bloodless War?

The threat of terrorist attacks against U.S. citizens and U.S. interests around the world has become the nations most pressing national security issue. This aggression may include cyber attacks by the

terrorists themselves or by targeted nationstates.

Even more likely are cyber attacks by sympathizers of the terrorists, hackers with general anti-US or anti-allied sentiments, or

thrill-seekers with no particular political motivation.

Cyber Attacks During the War on Terrorism: A Predictive Analysis
Dartmouth Institute for Security Technology Studies

What Do We Know?

Cyber attacks immediately follow physical attacks

Cyber attacks are increasing in volume, sophistication, and coordination Cyber attackers are attracted to high-value targets Many, if not most, targets would probably be commercial computer and communications systems

Cyberwar Strategies
The basic elements are:
Hacking

Mass disruption can be unleashed over the internet, but Attackers first must compromise private and secure networks

Virus writing Electronic snooping Old-fashioned human spying

InfoWarriors are not Scrip Kiddies

Funded by foreign military organizations and terrorist groups

Likely to have more people and deeper pockets

Can devote more resources people and time

They can crack systems that might withstand casual assault Will use more sophisticated tactics

Likely to be more experienced

Serious IW attackers would not reveal their activities until it is absolutely necessary

Commercial Sector a Key Target

Communication systems

Corporations

News organizations Telephony suppliers Component suppliers (boots, food, radios, etc.) Civilian consulting companies Government funds tied up in commercial banks Pharmacies, hospitals, clinics Drug companies (vaccines, antibiotics)

Financial institutions Healthcare industry

But Companies Not the Only Targets

Power grids

For 11 days in Feb 2001, a development server at cal-ISO electricity exchange was left connected to the internet and was being quietly hacked

Transportation systems

A foreign adversary could significantly hinder U.S. Forces in reaching, say, the Persian gulf or Taiwan straits by attacking the computers at commercial harbor facilities used to ship ammunition or the air traffic control system that would be needed to support and airlift personnel and supplies (Bruce Berkowitz)

Water authorities

Why Use Cyber Warfare?

Low barriers to entry laptops cost a lot less than tanks Complex societies are dependent on computers and networks Computer disruption has economic, logistical, and emotional effect Paralysis caused by computer outages levels the playing field for less-wellequipped countries

What Can We Do?

Go on the defensive now

Educate senior management on risks of cyberwarfare Make infosec a top priority Beef up your security technology Insist on flawless execution: compliance to security standards in all areas

Work with other companies, government agencies

NIPC IT ISAC SAINT

Some Specifics: Be Prepared

Maintain high alert & vigilance Update OS and applications regularly Enforce strong passwords Lock down" systems Keep anti-virus software installed and up-to-date Employ intrusion detection systems and firewalls

Selected Sources
Berkowitz, Bruce, Information Warfare: Time to Prepare. Issues in Science and Technology, Winter, 2000. http://www.nap.edu/issues/17.2/berkowi tz.htm Gaudin, Sharon, Protecting a net in a time of terrorism, Network World, 09/24/01.

http://www.nwfusion.com/archive/2001/125 631_09-24-2001.html

Cyber Attacks During the War on Terrorism: A Predictive Analysis. Dartmouth Institute for Security Technology Studies.

http://www.ists.dartmouth.edu/ISTS/countert errorism/cyber_attacks.htm

Bickers, Charles, Innovation, Cyberwar, Combat on The Web. Far Eastern Economic Review, August 16, 2001 Risks Digest. http://catless.ncl.ac.uk/Risks

Cyber War, Cyber Terrorism and Cyber Espionage

I. Introduction