Cyberterrorism
Understanding Cyber Threats:
The Internet has greatly improved the way we do business. Unfortunately, it has also created a breeding ground for scams, hoaxes, attacks on service, theft by unauthorized intruders, and sabotage via viruses and worms. Vulnerabilities associated with the Internet and networks put business, individuals, governments and critical infrastructures, such as power plants and
telecommunications facilities, at risk. To understand the problem, consider the following incidents (1,2).
- An attacker obtained 100,000 credit card numbers from the records of a dozen retailers selling their products through Web sites. He used a packet sniffer to capture the numbers as they traversed the Internet. The credit cards had limits between $2,000 and $25,000, putting the potential cost of theft at $1 billion. This type of intruder activity is one form of "identity theft". The attacker was caught when he tried to sell the card numbers to an apparent organized-crime ring that turned out to be the FBI.(1)
- In a case of cyber-extortion, an intruder stole 300,000 credit card numbers from an online music retailer. The intruder, who described himself as a 19-year-ol from Russia, sent an email to the New York Times bragging he had accessed the company's financial data through a flaw in its software. The intruder later used the card numbers in an attempt to blackmail the retailer into paying $100,000 in exchange for destroying the sensitive files. When the company refused to comply, in intruder released thousands of the credit card numbers onto the Internet in what turned out to be a public relations disaster for the company. Security experts still do not know how the site was compromised or the full extent of how the break-in affected the site's customers. Credit card companies responded by canceling and replacing the stolen card numbers and notifying cardholders by email. E-commerce analysts say many similar attacks go unreported.(1)
- In 1996, a computer hacker allegedly associated with the White Supremacist movement temporarily disabled a Massachusetts ISP and damaged part of the ISP's record keeping system. The ISP had attempted to stop the hacker from sending out worldwide racist messages under the ISP's name. The hacker signed off with the threat, "you have yet to see true electronic terrorism. This is a promise".(2)
- In 1998, ethnic Tamil guerrillas Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence authorities characterized it as the first know attack by terrorist against a country's computer systems.(2)
These scenarios highlight the need for tight security in order to keep critical information out of the hands of cyber criminals and protect critical infrastructure such as power, water, and telecommunications facilities from Cyber Terrorists wishing to cause harm to the United States.
Cyberterrorism
The Greater Cincinnati Fusion Center is focused on cyberterrorism as well as the physical threats terrorist may pose. "Cyberterrorism is the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives Further, to qualify as cyberterrorism, an attack should result in violence against persons or property, or a least cause enough harm to generate fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not."(2)
We know terrorists do use cyberspace to facilitate traditional forms of terrorism such as bombings. They put up web sites to spread their messages and recruit supporters, and they use the Internet to communicate and coordinate plans. Terrorist may use hacking as a way of acquiring intelligence in support of physical violence, even if they do not use it to wreak havoc in cyberspace. However, critical infrastructure / key resource facilities should be prepared for a cyberterrorist attack.
Identity Theft
Identity theft has been identified as the fastest growing crime in the United States. Not only does identity theft pose a problem to victims, businesses, and the national economy, it is also a serious national security issue. It is now well known that six of the September 11, 2001, hijackers obtained social security numbers by fraudulent means. Terrorists may use identity theft as a means to finance their activities, enter the United States and gain access to facilities.
Methods of exploiting personal and private information are numerous and in most cases quite simple. Technology only enhances the ability to commit identity crimes, while remaining anonymous. Spyware, Trojan Horses, viruses, phishing, hacking (cracking), and malicious code are all significant problems in the cyber age, with new methods of exploitation becoming known almost daily.
With identity theft continuing to be a major problem in America, consumers, businesses, organizations, and governments have yet to quell the problem or find means to protect personal information. In fact, the loss of personal and private data by businesses, organizations, and governments has reached critical mass. Click here to read the latest data breaches that put your personal and private information at risk.
Reference: