Guest blogger Aron Okichich Brings up a hot topic to information technology and conflict awareness. As a student at Purdue University Calumet we thank him for allowing us to post his work here. You can download a PDF of his paper here. – Sam.
Abstract
This papers aims to explain cyber-warfare exists.. It will explain terrorism and cyber-warfare. The paper will cover different definitions of terrorism to help explain why cyber-warfare and terrorism might exist. If it exists, it will state who is at risk and what can they do to protect themselves. This paper will get into the politics of there possibly being cyber-warfare and terrorism and what that means.
Is Cyber Terrorism/Warfare Fact or Fiction?
There are many questions that can be asked about cyber-terrorism/warfare. Does it exist? What is it? What does it mean? Well to explain all of this some basic understanding has to be figured out. First, Cyber-warfare is tied in with terrorism. Terrorism and warfare kind of go together in the real world, and they are very similar in cyberspace. So, terrorism needs to be defined to get a better understanding of cyber-warfare. There are many different definitions on terrorism. This is in part due to it having a lot to do with perspective. Sometimes one person will think they are being terrorized, while someone else feels they are protecting themselves, their culture, or religion. They might have many reasons and feel they are just in what they are doing. When all of these factors are just in trying to define terrorism, it is what makes it difficult to prove whether or not cyber-warfare exists. To better explain cyber-warfare, it will be defined, politics of it will be explained, their will be some case studies about terrorism, as well as ways to protect ones self from cyber-warfare.
First of all, terrorism, cyber-warfare, and other terms need to be defined to put a better perspective on everything. According to Webster’s II New College Dictionary (1995) terrorism is “systematic use of violence, terror, and intimidation to achieve an end”(pg.1139). For terrorism to exist on the internet violence, terror and intimidation need to be used. Terror is “Violence promoted by a group to achieve or maintain supremacy “according to Webster’s II New College Dictionary (1995, pg. 1139). It is possible for this to be done on the internet. If hypothetically a company has a website up and a group doesn’t like it, they might terrorize them in many ways. They attack the web site and make it so that no one can access it. If this is a company where their only income is through the website they might feel terrorized. They will feel this way more and more if it continues to happen. They might also get attacked and their web site changed around. This is more that can make a company feel terrorized. Since terror and terrorisms definitions have violence in them, what is violence? One definition of violence according to Webster’s II New College Dictionary (1995, pg. 1233) is “abuse or injury to meaning, content or intent”. With these definitions it is easy to see that terrorism and terror are on the internet and they do exist. The hypothetical company that had its site shut down and changed around, felt terrorism. The web site had its content abused and had injury to it. The people that attacked the site gained supremacy of the site by taking control of it and they were able to change the content in a systematic way, which is the definition of terrorism. Some people might disagree however. There are other definitions of terror and violence. Some of these definitions make it so it relates only to the physical world and physical objects. If those definitions are used, then they don’t apply to cyber world. This can make it very confusing for someone that is trying to find out weather or not cyber terrorism is fact or fiction. The thing is though that there are a few definitions of terror and violence, because they need to be defined in every realm and possibility. In many cases terrorism on the internet is related to cybercrime. Cybercrime according to Schell and Martin (2004) is “a crime related to technology computers, and the Internet” (pg. 2). It involves many things like breaking into networks, terrorizing targets and unlawful attacks. Also according to Schell and Martin (2004) cyberterrorism is “unlawful attacks and threats of attack by terrorists against computers, networks, and the information stored therein to intimidate of coerce a government or its people to further the perpetrator’s political or social objectives” (pg. 3). According to Sukhai (2004), cyberterrorism is a subcategory of hacking. There are many cases where hacking has hurt systems.
Secondly there are case studies to further prove that cyber-terrorism/warfare exists. The Pentagon for example has been attacked numerous times. According to the
Wall Street Journal Online, there are more and more attacks from people trying to get classified information. Many of these attacks are linked to China. There have been attacks to other countries as well as the United States. In the same article, in the Wall Street Journal Online, it stated that there were attacks against Estonia. Those attacks made the countries websites very slow and hard to use. With attacks like these against countries not even just people and companies it is easy to see that cyber-warfare exists. According to The Guardian, “Nato is treating the threat of cyber warfare as seriously as the risk of a missile strike”. If a Governmental Organization Like NATO thinks that cyber warfare is that dangerous, then why don’t more people think of it that way. The reason for this could be that the general population of the world does not feel the impact of these attacks. Since most people are not computer scientists, they do not fully understand how the internet works, how networks work, and many times even how their personal computer works. They understand what it does, but not how it does it. If there is a problem with the computer they take it to a store and have someone fix it. If there is a problem at work with their computer they have someone to fix it for them. If the network goes down because of an attack they do not know that the network was attacked. They could very well think that it was someone in the IT departments fault. The other thing is that it is hard to prove who attacked what. If someone does an attack and it goes through multiple routers in multiple countries that do not get along with one another, it would be very hard to find out where the attack originated from. Take for example the pentagon supposedly being attacked by china. The government officials that looked into that probably really believe that all of the attacks came from china. They easily could all have come from china, or some of them could just have been routed through china. If a person wanted to attack any government facility to gain confidential information it would be ideal for them to first go after an easier target. After they gain access to the easier target, then they might want to go after their real target. These are all ways that an attacker would cover up their steps so they cannot be found out or prosecuted. This makes it increasingly difficult to prove where cyber-terrorism is coming from and if it is one group in particular. There will be some patterns the same with either a person or a group. If there are a lot of attacks that come from a specific router or area it might be the same group or person. According to the guardian, The Pentagon got attacked from what seemed to be the same computers as governments like Germany, Britain, India, and Australia got attacked. All of the computers were said to be in China, but that does not necessarily mean that the hackers are in China. With the way networks work, a person could potentially be in the United States and be making all of those attacks. They would go through routers in a few foreign countries before getting to one in China. Since China and the United States don’t seem to want to talk to each other they could then attack China’s networks. Once they have access to some computers in a Chinese government building, then they would attack all the countries that China doesn’t talk to. It is improbable that anyone would ever find out who actually attacked these countries because of the way that they went about it. It also could potentially be just one person. If it is China, they can use the confidential information against the United States. If it is one person, or a small group, they can potentially be more dangerous. They could sell the information to whoever will buy it. They might just be doing it to scare the governments, or to cause damage. Any way that this is put Cyber-terrorism/warfare exists and their needs to be some kind of protection against it.
Thirdly, a person and governments can protect themselves from cyber-warfare/terrorism in a few ways. They need to do simple things like run antivirus software. This will help so the computer can’t be used in an attack on other networks. Things can be done to a computer to make it so someone else has control, a root kit, which according to Wikipedia, “is a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows terms “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers” is one of those things. If a person uses a root kit on a couple hundred or thousand computers, they have a lot more computing power than they originally had. They can take those computers and do attacks. To the outside world it will look like those computers did the attacking, until the root kit is discovered. Sometimes though, an attacker doesn’t need a root kit. They might just do enumeration of a network and find username/passwords. If they find a good username/password, then they might be able to get an administrators account. If they have an administrators account they can log in and do any kind of attack they want to. There are other ways that the attacker will use to gain anonymity. The attacker probably won’t be able to gain total anonymity, but by accessing other systems they can do major attacks from one computer. A person or organization needs to make sure they are protected to the best of their ability, so that they can’t be used as pawns in cyberterrorism. Firewalls can be used to help. They are not the best method of protection, but they do offer some when they are first implemented. If a person turns off ports that are not used, they are making it harder for someone to gain control of their system. Intrusion detection systems will help to find out if your network has been attacked. It does not mean that you are safe. It will usually just warn you that someone did something that sets off flags. The administrator has to be careful when setting up the intrusion detection system. If the system is set up so that it notices everything that is a little suspicious, then whoever is monitoring it might not notice a real attack. They will go and check every time that it sends a warning, and there will not be anything wrong. It will send too many messages and then the messages will start to get ignored. An attack might be missed this way. The other thing that can happen is if they do not set it to monitor everything and the intrusion detection system never sends a message. There is a fine line that has to be figured out for each individual system based on the needs of the system. Overall security needs to be approached in layers. Total security cannot be certain, because of unknown variables. All the software on a computer can have vulnerabilities that can be taken advantage of. As a society, we know what many of the different vulnerabilities are to different programs, operating systems, and even hardware. The problem comes down to unknown vulnerabilities. These could be something that someone has not figured out yet, or that they did not let anyone know about. There are many programs that were not written with security in mind. They are usually written with the idea of getting something to work with something else. The person writing the code is just trying to get the job done, they might have never thought that someone could change things and use their system against them. A network also needs VPN’s if they have people accessing the network remotely. The more access to the network, the less security it has. It’s kind of like a teeter-totter, if a computer is totally secure, then it has never been on a network or the internet. That is one end of the spectrum. The other end is that it has everything on it, and anyone can access it from anywhere. The first computer is useless, because if you install anything on it, there is a chance of hurting the security. The second one will be useless as well, because if a user wanted anything private, it would be impossible.
In conclusion, cybeterrrorism/warfare has been better explained, some cases have been seen on the subject, and there are some ways to protect oneself from cyberterrorism. Cyberterrorism does exist. It will continue to be a problem the more and more people rely on computers to do everyday tasks. Governments and large organizations seem to be more of a target than just individual people. Individual people are harder to target on a network. It is not easy to prove that an organization of any kind has been the victim of cyberterrorism. They have to do audit and monitor logs on the network. This is where a good intrusion detection system will help out. As long as governments do not work together there will be ways for attackers to attack networks in some form of anonymity. Like all of the cases where the countries are being attacked from China. They know that it is happening, they know what computers they think that it stems from, but there is little they can do. It is hard to say that cyberterrorism/warfare does not exist when Governments and governmental organizations say that it does exist. If it was just one country saying that it existed, then there will be some controversy. Since, NATO states that it exists and there is a problem, along with actual events that happened, there is no question on whether it exists. Since cyberterrorism is real organizations, governments and people need to protect themselves. They need to try and make sure they are not the next victim.
References
Schell, H. B., Martin, C. (2004). MCSE Guide to: Microsoft Exchange Server 2003 Administration. Boston, Massachusetts: Thomson Course Technology.
Webster II New College Dictionary. (1995). Boston, Massachusetts: Houghton Mifflin Company.
Sukhai, N. (2004), Hacking and Cybercrime. New York, New York: ACM retrieved 4/20/2008 from ACM database.
Johnson, B. (2008). Nato says cyber warfare poses as great a threat as a missile attack. The Guardian. Retrieved April 20, 2008, from http://www.guardian.co.uk/technology/2008/mar/06/hitechcrime.uksecurity
Wikipedia “rootkit” retrieved April 20, 2008, from http://en.wikipedia.org/wiki/Rootkit
Dreazen, Y. (2008). Military Networks are Increasingly under attack.. The wall street journal online. Retrieved March 30, 2008 from http://online.wsj.com/article/SB120526061992427783.html?mod=googlenews_w sj