Cyberterrorism: The Future Menace | by Anustha Puniyani

Imagine you wake up one day and get a mail from your commercial bank that all the bank accounts (including yours) are hacked. You turn on the TV and see that all channels are flooded with the same news. You feel flabbergasted as to how will you get your money back. Just imagine.

While terrorism is posing a significant threat for humanity these days, how could technology be untouched by it? Yes, you heard it right. Cyberterrorism was coined by Barry C. Collin in late 1990s. The nature of threat that society is facing has changed considerably in the twenty-first century.

MEANING

It refers to the use of computers and information technology to conduct violent acts, so as to cause bodily harm or loss of life or some other kind of loss, to gain political or ideological gains, through threat or intimidation. It may also include a situation of widespread disruption in a large number of computers by way of cyber attack through viruses, phishing, worms or other malicious software. According to some authors, cyber terrorism is creating social unrest, panic or alarm by known terrorist organisations by means of computer.

According to the U.S. Federal Bureau of Investigation, cyberterrorism is any "premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents."

For instance-

Al Qaeda utilises the internet as a medium to communicate with supporters and even recruit new members.

Eugene Kaspersky says, "Cyberterrorism is a more accurate term than cyber war”. With today's attacks, you are clueless about who did it or when they will strike again. It's not cyber-war, but cyberterrorism.

Kaspersky is not only correct in his perspective, but he also helps us widen our definition and the horizons of cyber terrorism. In other words, Cyber Terrorism may be cyber crime, cyber war or simply terrorism. However, there is no current consensus between government and other institutions as to what exactly qualifies as an act of cyberterrorism.

TYPES OF CYBERTERROR CAPABILITY

There are three types of cyber terror capabilities, as defined by the Monterey Group. These are as follows:

1. Simple (Unstructured)

It includes the use of simple hacks created by someone else. Ability to command, control or harm individuals' systems is comparatively little.

2. Advanced (Structured)

It conducts sophisticated attacks against multiple networks or systems, modifying or creating basic tools.

3. Complex (Co-ordinated)

It is capable of creating mass disruption, with a highly capable target analysis, command and control.

CONCERNS

It has been defined as an offence in section 66F of Information Technology Act, 2000 which states that one who causes denial of access to computer resources, or has unauthorized access to, or introduces a virus, with the intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in any section of the people is deemed to be committing cyber terrorism and the punishment therein includes fine or imprisonment which may extend upto life imprisonment under severe cases.

It is becoming more and more prominent on social media today. As there is anonymity on digital space, people misuse it to threaten citizens, groups and communities. It is believed that it is not just a plain disruption, but a huge potential threat to industries mainly banking, military installations, power plants, air traffic control centers and water systems.

Following points are notable:-

• A lot of traditional physical processes and infrastructure are being managed online. It not only makes such assets more susceptible, but also adds more vulnerabilities to be exploited.

• There is an upsurge in the number of highly skilled hackers, as a result of which even secured systems are under a potential threat.

• Companies these days are highly and deeply dependent on electronic gadgets for their systems and data. Failure in cyber security can materially affect its reputation, profits, leadership, or may even destabilise an enterprise overnight.

These days, a new concept called 'Cyber Warfare' has emerged which involves activities by a state, nation or international organisation to attack and significantly damage another nation's computer resources or information networks through computer viruses or 'denial of service' attacks. A good example of cyber war is 'Stuxnet' worm, which was used to attack Iran's nuclear program in 2010. Moreover, it was also suspected by Iranian government that US tried to enter into a cyber war with the Middle Eastern country.

WANNACRY: A CASE STUDY

Wannacry is one of the biggest incidents relating to cyberterrorism. The ransomware was borderless and was based on crypto-ransom. The attack which began in May 2017 ran plague throughout the world in Windows systems. The ransomware has been declared a result of a Microsoft exploit called, Eternal Blue, which was controlled and monitored by the National Security Agency (NSA). Thus the attack could only topple Windows systems. It was stopped within a few days when Microsoft released an emergency patch for Windows systems. The patch could have ended the plague but instead piracy affected the process of recovery. Most of the systems we use today have pirated Windows installed in it and thus they lack the security updates that are released by Microsoft. This incident was in turn a piracy boiled ransomware attack, as a one dimensional definition won't be enough to describe it. The catastrophic impact included 2,00,000 victims and 3,00,000 infected systems across the world, with a random ranging between 300 to 600 US Dollars. The ransomware was developed in a way that you cannot access your system if you don't pay what is demanded in a week. Moreover, the most talked about attribute of the attack was that it was based on cryptocurrencies, which led to concealment of identity of hackers. All in all, the cyber attack could have been much less effective had original non pirater systems been in place and there was no plan for Cyber Warfare at place (NSA's Eternal Blue).

CONCLUSION

Cyberterrorism is the convergence of terrorism and cyberspace. It may be a crime against people, property or government. For Americans, cyberterrorism is considered the second most critical threat after development of nuclear weapons by North Korea. Cyberterrorism poses a significant danger to national security, yet the majority of countries lack preparedness for a cyber attack. Existing policies are inadequate for combating cyberterrorism, as the policies might not go far enough.