Cyberspace, Cyberterrorism and Information Warfare: A Perfect Recipe for Confusion

Abstract: The terms “cyberspace,” “cyberterrorism” and “information warfare” are becoming common in the dialog of information security and media professionals. However, it is hard to find solid definitions of these terms. The author discusses these terms from different viewpoints by giving examples and different definitions from diverse sources, both academic and professional. Keywords: Cyberspace, cyberterrorism, information warfare, hack, hacking, attack, information operations, cryptography, steganography, cyber security

1.1 Cyberspace

William Gibson, an American–Canadian writer, first used the term “cyberspace” in his short story “Burning Chrome”; he popularized this concept in another novel, “Neuromancer,” in 1984. This now ubiquitous term has become a conventional means to describe anything associated with computers, information technology, the Internet and the diverse Internet culture.

1.2 Cyberspace Security

Issues related to cyberspace security have become crucial for most of the world’s governments. Cyberspace security’s importance has reached the point at which governments have developed instructions and guidelines for securing cyberspace. For instance, on December 12th, 2008 the Center for Strategic and International Studies (CSIS) released a report for America’s 44th president about the security of cyberspace in the US. This 96-page report contains information about the current situation of US cyberspace and recommendations to increase its security.[1]

The report tries to emphasize the importance of cyberspace security by real examples:

“The damage from cyber attack is real. In 2007, The Department of Defense, State, Homeland Security, and Commerce; NASA; and National Defense University all suffered major intrusions by unknown foreign entities. The unclassified e-mail of the secretary of defense was hacked and DOD officials told us that the department’s computers are probed hundreds of thousands times each day. A senior official at the Department of State told us the department had lost “terabytes” of information. Homeland Security suffered break-ins in several of its divisions, including Transportation Security Agency, The Department of Commerce was forced to take the Bureau of Industry and Security off-line for several months, NASA has had to impose e-mail restrictions before shuttle lunches and allegedly has seen designs for new launches compromised.”

1.3 Cyberterrorism

Cyberterrorism has different definitions because each security expert has his own definition. This term can be defined as the use of information technology by terrorist groups and individuals to achieve their targets. This can include the use of information technology to organize and execute attacks against networks, computer systems and telecommunications infrastructures; or for exchanging information or making threats electronically. It is possible to present different examples such as hacking into computer systems, programming viruses and worms, defacing websites, launching denial-of-service attacks, or making terrorist threats via electronic communication.

At the Technolytics Institute, Kevin G. Coleman uses this definition of cyberterrorism:

“The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.”

Some say that cyberterrorism does not exist and is really a matter of hacking or malicious activities. They disagree with labeling it “terrorism” because of the unlikelihood of creating fear, significant physical harm or death in a population using electronic means, considering current attack prevention and protective technologies.

The US Federal Bureau of Investigation (FBI) defines terrorism as “the unlawful use of force or violence, committed by a group(s) of two or more individuals, against persons or property, to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives” (FBI, 2002).

The US Department of Defense (DOD) defines terrorism using a slightly broader brush, calling it “the unlawful use of, or threatened use, of force or violence against individuals or property, to coerce and intimidate governments or societies, often to achieve political, religious or ideological objectives” (DOD, 2002).

Interactions between human motives and information technology for terrorist activities within cyberspace or the virtual world can be addressed as cyberterrorism. However, this is the definition that Sara Gordon and Richard Ford from Symantec use in their paper about cyberterrorism to define “Pure Cyberterrorism.”[2]

2.1 Cyberterrorism Attacks

Cyberattacks can happen in different ways but, in general, we can categorize them as attacks against data and attacks against services. In attacks against data, the attacker tries to access or compromise the data. In an attack against services, the attacker tries to disrupt services to prevent legitimate users from using those services.

In 1998, a terrorist guerrilla organization flooded Sri Lankan embassies’ e-mail accounts all around the world with 800 e-mails per day for two weeks. The messages simply read, “We are the Internet Black Tigers and we’re doing this to interrupt your communications.” US Intelligence departments characterized this as the first known terrorist attack against a country’s computer systems.[3]

During the Kosovo conflict, Belgrade hackers were credited with denial of service (DoS) attacks against NATO’s servers. They bombarded NATO’s web server with ICMP packets and “Ping” commands, which test the connectivity of the host and servers.

Similar attacks took place in 2000 during the Palestinian-Israeli cyberwar. Pro-Palestinian hackers used DoS tools to attack Netvision, Israel’s largest ISP. Although the initial attacks crippled the ISP, Netvision succeeded in fending off later assaults by strengthening its security.[4]

In October 2007, hackers attacked Ukrainian president Viktor Yushchenko’s website. A radical Russian nationalist youth group, the Eurasian Youth Movement, claimed responsibility (Radio Free Europe, 2007).

Even more recently, in November 2008, the Pentagon suffered from a cyberattack by a computer virus so alarming that the DOD took the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs (FOX News, 2008).

2.2 Cyberterrorism: Beyond Attacks

Terrorists can use the Internet and cyberspace to communicate or transfer information covertly. A famous covert communication technique is Steganography, in which the sender of a hidden message or data uses a file as a carrier. These carrier files usually are pictures, video or audio files. The hidden message is embedded by encryption techniques into the carrier file without changing the file’s nature. For instant, if a digital picture will be used as a carrier, the file will look the same as it otherwise would to the picture viewer software after the hidden data or secret message is embedded.

The National Coordination Office for Networking and Information Technology Research and Development[5] published a report in April 2006 that made the following statements:

“…immediate concerns also include the use of cyberspace for covert communications, particularly by terrorists but also by foreign intelligence services; espionage against sensitive but poorly defended data in government and industry systems; subversion by insiders, including vendors and contractors; criminal activity, primarily involving fraud and theft of financial or identity information, by hackers and organized crime groups…” (pp. 9–10)

“International interest in R&D for Steganography technologies and their commercialization and application has exploded in recent years. These technologies pose a potential threat to national security. Because Steganography secretly embeds additional, and nearly undetectable, information content in digital products, the potential for covert dissemination of malicious software, mobile code, or information is great.” (pp. 41–42)

“The threat posed by Steganography has been documented in numerous intelligence reports.” (p. 42)

Rumors about terrorists using Steganography first appeared in the daily newspaper USA Today on February 5, 2001 in two articles titled “Terrorist instructions hidden online” and “Terror groups hide behind Web encryption.” In July of that year, the information looked even more precise: “Militants wire Web with links to jihad.”

In October 2001, The New York Times published an article claiming that al-Qaeda had used steganographic techniques to encrypt and embed messages into images, and then transferred these via e-mail and possibly via USENET to prepare and execute the September 11, 2001 terrorist attack.

With reference to the Jamestown Foundation’s [6] research, a captured terrorist training manual, the “Technical Mujahid, a Training Manual for Jihadis,” contains a section entitled “Covert Communications and Hiding Secrets Inside Images.”

The Steganography Analysis and Research Center [7] currently has identified more than 725 digital Steganography applications.

3.1Information Warfare

Information warfare has several definitions because of its nature. Information warfare can take many forms, such as:

  • Television and radio transmission(s) can be jammed.
  • Television and radio transmission(s) can be hijacked for a disinformation campaign.
  • Logistics networks can be disabled.
  • Enemy communications networks can be disabled or spoofed.
  • Stock exchange transactions can be sabotaged, either with electronic intervention, or by leaking sensitive information or spreading disinformation.

In information warfare the attacker targets the command, control, communications & intelligence (C3I) within countries or regions; and it has no front line. As a result, information warfare goes beyond a single traditional regional theater to many countries; and can be launched at targets miles away from the real targets. In addition, the expansion of information technology to all layer of business and governmental operations creates a perfect platform from which to launch attacks.

Information warfare may involve collecting tactical information, giving assurance(s) that information is valid, spreading propaganda or disinformation to demoralize the enemy and the public, undermining the quality of the opposing force’s information or denying information-collection opportunities to opposing forces.

The US Air Force has had Information Warfare Squadrons since the 1980s. In fact, the US Air Force’s official mission is now “To provide sovereign options for the defense of the United States and its global interests. To fly and fight in Air, Space and Cyberspace,” with the latter referring to its Information Warfare role.

Information warfare squadrons launch attacks electronically or by software against strategic enemy communication targets. In addition, disabling such networks electronically instead of explosively allows them to be quickly re-enabled after the enemy territory is occupied. Similarly, counter information warfare units are employed to deny such capabilities to the enemy. These techniques were first used against Iraqi communications networks during the first Persian Gulf War.

In 1991 during the first Persian Gulf War, Dutch hackers stole information about US troop movements from US Defense Department computers and tried to sell it to the Iraqis, who thought it was a hoax and turned it down.[8] In January 1999, US Air Intelligence computers were hit by a coordinated attack, part of which appeared to come from Russian hacking.[9]

4.1 Information Operations

Information Operations, or “Info Ops,” is an evolving discipline within the military. It emerged from earlier concepts such as “Command & Control Warfare” and “Information Warfare” – mainly US-dominated, originating in the 1990s and considering lessons learned from the Persian Gulf War(s).

The US Department of Defense uses this definition of Information Operations in the DOD Information Operations Roadmap[10]:

The integrated employment of the core capabilities of electronic warfare, computer network operations (CNO), psychological operations (PSYOP), military deception, and operations security (OPSEC), with specified supporting and related capabilities to influence, disrupt, corrupt, or usurp adversarial human and automated decision-making while protecting our own. (October 2003)

Germany leads a multinational effort to develop Info Ops as an integrating function or joint mission area within the military, called the “Multinational Information Operations Experiment” (MNIOE). The 20 current MNIOE partners define Info Ops as:

“The advice to and co-ordination of military activities affecting information and information systems – including system behavior and capabilities – in order to create desired effects.”

This definition and its related context differ from extant national views (e.g., those of the USA or the UK) and provides an advanced approach to multinational and interagency information activities in support of crisis management and effects-based operations.





















Download: Cyberspace, Cyberterrorism and Information Warfare; A Perfect Recipe for Confusion