A Comprehensive Look at Cyberterrorism, Hactivism and Cyber Espionage

June 21, 2015 | Views: 10100

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The Idea of Terrorism

What images come to mind when someone says “terrorism”? Many people may think of bombs, hostages, and/or other conventional weapons. What people don’t consider might easily be the biggest and most harmful weapon of all: technology.

Today, everything revolves around computers. Computers and computer systems were designed to work, but not necessarily with security in mind. What if all these highly beneficial systems were used against us?

One of my favorite movies as a teenager was one of the sequels to the classic Die Hard. In the movie, there’s a fictitious cyberattack called a “fire sale,” which is a three-stage attack on a nation’s transportation, telecommunications and financial systems. Amid the movie’s Hollywood action, what scared me the most was the plot. It was fictional, yet it could actually happen. And, it would cause complete chaos. Modern technology, used for bad, is by far the easiest way to cripple a nation or organization.

Terrorism, in totality, is extremely hard to define for many reasons including: perspective, changing terms, experience and many others. Yet, many people can agree on this concept: terrorism is violence or threat of violence from a non-state entity to achieve a political or religious goal.

Cyberterrorism has the same characteristics and end goals of traditional terrorism, but its goals are achieved in very different ways. Cyberterrorism is defined as the intentional use of computer systems and networks to cause destruction and harm for a personal or political goal. Though the goals and motivations change from attack to attack, many methods used by cyberterrorists and hacktivists are the same.

 

Two Important Kinds of Attacks

The most common method to disrupt an organization’s computer systems is a Distributed Denial of Service (DDoS) attack. In its simplest form, a Denial of Service attack works by overloading the computer system with packets, essentially crashing the system so legitimate users cannot access it. A Distributed Denial of Service does this multiple times. A single attacker can create a Trojan Horse to get into hundreds of computers without the owner knowing. Then, he/she can use the compromised computers in his/her botnet to carry out a larger attack that wouldn’t have been possible with just one computer.

A Trojan Horse is a kind of malware that gets its name from the huge wooden horse that the Greeks used to enter the city of Troy. A Trojan hides itself in another program. When the user downloads a file, they download the Trojan too, infecting their computer.

Statistics show that 1/3 of all system downtimes are attributed to DDoS attacks. (Arbor 2013)

For many hacks, a DDoS attack is just the first step in the actual attack. Attackers can use a DDoS attack to cover up an intrusion of another system. During a DDoS, companies spend all of their resources fixing that problem and may overlook other aspects of the attack. In the March 2013 American Express hack, a DDoS was launched to bring the American Express website offline for nearly two hours. During that time, the attackers used other methods to steal financial data. (Gallagher 2013)

Another method used to compromise a system is Social Engineering, aka “people hacking.” The weakest link of any technological system is the user. Attackers use simple ruses to get the victim to share sensitive information. If you call an organization claiming to be “tech support” for that company, you’d be surprised how many passwords you can get. Saying something as simple as “Hello, there was a problem with your account. What are your login credentials?” will return a plethora of passwords from unknowledgeable staff.

I recently gave a presentation on social engineering for the Rochester Institute of Technology Cybersecurity Club Conference. During the presentation, I demonstrated the ease of getting user information from victims without them realizing what happened. There are many different types of social engineering. They all come back to the same root problem: user gullibility and error.

 

Specific Attacks

Many people claim that Stuxnet was not terrorism, but an act of war because it was supposedly launched by a state actor. It was still a serious digital weapon and could have potentially killed many people. Stuxnet was a computer worm that was allegedly created by the U.S. and Israel to set back Iran’s nuclear program by damaging the physical equipment used at a uranium enrichment plant.

In early 2010, researchers at the Natanz uranium enrichment plant were noticing that the centrifuges were failing at an alarming rate. About five months later, a computer security firm was called in to troubleshoot computers that were constantly crashing. After closer inspection, the info sec team found malicious files, which led to the discovery of Stuxnet in the uranium enrichment plant in June 2010.

This event opened people’s eyes on how easy it is to compromise a nation’s system. With the realization that nothing is unhackable, many people believed this could lead to even bigger attacks (as if destroying a uranium plant wasn’t big enough). What would happen if an attacker took over the power grid? What if they somehow managed to take over our emergency systems, and cause complete chaos? Our nation would be crippled in an instant.

Let’s look at the Sony hack that occurred in November 2014. It’s hard to determine when exactly the attack started, but many security researchers say the malware had been in Sony’s systems for over a year before the actual attack. The attack was orchestrated by the Guardians of Peace (GOP), which is purportedly a North Korean group that didn’t want Sony to release the movie The Interview. Whether or not the group was North Korean is debatable, but whoever they were, they didn’t want the movie to be aired.

The hackers claimed to have taken over 100 terabytes of data. To get an idea of how much this is, a DVD quality movie is around 800 megabytes. The amount of data that was stolen from Sony is equivalent to about 125 DVD quality movies. This is is a massive amount of data and it resulted in a massive financial hit. Just think of all the lawsuits that followed, not to mention the four movies that were released on torrent sites before they were officially released.

The attackers stole and released upcoming movies that Sony had been working on (RBS 2014) along with thousands of employee records, social security numbers, credit card numbers and other sensitive financial data. Despite this event, Sony stood its ground for the time being to release The Interview on its scheduled date.

The Guardians of Peace saw the movie release as an “act of war” and made threats of violence towards the movie theaters that planned to air it. The attackers referenced the September 11th attacks and said to keep yourselves distant from all theaters. They also stated that if you lived near the theaters, “you should leave,” implying the use of explosives or other conventional terrorism against all who viewed  the movie in theaters.

A few days after these declarations, Sony pulled the movie and gave theaters the option to not show it. Not only did Sony respond to the terrorists’ demands, essentially throwing away $100 million spent creating the movie, but by “caving” into the terrorists’ demands their credibility was weakened in the eyes of their peers all around.

The whole world now knows that if they wreak havoc on computer systems and threaten violence against us, we will give them what they want. That basically declares open season on other major companies throughout the world. Though the cyberattack was a ruthless attack on every single one of Sony’s systems, Sony’s reaction to the attack should have been very different.

 

Cyberterrorist and Hacktivist Groups

Most cyberterrorist groups don’t think of themselves as terrorists, but as a branch of activists called ‘hacktivists.’ They know what they are doing is illegal, but they want to protest something that they don’t believe is right. The dictionary definition of hacktivism is “the act of hacking or breaking into a computer system for a politically or socially motivated purpose.” The biggest and most notable hacktivist group out there today is Anonymous.

Anonymous originated in 2003 on the boards of the popular website 4chan. Anonymous’s goals and motives vary, but the main issue they try to fight is government oppression and police misconduct. For example, in wake of the Edward Snowden leaks, Anonymous hacked and took down many government systems as “retaliation” for the government spying. They don’t have a centralized leadership, and they pretty much hack against whatever they don’t agree with. They’ve hacked pretty much every government agency you can name, personally gone after police officers in on-duty shootings and taken down their fair share of companies, using Sony as an example.

Some of their attacks have been beneficial to the internet as a whole, including their cyberattacks on child porn websites, illegal gambling websites and even attempting to take on ISIS, taking down over 800 Twitter accounts of ISIS members. (Anonymous 2014). Though many people may be in favor of some of Anonymous’s ideas, the majority of their attacks are completely unjustified and unnecessary.

Another (in)famous hacktivist group is Lizard Squad. They’re infamous for their multiple attacks on the Sony’s PlayStation Network, League of Legends servers and Microsoft’s Xbox Live network.  Lizard Squad is just as malicious as Anonymous, but, in my opinion, not as capable. Their attacks have very few motives – mostly just to cause harm to systems without any real goal in mind.

Their attacks are less like the highly structured attacks of Anonymous and more like a 12-year-old who was given some simple hacking tools. Though they can take down many websites or systems with ease, there’s not much they can gain from these attacks. This makes them not a hacktivist group, but a malicious cyberterrorist group.

 

Digital to Physical

When talking to many people about cyberterrorism, the discussion usually touches on the point where cyberterrorism becomes physical terrorism. Many of the attacks that I discussed earlier are terrorism through electronic means. There may be repercussions from these attacks (such as ID theft, intellectual property theft, or stealing money), but many stay electronic. Electronic attacks can do just as much damage as regular terrorism attack, and sometimes more, but the scary part is when you combine both of these types of attacks.

In May of 2014, the 9th season of my favorite TV show “24” described a terrorist attack in London in which terrorists had hacked U.S. drones flying over the Middle East and used them to carry out attacks. Again, this was Hollywood’s portrayal of how hacking works. But, it got me wondering if this was plausible. As it turns out, not only are U.S. drones susceptible to hacking, there’s basically a tutorial on the internet!

In 2011, a CIA drone was captured by Iranians who hijacked its GPS coordinates and brought it down so they could reverse-engineer it. This happened only one month after a paper was published on the internet by Nils Ole Tippenhaur on GPS Spoofing Attacks. “It’s a PDF file… essentially, a blueprint for hackers,” said Esti Peshin, director of cyber programs for an Israeli defense contractor. (Russon 2015).

The first thing that shows up on Google when you type in “UAV cyberattack” is the PDF written by Tippenhaur, which gives step-by-step instructions on how to spoof GPS coordinates. The paper also details the programming languages used in creating drone software, saying it’s either C or C++, both of which are known to have vulnerabilities. Using this information, you could potentially land a U.S. drone in your back yard.

Since the paper was published in 2011, the U.S. Government has tried to combat this by heightening security on the UAVs, but as of May 8th, 2015, when the article by Russon was written, there’s been no substantial change in the drone software. The government is currently developing an “unhackable” drone, but that may not be finished until the end of 2017. Until then, we remain vulnerable to attacks by our own country’s drones.

 

In Closing

By now, you’ve probably heard about the OPM hack. The Office of Personnel Management is basically the Human Resource Department for many government jobs. They have records of almost everyone who works in a government position.

You may be thinking that an office that handles this kind of sensitive information would be one of the most secure agencies in the world, right? Well, I guess not. It was hacked, (no official date was determined, as many people say it had been hacked for months before anyone realized it) and the U.S. seems to be pointing fingers at China.

Whether or not China did this is beyond the scope of this article. The point is that the attackers now have personal information of over 10 million people that have worked for the government in any way, potentially including me. (Auerbach 2015).

The data was unencrypted, which is a huge problem and recent reports are telling us that the systems weren’t even that hard to break in to (another huge problem). Shouldn’t the department that has some of the nation’s most sensitive data be one of the most secured? People are even saying that this attack could be more catastrophic than the 9/11 attacks.

This is a major problem that needs to be fixed, and it needs to be fixed soon. All examples above show the importance of the cyber security field, and the importance of websites like the one you’re on now. With new technology emerging every day, we need people with the knowledge of how to secure these systems. There is no way around it.

To effectively achieve the goals of a terrorist organization, you need not use violence, or even threaten it. The easiest way to bring a nation to its knees is to use the technological systems people use every day against them. When or if this approach doesn’t work, cyberterrorism can easily be mutated to orchestrate physical attacks, such as the Sony example or the drone example.

Our nation’s security depends on our technological systems. If we don’t have secure technology, we’re completely unable to fight back against threats. This is why technology needs to be taken extremely seriously. This applies when creating new systems, deleting old systems and/or editing the current systems.

When computers and the internet were first being built, they were designed to work, not necessarily to keep unauthorized users out.  Security was not an issue or necessarily a concern. Today, without integrating strong security into new technology, it becomes useless. All current applications and devices need to be built with security in mind, or they can (and will) ultimately be used against us.

If you have any questions, please feel free to contact me at alanr917@hotmail.com, or my LinkedIn page at this URL:https://www.linkedin.com/pub/alan-raff/80/172/9a2

 

Works Cited

Arbor. “Digital Attack Map.” What Is a DDoS Attack? Arbor Networks Inc, 2013. Web. 07 Apr. 2015. <http://www.digitalattackmap.com/understanding-ddos/>.

Gallagher, Sean. ““Funded Hacktivism” or Cyber-terrorists, AmEx Attackers Have Big Bankroll.” Arstechnica. Arstechnica, 2013. Web. 07 Apr. 2015. <http://arstechnica.com/security/2013/03/funded-hacktivism-or-cyber-terrorists-amex-attackers-have-big-bankroll/>.

RBS. “A Breakdown and Analysis of the December, 2014 Sony Hack.” Risk Based Security. Risk Based Security, 2014. Web. 29 Apr. 2015. <https://www.riskbasedsecurity.com/2014/12/a-breakdown-and-analysis-of-the-december-2014-sony-hack/>.

Anonymous. “Anonymous: Operation Ice ISIS (#OpIceISIS).” YouTube. YouTube, 2014. Web. 29 Apr. 2015. <https://www.youtube.com/watch?v=_kJtvFUMELM>.

Russon, Mary-Ann. “Wondering How to Hack a Military Drone? It’s All on Google.” International Business Times. IBTimes, 2015. Web. 13 May 2015. <http://www.ibtimes.co.uk/wondering-how-hack-military-drone-its-all-google-1500326>.

 

Auerbach, David. “The OPM Breach Is a Catastrophe. Here’s What the Government Must Do to Stop the Next Hack.” Slate.com. Slate, 2015. Web. 19 June 2015.


By Alan Raff

I’m a Computer Security student at the Rochester Institute of Technology. I am on my third technology internship and currently work for the Massachusetts Port Authority as a Cyber Security intern.

I have a strong interest in the cyber-security field, and an even stronger background. I’ve been working with computers since the fifth grade – creating things, then seeing how to hack into them to make them more secure.

I’m studying for the Security+ exam, which I plan to take later this month. I have also been in Police Explorers for the past four years and developed a prototype version of a Taser-type tool. I love experimenting and combining my passion for computers with the necessity of law enforcement.

This information above is an overview of cyberterrorism, hacktivism and cyber espionage. The views in this paper are mostly my opinions, but are strongly based on facts. Needless to say, your opinions may differ regarding this material. Please be respectful with the comments.

 

Save

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
24 Comments
  1. Nice write up!

  2. nice article, thanks for sharing.

  3. Good one Thanks for sharing all these details

  4. Very well written paper with great examples.. Thanks for sharing

  5. Hi Alan; we share a passing in regards ports, Maritime, cargo logistics safe and secure.
    I am wondering how your prototype taze is coming along. Sfpd is exploring options in non lethal
    To include your idea. Let me know. If ready the criminal Sci depth
    At City College is a potential test option intro. Salutes, jim.

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel