econintersect.com
       
  

FREE NEWSLETTER: Econintersect sends a nightly newsletter highlighting news events of the day, and providing a summary of new articles posted on the website. Econintersect will not sell or pass your email address to others per our privacy policy. You can cancel this subscription at any time by selecting the unsubscribing link in the footer of each email.



posted on 23 October 2015

The Coming Age Of Cyberterrorism

from STRATFOR

-- this post authored by Scott Stewart

The Islamic State is trying to hack U.S. power companies, U.S. officials told a gathering of American energy firms Oct. 15, CNNMoney reported. The story quoted John Riggi, a section chief at the FBI's cyber division, as saying the Islamic State has, "Strong intent. Thankfully, low capability ... But the concern is that they'll buy that capability."

The same day the CNNMoney report was published, the U.S. Department of Justice announced the arrest of Ardit Ferizi - a citizen of Kosovo and known hacker, apprehended in Malaysia - on a U.S. provisional arrest warrant. The Justice Department charged Ferizi with providing material support to the Islamic State, computer hacking and identity theft, all in conjunction with the theft and release of personally identifiable information belonging to 1,351 U.S. service members and civilian government employees stolen from the servers of an unnamed U.S. retail chain.

According to the Justice Department, Ferizi provided the stolen personal information to the Islamic State's Junaid Hussain (aka Abu al-Britani) who was subsequently killed in an airstrike in the Islamic State's self-proclaimed capital of Raqqa, Syria.

On Aug. 11, Hussain tweeted in the name of the Islamic State Hacking Division a link to a 30-page document that contained the information allegedly stolen by Ferizi. The document threatened "we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands!"

The two incidents are examples of real hacking in contrast to previous actions by jihadist hackers in which they've done things labeled "hacking," such as guessing or resetting the passwords for social media accounts. The incidents clearly show the strong intent to develop a robust cyberwarfare capability. Because of this, they have me thinking about cyberterrorism. It's important to recognize that the Islamic State is not the only non-state actor that wants to develop such a cyberterrorism capability: A wide range of radical groups from anarchist hacktivists to neo-Nazis are also pursuing such programs. This universe of malefactors almost ensures that by skill or by chance, one of them eventually will manage to cross the Rubicon and conduct a hack that actually kills people, causes damage and produces panic and terror, ushering in the age of cyberterrorism.

Going Deadly

Having your personal information or email published can be threatening and serve as an incredibly intimate invasion of privacy - trust me. Thanks to WikiLeaks, the entire world can now read years of my emails, documenting for example that I am still very much in love with my wife of 29 years. But while such hacks are bothersome, they are not immediately deadly. "Doxing," slang for publishing personal information about individuals on the Internet, is also intimidating, but not directly deadly; victims can move (albeit with great inconvenience) or take increased security measures to protect themselves from physical harm after being doxed.

But the Holy Grail for cyber terrorists is the ability to conduct attacks that result in death or significant destruction - attacks that provoke terror - with just the stroke of a keyboard. To date, the very few seriously destructive hacks we have seen have been conducted by state sponsors such as the authors of the Stuxnet malware. Indeed, most private hackers seek money, thrills or merely "lulz" (i.e., laughs), and so they have not really focused on cyberwarfare - or more accurately, asymmetrical cyberterrorism - as much as they have cyber theft and cyber vandalism.

Cyberwarfare has largely been the province of nation states, and it is generally believed by cyber security experts that wide-scale cyberwarfare can be conducted only by national actors. Perhaps this is true, but what about cyberterrorism? Can an enemy employ asymmetrical warfare in the cyber realm? As noted by John Riggi, a terrorist group doesn't need to develop the malware for a hack itself. It can buy malware from a commercial hacking crew and then repurpose it for a more malicious purpose than simply stealing. State sponsorship is also a potential way for terrorist actors to gain access to malware tools for asymmetrical cyberterrorist attacks.

While I am not a cyber security expert by any means, I see many parallels between the physical world and the cyber world when it comes to terrorism and cyberattacks becoming deadly.

Soft Targets

First, as in the physical world, it is simply not possible to safeguard everything in the cyber world to the highest degree. Security resources are costly and limited, and therefore priority must be given to protecting the most important targets and those where an attack would cause the most damage.

For example, I think everyone would agree that nuclear power plants should receive first-rate protection from physical attack. By contrast, it is simply not possible to provide that same level of security for every electrical substation - much less every transmission tower and power pole - on the lines between the nuclear plant and the consumers who receive the electricity. By necessity, there is an array of "soft targets" somewhere in the electrical system, and indeed, our society is filled with vulnerable targets. These soft targets are often chosen simply because of their vulnerability to terrorist attacks, especially by terrorist operatives who lack sophisticated tradecraft.

I believe that there are similar soft, vulnerable targets in the cyber realm and that some of them can and will be attacked in a manner that could result in death and destruction, though on a much smaller scale than a cyberwarfare attack by a nation state. In many ways, this would be similar to attempts by terrorists to obtain and use chemical or biological weapons and the difficulty they have faced in making these programs as effective as a nation state's chemical or biological weapons program.

But despite the difficulty asymmetrical actors face in attaining nation state capabilities, cyberterrorists doesn't need to destroy a nuclear power plant or take down the North American electrical grid to cause panic. All they need is the cyber equivalent of a primitive chemical weapon or a pressure cooker bomb. As we progressively automate and interconnect our lives, there are an increasing number of items attached to the Internet that a creative person could use to cause simple mayhem.

Reaching Out

For the past several years, jihadist groups have struggled to get trained terrorist cadres into the United States and Europe. In light of the difficulty of accomplishing this, they have advocated the leaderless resistance model of operations for jihadists living in the West. They have also sought to extend their reach through remote attacks using underwear and printer bombs. In these attacks, the bombs were designed and built by trained terrorists and then transported using a grassroots terrorist suicide bomber or sent via airfreight.

For the most part, the Internet does not stop at national borders, and it is quite common for hacks to be conducted from another country and for hackers like Ferizi to skip across the globe using compromised systems in several different countries to hide their trail. This means that cyberterrorists can also hack transnationally without having to travel to the country their target is located in.

Another consideration is the possibility of an insider threat. As we've seen in cases like those involving Chelsea Manning and Edward Snowden, an insider can compromise a great deal of information. Beyond stealing data, an insider could also be used to provide an external hacker a detailed understanding of a targeted system, or even to inject malware into the system itself.

Maintaining Perspective

Another way that cyberterrorist attacks will mirror attacks in the physical world is that the perpetrators will need to follow an attack cycle, known in hacker parlance as a "kill chain." This means that there will be places along that cycle where their efforts are vulnerable to detection - especially if they are probing systems with high levels of security that are on-guard for such probes. In fact, the aforementioned FBI warning that the Islamic State is attempting to hack power companies is the result of such preventive surveillance activities.

While I do believe that we will see a cyberterrorist attack that succeeds in killing people in the next few years - and that such an attack will create widespread panic - I do not see a scenario whereby these asymmetrical actors can develop nation state-type capabilities, and I expect that deadly cyberterrorism attacks will remain few and far between. I also anticipate that the attacks will cause fewer deaths than simple firearms attacks.

Because of the novelty of cyberterrorism, however, any attack will generate an incredible amount of hype from terror magnifiers. Cyberattacks will also victimize a lot of people vicariously and create widespread panic far out of proportion to the real impact of the action, just as grassroots terrorist attacks have done. Because of this, it will be very important for people to keep these attacks in the proper perspective - everyday citizens can rob terrorists of their power by doing just that. Terrorism is not going away, and those practicing it will continue to develop and employ new weapons. Yet, it is possible to separate terror from terrorism.

"The Coming Age Of Cyberterrorism" is republished with permission of Stratfor, a geopolitical intelligence and advisory firm based in Austin, Texas.

>>>>> Scroll down to view and make comments <<<<<<

Click here for Historical News Post Listing










Make a Comment

Econintersect wants your comments, data and opinion on the articles posted.  As the internet is a "war zone" of trolls, hackers and spammers - Econintersect must balance its defences against ease of commenting.  We have joined with Livefyre to manage our comment streams.

To comment, using Livefyre just click the "Sign In" button at the top-left corner of the comment box below. You can create a commenting account using your favorite social network such as Twitter, Facebook, Google+, LinkedIn or Open ID - or open a Livefyre account using your email address.



You can also comment using Facebook directly using he comment block below.





Econintersect Contributors


search_box

Print this page or create a PDF file of this page
Print Friendly and PDF


The growing use of ad blocking software is creating a shortfall in covering our fixed expenses. Please consider a donation to Econintersect to allow continuing output of quality and balanced financial and economic news and analysis.


Take a look at what is going on inside of Econintersect.com
Main Home
Analysis Blog
Joan Robinson’s Critique of Marginal Utility Theory
The Truth About Trade Agreements - and Why We Need Them
News Blog
How To Stop Using Filler Words Like Um And Uh
02 December 2016: ECRI's WLI Growth Index Improvement Continues
Preliminary December 2016 Michigan Consumer Sentiment Highest Since Early 2015
October 2016 Wholesale Sales Improved
Rail Week Ending 03 December 2016: Finally A Positive Month
November 2016 CBO Monthly Budget Review: Total Receipts Up by 1 Percent in the First Two Months of Fiscal Year 2017
Infographic Of The Day: Copyright - Illegal Download
Early Headlines: Asia Stocks Mixed, Oil Steady, Bank Mafia, Trump To Remain TV Producer, US Life Expectancy Down, India Stocks Suffering, Park Impeached, China Struggles To Support Yuan And More
Heavy Metal And Hard Rock Albums That Went Certified Diamond Status
Down The Drain: Wastewater With The Most Cocaine
Apple's App Store Set For 5 Million Apps By 2020
How Can The UK Government Meet Its Legal Air Pollution Targets?
Most Gun Deaths In The United States Have A Tragic Motive
Investing Blog
Are Your Trade Entries Patient Enough?
Investing.com Technical Summary 08 December 2016
Opinion Blog
Looking At Everything: Trump's $1 Trillion Infrastructure Plan
The Global Financial Mess Is Due To Political Failure
Precious Metals Blog
Silver Prices Rebounded Today: Where They Are Headed
Live Markets
09Dec2016 Market Update: New Highs, New Correction Concerns Loom, Short-term Indicators Remain Bullish
Amazon Books & More






.... and keep up with economic news using our dynamic economic newspapers with the largest international coverage on the internet
Asia / Pacific
Europe
Middle East / Africa
Americas
USA Government



Crowdfunding ....






























 navigate econintersect.com

Blogs

Analysis Blog
News Blog
Investing Blog
Opinion Blog
Precious Metals Blog
Markets Blog
Video of the Day
Weather

Newspapers

Asia / Pacific
Europe
Middle East / Africa
Americas
USA Government
     

RSS Feeds / Social Media

Combined Econintersect Feed
Google+
Facebook
Twitter
Digg

Free Newsletter

Marketplace - Books & More

Economic Forecast

Content Contribution

Contact

About

  Top Economics Site

Investing.com Contributor TalkMarkets Contributor Finance Blogs Free PageRank Checker Active Search Results Google+

This Web Page by Steven Hansen ---- Copyright 2010 - 2016 Econintersect LLC - all rights reserved