Academic Editor:Sunpreet Singh, Department of Mechanical Engineering, Lovely Professional University, Phagwara, Punjab 144411, India.
Checked for plagiarism: Yes
Does Digital Terrorism Really Exist?
This paper attempts to answer the question of whether digital terrorism, also known as cyberterrorism, exists. The paper defines terrorism both in the conventional and digital sense. It then gives a short history of conventional terrorism, dating back two thousand years and ending with the terrorist activities in several third-world nations. The essay then discusses digital terrorism, highlighting the Estonian, Georgian, and Ukrainian cyber-attacks. The work concludes that digital terrorism does indeed exist, but that the future is uncertain in the sense that future cyber-attacks will probably not resemble past attacks as the technology advances.
According to Merriam-Webster’s Dictionary, terrorism is “the systematic use of terror especially as a means of coercion”1. Jenkins defined terrorism to be “the systematic use of violence to create a general climate of fear in a population and thereby to bring about a particular political objective”2. Terrorism is a tactic that has been practiced “by nationalistic and religious groups, by revolutionaries, and by armies, intelligence services, and police”3. Hoffman defined terrorism as an act of violence or the threat of violence that is employed in pursuing a political goal4. Richardson wrote that terrorism is an act that deliberately and violently targets civilians for political reasons5. According to Richardson, in dealing with terrorism, the point is not to rid the world of terrorism, but rather to manage and contain it so that its effects are mitigated6. Walzer observed that the purpose of terrorism is to deliberately and randomly kill innocent people to spread fear throughout the population with the intent of changing the behavior of political leaders7. Coady observed that the definition of terrorism could not be resolved because it is mainly polemical, ideological, and propaganda-oriented8. Finally, according to the United Nations Security Council (“UNSC”) in Resolution 1566, terrorism is criminal act against civilians “committed with the intent to cause death or serious bodily injury, or taking of hostages, with the purpose to provoke a state of terror in the general public or in a group of persons or particular persons …”9.
In contrast, digital terrorism, or cyberterrorism as it is also known, is a controversial term. Cyberterrorism can be narrowly defined as disruptive attacks by recognized terrorist organizations against computer systems with the intent of generating an alarm, panic, or the physical disruption of the information system, or it can be defined to encompass cybercrime10. Digital terrorism can be described as the intentional employment of computers, networks, andAccording to Merriam-Webster’s Dictionary, terrorism is “the systematic use of terror especially as a means of coercion the Internet to create harm and damage in the promotion of personal objectives through hacking government systems, hospital records, or even national security programs such that an organization or country may end up fearing future digital attacks11. Similar to the definition of garden variety terrorism, the objective is political or ideological, where the idea is to disrupt the status quo and change the behavior of the leaders of organizations or nations12.
The question that this essay is attempting to answer is whether digital terrorism or what is commonly known as cyber terrorism exists. When questions regarding the existence of a notion are asked, the answer depends on its definition. According to the definitions of terrorism discussed above, the purpose of terrorism is to make individuals of an organization or a government fearful by disrupting the processes that operate within that organization or government or by killing or maiming those individuals13. The common ground between the definition of conventional terrorism and the definition of cyber terrorism is that both activities attempt to disrupt the processes of an organization or government14. The difference in the two definitions hinges on whether the killing and maiming of individuals are critical to the meaning of cyber terrorism15.
If the killing and maiming of people is an inherent characteristic of cyber terrorism, there would be seemingly little or no difference between conventional terrorism and cyberterrorism. In cyber terrorism, the means of conducting the attack has shifted from a direct kinetic attack to a cyber-attack, where the kinetic effects are a consequence of the cyber-attack16. A significant difference between conventional terrorism and cyber terrorism is that the frequency of digital terrorist attacks dwarfs the rate of traditional terrorist attacks17. Digital terrorist attacks occur daily, where hundreds of thousands, if not millions of people are adversely affected by the offense18. See Table 1 for a sampling of the volume of people affected by data breaches or cyber-attacks just in the United States in 2019 and 202019.Table 1. Serious Data Breaches in 2019 and 2020
|550px||February 15, 2019||14.8 million|
|Antheus Technologies||March 11, 2020||81.6+ million|
|Ascension||January 23, 2019||24 million|
|Bodybuilding.com||April 22, 2019||9 million|
|CafePress||August 05, 2019||23 million|
|Capital One||July 29, 2019||100 million|
|Dow Jones||March 01, 2019||2.4 million|
|Dutch Government||March 11, 2020||6.9 million|
|Emuparadise||June 10, 2019||11 million|
|December 19 2019||267 million|
|First American||May 25, 2019||885 million|
|Hostinger||August 25, 2019||14 million|
|Labcorp||June 04, 2019||7.7 million|
|LifeLabs||December 17, 2019||15 million|
|Marriott||March 31, 2020||5.2 million|
|Microsoft||January 22, 2020`||250 million|
|Quest Diagnostics||June 03, 2019||11.9 million|
|UniCredit||October 28, 2019||3 million|
|Wyze||December 30, 2019||2.4 million|
In contrast to digital or cyber terrorism, conventional terrorist attacks are relatively infrequent. Most people are aware of the terrorist attack on the World Trade Center on September 11, 200120. However, fewer people are aware of the 1993 attack on the World Trade Center, where six people were killed,and more than 1,000 people were injured21. In this attack, an explosion created a hole in the World Trade Center 200 feet by 100 feet and was several stories deep, causing the PATH station ceiling to collapse22. The cause of the explosion was a 1,200-pound bomb that was located in a Ryder truck, parked in a garage underneath the Center23. Fifty-thousand (50,000) people were evacuated from the World Trade Center because of the attack24.
Another conventional terrorist attack occurred on March 11, 2004, where 191 people were killed, and more than 1,800 people were injured in Madrid, Spain25. Ten bombs located in backpacks and other small bags exploded on four commuter trains26. Still another attack occurred in Montrouge, a suburb of Paris, France where from January 07, 2015, to January 09, 2015, seventeen people were killed when Muslim terrorists attacked the headquarters of the magazine Charlie Hebdo because the magazine had recently published satirical cartoons about the Islamic prophet Mohammad27. Although these terrorist attacks occurred in America and Europe, conventional terrorist attacks are international, where no nation is seemingly immune. For example, there is the Moscow theater hostage crisis, also known as the 2002 Nord-Ost siege, where 40 armed Chechens seized the crowded Dubrovka Theater on October 23, 200228. Because of the attack, there were approximately 900 hostages and 130 Russians that died29. Other conventional terrorist activities include the Bosnian genocide of 1992, the Rwandan genocide of 1994, and the on-going Boko Haram killings in Nigeria30,31,32. In China, it is difficult to verify the nature and magnitude of China’s terrorism issues33. However, China does have a terrorism problem34. For example, on September 30, 2015, there was an explosion of 17 package bombs in the Guangxi Province that killed seven people35. Although not as frequent as digital terrorism, it appears that conventional terrorism is alive and well and active throughout the world.
The word “terror” is derived from the Latin verb “tersere” which then evolved into the word “terrere”36. The word “tersere” is also the Latin root word for the English word “terrible”37. In the Middle Ages, the word became “terrour,” and in modern times, the letter “u” was dropped, thereby arriving at the word “terror”38.
Terrorism is a tactic and began thousands of years ago. During the 1st Century C.E., Jewish Zealots in Judea rebelled against Roman rule39. According to Josephus Flavius and Whiston, an extreme offshoot of the Zealots, known as the Sicarii (“dagger men”), targeted temple priests, Sadducees, Herodians, and other Jewish collaborators by stabbing them to death with short daggers that they hid underneath their cloaks40. On November 05, 1605, a group of conspirators that was headed by Robert Catesby tried to destroy the English Parliament when Guy Fawkes planted a large quantity of gunpowder beneath the Palace of Westminster41. The intent was to kill James I, then King of England, along with the members of both houses of Parliament, thereby restoring Catholicism to the kingdom42. The plot was uncovered, and all of the conspirators were killed. This terrorist attack is now known as the Gunpowder Plot43.
During the French Revolution of 1789 and the years that followed before the reign of Napoleon Bonaparte, terrorism took on a whole new meaning. The Parisian Reign of Terror lasted from mid-1793 and ended with the fall of Maximilian Robespierre in July 179444. It was a period where the French monarchy and nobilitywere systematically executed45. At the time, Paris was ruled by the Committee of Public Safety that directed mass executions with public purges of the nobility of individuals who were considered royalists46. It should be noted that the Constitution of the United States was ratified in 1789, the same year when the French Revolution began47.
In Europe, there were the Revolutions of 1848, beginning in France in February of that year and spreading across the continent. These revolutions were fundamentally bourgeois revolutions with the goal of removing the old monarchical structures and creating independent and democratic nation-states48. They were an ad hoc series of revolutions across Europe, where the proponents were seen as terrorists by the ruling class49. The Paris Commune was a radical socialist government that ruled Paris from March 18, 1871, to May 28, 187150. With the capture of Emperor Napoleon III in September 1870 during the Franco-Prussian War, the Second French Empire collapsed, and the Third Republic began51. Paris was under siege for four months, and it was an opportunity for the French socialists to seize power in Paris52. Fortune did not favor the radical socialists, as the rest of France and the conquering Prussians perceived them to be terrorists53. When the Commune was overthrown, it was estimated that there were over 20,000 Commune causalities54.
In August 1914, World War I broke out55. When the Kaiser’s army beat the Russian army, and Czar Nicholas II sued for peace, the Germans returned Vladimir Ilyich Ulyanov, more commonly known as Vladimir Lenin, to Russia56. Lenin proceeded to organize the Communists in the country. In 1917, he played a leading role in the October Revolution, where the Bolsheviks overthrew the provisional government, which was formed after the Czar was ousted from power57. Lenin was a divisive individual who was perceived as a champion of socialism by his supporters and the founder of a repressive and authoritarian regime responsible for mass killings and political repression by his opponents58.
After World War II ended in August 1945, it seemed that the world was tired of war59. The United Nations, the successor of the failed League of Nations, was founded on October 24, 1945, in San Francisco, California60. After experiencing two world wars in 20 years, the world seemed ready for peace61. In the 1950s and 1960s, the European powers that had colonies in Africa and other continents decided to make the fledglings fly62. One African nation after another received their independence63. The results of this effort were mixed. At times, the results were violent revolutions and terrorist attacks, typically along tribal lines64. These political upheavals and acts of terrorism have lasted for decades and are currently still occurring in several nations on the continent65.
The rise in cyber-terrorism paralleled the growth of the Internet in the 1990s66. With emerging information-based society, came the risks of cyber terrorists being able to damage data with computer attacks. From a psychological perspective, the word “cyberterrorism” combines the fear of violent actions with the fear of technology. The reason is that an unknown threat is perceived to be more powerful psychologically than a known threat, such as a terrorist bomb. After 9/11, the two fears of a violent attack and technology were merged into one idea – cyberterrorism. When the political dimension was added to the mix, the debate about national security reached a fever pitch, where al Qaeda was seen to be able to use technology to perpetrate nightmarish kinetic damage. The lack of reliable information, or more importantly, the plethora of misinformation, led to the hysteria that al Qaeda and Iraq were capable of employing cyber tools to disable American defenses. The result was an aggressive American policy to combat cyber warfare and cyber terrorism, where the FBI requested and obtained from Congress $4.5 billion for infrastructure security and the ability to hire over 1,000 cyber investigators. This call to action had all of the makings of a suave James Bond rolled into the geekish Bill Gates67.
Through cyberterrorism against governments, private servers, networks, or other electronic devices, hackers can damage systems using viruses, worms, or Trojans, launching denial-of-service (“DoS”) attacks, defacing websites, or even demanding that governments or companies pay substantial ransoms68. Examples of cyberterrorism include:
Global terror networks that disrupt major sites by initiating public nuisances or stopping Internet traffic;
International cyberterrorists accessing and then disabling or modifying signals to military technology;
Cyberterrorists targeting critical infrastructure systems such as a water treatment plant or an electrical grid; or
Cyberespionage that carried out by governments or private organizations to spy on intelligence communications69.
Cyberterrorists can employ a variety of methods to attack a network. They may access a network or a server and then wait for an opportune time to strike70. A cyber terrorist could steal data rather than damage a network if the information is valuable71. For example, in 2015, it was reported that the Chinese stole security clearance information on 22.1 million Americans with security clearances, including employees, contractors, as well as family and friends72. Viruses, worms, and other computer malware can jeopardize water supplies, transportation systems, power grids, critical infrastructure, and military systems73. For example, in Ukraine, a virus was discovered that disabled the country’s power grid74. DoS attacks can be conducted against both governments and private companies75. For example, one of the more significant DoS attack as of this writing occurred in February 2018, where GitHub, public source code management service that is used by millions of software developers, experienced an incoming attack traffic rate of 1.3 terabytes per second76. Other forms of cyber-attacks include ransomware where computers are held hostage until a specified ransom is paid or phishing attacks where cybercriminals attempt to collect information through email and other means to commit identity theft77. Yet another type of cyber-attack can occur nations, particularly when the state actors are engaging in asymmetric warfare in furtherance of their own ends78.
The defenses against cyberterrorism vary depending on the type of attack. The installation of effective anti-virus software, as well as periodically checking systems for the presence of malware, can effectively mitigate cyber-attacks79. Even so, constant vigilance is necessary as cybercriminals and cyberterrorists are continually developing new methods to thwart cybersecurity80.
In the past decade, there have been three significant cyberterrorism acts that have been extensively covered in the literature. They include the Estonian cyber-attack, the Georgian cyber-attack, and the Ukrainian cyber-attack. These examples were selected because the cyber-attacks affected large portions of the infrastructures of the countries under consideration. The examples reflect the magnitude of the harm that has occurred in the past, and can occur in the present and future.
The Estonian cyber-attack began on Friday, April 27, 2007, and ended on Friday, May 18, 2007. The attack lasted for three weeks81. The attack was precipitated by the Estonian government’s decision to move a Soviet World War II memorial of a Bronze soldier two meters high from central Tallinn, the capital city of Estonia, to a military cemetery. During World War II-related holidays, individuals commemorated their losses by placing flowers on the Tallinn site. However, with time, these events increasingly provoked hostile actions against the Estonian government. The movement of the statute was countered by intense opposition by the Russian government and Russian media. Protests in the streets quickly devolved into riots. The Estonian embassy went under siege, and the Estonian ambassador to Russia was physically harassed82.
In Estonia, there was almost universal access to the Internet. The government promoted information technology to increase the administrative ability to foster communications between Estonian citizens and their government. The Estonian government became virtually paperless in 200183.
The cyber attackers employed three methods against the Estonian government and Estonian institutions. The attacks consisted of DoS attacks, Distributed Denial of Service (“DDoS”) attacks, website defacement, attacks against Data Name Servers (“DNS”), and mass email comment spam. The attacks of April 27 through April 29 consisted of defacing government websites. These attacks were reasonablystraightforward using the ping command. However, as time went by, malformed web queries were employed against the sites of the government and media outlets84.
In the second phase of the attack, the first wave began on May 04, involving intense and precise attacks against websites and data name servers by using botnets, routing the attacks from proxy servers in other countries. The second wave lasted from May 09 through May 11. In Russia, May 09 is national holiday Victory Day, signifying the defeat of Nazi Germany in World War II. During the second phase, the DDoS attacks increased by 150 percent against government websites, lasting from May 09 to May 10. Hansapank, the largest Estonian bank, was also affected by the DDoS attacks85.
The third wave involved the hijacking of 85,000 Estonian computers, taking place from noon until midnight on May 15. The website for SEB EestiÜhispank, Estonia’s second-largest commercial bank, lasted for about 1.5 hours for Estonian customers and longer for customers outside the country. On May 18 or the fourth wave, both government and banking websites experienced DDoS attacks. The source of the attacks was traced to computers in 178 different countries. The attacks were politically motivated by individuals who were following instructions on Russian-language websites. The second phase of the attack appeared to be centrally controlled. There were only a few individuals that took credit for the attacks. The Russian government denied involvement in the cyber-attacks86.
The cyber-attack had a noticeable effect on the Estonian economy, which affected commerce, industry, and governance that relied on information and communications technology (“ICT”) infrastructure. Bank, media companies, government institutions, and small to medium businesses were all affected. The societal effect was that communication to public administration was significantly hampered along with the information flow to other countries. A side-effect was that the legitimate Internet traffic was clogged. There was substantial technical response employed, where international cooperation both from the European Union (“E.U.”) and the North Atlantic Treaty Organization (“NATO”). There was also increasing public awareness as Estonia worked with other countries to bring cybercriminals to justice87.
The lessons learned were manifold. The Estonian cyberattack raised international awareness that cyber-attacks were new forms of criminal activity in an information society. The attacks accentuated the need for mutual criminal assistance on an international level. The challenge was to appreciate that cyber-attacks have international implications affecting not only one country but also a global region or even the whole planet itself88.
The Georgian cyber-attack began on Friday, August 08, 2008, and ended on Thursday, August 28, 2008. The attack lasted for three weeks. The attack was precipitated by an armed conflict between the Russian Federation and the country of Georgia over South Ossetia. In 2008, the Internet had a low penetration rate of 7 percent of the population. At the time, Georgia was not heavily dependent on IT-infrastructure. There were limited options to connect to the Internet via land routes, where the connections that did exist heavily depended on Russia89.
There were several methods employed in the Georgian cyberattack. DoS and DDoS were involved, including the distribution of malicious M.S. batch scripts whose instructions exploited Structured Query Language (“SQL”) vulnerabilities90. Websites were also defaced, and email was used for targeting spamming attacks. The targets were the President of Georgia, the Georgian Parliament, Ministries, and the local government of Abkhazia. Financial institutions, such as banks, were also affected by the attacks. Although there was little or no evidence linking the Russian government or state organizations to the attacks, it was thought that Russian hackers were the culprit91. In essence, there is no conclusive proof as to who was behind the DDoS or defacement attacks.
The effects of the Georgian attacks were limited because of the kinetic military conflict between Russia and Georgia. Because of the lack of communication technology in Georgia at the time, the transmission of information to the outside world was constrained, particularly during the beginning of the conflict. Main communications operations were severely affected because most of the Georgian communications lines passed through Russia. Internet services had to be relocated to servers outside the country. National Community Emergency Response Team (“CERT”) assistance came from other countries92.
The Georgian academic center CERT mitigated the attack. It assumed the role of the Georgian national CERT at the time of the attack. There was a state-mandated blockage on Russian websites to control the flow of information and to free up bandwidth. Services to servers were relocated to other countries. The national CERTs from other countries were involved in helping Georgia overcome the cyber-attack93.
One of the significant lessons learned from the Georgian cyberattacks was the applicability to the Law of Armed Conflicts (“LOAC”). The right of a country to employ force against another state depends on the actions of the other state. The remedy must be proportionate to the threat and the harm incurred. The problem with the Georgian cyberattack was that it was difficult to estimate the direct effects of the attacks. Because the Georgian population was not highly dependent on Internet services, the cyber-attacks were not sufficiently serious to result in serious economic damage or human suffering. Thus, the application of the LOAC to the Georgian cyberattacks seems problematic at best and irrelevant and immaterial at worst. The challenges are that new approaches are needed to provide effective legal remedies, and that continued national information communication technologies (“ICT”) are essential94.
On December 23, 2015, Prykapattyapblenergo, a Ukrainian regional electricity distribution company, stated that the service outages experienced by its customers were because of a third party’s illegal entry into company’s computer and supervisory control and data acquisition (“SCADA”) systems95. The outage began at 3:35 PM local time. Seven 110 kilovolt (“kV”) and twenty-three 35 kV substations were disconnected from the Ukrainian power grid for three hours. The cyber-attack affected other portions of the distribution power grid, forcing the company to switch to manual mode96.
The Ukrainian news agencies conducted interviews and concluded that a foreign government had remotely controlled the SCADA electrical distribution system. It was initially estimated that the outage only affected 80,000 customers. However, it was later discovered that the electrical distribution grids for Chernivtsioblenergo and Kyivoblenerogo were affected. In total, 225,000 customers lost power due to the attack. These cyber-attacks in Ukraine were the first attacks that were publicly acknowledged to have resulted in power outages97.
There were a variety of capabilities that were demonstrated by the Ukrainian attacks, including spear-phishing emails, variations on Black Energy 3 malware, as well as altering Microsoft Office documents that contained the malware. The attack harvested credentials and information to gain admission to the Ukrainian ICT. The attackers advanced two SCADA hijack approaches, the first one was a custom hijack, and the other one was an agnostic hijack. The attackers were successful in employing them across different types of SCADA/DMS implementations. The attackers showed a desire to target field devices at substations, write custom malicious firmware, and ensure that certain devices were inoperable98.
It is not clear why these three oblenergoswere targeted. Lee et al gave the following possible decision factors:
Common systems and configurations;
Impact duration estimates;
Existing capabilities would achieve the desired results;
Risk level was reasonable; and
Access to act within the environment99.
The lessons learned are legion. The spear-phishing employed social engineering techniques to target the Ukrainian oblenergosneeds to whitelist extensively, identifying users that are given the specific privilege, service, mobility, access, or recognition. Because Black Energy 3was used, user passwords should be changed periodically. Data exfiltration and controlling access is critical. Finally, two-factor authentication with user tokens should be applied100.
The question originally posed by this essay was whether digital terrorism existed. The evidence presented above indicates not only that digital terrorism exists, but also that conventional terrorism is still rearing its ugly head. However, it is not the existence of digital terrorism, or more commonly known as cyberterrorism, that is the concern of both governments and individuals alike. Rather, the issue that seems to dominate the consciousness of society is: What will the next cyber-attack look like? Will it resemble the Estonian cyber-attack, the Georgian cyber-attack, or the Ukrainian cyber-attack? Will it be like when the Chinese stole security clearance information on 22.1 million Americans with security clearances? Will it be similar to the alleged Russian attack on the Democratic National Convention (“DNC”) servers? Will it be comparable to the recent GitHub cyber-attack, where the site experienced an incoming attack traffic rate of 1.3 terabytes per second? Or, will the next major attack be so new and unique that organizational defenses will be helpless to prevent it, mitigate it, or minimize the damages? This is what concerns the public today.
The good news, or rather the short answer, is that very shortly any new attack will probably be analogous to one or more of the cyber-attacks discussed above. For example, if a cyber-attack were to occur tomorrow, there would be little or no change in the technology. The attack would probably very closely resemble past attacks. The cyber-attack would probably use existing available technology. The technology would likely be computer towers, computer notebooks, and cell phones. There would be almost no change in the availability of the Internet of Things (“IoT”) (e.g., computers in automobiles, televisions, refrigerators, microwave ovens, etc.). Thus, a cyber-attack would probably be akin to previous attacks, depending on the existing hardware and software employed by the attackers and available at the target site.
However, in five, 10, or 20 years, the situation may dramatically change. The technology in this future period will probably be entirely different from the technology around us today. First, there is the IoT. Smart devices are being marketed and sold to consumers at a rapid pace101. (Johnson, 2018). The IoT will pervasively dominate our economy in the next five to 10 years. These devices will probably possess less than adequate security features because security concerns will likely be brushed aside in a rush to market102. Cyber attackers will probably note this situation and then exploit it.
Stuxnet and its variations will play a dramatic role in future cyber-attacks. When Stuxnet was used by the United States government a decade ago to disrupt Iranian centrifuges, a physical machine was involved that stopped working correctly103. The child or grandchild of Stuxnet could be employed to modify the actions of physical devices such as automobiles, televisions, refrigerators, or microwave ovens. These devices could be programmed by malware to stop functioning or even to explode. A car is by far the most potentially dangerous of the machines mentioned because it is large, heavy, moves quickly, and may contain a fairly large amount of gasoline, which is volatile104. With sophisticated computers inside controlling the operation of an automobile, cars could be employed to run people over, or even explode in crowded areas105. A Stuxnet-like virus that infected a car could be programmed to affect specific vehicles that would injure or kill particular individuals. When this type of cyber-attack occurs, under certain conditions, a kinetic response by a government may be entirely appropriate.
When looking 20 years into the future, human beings will probably be physically connected to the Internet via nanotechnology that is implanted into their bodies106. This technology could interact with human DNA, causing innumerable issues107. For example, a cyber-attack could consist of programming humans to perform actions that they normally would not do by circumventing human free will108. If the attack was sufficiently malicious, it might be possible to program humans to attack others or to do nothing when a defensive response would be appropriate. In this case, society could easily resemble a 1984 society or a Brave New World society, particularly with the advent of social media and the dark web109,110,111.
Thus, a future cyber-attack depends on the date and time that the attack occurs as well as the technology involved. Without this information, it is probably impossible to predict with any precision or accuracy what a future cyber-attack will resemble. It seems that the only impediment to a precise and accurate prediction is the imagination of a sage or a prophet. A prospective attacker will have no such limitation. He or she is already well aware that the future belongs to them.