IWS - The Information Warfare Site
News Watch Make a donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Computer Terrorism : What are the risks ?

 

Chapter 5: Computer Terrorism

Introduction

Until now, I have tried to give a rather broad outline of our vulnerability with regards t ocomputers, and I hope that I have have convinced you that we are sitting on a bomb. It is time, now, to determine if a terrorist organization could to use computer either as arms, or as targets, with an aim of continuing its fight, usually carried out by bombings or removals.

In January 1995, a conferecne was held in Montreal 14 on information warfare, that brought together Canadian, American and European soldiers, as well as representatives of the FBI and Canadian Service of Information and Security. One of the topics of discussion was the attack of New York's World Trade Center, in February 1993. This attack, which at first seems to have nothing to do with the conference's subject, can be regarded as one of the first acts of computer terrorism. There were less material damages than "virtual" ones. Thousands of firms were unable to connect their computers to the rest of the world for many days. According to studies, this situation generated losses evaluated at more than 700 million dollars, during the first week! [VOIR1] [SZAFR1]

Definition

Let's define, the concept of "computer terrorism". Since this subject is not treated as such in literature, I propose two definitions:

Computer terrorism is the act of destroying or of corrupting computer systems with an aim of destabilizing a country or of applying pressure on a government.

Computer terrorism is the act of doing something intended to destabilize a country or to aply pressure on a government by using methods classified in the category of computer crimes.

It is possible to carry out three types of actions against an information system, a physical, syntactic or semantic attack [GARIG1]

  • The physical attack consists of damaging equipment in a " traditional " way, bomb, fire, etc.
  • The syntactic attack consists of modifying the logic of the system in order to introduce delays or to makethe system unpredictable. An attack by means of a virus or of a Trojan horse is included in this category.
  • The semantic attack is more perfidious. It exploits the confidence that the users have in their system.It consist of modifying information that is entering or exiting the system, without the users' knowledge, in order to induce errors.

Reflections

After having listed a large number of weaknesses in information processing systems, and to having shown how easily it is possible to introduce chaos even from remote location, it is interesting to wonder why have terrorist computer attack not yet occured ? 15

If we look at the last wave of terrorist attacks in France (1995), carried out by Islamistes Algerian of the GIA (Armed Islamic Group) an answer may be that these groups rejecting the westernization of their country, reject consequently associated technology, and are thus not able to effectuate computer terrorism. Moreover, and I believe that it is the principal reason, disproportion of the means to implement computer terrorism results in the fact that terrorist groups remain confined to traditional method.

Means to implementation

According to the theory of the class 3 information warfare, this type of conflict requires much less human and financial resources than a conflict with "traditional" weapons. this is the case because the cost of modern conflicts are very expensive, but, if we look at the absolute value of the investment for terrorism, the result/cost ratio is strongly against computer terrorism, compared to "traditional" terrorism.

If we take the case of a tiny terrorist group, it is able,with a small account of financial and logistical support, to carry out some home-made bombs and to create panic accross a country 16. In the case of the attack to the administrative building of Oklahoma City, in April 1995, the home-made bomb made of fertilizers, causied the death of nearly 100 persons, was aparently the act of a single terrorist! In these two cases, with the same investment, it would have been impossible to them to produce the same psychological effect with computer attacks.

Computer terrorism must be seen as an act similar to an act of war.It needs to be effective to establish a long-term strategy and to have control of very large number of factors. Hacking of computer systems (many different) in a perfectly synchronized way, as well as the infiltration of agents in various companies with an aim of inserting Trojan horses or back doors, is a long-term job.

Field of application

This kind of terrorism does not lend itself to reprisals following a precise event such as arrests or the assassination of a movement leader, except if the possibility had been envisaged a long time in advance.

The ideal framework for the use of such weapons is the prelude to a war, a kind of "electronic Pearl Harbor" 17 . It is currently one of main fears of the people in charge of American defense. As the United States has a strong interventionist policy (cops of the world ), a country deciding to attack its neighbor (ally of the USA) would have an interest to initially conduct a computer attack against the USA, before dealing with its genuine target 18. As a plan of invasion is not hastily established, it is conceivable to include a plan in order to first neutralize any response coming from interventionists country such as the USA or France.

Conclusion

As we are now at the end of this document, it is time to answer the question that I asked at the beginning: "Computer Terrorism: What are the risks? ".

After having made this broad study, my opinion is that from the point of view of terrorist threats that Western countries have already encountered, there will not be a change to computer terrorism in the near future. On the other hand, movements such as the American militia, or the drug cartels who have embraced new technologies and who are thus completely immersed in the information society, are lmore ikely to carry out an offensive in Cyberspace.

From the military point of view, I am of the opinion that a scenario of the type of those used in simulation by the American army is very plausible. It would be suicidal for any dictator such as Saddam Hussein at the present time to conceive a major offensive without benefiting of the advantages from the principal Achilles' heel of the Western civilization: information systems.

At present, information warfare worries the Western governments and they are taking measures in order to avoid being an easy target. However, the task to be achieved is colossal. to just secure military systems one will already need years and millions of dollars, without even touching civilian infrastructures.

It is impossible to know at the moment when you read these lines, if a computer attack is preparing or if it already started. Who knows if universally widespread software like Microsoft Windows or Netscape Navigator are not Trojan horses?

Previous page
Notes
Bibliography
Contents
Lexicon