Computer Terrorism : What are the risks
Chapter 5: Computer Terrorism
Until now, I have tried to give a rather broad outline of our vulnerability
with regards t ocomputers, and I hope that I have have convinced you that
we are sitting on a bomb. It is time, now, to determine if a terrorist
organization could to use computer either as arms, or as targets, with
an aim of continuing its fight, usually carried out by bombings or removals.
In January 1995, a conferecne was held in Montreal 14
on information warfare, that brought together Canadian, American and European
soldiers, as well as representatives of the FBI and Canadian Service of
Information and Security. One of the topics of discussion was the attack
of New York's World Trade Center, in February 1993. This attack, which
at first seems to have nothing to do with the conference's subject, can
be regarded as one of the first acts of computer terrorism. There were
less material damages than "virtual" ones. Thousands of firms
were unable to connect their computers to the rest of the world for many
days. According to studies, this situation generated losses evaluated
at more than 700 million dollars, during the first week! [VOIR1]
Let's define, the concept of "computer terrorism". Since this
subject is not treated as such in literature, I propose two definitions:
Computer terrorism is the act of
destroying or of corrupting computer systems with an aim of destabilizing
a country or of applying pressure on a government.
Computer terrorism is the act of
doing something intended to destabilize a country or to aply pressure
on a government by using methods classified in the category of computer
It is possible to carry out three types of actions against an information
system, a physical, syntactic or semantic attack [GARIG1]
- The physical attack consists of damaging equipment in
a " traditional " way, bomb, fire, etc.
- The syntactic attack consists of modifying the logic
of the system in order to introduce delays or to makethe system unpredictable.
An attack by means of a virus or of a Trojan horse is included in this
- The semantic attack is more perfidious. It exploits
the confidence that the users have in their system.It consist of modifying
information that is entering or exiting the system, without the users'
knowledge, in order to induce errors.
After having listed a large number of weaknesses in information processing
systems, and to having shown how easily it is possible to introduce chaos
even from remote location, it is interesting to wonder why have terrorist
computer attack not yet occured ? 15
If we look at the last wave of terrorist attacks in France (1995), carried
out by Islamistes Algerian of the GIA (Armed Islamic Group) an answer
may be that these groups rejecting the westernization of their country,
reject consequently associated technology, and are thus not able to effectuate
computer terrorism. Moreover, and I believe that it is the principal reason,
disproportion of the means to implement computer terrorism results in
the fact that terrorist groups remain confined to traditional method.
Means to implementation
According to the theory of the class 3 information warfare, this type
of conflict requires much less human and financial resources than a conflict
with "traditional" weapons. this is the case because the cost
of modern conflicts are very expensive, but, if we look at the absolute
value of the investment for terrorism, the result/cost ratio is strongly
against computer terrorism, compared to "traditional" terrorism.
If we take the case of a tiny terrorist group, it is able,with a small
account of financial and logistical support, to carry out some home-made
bombs and to create panic accross a country 16.
In the case of the attack to the administrative building of Oklahoma City,
in April 1995, the home-made bomb made of fertilizers, causied the death
of nearly 100 persons, was aparently the act of a single terrorist! In
these two cases, with the same investment, it would have been impossible
to them to produce the same psychological effect with computer attacks.
Computer terrorism must be seen as an act similar to an act of war.It
needs to be effective to establish a long-term strategy and to
have control of very large number of factors. Hacking of computer systems
(many different) in a perfectly synchronized way, as well as the infiltration
of agents in various companies with an aim of inserting Trojan horses
or back doors, is a long-term job.
Field of application
This kind of terrorism does not lend itself to reprisals following a
precise event such as arrests or the assassination of a movement leader,
except if the possibility had been envisaged a long time in advance.
The ideal framework for the use of such weapons is the prelude to a war,
a kind of "electronic Pearl Harbor" 17
. It is currently one of main fears of the people in charge of American
defense. As the United States has a strong interventionist policy (cops
of the world ), a country deciding to attack its neighbor (ally of the
USA) would have an interest to initially conduct a computer attack against
the USA, before dealing with its genuine target 18.
As a plan of invasion is not hastily established, it is conceivable to
include a plan in order to first neutralize any response coming from interventionists
country such as the USA or France.
As we are now at the end of this document, it is time to answer the question
that I asked at the beginning: "Computer Terrorism: What are the
After having made this broad study, my opinion is that from the point
of view of terrorist threats that Western countries have already encountered,
there will not be a change to computer terrorism in the near future. On
the other hand, movements such as the American militia, or the drug cartels
who have embraced new technologies and who are thus completely immersed
in the information society, are lmore ikely to carry out an offensive
From the military point of view, I am of the opinion that a scenario
of the type of those used in simulation by the American army is very plausible.
It would be suicidal for any dictator such as Saddam Hussein at the present
time to conceive a major offensive without benefiting of the advantages
from the principal Achilles' heel of the Western civilization: information
At present, information warfare worries the Western governments and they
are taking measures in order to avoid being an easy target. However, the
task to be achieved is colossal. to just secure military systems one will
already need years and millions of dollars, without even touching civilian
It is impossible to know at the moment
when you read these lines, if a computer attack is preparing or if it
already started. Who knows if universally widespread software like Microsoft
Windows or Netscape Navigator are not Trojan horses?