Why do we need to define cyber terrorism ?

Distributed denial of service attacks, hate websites and hate emails, attacks on sensitive computer networks are all rapidly gaining momentum. To tackle this global phenomenon of the abuse and misuse of computers and the Internet, an international convention, backed by national legislations, is needed.

The UK Terrorism Act 2000 is a step in the right direction although the Act includes cyber terrorism within the ambit of conventional terrorism. This is not the desired approach as it is essential that cyber terrorism be addressed as a separate issue and not as a part of conventional terrorism.

Also it is prudent to distinguish between cyber crime, a domestic issue that may have international ramifications and cyber terrorism, an international issue that may have domestic ramifications.

A definition of cyber terrorism

The author offers the following definition of the term “cyber terrorism”:

An illustration will clarify some of the terms used in this definition.

A group of people kill a 50-year old hospitalised man by giving him a medication towards which he is severely allergic.

This is a crime.

The 50-year old man is the head of a minority religious community and the assailants, who belong to another religious community, have killed him to create fear in the minds of the minority community.

Although this is still a crime, it is also an act of terrorism.

If the killers had hacked into the hospital computer network and altered the prescribed medicines, then it would be an act of cyber terrorism.

Let us consider some real life situations and analyse whether they amount to acts of cyber terrorism or not.

• In 1996, a computer hacker allegedly associated with the White Supremacist movement temporarily disabled a US based Internet Service Provider (ISP) and damaged part of its record keeping system. The ISP had attempted to stop the hacker from sending out worldwide racist messages under the ISP's name. The hacker signed off with the threat, "you have yet to see true electronic terrorism. This is a promise."

  This is not an act of cyber terrorism. Although the normal activities of the ISP in cyber space have been disrupted by using a preplanned methodology, the intention of the attacker is not to further any political, social, religious, ideological or similar objectives. The intention is simply to punish the ISP for interfering with the activities of the attacker.

• In 1998, Spanish protestors bombarded the Institute for Global Communications (IGC) with thousands of bogus e-mail messages. E-mail was tied up and undeliverable to the ISP's users, and support lines were tied up with people who couldn't get their mail. The protestors also spammed IGC staff and member accounts, clogged their Web page with bogus credit card orders, and threatened to employ the same tactics against organizations using IGC services.

  They demanded that IGC stop hosting the web-site for the Euskal Herria Journal, a New York-based publication supporting Basque independence. Protestors said IGC supported terrorism because a section on the Web pages contained materials on the terrorist group ETA, which claimed responsibility for assassinations of Spanish political and security officials, and attacks on military installations. IGC finally relented and pulled the site because of the "mail bombings."

  This is an act of cyber terrorism. The normal activities of the ISP in cyber space have been disrupted by using a preplanned methodology and the intention of the attackers is to further a political objective.

Some incidents of cyber terrorism

The following are notable examples of cyber terrorism:

• In 1998, ethnic Tamil guerrillas swamped Sri Lankan embassies with 800 e-mails a day over a two-week period. The messages read "We are the Internet Black Tigers and we're doing this to disrupt your communications." Intelligence authorities characterized it as the first known attack by terrorists against a country's computer systems.

• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail bombs and hit with denial-of-service attacks by hacktivists protesting the NATO bombings. In addition, businesses, public organizations, and academic institutes received highly politicized virus-laden e-mails from a range of Eastern European countries, according to reports. Web defacements were also common.

• Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated time, thousands of protestors point their browsers to a target site using software that floods the target with rapid and repeated download requests. EDT's software has also been used by animal rights groups against organizations said to abuse animals. Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO when they met in Seattle in late 1999.

Does cyber terrorism extend to the use of computers and the Internet by “conventional” terrorists?

This is a complex question and must be answered with care. The uses of encryption, steganography, secure email services etc by “conventional” terrorists does not fit into the definition of cyber terrorism offered above.

Let us consider an illustration. A terrorist organisation, spanning 6 countries assassinates the leader of a religious group. During the planning and execution of this assassination, 512 bit encryption and steganography was used to convey essential information to the members of the organisation. This should not be referred to as an incident simply because computers and the Internet were used as tools incidental to the commission of the terrorist act.

Let us extend this illustration a little further. Suppose that the assassination caused widespread rioting in some country. As a result of the rioting the premises of some Internet Service Providers were damaged and Internet access to millions of people was cut off. This would still not make the act an act of cyber terrorism. Here although cyber space activities have been disrupted, this disruption is merely a consequence of a conventional terrorist activity.

Including the use of computers and the Internet by terrorists within the ambit of cyber terrorism is highly undesirable. Then the use of telephones by terrorists would give rise to “telephone terrorism”, and the list would be endless.

Footnotes

(1) Premeditated use implies use preceded by careful planning, thought and / or deliberation.

(2) Disruptive activities are those that prevent the normal continuance of something.

(3) The threat need not necessarily be directed towards the target of the act of cyber terrorism, but may be directed towards any person in whom the target has an interest.

(4) The term cyber space used here extends to the entire virtual world, i.e. the Internet, stand alone computers, every bit of information stored in storage media - removable, non removable, physical and virtual.

(5) The term intention implies the reason or purpose for which an act is committed, sought to be committed or threatened to be committed.

(6) To intimidate means to put a person in fear and thereby compel him to do or not to do something that he does not desire to do.

(7) The term person used here includes a human being, a corporate entity, a State, or a collection thereof.