In April 2015, a hacking group called CyberCaliphate attacked Tv5 Monde, a French media outlet.
The attack resulted in temporary control of the main website, social media accounts and interruption of 11 TV stations, crippling the company’s broadcast capabilities for hours. The group defaced the website and social media accounts by placing #Daesh propaganda on them (e.g. I am IS), also making references to the attack on Charlie Hebdo.
In addition, the hacking group published the names of soldiers and family members on the websites combined with threats against them. The attack was carefully executed through different means but also the result of poor information security management. For instance, passwords to social media accounts (YouTube, Instagram, Twitter, Facebook) were visible in interviews with reporters inside the editorial room.
Whenever incidents like this happen, references to cyber terrorism, cyber jihad and the fear of cyber doomsday are quickly made. Which begs the question: How do we talk about and deal with cyber terrorism today?
The challenge is that cyber terrorism is difficult to define or make generalizations about. A common understanding of terrorism is a person or group of people creating a state of terror in the public (through such acts as bombing) for political, ideological, racial, ethnic or religious reasons. Yet when “cyber” gets involved, the terrorists can take many different forms. Their attack vectors and means are not necessarily any different than those of state-sponsored hackers, script kids, individual hackers or cyber criminals. Some experts referred to the “Sony hack,” for instance, as an act of terrorism by North Korea, which underlines the terminology dilemma.
For sake of simplicity (and because they are the biggest concern to many), let’s focus on some of the most professional and aggressive terrorist organizations in the world: Daesh, Al-Qaida, AQAP, Hezbollah, Al-Shabaab, Lashkar-e-Taiba and Boko Haram.
These groups utilize the Internet very effectively, especially to spread their propaganda through information warfare. #Daesh’s Dabiq magazine, distributed in multiple languages, is one of the most professional magazines ever released by a terrorist organization. Al-Shabaab posted pictures of a dead French special forces soldier and his gear online via Twitter after a failed operation in Somalia.
The Internet and other technologies are being used for a variety of purposes:
- Internal communication through online gaming chat rooms and coded messages or steganography.
- Education of tradecraft, military tactics, construction of explosive devices.
- Planning attacks with tools like Google Maps/Earth.
- Identifying targets. In Mexico, the cartels used Facebook to identify “lucrative” ransom candidates for kidnappings.
- Coordinating attacks. VoIP phone services were used during the Mumbai attacks in 2008.
- Funding Online payment services funnel anonymous donations from around the world.
- Recruiting new members with highly professional videos and online magazines.
Due to the vast and anonymous nature of the Internet, it is impossible to prevent or stop these activities. However, these activities also give homeland security and intelligence agencies plenty of opportunities for defensive and offensive measures.
For example, Abdelhamid Abaaoud, a Belgian citizen and one of the planners of the Paris November 13, 2015, attack, openly provided a detailed account of his travels between Europe/Syria, as well as his intentions to strike with an attack, in the seventh edition of Dabiq magazine. Big egos remain the biggest enemy of terrorist OpSec, and an opportunity for homeland security agencies to intervene.
Unlike in the real world, terrorist organizations’ cyber activities may also be targeted by non-state organizations. After the January 7, 2015, attacks in France, Anonymous, a hacktivist organization, and splinter group AnonGhostGlobal called for the hacking of several Islamic sites and social media accounts believed to be linked to terrorist organizations. This resulted in a backlash from Islamic hacker organizations UnitedIslamicCybeForce and MiddleEastCyberArmy, and they released documents targeting French companies.
Cyber attacks carried out by terrorist organizations or hacker groups that associate themselves with those organizations have not resulted in a single death or doomsday scenario. In general, cyber terrorism has resulted in:
- Disrupting communications and systems through spam mails or viruses.
- Making public websites temporarily unavailable because of Distributed Denial of Service attacks (DDos).
- Defacing websites or social media accounts of government of commercial organizations.
- Unauthorized intrusion in systems to steal data or use the systems to launch attacks against other systems.
- Release of personally identifiable information of politicians, law enforcement or military personnel combined with threats.
It’s true, entry barriers are low for terrorist organizations to engage in cyber terrorism. You can buy a botnet of thousands of servers in a “DDoS as a Service” business model for less than $100 with your credit card right now.
However, it also true that these terrorists would need to build a vast knowledge of technologies, systems and organizations to plan and successfully execute a “doomsday scenario” to critical infrastructures. In the near term, it’s far easier for terrorist organizations to organize and conduct traditional attacks resulting in mass physical violence on people and infrastructures.
History shows that terrorist groups are highly agile and will employ all means necessary to reach their goals. However, calling every hack from a group’s “hacking arm” an act of terrorism and as a result predicting an imminent cyber doomsday scenario will not help public discourse over the situation.
Alexander Schellong is CSC’s General Manager Cybersecurity in Central & Eastern Europe, Italy and Turkey.