As with other criminals, terrorists are taking advantage of information and communication technologies to advance their own agendas. The term cyber terrorism features increasingly in the media, despite having been the topic of debate for some time at the government and international level.
Cyber terrorists are an ill-defined group. Some early mentions can be traced back to the Mumbai attacks of 2008. Investigations by the Indian government revealed that the terrorists had used Blackberry phones, Google Maps and VoIP among other ICT tools to plan and coordinate their attacks. More recently, the evolution of sophisticated software and the increasing connectivity of critical infrastructure are offering new tools and targets for cyber terrorists today.
Among the groups that have eagerly taken up electronic arms are the Mujahideen. In 2011, the FBI intercepted an online video featuring an al Qaeda operative calling for ‘electronic jihad’ against the United States. The recent anti-American protests sparked by the tasteless Innocence of Muslim trailer have encouraged the break out of cyber jihadists. Izz ad-Din al-Qassam emerged as a group of self-proclaimed cyber fighters bent on bringing down ‘American-Zionist Capitalists’. Launching DDoS attacks through SYN floods, ICMP, UDP and SSL encrypted attacks, they have managed to affect critical infrastructure including government networks, energy companies and the banking sector.
The problem is that modern cyber terrorists do not have to have an extraordinarily high level of IT expertise; with enough money, they can purchase the most advanced cyber tools available for sale in the online criminal underground. If they want to, they could probably even hire out a criminal service to do the work for them. This has serious consequences for copy cat groups and amateur terrorists: if they can find enough money, perhaps even government backing, they can have the best cyber weapons at their disposal without too much trouble.
Perhaps most disturbingly is the fact that terrorism is a purely destructive activity. Monetary gain and hacker reputation are not part of the agenda. The motivation is to coerce an entity through the use of violent tactics, without regard for civilian safety. For this reason, critical information infrastructure is unfortunately the perfect target – a maximum amount of people can be affected, using readily available tools. Not all is doom and gloom though: for every Baty there is a Deckard. Cyber security experts still have the upper hand and it is just a matter of staying ahead through continued surveillance, prompt detection and fast response.