Cyberterrorism is a new terrorist tactic that makes use of information systems or digital technology, especially the Internet, as either an instrument or a target. As the Internet becomes more a way of life with us, it is becoming easier for its users to become targets of the cyberterrorists. The number of areas in which cyberterrorists could strike is frightening, to say the least.

The difference between the conventional approaches of terrorism and new methods is primarily that it is possible to affect a large multitude of people with minimum resources on the terrorist's side, with no danger to him at all. We also glimpse into the reasons that caused terrorists to look towards the Web, and why the Internet is such an attractive alternative to them. The growth of Information Technology has led to the development of this dangerous web of terror, for cyberterrorists could wreak maximum havoc within a small time span.

Various situations that can be viewed as acts of cyber-terrorism have also been covered. Banks are the most likely places to receive threats, but it cannot be said that any establishment is beyond attack. Tips by which we can protect ourselves from cyberterrorism have also been covered which can reduce problems created by the cyberterrorist.

We, as the Information Technology people of tomorrow need to study and understand the weaknesses of existing systems, and figure out ways of ensuring the world's safety from cyberterrorists. A number of issues here are ethical, in the sense that computing technology is now available to the whole world, but if this gift is used wrongly, the consequences could be disastrous. It is important that we understand and mitigate cyberterrorism for the benefit of society, try to curtail its growth, so that we can heal the present, and live the future...

Introduction

The world is a very large place, but it is getting smaller, thanks to the advent of computers and Information Technology. However, the progress that we've made in these fields also has a dark side, in that a new terrorist tactic, commonly called Cyberterrorism has developed. The old, conventional methods of assassination and hostage taking are slowly fading, as terrorists head towards the Internet to pull their stunts. The cause for this kind of a transition stems from the fact that the terrorist has long since realized that removing one official from office only causes another official to take his place; which is not the end-result the terrorist wished to achieve. This causes the terrorist to take to the net, thus affecting a wider section than could otherwise have been targeted. From disabling a country's economy to shutting off power in large areas, it's all possible, with less risk to the terrorists.

Cyberterrorism is any act of terrorism that uses information systems or digital technology (computers or computer networks) as either an instrument or a target. Cyberterrorism can either be "international", "domestic" or "political", according to the nature of the act, but it is always an act involving a combination of the terrorist and the computer.

Why IT is so attractive to the terrorist?

Terrorist groups have been using computer technology to secure many of their goals. They have been exploiting existing modern technology to accomplish the same goals that they have been working towards in the past. However, the key differences between their old tactics and their newer methods lie in the ease with which their operations can be performed, as well as increased anonymity. It is extremely difficult to detect such clandestine operations, and needless to say, even more difficult to counter such acts. Terrorist groups take advantage of computer technology to create support structures that serve to strengthen their tactical and strategic plans and goals. These are achieved by:

. Political propaganda

. Recruitment

. Financing

. Intra and inter-group communication and coordination

. Information and intelligence gathering

. Ease of operations that are cost-effective, both in terms of resources used, and ability to strike worldwide.

Specific examples of the facilitation of terrorism through the use of computer technology illustrate the appeal this technology has for terrorist groups interested in advancing their particular agendas. The use of the Internet for propaganda and disinformation purposes is an especially popular one. Many exiled political opposition groups from such states as Iran, Iraq, Mexico, Northern Ireland and Saudi Arabia have used the World Wide Web for just such purposes.

One of the most demonstrative examples, however, involves the case of the December, 1996 takeover of the Japanese Ambassador's residence in Lima, Peru by the Tupac Amaru Revolutionary Movement. Not only did this terrorist group use the Internet to communicate its revolutionary message to the rest of the world through a European website, it even offered a video clip of its members preparing for their mission.

The added attractiveness of the Internet for terrorists is that the widest possible audience for their violent activity not only reminds them of the major themes of their campaigns, it also heightens fear in the target audience by reminding it of the potential for future violence.

In addition to aiding terrorist propaganda, computer networks also enhance terrorist recruitment and financing. Various supremacist groups in the United States have also used the Internet for financial gain.

The nature of modern computer technology is such that it also lends itself to the communication and intelligence activities of terrorist groups. The attractiveness of this feature for groups eager to expand their activities can be explained as follows:

Information Technology gives individuals and groups a reach and influence that was previously reserved for well-organized, state-funded terrorist organizations. Physical distance and national borders that once separated terrorists from their co-conspirators, their audience and their targets cease to exist in the world of modern telecommunications and the Internet.

Organizations such as the Islamic fundamentalist groups that follow Osama Bin Ladin rely on computers to coordinate their activity. The Revolutionary Armed Forces of Colombia, for example, is known to respond to press inquiries via e-mail. In the case of the intelligence gathering activities of terrorist groups, computer networks and access to the World Wide Web are equaly important.

Modern computer technology has not only enhanced much of the above activity, but it has done so in such a fashion that the terrorist groups that utilize it are now able to operate beyond the range of traditional counter terrorist approaches. The terrorist ability to engage in "growth activity" such as recruitment, communication and especially financing without the knowledge of state authorities may inevitably lead to stronger and hence, more resilient terrorist groups. In turn, the potential for terrorist groups to engage in activity that focuses less on threats and more on actions that can be seen and felt is significantly heightened. Modern terrorist groups that are able to develop undetected may become stronger, more elusive and deadlier than their earlier counterparts.

Moreover, and perhaps even more importantly the advent of computer networks has spawned a new direction in the organizational structure of terrorist groups. Terrorist groups utilizing computers for communication are likely to move beyond hierarchical organizational structures and employ networked ones.

What the Cyberterrorist can do?

Terrorist groups engaging in cyberterrorism are noted for threats to commerce, public safety and national security. These threats can take any number of forms, but are generally seen as computer versus computer confrontations (While the current discussion focuses on the use of "high tech" applications in terrorist operations, "low tech" operations against a victim's "high tech" infrastructure should not be ignored.) Terrorist groups use their own computer technology to threaten or attack a victim's computer resources. This can take the form of threats or attacks against national infrastructures that have become heavily reliant and interconnected to computer networks. Activity of this sort is tangible in nature and thus, generates most of the interest we have in cyberterrorism today. Cyberterrorist threats can include:

. rapid communication of threats to a wide or specific audience

. threats to public utilities and transportation

threats to commercial institutions and transnational corporations

. threats to IGOs and NGOs

. threats to individuals

. threats to political groups or other ethnic, religious or nationalist entities (all of these can include other terrorist groups) identified as "the enemy"

. threats to security forces

. threats to nation states

What we occasionally see (what is reported) is actual damage to the above targets in the form of temporary disruption of services, public inconveniences or financial loss. These incidents, however, are most often in the form of cyber crime and fall short of what is considered as cyberterrorism. In summary, there have been no instances where cyberterrorism has been directly translated a catastrophic loss of life or physical destruction associated with the most violent acts of "conventional" terrorism. The threat, however, remains real and takes on an added significance when the growing potential of terrorist group resources is considered.

At this point it is also helpful to speak in terms of "cyberspace-based threats." There is a wide spectrum of possibilities for "evil actions" in cyberspace. These include attacks on the data contained within the systems, the programs and processing hardware running those systems, and the environment (communications, networks, etc.) in which they operate.

What can be done about Cyberterrorism?

In response to heightened awareness of the potential for cyber-terrorism President Clinton, in 1996, created the Commission of Critical Infrastructure Protection. The board found that the combination of electricity, communications and computers are necessary for the survival of the U.S., all of which can be threatened by cyber-warfare. The resources to launch a cyber attack are commonplace in the world; a computer and a connection to the Internet are all that is really needed to wreak havoc. Adding to the problem is that the public and private sectors are relatively ignorant of just how much their lives depend on computers as well as the weaknesses of those computers.

Currently there are no foolproof ways to protect a system. The completely secure system can never be accessed by anyone. Most of the militaries classified information is kept on machines with no outside connection, as a form of prevention of cyberterrorism. Apart from such isolation, the most common method of protection is encryption. The wide spread use of encryption is inhibited by the government's ban on its exportation, so intercontinental communication is left relatively insecure. The Clinton administration and the FBI opposed the export of encryption in favor of a system where by the government can gain the key to an encrypted system after gaining a court order to do so. The director of the FBI's stance was that the Internet was not intended to go unsupervised and that the police need to protect people's privacy and public-safety rights there. Encryption's drawback is that it does not protect the entire system, an attack designed to cripple the whole system, such as a virus, is unaffected by encryption