Compare and Contrast Between Cyber Terrorism and Information Warfare
Cyber terrorism and information warfare terms are technically similar but each has different objectives. The main goal of cyber terrorism is to cause terror in among members of the population. This terror is largely dependent on how people view it. There are a number of instances on how the extremist groups have utilized the internet and computers to advance their causes. These include the coordination of terrorist operations globally, sometimes with the use of steganography, recruitment of suicide bombers from several countries across the globe, raising financing from the extremist groups around the world.
Information warfare on the other hand, is the management and use of information in the pursuit of gaining a competitive advantage over the opponent. Information warfare will entail the collection of very tactical information, making of assurances that ones information is the most valid, and the spread of the propaganda with the aim of demoralizing the enemy of the public. In essence, there is a thin line between cyber terrorism and information warfare.
According to CIA (2009), the foiled attack on the Detroit bound Delta Airline was orchestrated by Al-Qaeda operatives in Afghanistan where the Nigerian had received teachings. The coordination was made possible by communicating via the internet after which the attempted suicide bomber was instructed to board and explode the plane. The Al-Qaeda has since claimed responsibility for the attack (Irwin, 2009)
Cyber terrorism has varied definitions because every security expert carries their own definitions. This term can defined as the use of information technologies by individuals and terror groups to achieve their targets. They utilize information technologies to execute and organize attacks against the computer systems, networks and telecommunication infrastructures and also they make threats and exchange the information electronically. Cyber terrorism can occur in different ways but they can be categorized as attacks against services and data. If data is targeted, then the attackers intention is to compromise and access the data.
And if the attacker targets the services, then the intention is to cause the legitimate users not to utilize those services.
In 1998, a certain terrorist guerilla organization flooded the emails of Sri Lanka embassy officials globally with over 800 e-mails every day for a period of two weeks. The messages indicated that they are the internet Black Tigers and that they were doing that to disrupt their communications. This attack was categorized by the US intelligence as being the initial attack against the state computer systems (Dorothy, 1998)
During the time of Kosovo conflict, the Belgrade hackers received a denial of service (DoS) credit against the NATO servers. What they did was that they bombarded the NATO web server with PING commands and ICMP packets which put the connectivity of servers and host on test. Similar attacks were seen in 2000 during the time of Palestinian-Israeli cyber war. The pro-Palestinian hackers utilized the DoS tools to launch their attacks on Israelis largest ISP, Netvision. The initial attacks against Netvision were successful but subsequent attacks were shielded off through improved security (Armistead, 2004)
Come October 2007, Victor Yuchchenko, the Ukrainian president, website was attacked. The Eurasian Youth Movement claimed that they were responsible for the attack (Radio Free Europe, 2007). In November 2008, the Pentagon was attacked by a certain computer viruses which culminated into the DOD banning the use of DVDs and flash drives on its systems.
Another example of cyber terrorists at work was when the Romanian terrorists illegally gained access to systems controlling the life support at an Antarctic research station, which endangered about 58 scientists who were involved. The culprits were impounded before they actually executed their plan. Also recently in May 2007, Estonia became a victim of cyber attacks in the beginning of Russian World War memorial. The attack was actually distributed as a DoS (denial of service) attack in which a number of sites were attacked.
A most recent illustration of hacking was when Google threatened to leave China after allegations that it was a victim of concerted espionage effort whereby some hackers attempted to break into the emails of major technology and financial firms. An estimated 34 companies were attacked including Yahoo, Dow Chemical, Adobe and Symantec. Google stated that the hackers broke into the Chinese human rights activist gmail accounts in Europe, United States and China and as a result the search company issued threats that it would be pulling out its operations from China. Google has since published the code used by the Chinese hackers in their cyber attacks (Ashford, 2010)
Terrorists can utilize the internet to transfer or communicate their information in a covert manner. One famous covert technique of communication is Steganography, whereby the sender of a hidden data or message uses the file as the carrier. The carrier files are normally a video, pictures or audio files (Dorothy, 1998). The hidden messages are usually embedded with encryptions without changing the nature of the file. For instance, in case a digital picture is used as a carrier, this file will look typically the same in picture view software even after the secret message or hidden data is embedded (Cordesman, 2002)
The National Coordination Office for Networking and Information Technology Research and Development (2009) states that global interest in research and development in the area of Steganography commercialization and technologies has exploded in the past few years. These technologies are a real threat to the security of nations. Because Steganography does secretly embed undetectable informational content into the digital products, its potential in covert dissemination of malicious mobile code, software or information is high. Indeed the threat by Steganography has received several documentations in a number of intelligence reports.
Rumors about the terrorist who use Steganography initial appeared in the USA Today newspaper on the February 5th, 2001 in two main articles titled Terror groups hide behind Web encryption and Terrorist instructions hidden online. In October 2001, The New York Times did publish an article which claimed that the Al-Qaeda operatives had employed steganographic techniques to embed and encrypt messages into images and later transferred them via USENET and emails in preparation of executing the horrendous September 11, 2001 terror attacks on the US Twin Towers. The Jamestown Foundation (2007) research found a terrorist training manual by the name Technical Mujahid with a section having the title Covert Communications and Hiding Secrets inside Images
The Steganography Analysis and Research Center (2008) has since identified an estimated 725 digital Steganography applications. Cyber hackers have faced accusations of breaking into the North American Aerospace Defense Command (NORAD) and they have also been accused for electronically stealing from the financial institutions (Taylor et al, 2008).
But the hackers have sometimes the hackers have referred to themselves to be pro-social or beneficial. The subculture of a hacker is a group of like minded people who typically share certain values which are defined as hacker ethnic. The hackers can act in support of common ideas or causes (Taylor et al, 2008).
Information warfare on the other hand, comes with several definitions because of its nature. It takes on different forms such as
When radio and television transmission are jammed
Radio and television transmission are hijacked for the purposes of disinformation campaign
The Logistics networks are disabled
The enemy communication networks are spoofed or disabled.
The stock exchange transactions are sabotaged by spreading disinformation, leaking sensitive information and electronic intervention.
In information warfare, the attackerenemy targets the control, command, intelligence and communications within regions or countries and has not frontline. Consequently, the information warfare extends beyond the conventional regional theater to as many countries as possible and can be launched at targets far away from real targets. Besides, the growth of information technology into the layers of government operations and business has created a perfect platform to unleash the attacks. Information may entail the collection of tactical information, while giving false assurances that the information is valid which essentially spreads disinformation and propaganda to demoralize the public and the enemy. This undermines the quality of information and denies the information collection opportunities by the opposing forces (Cordesman, 2002).
The squadrons of information warfare launch the attacks electronically or by use of software against the strategic enemy communication targets. They disable the networks electronically and make them difficult to be re-enabled.
According to Cronin (2001), information warfare has different typologies from which we can form a spectrum of possibilities.
Information warfare seeks to destroy or damage the tangible assets or equipment associated with the control, command and communication functions such as data networks and computer systems
Information war fare seeks to prohibit the targeted personsystems from operating effectively through the launch of DoS (denial of service). This will range from mere irritation such as the defacement of the CIA and US pentagons web site to very critical missions such as severing the computerized intelligence systems
Information warfare seeks to corrupt or degrade the targets information systems by use of some malicious software usually called malware. An instance would be hacking into the targets logistics support systems with the aim of inducing performance degradation or the annihilation of the system constituent databases like the targets ability too organize the physical assets in hisher operations
Information warfare entails the infiltration of the targets information resource with the aim of conducting a support warfare intelligence and espionage, generic practices which carry considerable pedigree in diplomatic and military operations
Information warfare entails the silent penetration of the targets systems in the shaping of opinions, management of operations and the fostering of deception through the digitally enabled techniques like morphing and superimposing. In this case the aim is not to render the systems inoperative but to play mind games acts what may be termed as epistemological or neo-cortical warfare.
In system penetrations, the crooks may be packet sniffers, password hackers, password grabbers, social engineers and password guessing, while system manipulation will entail Trojan horses, trap doors, worms, logic bombs and computer viruses. The attraction of Information Warfare lies in a number of factors
Asymmetrical starting ratios and payloads
Zero latency and warnings
Attacker is typically invisible to the target
Swift strike advantage
Has the ability vary the intensity and frequency of the attacks
Fluidity of the attack mode,
Scalability is easily achieved
Multiplier effects are available to the target
Targets the behaviors are not changed
Legal and ethical ambiguities (Cordesman, 2002)
In 1991, the Dutch hackers obtained information about the US troop movements during the initial Persian Gulf War, from the US Defense Department systems and attempted to sell the same to the Iraq, who thought that it was hoax and therefore turned it down. In January 1991, the US Air Intelligence computers were attacked in a coordinated manner and they were traced to some Russian hackers (Cordesman, 2002)
The proliferation of cyber terrorism and information warfare has benefited a lot from the advances made with regard to the worldwide web. The supremacist groups have been utilizing the internet to recruit ne members and spread their message of hate. According to Taylor et al (2008), an estimated 1500 websites have been identified as being run by extremist organizations that incite religious intolerance and racial hatred besides bomb attacking and terrorism.
The white supremacist groups have formed sophisticated computer links which are meant to attack the teenagers. It is interesting how computer technologies have helped advance ills such as ethnic cleansing where by the players of such games are encouraged to kill the Jews, the blacks, Hispanics as they run through the urban ghettos and the subway environments. In some of these games the players adorn themselves in Ku Klux Klan robes and have a noose. And every time they shoot or kill a black enemy, the make a monkey-like squeal while the Jewish enemies shout Oy vey after they are killed. According to Taylor et al (2008) the right wing extremist groups promotes the whites especially those who descend from the Northern Europeans as being morally and intellectually superior compared to other races on the planet. Hate Crimes and incidents are issues of concern to many crimes because of their effect upon certain members of the community. As a result of hate crimes, the individuals may be emotionally traumatized and terrified (Armistead, 2004).
Kevin Mitnick is certainly one of the most publicized computer criminal who make his way into one the most sophisticated systems, Department of Defense. He possessed sufficient technical skills to gain administrative control over these systems right from his personal computer, an epic example of cyber terrorism cum information warfare.
Since information warfare and cyber terrorism have tendencies to be similar in the exploitation of information technologies especially the internet, several approaches have been used to deal with them. Authentication is one way of denying access to unauthorized individuals who attempt to tamper with the content on the website and systems. The hackers pose a potential threat of accessing confidential and invaluable information that might have otherwise been securely stored on the digital locations such as websites. They do target credit card information and other sensitie information from the hence authentication is one way of verifying the right identities of the people on the web (Macdonald, 2004). This verification procedure involves assigning customers specific user names and passwords , demonstrating the correct identity for instance fingerprints, smart card, voice recognition among others. Individual and companies protect their information and customers sensitive information from hackers by employing various approaches. An SSL secure connection between customers and the web server are utilized to prevent hackers from accessing credit card information and other sensitive client information. SSL encrypts communication and mostly can piggyback without incurring any extra cost on our digital certificates and secure servers given by the ordering system vendors. A payment gateway will ensure that all communications with credit card processors and our website is secure. Secure order retrieval will accord the merchants the option of securing orders using encrypted mail, SSL, XML, and secure FTP while taking utmost care to customers credit card information (Ralph, 2004).
Configuration When validating usernames and passswords a comparison is made through the password file of authoritative listing which are populated with valid users and their corresponding passswords. Because of the sensitivity asssociated with the information stored in the password file, the file should be stored separately in a document directory and the passswords safely encrypted. It is advisable to caution the customers to use a totally diffrent passsword for our online shopping than for other less crucial things (Armistead, 2004).
After creating the passsword file, it is important to allow it to demand user information (username and passsword) for it to admit genuine customers. Configuring this requires these directives AuthType- for providing the type of authentication employed AuthName- for providing the the authentication name AuthUserFile- for providing the location passsword file AuthGroupFile- for providing the location of the group and the requirements which must be satisfied in order to approve access.
Data integrity is a fundamental element in an e-business site. It can be attained in a single database with a standalone system maintained through database constraints and transactions following the ACID rule for (Atomocity, Consistency, Isolation, and Durability) characteristics for ensuring the integrity of data (Vinay, 2009). it is critical to use databases which support ACID transactions if we dont want to compromise the quality of our data (Macdonald, 2004).
Distributed systems exist with multiple applications hence to ensure uncompromised quality of data in such systems, transactions need to be handled safely across multiple data sources (Vinay, 2009). normally, this is done through a centralized global transactions manager. Every transaction in distributed systems should have the ability to freely participate globally through resource managers. Often this is always attained via the use of a commit protocol 2-phase according to XA standardization although majority of databases are able to participate in transactions globally. However, customized applications are also able to engage in global transactions through an EAI medium. In conclusion, the immediate indicator of data integrity will keep regular back ups in place. Various media for keeping back ups exist and it is advisable to maintain a formal system that is documented and has strict rules governing it. To satisfy this stategy, it is important to ensure that back up processes are working efficiently (Doug, 2006).
After login, sessions are encrypted and this is done by locking the barn door so as prevent the horses from getting out. Failure in encrypting the logins is similar to leaving the keys in the lock after you are done locking the barn door. It is paramount to affect security precautions so that company may be able to restrict hackers who may have the intention of breaking into its highly confidential site. If they do not protect their site we they end up losing valuable data of the company, customers and the businesses will incur huge losses. If they lack appropriate web security, hackers can easily steal and change data and their web files and eventually damage the reputation of the company
Categories:
0 comments:
Post a Comment