Cyberterrorism
Brian Krakover
INTRODUCTION
In the past, most terrorist attacks have aimed to directly kill, injure, or intimidate a target group for political purposes. This has usually meant a bomb or shooting, which health care professionals can readily identify and treat according to preexisting standards. There is a new threat that can be potentially devastating to a health care system already bursting at the seams with high patient volume and acuity that is evermore dependent on computer systems for patient management and safety: cyberterrorism (1).
PREPAREDNESS ESSENTIALS
Cyberspace is constantly under assault. Spies, thieves, saboteurs, and thrill seekers break into computer systems, steal personal data and trade secrets, vandalize web sites, disrupt service, sabotage data and systems, launch computer viruses and worms, conduct fraudulent transactions, and harass individuals and companies (2). These attacks are facilitated with increasingly powerful and easy-to-use software tools, which are readily available for free from thousands of web sites on the Internet (3).
Cyberterrorism involves attacks on computers and networks and the information they contain. Computer networks have been attacked during recent conflicts in Kosovo, Kashmir, and the Middle East. However, with American society increasingly interconnected and ever more dependent on information technology, terrorism experts worry that cyberterrorist attacks could cause as much devastation as more familiar forms of terrorism (4). “Terrorists could cause a hell of a lot more damage taking out a power grid than blowing up a building,” says Matt Yarbrough, former head of the Cybercrimes Task Force in the Justice Department (5).
Experts believe there are two major cyberterror scenarios we should be concerned with:
The physical threat: compromising critical systems to severely affect critical physical infrastructure, such as power grids, water and sewer systems, dams, hospital equipment, pipelines, communications, global positioning satellites, air traffic systems, or any other networked system, which would result in death and/or destruction.
The critical data threat: compromising critical computer systems to steal or irreversibly damage vital data, such as the Social Security database, a large financial institution’s records, or secret military documents, which would result in death, destruction, and/or catastrophic economic turmoil (3).
Terrorists might also try to use cyberattacks to amplify the effect of other attacks. For example, they might try to block emergency communications or cut off public utilities in the wake of a bombing or a biological, chemical, or radiation attack. Many experts say this kind of coordinated attack might be the most effective use of cyberterrorism (2, 3, 4).
Attacks launched in cyberspace could involve diverse methods of exploiting vulnerabilities in computer security: computer viruses, stolen passwords, insider collusion, software with secret “back doors” that intruders can penetrate undetected, and orchestrated torrents of electronic traffic that overwhelm computers—which are known as “denial of service” attacks (Table 44-1). A good example is the Code Red worm. On July 19, 2001, more than 359,000 computers connected to the Internet were denied service after being infected with the Code Red (CRv2) worm in less than 14 hours. The cost of this epidemic, including subsequent strains of Code Red, is estimated to be in excess of $2.6 billion (6) (Table 44-2). Attacks could also involve stealing classified files, altering the content of Web pages, disseminating false information, sabotaging operations, erasing data, or threatening to divulge confidential information or system weaknesses unless a payment or political concession is made (6).
TERRORIST THREATS
The Al Qaeda network uses the Internet, encryption software, and other current information technologies to link its
members, plan attacks, raise funds, and spread propaganda (6,7). Other designated terrorist groups such as Hamas and the Lebanese Hezbollah have publicly accessible web sites for espousing propaganda and perhaps for command and control purposes as well (6). Using the Internet for communication, command and control is much easier than inflicting damage through the Internet. U.S. officials reportedly believe al-Qaeda has been training members in cyberattack techniques, and U.S. computer logs and intelligence gathered in Afghanistan both indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure (6).
members, plan attacks, raise funds, and spread propaganda (6,7). Other designated terrorist groups such as Hamas and the Lebanese Hezbollah have publicly accessible web sites for espousing propaganda and perhaps for command and control purposes as well (6). Using the Internet for communication, command and control is much easier than inflicting damage through the Internet. U.S. officials reportedly believe al-Qaeda has been training members in cyberattack techniques, and U.S. computer logs and intelligence gathered in Afghanistan both indicate that the group has scouted systems that control American energy facilities, water distribution, communication systems, and other critical infrastructure (6).
TABLE 44-1 Types of Computer Attacks(13) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Admittedly, cyberattacks often lack the drama of traditional terrorist attacks, so they might not be attractive to some terrorist groups. Hackers who dislike America might also decide to perpetrate an attack independently. Following the April 2001 collision of a U.S. Navy spy plane and a Chinese fighter jet, Chinese hackers launched denial of service attacks against American web sites (8).
FEDERAL SECURITY EFFORTS
One of the first moves in America’s new war on terrorism took place September 5, 2001, six days before the attacks on the World Trade Center and the Pentagon. The target was a Richardson, Texas, company called InfoCom that hosts Arabic web sites. An 80-person terrorism task force launched a three-day raid that closed 500 Internet sites, froze bank accounts, and seized information from the company’s hard drives (9).