Information warfare tactics are being employed across the spectrum of conflict. the increasing importance of computers and their attendant networks make them primary targets for both state sponsored espionage and crime.53 Terrorists have recognized the value of energy distribution networks and some computer installations. At the level of insurgency and rebellion, information warfare tactics have been used to subvert state controls of the media and for communications between the rebel leadership and their worldwide support base.
The advanced information warfare techniques of computer penetration, surveillance, and exploitation developed by the following states can be utilized for terrorism as well as espionage and crime. There is a long history of state sponsorship of terrorism in the 20th century. Often the goal of computer penetrations is to provide easy access for future penetrations. In effect, foreign states are conducting information warfare espionage to have "turn key" access to U.S. systems in the future. The only difference between these acts of computer espionage and terrorism is the addition of a political motive or goal to the criminal nature of the penetration. States may, in the future, choose to provide this information to a sponsored terrorist group for use against the United States. As such, a careful examination of past and current information warfare activities at the state level is important as it may identify future terrorist targets or tactics likely to be used by state sponsored terrorist groups.
Who can perpetrate an organized "computer attack" against the United States? A study of the threat by Wayne Madsen addresses these issues. He classifies foreign nations into one of four categories of computer advancement:
(1) highly advance, (2) operationally advance, (3) basic development, and (4) initial development. France, the United Kingdom, Japan, China, and the United States represent the first category, and their intelligence agencies are highly advanced in the science of electronic eavesdropping and computer intelligence gathering. Russia, India, Ukraine, and Colombia represent the second category. While Russia and India, arguably, have first-rate intelligence-gathering organizations, their high technology capabilities still lag behind those of the first category but are improving steadily. Libya, Ghana, and Bolivia fall into the third category. Their intelligence agencies will soon have high technology capabilities. Zaire, Ethiopia, and Tanzania represent the fourth category: their intelligence organizations lack high technology capabilities and their embryonic computer and data communications systems are vulnerable to the capabilities of the nations in the first three categories.54
While this is a comprehensive list of states, the threat continues to grow. This is due to the increasing rate of computer power and technology available to sub-state actors, such as hackers." In the past, one needed to have the power and resources of a state behind them to conduct an effective worldwide SIGINT operation. Now, a few people can conduct a computer intelligence (COMPINT) effort with limited funds. Whereas access to remote sites to place antennas or military overflight of territory was a prerequisite for SIGINT, the most critical element of COMPINT is the knowledge of how to exploit a computer system. As cyberspace is a nonphysical reality, borders and geographic location of the target system are meaningless in a COMPINT effort. Since the world's computers are becoming increasingly interconnected, a modem to connect to the Internet and a desktop computer, coupled with a talented computer user, are all that is required to start intelligence gathering. With the power of desktop computers doubling every 12-18 months, the computing power that previously only a government or large corporation could afford now sits in homes across the world. While state powers have exploited these assets in the past, substate actors may exploit them easily in the future.
The first computer hacker incident to garner national attention was sponsored in part by the Soviet Union to gain access to Western technology and defense information. This incident was the subject of a book, The Cuckoo's Egg, by Clifford Stoll.55 A group of West German Hackers, who were operating on their own, approached the KGB in East Berlin and began to sell the "product" of their hacking. Later touted as a "KGB spy ring," the hackers attempted to break into scores of military, government, and business computers to provide information to the Soviets. While the hackers thought that military items would be high on the KGB shopping list (some were), most of the requests centered on high technology computer programs and equipment design. The Soviets desired the "source code "for sophisticated and widely used computer operating systems. With this knowledge, the Soviets could create their own team of "hackers" to penetrate systems in the West.
The operating system that runs a computer exists in two forms, the "source code" which a human can read, analyze, and understand when printed, and the "compiled" version, which translates the operating system "source code" into "machine language," the actual ones and zeros that the computer understands but is completely unintelligible to humans. The process of compiling the source code is similar to encryption. The machine language can be decompiled (decrypted) with the result being only similar, not identical, to the source code. Thus, any "source code" is one of a computer programming company's most closely held secrets. Knowledge of the "source code" makes it easier for a hostile competitor or state to identify what bugs exist in the program or even insert its own bugs, recompile the code, and replace the operating system with their altered version, all without the knowledge of the end user. In this manner, the Soviets were attempting to "get the keys to the filing cabinet rather than its contents" via their computer hackers. There are indications that the Soviet efforts to acquire this information were far more extensive than using the "amateur" hackers as their KGB contact told them that they had "competition" and may of its desires were met without the hackers providing the product. This knowledge, exploited by terrorists, could result in massive disruption of computer systems on the worldwide basis.
The computer penetration attempts by the Soviets/Russians continue. Wayne Madsen observes that "the Institute of Automated Systems (IAS) in Moscow hosts the National Center for Automated Data Exchanges with Foreign computer Networks and Data Banks (NCADE). During Soviet rule, NCADE had a special program to broaden linkages between Soviet computer users and foreign data networks and databases to obtain valuable software programs that the Soviets could not normally obtain because of Western export restrictions."56 Using these channels, the Soviets penetrated a German computer and obtained production information on the Tornado fighter aircraft in 1984. As recently as 1989 a Soviet Attaché, LtCol Yuri Pakhutsov, was expelled from the U.S. for allegedly attempting to acquire information on government computer security practices and capabilities.57 While the KGB of the Soviet Union was well organized and ran its "information warfare" attacks from several directorates, the current state of organized Russian computer espionage efforts is not clear. Statements made by retired Russian intelligence officers, even after the KGB-Hannover Hacker spying scandal, leave open the possibility that computer espionage efforts continue.
Colonel Barkovsky was not hesitant to state that the Russian Federation has embarked on a major programme of establishing information service networks throughout the country. Not elaborated upon was whether the Russian intelligence services will take advantage of the information-gathering capabilities provided by these networks.58
One can only assume that the Russians are continuing their programs to acquire and target high technology in the United States.
Claire Sterling, in her book The Terror Network, claimed that the Soviet Union was a major sponsor of terrorism across the world.59 While the dissolution of the Soviet Union and the economic problem of Russia have clearly limited its ability to fund large terrorist operations, the cost involved in sponsoring cyberterrorism is significantly lower. The knowledge gained by the Soviets during Cold-War espionage efforts may (with or without the approval of the Soviet leadership) find its way into the hands of cyberterrorist organizations. This flow of information is potentially more damaging than the flow of arms and explosives to conventional terrorist organizations.
Bulgaria has been a "breeding ground" for computer viruses during and after Communist rule. In the early 1990s, the Bulgarians had developed thirty unique viruses with more than 100 different variations and were releasing them at a rate of one per week.60 The "Hannover hackers" of Cuckoo's Egg fame also identify the Bulgarians as active in computer intelligence. Madsen cites the National Intelligence Service (foreign and domestic intelligence), and Razuznavatelno Upravleniye na Ministerstvoto (RUMNO) (Military intelligence) as the Bulgarian intelligence organizations most likely to be involved in computer intelligence gathering.61 It has also been rumored that a new "virus library" that allows anyone, not just a skilled programmer, to write a virus by "picking and choosing" among several options was first developed in Bulgaria. This system has the potential to produce thousands of new viruses to be unleashed at random or specific targets. A cyberterrorist bent on bringing a system down could single-handily generate a flood of viruses to infect the targeted computer. Even if virus detection software was installed, the chances are good that a virus could be created to evade detection.
France freely admits that it conducts intelligence operations against its allies and its enemies on the "economic front." As we move into the information age, the distinction between friends and enemies begins to blur. Madsen targets the Direction de la Surveillance du Territoire (DST) and the Directorate Generale de la Securite Exterieure (DGSE) as the agencies involved in COMPINT. In addition the Groupement de Communications Radio-electriques (GCR), the French NSA, maintains a close working relationship with France Telecom and, like the U.S. NSA, has strict rules on the use of encryption products within France, allegedly so that they can "break" the encryption and eavesdrop on communications within France.
Recently, the French government disclosed a document instructing the DGSE to gather intelligence on 49 U.S. aerospace and defense firms. The methods to obtain this information included bugging of Air France flights and breaking and entering of hotel rooms of visiting business executives to photocopy business materials.62 The Hughes Aircraft Company has been a favorite target of the French. The DGSE targeted Hughes for information on it HS 601 communication satellite, fiber optic anti-tank weapons, the Phoenix AIM-54 air to air missile, and various electro-optical sensors.63 The Hughes Corporation decided (ostensibly for business reasons) to cancel its attendance at the Paris Air Show after the revelations of French targeting. Another "aviation" scheme of the French involved the collection and exploitation of telemetry signals from a Boeing test flight of its new 747-400 aircraft. A French SIGINT and technical team were sent to Washington state to intercept and analyze the test flight data for the benefit of Airbus research.64 While not a direct computer controlled navigation and flight control systems. The knowledge gained from Boeing's telemetry data enabled them to develop similar systems for their own aircraft. Additionally, should the detailed knowledge of computer controlled aviation systems fall into the hands of a technologically sophisticated terrorist organization, the potential to create terror is substantial. A terrorist organization would only have to convince the public that it is capable of causing the controls of a particular type of airplane to stop responding to pilot inputs to create large concern over flying in that particular type of airplane.
The Japanese place a high priority on intelligence gathering through both "official" and corporate intelligence networks. Japan's international telecom carrier, NTT "routinely cooperates with Japanese intelligence to tap the phone lines of competitors." In addition Madsen asserts that the Japanese target U.S. satellite communications stations. "A 1987 classified CIA report, Japan: Foreign Intelligence and Security Services, claimed that the second most important Japanese intelligence priority was the gathering (in many cases by computer) of technological and scientific developments in the United States and Western Europe."65 The efforts of Japan in the "high tech" sector are not simply related to "computer break-ins" but rather to acquire design specifications in an effort similar to that of the Former Soviet Union. While the Soviets were attempting to obtain source codes and hardware that they were unable to build themselves, the Japanese were working to save money on R&D by stealing advanced U.S. technology and then bringing similar products to market simultaneously with their U.S. competition. Peter Schweizer outlines the story of a corporate spy who sold Hitachi copies of IBM's Adirondack Workboods, a series of books that held the secrets to future IBM technology. Hitachi was able to use this information to develop computer hardware that was nearly identical to IBM's but cheaper since Hitachi did not bear the development costs. This case was "broken" by a Silicon Valley "sting" operation run by the FBI that initially targeted the Soviets. Japanese aggressiveness in pursuing this technology led them into the trap. The end result was an out of court settlement, reportedly for 300 million dollars between the Japanese and IBM. The information that an intelligence gathering effort obtains may be used by a sponsored terrorist organization to target a specific business or industry.
Chinese intelligence employs its large ethnic community abroad for many purposes. It is now clear that computer penetration was one of those functions. Andrew Wang, a Chinese immigrant, was arrested for stealing the source code of several programs from Ellery Systems. These programs were designed to "run" the emerging National Information Infrastructure.66 This source code, as previously discussed, would allow a foreign intelligence agency or terrorist group to identify and exploit loopholes in the "new information superhighway" that would carry everything from benign E-mail to national security data.
The Germans appear to have taken their cue from the success of such amateur hacker groups as the "Chaos Club" and the "Hannover Hackers" that worked with the KGB. According to Schweizer, the Germans created "Project Rahab," named after the biblical character who helped the Israelites infiltrate Jericho, in the mid 1980s to develop a "professional" hacking capability. The project was developed by the Bundes Nacrichten Dienst's (BND) Christian Stoessel, who wrote the initial "point paper" proposing hacking into foreign data bases for intelligence purposes. The project was joint effort between BND's Division I (HUMINT), Division II (SIGINT) and Division IV (HQ). In addition to the intelligence professionals, other technical experts from a variety of outside institutions were recruited, resulting in a staff of approximately 70 people. While focused initially on retrieving information, the Project Rahab staff soon turned to offensive measures that could be of use in a time of conflict, including a variety of viruses that could be inserted in to target computers. Schweizer claims that the Project has "accessed computer systems in the Soviet Union, Japan, France, the United States, Italy, and Great Britain,"67 Included in the "hacks" of the Rahab staff is penetration of the SWIFT network, a dedicated international banking network that carries there majority of worldwide bank transfers. The implications of this information falling into terrorist hands are clear.
Both sides waged information warfare, it appears, during the Gulf War. A Schweizer claims that a major computer penetration effort was launched during Desert Storm. A Government Accounting Office Report reinforces this claim as it outlines the efforts of Dutch hackers to penetrate U.S. unclassified military computers. The hackers exploited several well-known weaknesses and were able to penetrate a computer system that directly supported Operation Desert Storm. While the hackers did not attempt to shut down any of the penetrated systems, they did attempt to modify the software to provide easy access in the future.68 While the Dutch hackers have not been publicly linked to Iraqi intelligence efforts, a similar incident, involving a German citizen was detected during the GulfWar.69
Lawrence Livermore Laboratories were used by "hackers" in an attempt to find information on the Patriot missile system. In this instance the actions of a third party "proxy" for Iraq had the potential to cause damage to the safety of troops on the ground, the integrity of air defenses in Israel and thus, cause a weakening of the allied coalition against Iraq. As Iraq is a known sponsor of terrorist organizations, it may turn to its proxies to carry out a cyberterror campaign against the information systems of enemy states.
The Swiss, who have a long history in cryptography, may have perpetrated an information warfare attack against other nations. The Swiss firm of Crypto AG, which sells encryption technology and hardware to nations such as Iraq, Iran, Libya and Syria, has been accused of "bugging" their crypto equipment and listening in on "encrypted" communications. Further more, it is alleged that the Swiss firm is really owned by the German BND and that the U.S. National Security Agency has played a leading role in the bugging.70 While the firm has vehemently denied this charge, it raises several interesting information warfare possibilities. If supposedly "secure" crypto units were bugged without the knowledge of a client nation, the possibility exists that other computers or items of "high tech" equipment have been modified with less than possibility exists that other computers or items of "high tech" equipment have been modified with less than honorable intent. Several stories have appeared on the Internet discussing both software and hardware "flaws" distributed in products. One such flaw disabled a computer program after one month of use. The possibility exists that a program could "lock up" a computer after a certain time period or after it received a certain activation command. Computer hardware, such as printers and circuit boards could also be shipped with "logic bombs" in their programs that would cause the equipment to cease functioning. The known cases that have been discussed have all been "benign" errors by public companies that have been rapidly fixed once identified. If, However, a foreign power were to insert its own bug in the software's source code before shipment and not activate the program until hostilities were imminent, a substantial portion of an affected computer network could be disabled.
The island nation of the Seychelles has undertaken a high technology campaign against enemies of its government in England. The nation was able to exploit the British telephone system and conduct wiretaps against several targets. The information obtained with these wiretaps resulted in the assassination of an exiled anti-government leader.71 The Seychelles demonstrate the potential threat that even a small country can pose to a superpower by using information warfare techniques. In the information age, even the smallest state or terrorist group has a chance to impact the global network.
While not responsible for the creation of the "Friday the 13th" virus, (supposedly developed by a Palestinian to protest the 40th anniversary of the end of the Palestinian mandate) the computer links between Israel's intelligence service and the United States served as a conduit for the virus to spread to the United States. The Israelis used a "low tech" solution to enter U.S. databases-they recruited Jonathan Pollard. While unable to "break DIA's computers, Israel could obtain information that Pollard retrieved from computer systems and delivered to his handlers.72 This highlights the constant "human" factor in all of intelligence. Even if your computer cannot be accessed by any type of modem or network and is sitting inside a Tempest approved enclosure, an enemy agent can still physically break-in, or have an employee access the machine, copy the information from that computer onto a floppy disk and simply walk out of the building with it. Information that would have taken a wheelbarrow to get out of a secure facility now fits on a single diskette. While "hackers" may not "break into" some of their target computers, they are still able to analyze the type of information on the computer and possibly gain some information of the type of hardware and operating system that runs the computer. While this does not help the hacker, it may allow for mare "classic" espionage action to be taken by a foreign organization, such as bribing or blackmailing someone on the "inside." As jay Peterzell highlights, "NSA has figures that make the insider threat look soberingly real. An agency log of cases involving computer crime or computer espionage showed that up to 90% of know security breaches are the work of corporate or government insiders."73
Israel was also involved in halting a second Patriot missile computer hacking operation. Israel detained an 18 year old for attacking U.S. defense computers to retrieve information on the Patriot missile system. Charges were not brought against the hacker, possibly to down play the incident and not highlight existing weaknesses in computer security.74
The use of computers in revolutions highlights the importance of information control for authoritarian regimes. Without tight control of information flow, regimes cannot control the activities of dissidents. The increasing interconnection of the world provided by computers allows dissidents to "bring in "the rest of the world. They instantly broadcast atrocities and repression to a worldwide audience, with the attendant publicity often preventing a harsh crackdown by government forces.
A 1987 article in Datamation examined the use of computers in the Solidarity movement in Poland:
Necessity and the spread of information technology have bred a computer-savvy opposition in Poland that is capable of breaking into tv news broadcasts, producing alternative information that contradicts government data, and developing publishing and distribution systems that can spread the opposition's cause quickly and efficiently.75
The Solidarity movement used information warfare tactics to get their message out to the largest possible number of Polish citizens. The actions of three astronomers and a local engineer exemplify the ability of a few individuals to influence thousands with information technology. These individuals intercepted the state-run television broadcast signal, determined the characteristics of the signal, and then used their computer equipment to time and configure their own signal. They broadcast this signal over the same frequency as the state signal, allowing 60,000 television viewers to see both signals concurrently. These viewers saw the message, "Enough price increases, lies, and repressions. It is our duty to boycott the election."76 the government arrested and tried the four for this action. After being held for four months, they were convicted and ordered to pay fines ranging from $80 to $120. During their trial, the prosecutor claimed that the voting turnout was ten to 20 percent lower than average in the region that viewed the pirate television broadcast.
The Solidarity movement also used computers to perform an independent prediction of the election results. This independent check ensured that the "official" government estimates were no inflated. The struggle for the Solidarity movement was not merely to show that the official count was wrong according to Konrad Bielinski, a leader of this project. "Rather, we wanted to achieve something more, namely to take away from the state its monopoly over giving us information about ourselves."77
The movement also capitalized on the advantages of information technology to provide secure, reliable communication between members. Anyone can encrypt and transport a massive amount of data on disk. In addition to being easier to conceal, a computer disk is easier to destroy than a pile of paper.
The Chinese dissidents involved in the Tiananmen Square protest in 1989 did not target computer systems, but rather utilized new technology, primarily the fax machine and the Internet, to ensure that word of what was happening in China made it out of the country. Students in the United States then took the information that was flowing out of China and sent it back into the country via fax machines. Through the use of this technology, the dissidents prevented China's leadership from controlling the flow of information. While telecommunications assets were restricted in the weeks following the massacre, telecommunications connectivity facilitated its initial reporting and continuing coverage with the rest of the world.
The Zapatista uprising in southern Mexico provides another example of rebel organizations exploiting high technology. The Zapatista leadership has used the Internet to establish a worldwide organization of supporters that are beyond the control of Mexico's government. Zapatista leadership communiqués are issued via the Internet, instantly spreading their message to a worldwide audience without any interference by the Mexican authorities or news media interpretation. In the same manner as china during the Tiananmen Square uprising, Mexico lost the ability to control the flow of information both out of, and into, the country. The information received from inside Mexico fostered extensive media coverage, limiting the repressive options open to the government. While not terrorism, the ability to form transnational networks and ensure that the message of an organization is heard on a world stage is a tool that terrorists will exploiting the future. If there were no rapid communications channels out of the jungles of southern Mexico, it is likely that Mexican government would have been able to use much harsher methods to repress the rebellion.
While the actions of rebels and dissidents are not always terrorism, these incidents highlight the fact that a small number of people can have a worldwide impact and generate international publicity of their cause without government interference. These capabilities will appeal to terrorists in the information age.
Electrical distribution and energy systems have been favorite targets of terrorists. The use of computers to run these networks makes them an ideal cyberterrorism target. However, as an examination of conventional terrorist and military attacks on energy systems demonstrates, these targets may be of limited value to the cyberterrorist.
Statistics show that there were 240 total attacks on "Domestic Energy-related and Military Targets" from 1970 to mid 1980. The most popular of the targets were powerlines and powerstation/substations.78 This trend continued through 1988 with 283 recorded incidents of subnational attacks on energy systems in the United States. A worldwide target summary shows that power pylons and power lines remained the number one target with power substations being the third most popular target.79
Thomas E. Griffith, in his thesis entitled Strategic Attack of National Electrical Systems, studies the military benefits accorded a state by attacking an enemy electrical system in a time of war. The apparent lack of utility in attacking electrical systems in war may apply to terrorists as well:
Strategic attacks on national power system can be useful in fulfilling national security aims, but only under specific conditions. First, the target country's power system should be vulnerable to destruction by being very concentrated with very few interconnections. Second, the strategy behind the attacks should be focused on stopping war production over the long term. To strike electric power to affect civilian morale, increase costs to the leadership, or impact the military will waste missions and could prove counterproductive to the political aims of the war.80
The "critical node" identified by Griffith is the transformer station, where power is "stepped-up" of "stepped-down" for transmission and distribution. The components at some of these sites are custom built and could take up to eighteen months to manufacture if they are destroyed in an attack.
The most recent concerted attack on energy systems in the United States was undertaken in California by a group calling itself the "Earth Night Action Group" who cut down two wooden power poles and toppled a 100-foot transmission tower in April of 1990. The result of this attack was the loss of power to 92,000 customers for up to a day.81 The group struck at isolated targets rather than the transformer substations, thus lessening the impact of their action. In the late 1970s, the "New World Liberation Front" bombed a Pacific Gas and Electric transformer near San Francisco that disrupted power to 75,000 homes for approximately two hours. PG&E transformers and offices were bombed 16 times between 1975 and 1978, leading Research West, a detective agency specializing in terrorism, to call PG&E the "prime victim of terrorism in the United States."82 As press reports have indicated, electrical lines themselves are the most accessible targets for terrorists or criminals. In the United States, up to 300 electrical insulators can be shot off by hunters and pranksters in a single day.83 These actions are not a concerted effort to bring down the electrical system by an organized group. Rather, they are random acts of vandalism for which the flexibility of the electrical system can compensate. Should an organized group simultaneously attack several critical nodes (step-up/step-down transformers) across he United States, the potential for disruption increases. Chuck Lane's statements before Congress indicate that the system is vulnerable, but it is robust enough to withstand nearly all attacks:
In summary, this investigation concluded that the networks [energy and telecommunication] of the United States are vulnerable to multisite terrorist attacks, that is, that targets are likely to be destroyed. However, the redundancy of built into the networks make them very dependable, and the real question is what level of service would be lost from such an attack. In many cases the consequences appear to be manageable. In a few cases, perhaps too many cases, the consequences are potentially catastrophic.84
While the physical vulnerability of electrical system components to destruction is real, David Hinman states, "the flexibility of the system is its greatest security. Our security plans must be built upon this fact in order to have maximum effectiveness."85 Still, the capability exists, with relatively unsophisticated technology to disrupt power to a large portion of an electrical grid by targeting its critical nodes. While the weapons technology (firearms, explosives, etc.) are readily available to a terrorist group, some research is required to obtain the knowledge necessary to identify and target critical nodes in the energy system. Unfortunately, this information is publicly available. The information contained in public documents mandated by the Department of Energy, Federal Communications Commission, and Department of Transportation can be used by terrorists to plan attacks on infrastructure targets. According to a Government Accounting Office report of December 1988, a mock terrorist team utilized information obtained from a public library to plan an attack on the Strategic Petroleum Reserve in 1987.86
While infrastructure systems in the United States remain vulnerable to physical attack, Dr. Robert K. Mullen, does not believe hat these incidents will increase in the future, despite a growing terrorist presence in the United States:
That being said, there are no indicators of which I am aware, insofar as trends in the U.S. are concerned, that would suggest to me the threat to energy assets here is substantially different from what the recent historical record indicates. The presence in the U.S. of terrorist support groups does no alter this view.87
While the fragility and relative open nature of electrical systems has been heralded in the press, it is the secondary effects of such attacks that concern individuals like Norman Leach:
Any terrorist group with access to moderate amounts of explosives could shut down any city in the United States simply by destroying local transformer sites. Not only would vital industries and defense programs be affected but the ensuing blackouts would cause riots in the streets that would threaten the stability of the government.88
While certainly a contributing factor to the civil unrest experienced in New York City's famed blackout of 1965 and 1977, the removal of electrical power from a city is neither a necessary nor a sufficient cause for "riots that would threaten the stability of the government." The riots in the streets of Los Angeles following the Rodney King verdict as well as the riots (disguised as celebrations) after major sports championships are won show that disturbances can happen with a fully functional electrical system. The labor Day 1988 Seattle blackout, in which over 1/3 of the city was without power for 4 1/2 days, proves that a blackout does not produce riots and looting. In fact, the incidence of crime in the affected area went down, not up, due to an intense police presence.89 The ability to cause a riot with a blackout alone is thus suspect. While a terrorist group may be able to exacerbate a crisis situation that it has fomented with the addition of a blackout, a blackout in isolation is not a fail-safe way to "ignite the masses."
While the above situation has focused primarily on the physical attack of energy systems to cause disruption, the increasing computer control of these and other infrastructure systems provides a potential target for a terrorist group. The California Department of Water Resources recognized the risk inherent in these systems in 1991 when they implemented strict physical security control measures to protect their central computer center. The computers contained at he center were used to control the release of water from the major dams in the state. The increased security was a result of a perceived increase in the terrorist threat during Operation Desert Storm.90
The possible physical risks, such as the shutdown of power plants or release of water from behind dams, will continue to increase as computerization of control systems continues. The true "critical nodes" of any system lie in its command and control network. By striking at this link to disable or control the system, a terrorist precludes the necessity to attack elements of a distributed system physically, such as transformers or pumps.
There are many parallels between energy systems and information warfare targets. Critical nodes exist in all networks that will impair the entire system. Attacking anything but these critical nodes may result in a minor degradation of service or, if the system is correctly designed, no disruption at all. Thus, the attacks on energy distribution system components such as power lines and pylons cause limited disruption for regional customers but widespread outages are very rare. While the information on the physical layout and vulnerabilities of an energy system. exist, it has not been a particularly effective terrorist target. This may be due to the lack of organizational and manpower assets a valuable to a terrorist group. In addition, those targets that are "critical nodes" may have enough security to prevent their destruction. The pattern of terrorist attacks on electrical systems may provide an insight into information age terrorism. If systems can be engineered to be redundant in some areas (and thus able to recover from attack) and defended in others (to prevent attack), it may mitigate the risks of widespread outages.
While the public has perceived buildings and airplanes as the primary targets of terrorists, attacks on computers were involved in 60% of conventional terrorist acts by 1989.91 the pattern of criminal computer attacks, together with terrorist activity, suggest that there may be a shift toward cyberterrorism as a physically less risky means to achieve both criminal and terrorist ends.
a. Europe and the United States
In the 1970s the Italian Red Brigades launched 27 attacks against companies that did business in the electronics, computer and weapons sectors. In 1980, the French organization Comite Liquidant ou Detournant les Ordinateurs (Computer Liquidation and Deterrence Committee or CLODO) undertook a series of attacks on computer companies in the Toulouse region. The organization released a statement to the press, "We are workers in the field of dp (data processing) and consequently well place to know the current and future dangers of dp and telecommunications. The computer is the favorite tool of the dominant. It is used to exploit, to put on file, to control, and to repress."92
A Belgian Group, the Cellueles Communistes Combattants (Fighting Communist Cells) conducted a series of bombings in September 1984 directed against Honeywell Controls and Litton Industries. In November 1984, the same group attacked the Brussels office of Motorola. Computers were prime targets in each of these attacks.
Similar attacks have occurred in the United States. IBM's offices in White Plains N.Y. were bombed in March1984. The group claiming responsibility for the attack, the United Freedom Front, distributed a newsletter that stated "IBM is a death merchant ... The computer is an integral part of the fascist South African government's policies of racist repression and control."93
The CLODO group struck again in 1983 by firebombing a Sperry-Univac computer room in Toulouse to protest the U.S. invasion of Grenada. Upon putting out the fire, the message, "Reagan attacks Grenada- Sperry Multinational is an American accomplice." was found spray painted on an interior wall.94
While the attacks on computer systems failed to cause any major political victory for CLODO, they did heighten the awareness that European computers are vulnerable to attack. A 1979 report by the Swedish Defense Ministry recommended that the government become involved in monitoring computer security of both public and private computers. While the proper role of the government in computer security remains open for debate, an article in the French daily Le Figaro states that computer attacks might be more harmful to national security than the assassination of random politicians.95
In 1985 in Japan, the Middle Core Faction, a terrorist group consisting of approximately 300 individuals, attacked the commuter rail system to cause massive disruption during the height of rush hour. The group used C2W techniques to carry out its attack by first cutting strategic power and communications cables that fed the computer controls for the rail system. Secondly, the group jammed police and rescue radio frequencies in an attempt to hamper and delay response by the authorities. While no one was injured in this attack, it caused a major commuting delay affecting 6.5 million commuters and cost the Japan National Railways more than $6 million in lost ticket sales.96 Rather than blowing up or tampering with the physical destruction of one rail, the group focused on the critical node (control circuits) and disabled the entire system by using technoterror, attacking physical targets to cause a disruption in cyberspace. The disruption was extensive enough that the Centralized Traffic control Office of Japan National Railways (JNR) was forced to stop operation. While the attacks were successful in creating disruption, the effects were short lived, with most of the severed cables back in full service within 24 hours.97 This attack, while creating problems for millions of commuters, was also linked to specific objectives. The first was to show solidarity with the National Railways Locomotive Engineers' Union, which was on strike to protest the planned privatization of the JNR. The second goal may have been to influence the trial of Hiroko Nagata, the leader of the Extreme Leftist United Red Army. Her hearing was delayed because the rail shutdown prevented her defense lawyer from making it to court on time.98
The combination of computer controls and energy systems raises new possibilities for terrorists. While targeting of energy systems in the past has relied primarily on the physical destruction of key assets to disrupt service, the potential vulnerability of the control systems poses an even greater risk.
The rise of Information Warfare tactics may allow tomorrow's terrorists to focus their attacks on certain individuals to change their policies or courses of action. The increasing reliance on computers has opened new avenues for blackmail and political pressure. In 1984, a hacker penetrated TRW's credit report computers and obtained some incriminating information about a past small-claims court dispute involving hen incumbent Congressional candidate Tom Lantos of California. This information was passed to his opponent who further distributed the information to the press to discredit Lantos. In a second act of political computer crime, a hacker gained access to Representative Ed Zshau's computer system in Washington, D.C. and erased his data, including his correspondence and constituent database.99
These events highlight the potentially selective nature of future cyberterrorism and crime. With a skilled computed operator, a terrorist group may be able to penetrate systems to manipulate a small number of people. Instead of attacking the public to affect a target audience, cyberterrorists may choose to affect the target audience to achieve their ends directly.
While "conventional" terrorist groups have targeted computer systems in the past, "eco-terror" groups, such as Earth First, have advocated attacking computer systems. In 1987, the group published a manual that advocated both physical destruction of computer equipment (conventional terrorism) and software and data manipulation/destruction (via cyberterrorism). the manual also included techniques to reduce the risk of being caught by using advance hacking techniques.100 The risk of cyberterrorism exists on all fronts. It is not merely limited to the "classic" conventional terrorist group. Any group with a strong interest or agenda will be able to attempt cyberterrorism.
Criminal activity directed at, or using, computers is receiving increasing attention in the press. The expansion of the Internet to include commercial ventures has sparked a debate over the correct level of security that should be afforded individuals in cyberspace. As terrorism is often crime with different intent, several criminal acts will be explored in this section. First, the case of a Russian hacker attempting to steal more than $10 million highlights the vast amounts of money being transferred in cyberspace. Second, the attempt to use computer viruses to hold computers hostage or attack a specific company will be examined. Finally, the possible physical risks to individuals as a result of criminal cyberspace activity are addressed in the case of a Texas professor.
(1) Citibank. The use of computers and computer technology to perpetrate crimes has already occurred. Citibank recently "lost" $10.2 million electronically to a team of Russian hackers. A closer examination of the facts involved in this incident reveals some strengths and weaknesses of computer crime. First, the authorities can use the same technology employed by the cyberterrorist or criminal to track and capture him. Someone can, however, remain anonymous in cyberspace if they are not seeking financial gain, as virus writers have proven.
This incident, according to John Mohr, vice president of the New York Clearing House, is unique in that it utilized a personal computer.101 It appears that Vladimir L. Levin, a Russian computer expert employed by AO Saturn, a St. Petersburg trading company, broke into Citibank's computer system using stolen account identification numbers and passwords. With this information, he made 40 transfers from Citibank to accounts set up by accomplices in California and Israel. These transfers occurred from June to October 1994 and were tracked by Citibank to determine who was responsible for the crime. While Citibank allowed the transfers to continue, the accounts into which he was transferring the money were frozen, While Levin attempted to transfer more than $10 million in this period, Citibank has recovered all but $400,000. Amy Dates of Citibank had the following answer when questioned about the level of security at Citibank: "We move half a trillion dollars a day through the payment system. Compare hat to the $400,000 they were able to withdraw. We think we have the right level of security."102 Despite these statements, Citibank implemented a new computer protocol to increase transaction security.
It is still unclear how Levin obtained the account numbers and their associated passwords, but an investigation is continuing into the possibility of inside help. Citibank, has implemented a new security system for its computer accounts that entails the use of "smart cards" that will generate a new password for each transaction. This technology helps to defeat password "sniffer" programs that allow criminals to capture passwords as they are transmitted across the network for future use. This may have been how Levin obtained his passwords. He appears to have had access to the network for some time before attempting his crime as he was careful to follow the patterns of routine transactions and kept his individual transfers to below $300,000 to avoid "built-in" security programs that would have highlighted the transaction as abnormal.103
While the adoption of the smart card security system and the employment of encryption technology has, Citibank hopes, corrected the security weakness exploited by Levin and his friends, the amount of money lost in this crime is relatively small. The high level of publicity afforded this incident is due to its extranormality, not its dollar value. Each year, according to the American Bankers Association, the following amounts are lost due to crime: Check fraud- $10 Billion, Credit Card fraud- $712 Million, ATM fraud- $18 Million, and Online fraud (as in the Citibank case)- $5 Milllion.104 While Citibank could use its computers to track and eventually catch Levin, computers and high technology aided in the success of a Vietnamese check fraud ring that operated undetected for seven months. The U.S. Secret Service investigated the crime under the name, "Operation Paper Dragon" and found that the ring took in $25 Million in just over half a year.105 These high technology money making schemes may appeal to terrorist organizations of the future who are unable to secure, or do not desire, state sponsorship. While attractive to terrorists, the security measures put in place by the banking industry to prevent criminals will likely defeat terrorists as well.
(2) Viruses. In an apparent attempt to extort money, the computers of several universities were infected with a virus in an attempt to make them hostages. The virus demanded a ransom for the antidote to the virus.
Computer users who found the virus were told to send $2,000 to an address in Pakistan to obtain an immunity program that would rid the system of the virus. Investigation showed that the virus was written by two brothers in a computer store in Lahore, Pakistan-they had put their names, and address, and phone number in the virus! "It's like a fantasy of being a terrorist without the blood,: said Eric Corley, editor of a national hacker newsletter, 2600, whose electronic bulletin board was also infected.106
The brothers' scheme did not pay well, and the virus was eradicated without their "immunity program." The "fantasy" of being a terrorist without the blood may become reality when an organization uses cyberterror weapons in an attack.
Recently, a virus was used to attack a specific business in Germany. A virus writer, known only as "The Wizard" created then released a virus that he called the "Media Market advertising virus." Media Markt is a German home-electronics group and was not involved in the virus writing or distribution. Media Markt's lawyer claims that "this is the first time that someone has distributed a virus and tied it to a company that has nothing to do with it"107 To stave off negative publicity, Media Markt has distributed an anti-virus program to disable the virus on affected computers.
While the true intention of the virus writer may never be known, the principle of indirect attack (attacking the general public to influence a target audience) normally utilized by terrorists was evidenced in these tactics. The virus writer, unleashed an attack on the "innocent" computer users to create negative publicity for Media Markt. In this case, Media Markt was clearly not involved in this activity. However, the anonymous and anarchic nature of cyberspace opens the possibility of creating chaos and making it appear as if someone else is responsible. While it appears that financial gain motivated the Russian hackers in the Citibank case, the possibility exists that terrorists or criminals could perpetrate electronic attacks in the future to weaken the target company, not make money. If a terrorist group could place someone "on the inside" of a software company and infect software with a virus before shipment, it may call the integrity of that software company into question. While there are no reported cases of terrorists staging a concerted information warfare attack on a business, the case of Citibank might be a benchmark. Despite news that it had lost more than $10 million, Citibank stock went up by 1/2 a point on the day that the Russian hacker story broke.108
(3) Personal Attacks. The potential exists for terrorists to single out individuals in cyberspace. In 1994, a hacker logged into a Texas A&M professor's E-mail account and used the account to send out 20,000 racist messages. To those receiving the messages, it appeared that they had come from the professor. As a result, the professor began to receive death threats.109
Penetration of computer systems is not difficult. The U.S. Defense Information Systems Agency undertook a penetration study of Department of Defense computers. In 1994, the agency attacked 8,932 servers and mainframes. They were able to gain access to 7,860 (88%) of these systems. Only 319 (4%) of these attacks were detected and only 19 (.2%) of the successful attacks were ever reported.110 The percentages suggest that even organizations that depend on computers to function rarely know when hackers have attacked them. Penetration of DOD systems has also been documented by other than DOD assets, such as the case of Defense computers being attacked by Dutch hackers during the Gulf War. While none of these penetrations were used for terrorist purposes, it is entirely possibly that this may occur in the future. Even if the hackers initially do not have terrorist intentions, they remain dangerous. A Government Accounting Office report on the Dutch hacker case states that, "the majority of the hackers' activities appeared to be aimed at gaining access to DOD computer system and then establishing methods for later entry.111 Should a computer hacker decide to work with terrorists, or be forced to work with terrorists via blackmail, these methods for later entry constitute a serious risk.
The jump from hacker to terrorist is a small one that depends entirely on the hacker's motivation and intent. While these cases prove that hackers can penetrate systems, it does not examine the motivation for the hacker. Several studies of the group dynamics and individual motivations for terrorists have been undertaken to help prevent terrorism. While similar studies on the "computer underground" have been undertaken, an analysis of how a terrorist organization might recruit a hacker would be worthwhile.112 As the world becomes more dependent on computers, understanding what makes hackers "tick" becomes as important as understanding what motivates terrorists.
The 1988 Morris Internet worm incident highlights the incredible disruptive power of information warfare tactics for a cyberterrorist, as well as the limitations inherent in attacking computers.
On November 2, 1988, Robert Tappan Morris, a Cornell University graduate student, released a "worm" onto the Internet. While Morris maintains that it was just an experiment that went terribly wrong, the Justice Department decided to prosecute Morris, who was found guilty of a felony and sentence d to three years probation, $10,000 fine and 400 hours of community service. In March of 1991, his appeal to the U.S. Count of Appeals for the second circuit was unsuccessful. In the fall of 1991, the U.S. Supreme Court refused to hear his case.113
The worm program, created as an experiment by Morris, was based on three separate security flaws that Morris had discovered in the Berkeley version of the UNIX operating system. The goals of his program were: to infect three computers per network location across the Internet, to avoid slow machines and any network that was in use (to avoid detection by operators), use infected computers to find connections to other uninfected computers, steal the password files of computers and use the passwords to gain access to even more computers.114
Computers had fascinated Morris his entire life. Morris' father, Bob Morris, was a computer engineer for Bell Labs, the creators of the UNIX operating system. The area of computer security had been a hobby of Robert Morris throughout his college years. His knowledge of computer systems was so extensive that both the Naval Research laboratory and the National Security Agency, NSA (where Bob Morris was serving as director of the National Computer Security Center) invited him to speak to the topic of UNIX operating system security. That this was a problem about which the NSA was deeply concerned became apparent during Morris's trial. The presentation to the NSA was videotaped and the prosecution intended to show part of the tape concerning "how not to get caught" to show that Morris had written his program with malicious intent to break into computers. Robert's defense lawyer, Tom Guidoboni, threatened to force Robert's father to testify about the National Security Agency's interest in computer penetration, to include divulging classified material if the tape was shown. Possibly a result of NSA pressure, the tape was not used in the trial and the NSA was able to protect its secrets.115
The knowledge that Robert Morris had obtained in his study of computer security was extensive. He had been aware of two flaws in the UNIX system for over a year before his worm was released. The final flaw, in the FTP, File Transfer Protocol, program (a utility in UNIX that allows individuals on different computers to transfer files back and forth between remote systems) was corrected before Morris could finish his program, so he was forced to adjust and exploit only the remaining two weaknesses. These weaknesses were in the sendmail portion of the operating system and in the finger utility. It was a combination of these two weaknesses that allowed the worm to spread from computer to computer. The worm was originally designed to limit its growth, with each copy of the program checking to see if other copies were already running on a system before attempting to replicate. If there were other copies running, they would "negotiate" with each other to see which one would terminate. Unfortunately, the program that agreed to terminate would infect many other computers before it stopped running Additionally, one in seven of the copies of the worm would not check to see if there were other copies present before infecting a machine. In effect, it refused to dies on its own. This "one in seven" system, coupled with the fact that the portion of the program controlling worm to worm communication was improperly written, led to a massive proliferation of worms on thousands of computers on the Internet, causing delay and forcing machines to be taken off the network.
The battle to "beat" the worm was intense. The meeting of Berkeley UNIX experts was fortuitous in that several leading experts, including the creators of the operating system were in the same place and were able to collaborate on finding a solution to the problem. Within 24 hours, the Berkeley team had discovered how the program spread and had corrected the problems in the sendmail portion of the operating system. In less than 48 hours, all the weaknesses that the program attempted to exploit were corrected and the "fixes" were sent out to all users on the Internet. The attempt to understand the virus was hampered by its having been encrypted by Morris. Fortunately, the encryption scheme was extremely weak and was quickly broken, allowing the experts to unscramble the code. The next step was to "reverse engineer" the code by decompiling it into source code to study its design and ensure that it did not have "malicious" (data altering/destroying) instructions hidden in the program. Fortunately for the users of the Internet, Morris did not write the worm to destroy data on infected computers, it would merely replicate out of control until the machine became overwhelmed with copies of the worm. Had the worm been written to destroy data, the recovery time would have been much longer with potentially massive data loss. Despite the rapid response of system experts, the publicity created by the incident was nearly as overwhelming in the media as the worm was to the infected computer systems. The worm caused so much disruption that the New York Times carried the story on page one for an entire week. Additionally, both the Wall Street Journal and USA Today gave it front-page coverage. Television news and talk shows were also filled with discussion on the worm.116
This incident, while not malicious, highlights the power of information warfare techniques to cause massive disruption without physical harm to equipment or people. One man created a national computer crisis with a small program that received international attention and was addressed at the highest levels of the U.S. government. While appearing attractive for terrorists, this incident highlights both the positive and the negative aspects of information warfare for terrorism.
The ability of one man, in this case Robert T. Morris, to generate such an enormous amount of disruption and publicity with a small 3,000 line computer program might be very appealing to a terrorist organization attempting to achieve its aims with minimum effort and risk. Morris was eventually brought to trial for his worm, mainly because he spoke of its creation to several people. A dedicated cyberterrorist could remain anonymous in the same manner that the overwhelming majority of virus writers (such as the author of the famous Michelangelo virus - who remains unidentified) escape identification.
The personal equipment and money expenditures required for his incident were minimal as Morris had access to Cornell University's computers. While in the late 80s, Internet access was not widespread, today it is expanding at an exponential rate, with more individuals connecting to the network every day. The number of host computers connected to the Internet rose 30% from 1 July to 1 October 1994.117 The possible avenues of attack have expanded exponentially, as all that is required for a computer attack is a computer, a modem, and a skilled operator with the requisite information. The increasing number of host computers represent both new targets and new platforms from which to launch an attack.
As the power of computers doubles every 12-18 months, the computing power that was once reserved for major corporations and the government is now available to individuals. Since the "tools" are widely available, it is now the knowledge of how to manipulate those tools that is most important to perpetrate a computer attack. The knowledge that Morris used to attack the Internet came from extensive study of the UNIX operating system. He had known about the flaws for at least a year before writing his program to exploit their weaknesses. The correction of the FTP weakness immediately before Morris completed his worm program highlights the fragility of this information. Had that been the only weakness known to Morris, all of his work would have been for naught. An external attack on a computer system usually occurs through weaknesses in the software that are unknown to the creators of the software. Those attempting to gain unauthorized access to a system exploit these "bugs" in programs. Once a "bug" is discovered, software developers usually rapidly distribute a "patch" that will correct the error. The flaw that took a hacker several months to find can be corrected in a matter of seconds with the installations of a software patch. The hacker or cyberterrorist is then forced to search for yet another weakness in the system. That flaws in software exist, and are often unknown until exploited, is a double-edged sword for the potential cyberterrorist. If cyberterrorists learn of a weakness in a computer system, every day that they wait to exploit that weakness may allow a legitimate security professional or non-malicious hacker to discover and advertise the weakness, leading to the rapid distribution of a software or hardware fix to the problem. Additionally, if cyberterrorists wish to create massive disruption, they will be forced to "show their hands" and exploit the weakness on a large number of systems or on several high value systems. If they are clever, they may be able to throw system managers off the track for a short period of time.
Additionally, by using publicly available encryption techniques, they can scramble their program so that it will take years to decrypt and examine. This will exacerbate the fear of the unknown, as system managers will be unable to determine the true intent of the program. If malicious, it may require the systems to be completely shut down and all the software reloaded from a "known" clean source. If the rouge program could not be completely understood and then removed without damage, a complete shutdown would be required for all systems that handled critical data or were used to control systems upon which human lives depend. The disruption would be far greater than that caused by the Morris worm, as it could be controlled, decrypted and safely removed from systems without damaging any of the existing software or negatively affecting the integrity of data on the machines.
The recent controversy over Netscape Corporation's use of encryption to secure Internet transactions highlights the strength and weakness of current encryption schemes. This particular encryption program was designed to allow users to send confidential information such as credit card numbers) across the Internet securely. A French graduate student in mathematics used two supercomputers and 120 computer workstations to "brute force" decrypt (trying all possible combinations of the "key" in succession until the correct one is found) a message using this encryption program in just less than eight days. This encryption scheme used a 40 bit key (meaning its "key" length was 40 bits-a bit is a single 0 or 1 in binary code) since it was the most powerful scheme that the U.S. government would allow to be exported. The key employed by Netscape within the United States is 128 bits. This 128 bit key, utilizing the same decryption techniques, would take 1026 more time to break (about 2.1918 x 1024 years).
In less than one month after the brute force decrypting of the 40 bit message, two graduate students at Berkeley discovered a software flaw that would allow them to decode a message encrypted with the 128 bit key in less than one minute. Netscape promptly fixed the problem and released an updated version of the encryption program within days to resecure the system. 118
The ability to create a program or send each other messages that would take law enforcement or government agencies 2.1918 x 1024 years to unscramble is very appealing to cyberterrorists and common criminals. If a law enforcement agency intercepts an encrypted computer message, it is useless until it can be decrypted. This may allow cyberterrorists to move away from using the slow, but relatively secure, face-to-face method communication for potentially more secure, worldwide, and nearly instantaneous communication channel offered by encrypted E-mail. The Institute for National Strategic Studies concluded that the communications signals themselves are becoming harder to intercept with the advent of "digital technology, frequency-hopping and spread-spectrum technologies, plus replacement of microwave with optical fiber for long-distance communication." The rise of public key encryption led the Institute to conclude that the capabilities of the codemakers are outpacing those of the codebreakers.119 The growing ubiquity of encryption, despite several setbacks, as in the Netscape case, has still made it difficult to obtain information that individuals desire to keep secure.
The value of encryption, and the ability of business to drive a response to crime, can be seen in the development of the GSM (Global System for Mobile communications) cellular phone standard, which uses encrypted digital signals to prevent eavesdropping and phone fraud. While in the United States, which uses an analog system, AMPS (Advanced Mobile Phone Service), a thief can steal the user ID to a cellular telephone (by intercepting its unencrypted signal) to perpetrate phone fraud. In GSM, this signal is randomly encrypted each time the phone is used, making it useless unless the correct "key " to decrypt the signal is in the possession of the interceptor. While the GSM system cuts down on cellular phone fraud, it also compounds the difficulty of intercepting the communications of known terrorists.
Unlike the physical world, in which a potential aggressor needs time and money to procure or manufacture its weapons, and time to train people to use these weapons, all of which can be observed and defenses readied by the target of aggression, the preparations of "weapons" in cyberspace is often the work of one (or several) individuals and occurs in the relative privacy and security of their own computers. With the explosion of processing power, the computers sitting in homes throughout the world are more powerful than the minicomputers o a decade ago. Unlike conventional terrorism, where the weapons of destruction are outlawed or restricted to use by the state, the weapons in cyberterrorism are available equally to the state and the terrorist organization. For a cyberspace WMD, the critical component becomes knowledge of computer systems, not the ability to procure fissionable material. The state and the terrorists operate on nearly equal footing in cyberspace.
The rapid recovery and complete eradication of the Internet worm, to include defenses against it ever occurring again, are not paralleled in the conventional world. A truck bomb manufactured from fertilizer and diesel fuel will cause damage and terror every time a terrorist parks it in or near a building and detonates it. Despite knowing the damage that car and truck bombs can cause through numerous attacks in the Middle East throughout the 1980s, authorities in the U.S. were unable to prevent the World Trade Center Bombing in New York City or the Murrah Federal Building bombing in Oklahoma City. While improved technology and procedures allow authorities to respond more rapidly to these attacks and take some limited measures to prevent the attacks, they cannot ensure that a "copycat" crime will not occur. In cyberspace, once a vulnerability is noted and a software fix is distributed, a second attack of exactly the same nature will always meet with defeat. What was once an open door becomes an impenetrable brick wall. If cyberterrorists were planning to exploit an identified and corrected weakness, all their effort was for naught. Their cyberspace "bomb" simply will not work. They can attempt to take his bomb elsewhere, but only if computer security administrators have shirked their duties and not installed "fixes" will they succeed.
The limited and fragile nature of weaknesses in cyberspace will force cyberterrorists to choose their targets carefully. Since an attack in cyberspace is likely to be a "one shot deal," terrorists must consider the cyberspace target to be of sufficient value to use their one-shot weapon. If a target is not sufficiently valuable, a cyberterrorists may choose to risk waiting until they can penetrate a system that will carry a substantial impact if attacked. A second factor affecting the nature of a cyberterrorist target is the likelihood that the disruption created will be temporary instead of permanent, as in the case of physical destruction of a target by a conventional or technoterrorist. The temporary nature of the disruption may cause cyberterrorists to string together numerous attacks to create disrupt of increased duration.