CyberSecurity


INFORMATION AGE TERRORISM:
TOWARD CYBERTERROR

By

Matthew J. Littleton

Naval Postgraduate School
Monterey CA 93943-5000

December 1995

ABSTRACT

The growing ubiquity of computers and their associated networks is propelling the worked into the information age. Computers may revolutionize terrorism in the same manner that they have revolutionized everyday life.

Terrorism in the information age will consist of conventional terrorism, in which classic weapons (explosives, guns, etc.) will be used to destroy property and kill victims in the physical world; technoterrorism, in which classic weapons will be used to destroy infrastructure targets and cause a disruption in cyberspace; and cyberterrorism, where new weapons (malicious software, electromagnetic and microwave weapons) will operate to destroy data in cyberspace to cause a disruption in the physical world.

The advent of cyberterrorism may force a shift in the definition of terrorism to include both disruption and violence in cyberspace in the same manner as physical destruction and violence. Through the use of new technology, terrorist groups may have fewer members, yet still have a global reach, The increasing power of computers may lower the threshold of state sponsorship to a point where poor states can become sponsors and rich states are no longer necessary for terrorist groups to carry out complex attacks.

This thesis explores the shift toward information warfare across the conflict spectrum and its implications for terrorism. By examining the similarities and differences with past conventional terrorism, policymakers will be able to place information age terrorism into a known framework and begin to address the problem.

TABLE OF CONTENTS

LIST OF ILLUSTRATIONS

EXECUTIVE SUMMARY

CHAPTER 1: INTRODUCTION

A. BACKGROUND

B. PROBLEM STATEMENT

C. DATA

D. LIMITATIONS

CHAPTER 2: AN EVOLVING CONCEPT

A. INFORMATION AGE TERRORISM

1. Information Warfare

a. Command and Control Warfare (C2W)

2. Infrastructure Warfare

3. Cyberspace

4. Cyberterrorism

a. Weapons of the Cyberterrorist

(1) Viruses

(2) Trojan Horses

(3) Worms

(4) Humans

(5) Electro-Magnetic Pulse Weapons

5. Technoterrorism

6. Terrorism

CHAPTER 3: THE SHIFTING NATURE OF TERRORISM

A. TOWARD CYBERTERROR: THE SHIFTING NATURE OF TERRORISM

1. Defining Terror

a. Symbolic Violence

b. Influence on political behavior

c. Extranormality

(1) The Weapon

(2) The Act

(3) The Time and Place

(4) Covert and Clandestine Nature

(5) Violation of rules of conduct

d. Violence

2. Objectives of Terrorism

3. Ability to Cause Terror From Cyberspace

CHAPTER 4: SHIFT TOWARD INFORMATION WARFARE ACROSS THE CONFLICT SPECTRUM

A. USE OF INFORMATION WARFARE IN STATE SPONSORED ESPIONAGE AND CRIME

1. Who is targeting the United States?

a. Soviet Union/Russia

b. Bulgaria

c. France

d. Japan

e. China

f. Germany

g. Iraq

h. Swiss

i. Seychelles

j. Israel

B. USE OF COMPUTERS IN REVOLUTION

1. Poland

2. Tiananmen Square

3. Zapatistas

C. THE RISE OF TECHNOTERRORISM

1. Electrical Distribution Networks

2. Attacks on Computer Systems

a. Europe and the United States

b. Japan

c. Political Motivation

d. Environment Groups

e. Criminal Activity

(1) Citibank

(2) Viruses

(3) Personal Attacks

3.The Threat From Hackers Turned Terrorists: Is it real?

4. The Internet Worm

5. Positive and Negative Elements for the Cyberterrorist

CHAPTER 5: CONCLUSIONS

A. SHIFTING DEFINITION OF TERRORISM

1. The Role of Violence in Terrorism

B. IMPACT ON TERRORISM IN THE FUTURE

1. Demassification

2. New State Sponsors

3. Targeted Message

4. Rise of Disruption not Destruction

5. New Tools for Attacker and Defender

a. Offense and Defense in Cyberspace

C. RESPONSE TO THE PROBLEM

1. Government Response to the Problem

2. Commercial Response to the Problem

3. The Middle Road

D. FUTURE RESEARCH

APPENDIX A: TERRORISM TYPOLOGY

A. TYPOLOGY

1. From Conventional Terror to Cyberterror

APPENDIX B: SAMPLE TERRORISM DEFINITIONS

BIBLIOGRAPHY

INITIAL DISTRIBUTION LIST

NOTES

 

LIST OF ILLUSTRATIONS

Figure 1. How offensive and defensive C2W is viewed in the military

Figure 2. Tactical Path

Table 1. Sample Terrorism Definitions

EXECUTIVE SUMMARY

As the world enters the information age, the military has undertaken extensive study of the "Revolution in Military Affairs" and information warfare. This thesis examines the implications of information warfare tactics and techniques for terrorism. It explores the possibility that computers may revolutionize terrorism.

Two concepts are often embodied in academic definitions of terrorism: violence and terror. By adding information warfare techniques, the definition of terrorism could be expanded to include "cyberviolence," the destruction or manipulation of computer information. The "violence" done to this information, which is becoming increasingly important for security and economic prosperity, should be considered terrorism. Although terrorists might turn from destruction to the creation of mass disruption, the addition of information warfare tactics to the terrorist's arsenal does not imply a less destructive future. Should terrorists choose to target critical computer systems they could create destruction and disruption simultaneously.

This thesis identifies three categories of potential information age terrorism: conventional terrorism, technoterrorism, and cyberterrorism. Conventional terrorism destroys or threatens a symbolic target of violence in the physical world. Conventional terrorists may use information warfare tactics to plan and execute these actions more effectively. Technoterrorism is designed to have an effect in cyberspace using physical means, this type of terrorism includes bombing infrastructure targets (power, telecommunications, etc.) to create a disruption in cyberspace. Technoterrorists do not utilize physical destruction, such as bombing a power station, to convey a message. Rather, they rely on the attendant cyberspace disruption to garner publicity for his cause. Cyberterrorism is terrorism that operates exclusively in cyberspace. The cyberterrorist could utilize an entirely new class of weaponry, possibly including malicious software or electromagnetic pulse generators, to manipulate or destroy information in cyberspace. Because cyberterrorists do not operate using " conventional" techniques, the lessons learned from previous counter and anti-terrorism efforts might be of limited value.

This thesis reaches several conclusions regarding information age terrorism. First, the definition of terrorism must change to include cyberviolence and disruption. Second, the terrorist threat is likely to become more "demassified," with smaller numbers of individuals able to create disruption via virtual worldwide organizations. Third, the pattern of state sponsorship is likely to change. While old state sponsors will continue to exist, terrorists may turn to poorer states or choose to fund themselves via information warfare crime. Fourth, information warfare techniques may afford terrorists the ability to target their message more effectively. Fifth, the nature of offense and defense in cyberspace does not mirror that of "conventional" offense and defense in the physical world.

In light of these conclusions, the best method to counter information age terrorism is a joint government/industry program of defensive measures that will increase the effort required for computer disruption while simultaneously diminishing the potential returns offered by this new form of terrorism.

CHAPTER 1

INTRODUCTION

Tomorrow's terrorist may be able to do more damage with a keyboard than with a bomb.1

 

A. BACKGROUND

As the world enters the 21st century, the information revolution will continue to propel the United States into the "third wave" of development according to Alvin and Heidi toffler.2 The shift from an industrial economy and society to one focused on information and its transfer will characterize the third wave. As discussed in The Third Wave and their most recent work, War and Anti-War, the way a state wages war is similar to how it makes wealth. This idea might be applied to terrorism and revolutionary violence.

Lewis Gann's Guerrillas in History provides an overview of substate violence across history.3 Occasionally, as in the Welsh use of the longbow, substate groups possess weapons superior to those of the state. Substate actors, unless being supplied by another state, normally possess weapons that are inferior to those of the target state, They often use weapons stolen from, or discarded by, the state. As the technology , complexity, and lethality of weapons systems increased during the twentieth century, these weapons were even more tightly controlled by the state, widening the gap between state and substate " firepower." As the world shifts into the information age, this disparity in weapons decreases, with individuals and substate groups now able to control information manipulation tools that were once restricted to the state.

As the world shifts into the "third wave," where information and its control are rapidly becoming the most important considerations for the advancing societies of the first world, will we see a corresponding shift by terrorists and revolutionaries to using "information warfare" weapons and techniques to press their case? While terrorists and revolutionaries have "kept pace with the advance of technology, consistently exploiting new and under defended targets, (embassies, airplane hijackings, hostage taking, airplane bombing) they have done so through evolution, not innovation. Bruce Hoffman contends, "What innovation does occur is mostly in the methods used to conceal and detonate explosive devise, not in their tactics or in their use of non-conventional weapons (i.e., chemical, biological, or nuclear)."4 This thesis explores the implications of information age terrorism. There has already been a shift toward "information warfare" across other parts of the "conflict spectrum" with these techniques being used by criminals, agents of espionage, revolutionaries, and armies engaged in warfare. A corresponding shift in terrorist tactics has yet to occur. While some argue that it is merely a matter of time before we are faced with a major information warfare attack, there are several reason that terrorists may not actively pursue these techniques.

B. PROBLEM STATEMENT

This onset of the information-dependent third wave provides opportunities for spectacular gains, and serious losses for individuals, corporations, and states. It is within this world that the cyberterrorist will operate. In the same manner that terrorists have exploited widely accepted technology such as dynamite and the airplane (for bombing and hijacking), they may exploit the tools of the "information age" to bring their case before the citizens of the world. The United States must prepare itself to counter this threat in an age where the old AT&T slogan, "reach out and touch someone" takes on a sinister new meaning. To defend against a threat, one must understand its critical elements. Cyberterrorism, Like "conventional" terrorism, will strive to change the mind of its intended audience. It will be perpetrated by people to have an effect on people. However, cyberterrorism may utilize a different means to this end. A cyberterrorist will strive, not to disrupt physical reality directly (as an exploding bomb would) but rather to disrupt the normal functioning of computers and other information systems. This cyberspace disruption would cause a disruption in the physical world, The violence that is normally associated with terrorism may shift into "cyberspace" where bits and bytes, not people, are attacked. To understand the potential shift in terrorism, this thesis splits information age terrorism into three categories: conventional terrorism, Technoterrorism, and cyberterrorism. Appendix A provides a summary of the critical elements of each category.

This thesis will also analyze the costs and benefits of information warfare techniques for terrorism and the changes that they may force in the definition of terrorism. Despite the inevitable warnings that "the sky is falling," the utility of information warfare attacks may actually be lowest in the "terrorist" portion of the conflict continuum. This does not, however, obviate the need to address the threat, The information warfare threat is real; it might cause serious damage in the future. While it may not fit accepted definitions of terrorism, Neal Pollard correctly states that, "to ignore computer abuse as a political crime, simply for the sake of academic purity, is impractical, dangerous esoteric snobbery."5 As we will see in this examination of the "brave new world" into which we are headed, there are reasons both for and against terrorism shifting toward IW tactics in the third wave.

C. DATA

While the United States has yet to suffer an acknowledged cyberterrorist attack, several computer crimes and incidents reveal the power of information warfare. The trend toward information warfare appears uniform across the conflict continuum with the exception of terrorism. The cases used in this thesis were selected from unclassified literature. They were selected for their ability to highlight the potential threat posed by information warfare tactics and techniques. The ongoing information revolution, coupled with the sensitive nature of computer systems for both business and defense, ensure that this is not a comprehensive examination of all computer related incidents but it is sufficiently broad to cover the entire "low intensity" spectrum of conflict.

This thesis will examine the role of information warfare in espionage and crime using cases involving the United States. The role of telecommunications assets in the Solidarity movement in Poland, the Tiananmen Square uprising, and the Zapatista movement in Mexico will be highlighted to show the increasing value of information warfare to insurgents and rebels and the increasing importance of computer connectivity. Exploring the role computers and networks have played in terrorist actions since 1970 will identify the trend in terrorism toward infrastructure warfare, technoterrorism, and cyberterrorism. Finally, the 1988 Internet Worm incident caused by Robert Morris will be utilized as an example of both the costs and benefits information warfare tactics offer to a terrorist.

D. LIMITATIONS

Information warfare is a concept that embraces many elements beyond simply attacking computers and communications networks. This thesis will, however, focus primarily on the portion of information warfare that deals with computers and their associated networks and only tangentially cover such topics as psychological operations. The revolutionary changes caused by computers present the possibility of revolutionary changes in the targets and conduct of terrorism.

Next

Table of Contents