Cyberterrorism

The term cyberterrorism refers to the convergence of terrorism and cyberspace, particularly the politically motivated sabotage of information systems. Since the 1990s, incidents of hacking, cybercrime, and highly destructive computer viruses have been widespread, and these tools have increasingly been used for specific political ends.

Barry Collin, of the Institute for Security and Intelligence in California, coined the term cyberterrorism in the 1980s. In a 1997 paper, Collin described possible cyberterror scenarios. In one, a cyberterrorist hacks into the computer system of a cereal manufacturer and raises the level of iron in each box, causing innumerable children to get sick and die. In another scenario, cyberterrorists destabilize an entire country by attacking financial institutions and stock exchanges en masse.

Collin's third scenario, in which a cyberterrorist hacks into an air traffic control system, came close to reality in 1997, when a teenager gained access to a phone switch at a small Massachusetts airport and accidentally cut off all communications for the control tower for several hours. Alarming as it was, the incident was seen more as hacking gone awry than cyberterror, as the teenager lacked any political motivation.

Still, many point to destructive viruses and worms, and to denial-of-service attacks, as the seedlings for larger events. In 1999 the Melissa virus, an e-mail virus named after a Florida stripper, affected more than a million computers and caused at least $80 million in damages. (Melissa's creator, David Smith, pled guilty and was sentenced to 20 months in prison in May 2002.) In May 2000, the Love Bug virus (also called the ILOVEYOU virus) affected even the CIA and British Parliament and caused more than $10 billion in damages worldwide. The Nimda virus, discovered in 2001, has caused damages estimated at $500 million and hobbled entire businesses for days at a time.

Though viruses still constitute a threat, a more recent form of cyber attack has been the denial-of-service attack. In February 2000, Yahoo, CNN, eBay, and other e-commerce sites were flooded by e-mail messages from attacking computers, which slowed service and blocked other users from the sites, causing an estimated $1 billion in losses.

Other incidents worldwide have combined these hacking techniques with political messages. In what is believed to be the first cyber attack by terrorists against a country's computer systems, in 1998, an offshoot of the Liberation Tigers of Tamil Eelam swamped the Sri Lankan embassies with thousands of e-mails that read, “We are the Internet Black Tigers and we're doing this to disrupt your communications.” In India, a group of international hackers against nuclear proliferation, called Milw0rm, hacked into the Bhabha Atomic Research Centre and posted the message, “If a nuclear war does start, you will be the first to scream,” which was transposed over a photo of an atomic mushroom cloud. Similar attacks have been perpetrated against NATO sites during the conflict in Kosovo, to protest the World Trade Organization, and, particularly after the United States accidentally bombed the Chinese embassy in Belgrade, against U.S. government sites.

While denial-of-service attacks, e-mail bombs, website sit-ins, webpage takeovers, and viruses—sometimes referred to, collectively, as “hacktivism”—have not claimed lives or caused much more than nuisance and financial loss, many believe that these tactics could be used to complicate and magnify real-world attacks. Jeffrey A. Hunker, a former senior director for protection of critical infrastructure for the National Security Council, has stated that cyberattacks could act as a “force multiplier” for a bombing or attack by either by posting false information on the Internet to create panic, or by sabotaging financial, emergency, or communication networks. In 1997 the Clinton administration's Commission on Critical Infrastructure Protection concluded that electronic money transfers, the power grid, 911 services, and military command sites were also vulnerable to cyber attack. The commission's report stated, “Our dependence on the information and communications infrastructure has created new cyber-vulnerabilities, which we are only starting to understand.”

...