By Nika Chitadze
Director of the Center for International Studies
Everything that exists has both theoretical and practical direction. Thus, when we talk about cyber terrorism or cyber warfare, first of all should be explained what event we are dealing with. In this regard cyber terrorism can be explained as use of digital attacks by one country to another (spreading of computer viruses or implementation hacker cyberattacks) to damage, liquidate, and destroy computer infrastructure.
There are
differing opinions among the experts regarding the term "cyber warfare”.
Some researches point out that the term "cyber warfare" is incorrect,
because till the modern times no cyber attack can be considered as "cyber
terrorism" or "cyberwarfare".
The second part of the experts believe that this is an appropriate name
because a cyber attack causes physical harm to people and objects in the real
world.
Is
cyber-attack considered as terrorist act? It depends on many factors - what the
hackers do, how they do it and what damage they do to the target object. The
qualifications of the attacks must be of considerable scale and severity.
Attacks
by an individual hacker or group of hackers, are not considered as cyber
terrorism or cyber warfare if the state does not assist or direct the concrete
group. Nevertheless, the virtual world is still vaguely represented in the
direction of cyber attacks. There are states that support hackers in carrying
out malicious actions, this is a dangerous but common trend.
For
example, cybercriminals who destroy a bank's computer systems while stealing
money are not considered as cyber terrorists or cybercriminals, even if they
are from another country, but state-backed hackers do the same thing to
destabilize another country's economy and to terrorize the population of
foreign country. This action can be considered as a one of the main direction
within terrorism - state-sponsored terrorism
(UN Resolution 1999).
Together
with the state actors, in the cyber terrorism activities are involved non-state
actors. For example, there are many types of jihadist networks on the Internet.
This directly concerns to the selective work to bring up a new generation of
jihadists - as cyber terrorists. These
are the second and third generation jihadists, that need to work at the "behind of enemy
lines".
Today,
there are more than 10 thousand websites in cyberspace, which work for the
spreading the jihadist ideology and the practice of terrorism.
There are
three main methods of cyber warfare: sabotage, cyber espionage or stealing
information from computers through viruses, and attacking power grids. The
third is probably the most alarming, which implies a cyber attack on critical
infrastructure (Lewis University, 2020).
Governments
are becoming increasingly aware that the modern society is highly dependent on
computer systems - from financial services to transportation networks.
Therefore, using viruses or other means
by hackers, stopping these systems can be just as effective and harmful as a
traditional military campaign by using the armed forces, weapons and missiles.
Unlike
traditional military attacks and terrorist acts, cyber-attacks can be carried
out from any distance. It is also possible that no trace is left and there can
be no evidence at all. Governments and intelligence agencies fear that digital
attacks against critical infrastructure, banking systems or power grids will
allow to cyber terrorists to evade the adoption of counter measures from the
country's traditional defense structures side. That is why all countries are
striving to improve the computer system security.
Historical
Aspects of Cyber Terrorism Transformation: Spatial Characteristics of Military
Conflicts
The
development of technology has not changed the priorities of the state defense
as much as it did during World War II. The main terrorist strikes are aimed
toward energy facilities. Currently most of the serious cyber attacks take
place on fuel and energy complexes, followed by the financial sector. The
digital world has given rise to new types of threats related to international
terrorism. As it is known, not all types of cyberattacks can be implemented in
cyberspace. Even though that the term cyber terrorism has been significantly
introduced in the list of one of the main threats before the international
society,
it is still difficult to finally qualify a
cyber terrorism and cyber warfare meanings because most of the facts around the
world are based on assumptions. Traces often lead to an aggressive state, but
often there is no evidence. There are discussed cyber wars and cyber terrorism
or their technical characteristics based on various studies. Experts do
analysis - when the cyber war starts, how it has been transformed, what role it
plays in conflict production, and so on. It is an important fact that many
states not only carry out cyber espionage activities, intelligence and
investigation, but also create their own cyber capabilities.
At the end of the 20th century,
no one could have imagined that the that the unreal space would merge with real
space. Perhaps no one could have imagined that a dimension would emerge that
would be almost impossible to control and it would have no bounderies, that
humanity would face an new form of terrorism as invisible threat. When trying
to explain the transformation of cyber terrorism and cyber warfare, it has to
be highlight what changes all of this. This is mostly related to the refinement
of cyber-attack technologies and the creation of malicious hacking strategies,
programs or viruses. Therefore, we must distinguish the new types of terrorist
attack: there are passive and active cyber attacks, passive attack involves
traffic analysis and monitoring of vulnerable communications. During an active
attack, a hacker attacks protected systems. This is mostly done by viruses.
Here are some of the most common
types of cyber-attacks and „malware“ - types of malicious
code attacks, that hackers - cyber terrorists actually carry out:
Types of malicious code attacks:
Denial-of-service (DoS) – During this attack a large amount of unusable
traffic is sent and the network goes out of order. Consumption is interrupted
when the web server is full and no longer meets legitimate requirements.
Distributed denial-of-service
(DDoS) – During
an attack, several hackers or hacked systems make many requests to the web
server and block the service with useless traffic. A coordinated attack can do
great damage.
Man-in-the-middle
(MitM) - When
someone interferes and controls your communication process, you think you are
talking to a familiar person, or you have direct access to the server, but this
time, all your personal information is seen by a hacker.
Phishing - An attacker creates
a clone of a real web page, sends an email to the targeted user with a fake web
page link, if the user moves to that link and enters personal data, the hacker
will gain access to that data.
War
Drive - A
method of obtaining access to wireless computer networks, such as a laptop,
antennas, and a wireless network adapter that provides unauthorized access.
Password - Obtaining passwords is a common and effective
method of attack. This can be done randomly or systematically (DiGiacomo John, 2017).
Malware attack
An unwanted program running on the system without
your consent can add and multiply legitimate code. It can also be reproduced in
different programs, or interpreted on the Internet. Note that all viruses are
Malware. However not all Malware is a virus, it can be a program, an
application and so on that allows a hacker to gain unauthorized access to
personal data (Rapid 7, 2020).
Here are some common
types of malicious code attacks:
|
Ransomware |
Encrypts files in the
system and makes them temporarily inaccessible, in case of this attack
hackers demand ransom in exchange for returning the information. |
|
Logic
bombs |
It can be part of the software that turns into a
malicious program after a certain date. |
|
Trojan
horse |
Hidden
in a useful program. It usually has a damaging function. A hacker can use the
virus to intercept and carry out attacks. |
|
Worm |
An independent
computer program that multiplies itself from one system to another on a
network. |
Based on research and the presented list, it can be distinguished three
categories of the target group of cyber terrorist acts - these are:
|
Targeted attacks on equipment (Kinetic) |
Targeted software attacks (hacked) |
Targeted attacks on people (espionage) |
|
Denial
of Service (DoS), Distributed DoS |
Ransomware, Logic
Bombs, Trojan, Worm |
Phishing,
Trojan |
As it can be
seen, cyber terrorists have many options to try to gain unauthorized access to
critical infrastructure and important data. Therefore, the states create a
legal norms to ensure technological security. Cyberattacks have historically
not been as devastating as they are today. There is a lot of statistical data
based on facts that confirms those opinions.
The world's
leading research and consulting firm Gartner publishes data on cybersecurity
expenditures, which are compared and discussed by 2017-2019 global
cybersecurity expenditure segment
(Gartner, 2019).
In the
table it can be seen, that in terms of combating
terrorism in the field cyber security, worldwide, huge
amount of money is spent and increasing every
year. For example, expenditures in 2017 were $ 101.544 billion, in 2018 it increased to $ 114.152 billion, and
in 2019 it reached $ 124.116 billion (Gartner, 2020).
According
to Gartner, in 2022, global cybersecurity spending will reach $ 133.7 billion (Varonis, 2020). While noteworthy is the fact that the
damage to the world far exceeds the amount spent on security, a report by
Cybersecurity Ventures estimates that by 2021 the damage from cyberterrorism will be $ 6 trillion, up from $ 3 trillion in 2015 (Morgan, 2017).
This in its turn means that the trend of cyber terrorism, cyber
warfare and cyberattacks has recently taken on a larger
scale and is undergoing a transformation. Russia has great potential in terms
of cyber attacks and numerous suspicions events confirm
this. Russia used cyber weapons against Georgia during the 2008 war, and in
2019 used the same method to launch cyber-attacks on Georgian government
websites and television infrastructure. According to foreign media, at the
closed session of the UN Security Council in 2020, the United States, Britain
and Estonia assessed this fact as a cyber attack carried out by Russia. The
same handwriting was observed during the attack on Ukraine in early 2014 (Georgian
Public Broadcast, 2014)
References:
Cartner.
"2017-2018-2019
data of the world's leading scientific-consulting company" Gartner
"regarding cyber security expenses.
Retrieved from:
Gartner, 2018. "Gartner Forecasts Worldwide Information Security Spending to Exceed
$124 Billion in 2019". 2018,08,15. P. 1. Retrieved from Gartner:
https://www.gartner.com
Georgian Public
Broadcast. 2020. Retrieved from: https://1tv.ge/news/gaero-s-ushishroebis-sabchos-dakhurul-skhdomaze-ashsh-ma-britanetma-da-estonetma-saqartvelos-winaaghmdeg-rusetis-kibertavdaskhmebze-isaubres/
DiGiacomo John, "Active vs Passive Cyber Attacks
Explained", 2017 Y. 14 Feb. P. 1. https://revisionlegal.com/internet-law/cyber-security/active-passive-cyber-attacks-explained/,
https://www.rapid7.com/fundamentals/malware-attacks/,
|
International Convention for the Suppression
of the Financing of Terrorism. 1999. |
|
New York. Retrieved
from: https://treaties.un.org/Pages/ViewDetails.aspx?src=IND&mtdsg_no=XVIII-11&chapter=18&lang=en |
Lewis University, "THE HISTORY OF CYBER WARFARE - INFOGRAPHIC,
The New Face of War: Attacks in Cyberspace", https://online.lewisu.edu/mscs/resources/the-history-of-cyber-warfare,
Morgan, 2017.
S. Editor-in-Chief, "Cybersecurity Ventures", "2017
Cybercrime Report",2015 Y. PP. 3-4. Retrieved from: https://cybersecurityventures.com/2015-wp/wp-content/uploads/2017/10/2017-Cybercrime-Report.pdf
Varonis. 2020. "110 Must-Know Cybersecurity Statistics for
2020". P. 1. Retrieved from Varonis: https://www.varonis.com.
Comments
Post a Comment